From 2fd7dc67e60b15fc9e1c01a4ea69fe240095b4e2 Mon Sep 17 00:00:00 2001 From: "[riftbit] ErgoZ" Date: Wed, 29 Sep 2021 01:01:26 +0300 Subject: [PATCH 1/9] update repo id --- .github/workflows/lint-test.yaml | 4 ++-- artifacthub-repo.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 77c3114..60ccc36 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -37,8 +37,8 @@ jobs: if: steps.list-changed.outputs.changed == 'true' test: - # needs: - # - lint + needs: + - lint runs-on: ubuntu-latest steps: - name: Checkout diff --git a/artifacthub-repo.yml b/artifacthub-repo.yml index a633ed8..96e4a97 100644 --- a/artifacthub-repo.yml +++ b/artifacthub-repo.yml @@ -9,7 +9,7 @@ # when the hash of the last commit in the branch you set up changes. This does # NOT apply to ownership claim operations, which are processed immediately. # -repositoryID: The ID of the Artifact Hub repository where the packages will be published to (optional, but it enables verified publisher) +repositoryID: 914c547c-9691-41b2-8424-507a102cfaab owners: # (optional, used to claim repository ownership) - name: "[riftbit] ErgoZ" email: ergozru@gmail.com From bd98bd6f20d20deeebb47b411cb26d86b8f65960 Mon Sep 17 00:00:00 2001 From: "[riftbit] ErgoZ" Date: Thu, 30 Sep 2021 10:37:00 +0300 Subject: [PATCH 2/9] add new bitnami based charts --- .github/ISSUE_TEMPLATE/bug_report (2).md | 48 + .github/ct-install.yaml | 1 + .github/ct-lint.yaml | 1 + bitnami/apache/Chart.lock | 6 - bitnami/apache/Chart.yaml | 29 - bitnami/apache/README.md | 250 - bitnami/apache/ci/ct-values.yaml | 4 - bitnami/apache/files/README.md | 1 - bitnami/apache/files/vhosts/README.md | 1 - bitnami/apache/templates/NOTES.txt | 47 - bitnami/apache/templates/_helpers.tpl | 130 - .../apache/templates/configmap-vhosts.yaml | 15 - bitnami/apache/templates/configmap.yaml | 15 - bitnami/apache/templates/deployment.yaml | 201 - bitnami/apache/templates/ingress.yaml | 48 - bitnami/apache/templates/svc.yaml | 39 - bitnami/apache/values.schema.json | 66 - bitnami/apache/values.yaml | 430 -- bitnami/aspnet-core/Chart.lock | 6 - bitnami/aspnet-core/Chart.yaml | 25 - bitnami/aspnet-core/README.md | 408 -- bitnami/aspnet-core/templates/NOTES.txt | 51 - bitnami/aspnet-core/templates/_helpers.tpl | 100 - bitnami/aspnet-core/templates/deployment.yaml | 196 - .../aspnet-core/templates/health-ingress.yaml | 51 - bitnami/aspnet-core/templates/hpa.yaml | 33 - bitnami/aspnet-core/templates/ingress.yaml | 52 - bitnami/aspnet-core/templates/pdb.yaml | 22 - .../aspnet-core/templates/serviceaccount.yaml | 17 - bitnami/aspnet-core/templates/svc.yaml | 39 - bitnami/aspnet-core/templates/tls-secret.yaml | 41 - bitnami/aspnet-core/values.yaml | 572 --- bitnami/consul/ci/values-ingress.yaml | 3 - bitnami/contour/Chart.lock | 6 - bitnami/contour/Chart.yaml | 30 - bitnami/contour/README.md | 509 -- bitnami/contour/ci/ct-values-deployment.yaml | 5 - bitnami/contour/ci/ct-values.yaml | 4 - .../contour/resources/extensionservices.yaml | 399 -- bitnami/contour/resources/httpproxies.yaml | 1783 ------- .../resources/tlscertificatedeligations.yaml | 296 -- bitnami/contour/templates/00-crds.yaml | 6 - bitnami/contour/templates/NOTES.txt | 34 - bitnami/contour/templates/_helpers.tpl | 95 - bitnami/contour/templates/certgen/job.yaml | 76 - bitnami/contour/templates/certgen/rbac.yaml | 39 - .../templates/certgen/serviceaccount.yaml | 13 - .../contour/templates/contour/configmap.yaml | 13 - .../contour/templates/contour/deployment.yaml | 170 - bitnami/contour/templates/contour/rbac.yaml | 132 - .../contour/templates/contour/service.yaml | 42 - .../templates/contour/serviceaccount.yaml | 10 - .../templates/contour/servicemonitor.yaml | 33 - .../templates/default-backend/deployment.yaml | 90 - .../templates/default-backend/ingress.yaml | 33 - .../default-backend/poddisruptionbudget.yaml | 25 - .../templates/default-backend/service.yaml | 30 - .../contour/templates/envoy/daemonset.yaml | 268 - .../contour/templates/envoy/deployment.yaml | 277 -- bitnami/contour/templates/envoy/hpa.yaml | 35 - bitnami/contour/templates/envoy/service.yaml | 87 - .../templates/envoy/serviceaccount.yaml | 10 - .../templates/envoy/servicemonitor.yaml | 34 - bitnami/contour/values.yaml | 809 --- bitnami/dataplatform-bp1/Chart.lock | 21 - bitnami/dataplatform-bp1/Chart.yaml | 62 - bitnami/dataplatform-bp1/README.md | 493 -- bitnami/dataplatform-bp1/templates/NOTES.txt | 51 - .../dataplatform-bp1/templates/_helpers.tpl | 70 - .../templates/emitter-deployment.yaml | 154 - .../templates/emitter-svc.yaml | 44 - .../templates/exporter-deployment.yaml | 152 - .../templates/exporter-svc.yaml | 44 - bitnami/dataplatform-bp1/templates/role.yaml | 53 - .../templates/rolebinding.yaml | 22 - .../templates/serviceaccount.yaml | 15 - bitnami/dataplatform-bp1/values.schema.json | 124 - bitnami/dataplatform-bp1/values.yaml | 1070 ---- bitnami/dataplatform-bp2/Chart.lock | 21 - bitnami/dataplatform-bp2/Chart.yaml | 61 - bitnami/dataplatform-bp2/README.md | 546 -- bitnami/dataplatform-bp2/templates/NOTES.txt | 66 - .../dataplatform-bp2/templates/_helpers.tpl | 70 - .../templates/emitter-deployment.yaml | 154 - .../templates/emitter-svc.yaml | 44 - .../templates/exporter-deployment.yaml | 152 - .../templates/exporter-svc.yaml | 44 - bitnami/dataplatform-bp2/templates/role.yaml | 53 - .../templates/rolebinding.yaml | 22 - .../templates/serviceaccount.yaml | 15 - bitnami/dataplatform-bp2/values.schema.json | 142 - bitnami/dataplatform-bp2/values.yaml | 1249 ----- bitnami/drupal/Chart.lock | 9 - bitnami/drupal/Chart.yaml | 34 - bitnami/drupal/README.md | 438 -- bitnami/drupal/templates/NOTES.txt | 82 - bitnami/drupal/templates/_helpers.tpl | 128 - bitnami/drupal/templates/deployment.yaml | 291 -- .../drupal/templates/externaldb-secrets.yaml | 10 - bitnami/drupal/templates/ingress.yaml | 59 - bitnami/drupal/templates/pv.yaml | 20 - bitnami/drupal/templates/pvc.yaml | 23 - bitnami/drupal/templates/secrets.yaml | 23 - bitnami/drupal/values.schema.json | 188 - bitnami/drupal/values.yaml | 654 --- bitnami/ejbca/Chart.lock | 9 - bitnami/ejbca/Chart.yaml | 33 - bitnami/ejbca/README.md | 317 -- bitnami/ejbca/templates/NOTES.txt | 86 - bitnami/ejbca/templates/_helpers.tpl | 123 - bitnami/ejbca/templates/deployment.yaml | 197 - .../ejbca/templates/externaldb-secrets.yaml | 16 - bitnami/ejbca/templates/ingress.yaml | 58 - bitnami/ejbca/templates/pvc.yaml | 20 - bitnami/ejbca/templates/secrets.yaml | 18 - bitnami/ejbca/templates/svc.yaml | 47 - bitnami/ejbca/values.yaml | 507 -- bitnami/external-dns/Chart.lock | 6 - bitnami/external-dns/Chart.yaml | 27 - bitnami/external-dns/README.md | 398 -- bitnami/external-dns/templates/NOTES.txt | 8 - bitnami/external-dns/templates/_helpers.tpl | 853 ---- .../external-dns/templates/clusterrole.yaml | 120 - .../templates/clusterrolebinding.yaml | 15 - bitnami/external-dns/templates/configmap.yaml | 17 - bitnami/external-dns/templates/crd.yaml | 94 - .../external-dns/templates/deployment.yaml | 660 --- bitnami/external-dns/templates/pdb.yaml | 12 - .../templates/psp-clusterrole.yaml | 13 - .../templates/psp-clusterrolebinding.yaml | 15 - bitnami/external-dns/templates/psp.yaml | 39 - bitnami/external-dns/templates/role.yaml | 112 - .../external-dns/templates/rolebindings.yaml | 16 - bitnami/external-dns/templates/secret.yaml | 81 - bitnami/external-dns/templates/service.yaml | 37 - .../templates/serviceaccount.yaml | 12 - .../templates/servicemonitor.yaml | 28 - .../external-dns/templates/tls-secret.yaml | 26 - bitnami/external-dns/values.yaml | 841 ---- bitnami/grafana-operator/Chart.lock | 6 - bitnami/grafana-operator/Chart.yaml | 28 - bitnami/grafana-operator/README.md | 278 -- .../crds/grafanadashboards.yaml | 46 - .../crds/grafanadatasources.yaml | 38 - bitnami/grafana-operator/crds/grafanas.yaml | 251 - bitnami/grafana-operator/templates/NOTES.txt | 12 - .../grafana-operator/templates/_helpers.tpl | 44 - .../templates/deployment.yaml | 116 - .../grafana-operator/templates/grafana.yaml | 146 - bitnami/grafana-operator/templates/rbac.yaml | 249 - .../templates/serviceaccount.yaml | 13 - .../templates/servicemonitor.yaml | 53 - bitnami/grafana-operator/values.yaml | 585 --- bitnami/grafana/Chart.lock | 6 - bitnami/grafana/Chart.yaml | 27 - bitnami/grafana/README.md | 515 -- bitnami/grafana/templates/NOTES.txt | 32 - bitnami/grafana/templates/_helpers.tpl | 177 - bitnami/grafana/templates/configmap.yaml | 28 - .../grafana/templates/dashboard-provider.yaml | 35 - bitnami/grafana/templates/deployment.yaml | 221 - .../templates/image-renderer-deployment.yaml | 60 - .../templates/image-renderer-service.yaml | 21 - .../image-renderer-servicemonitor.yaml | 32 - bitnami/grafana/templates/ingress.yaml | 57 - bitnami/grafana/templates/pvc.yaml | 16 - bitnami/grafana/templates/secret.yaml | 12 - bitnami/grafana/templates/service.yaml | 36 - bitnami/grafana/templates/serviceaccount.yaml | 19 - bitnami/grafana/templates/servicemonitor.yaml | 32 - bitnami/grafana/templates/smtp-secret.yaml | 13 - bitnami/grafana/values.yaml | 641 --- bitnami/jasperreports/Chart.lock | 9 - bitnami/jasperreports/Chart.yaml | 33 - bitnami/jasperreports/README.md | 415 -- .../jasperreports/ci/values-with-ingress.yaml | 6 - bitnami/jasperreports/templates/NOTES.txt | 70 - bitnami/jasperreports/templates/_helpers.tpl | 106 - .../jasperreports/templates/deployment.yaml | 184 - .../templates/externaldb-secrets.yaml | 17 - bitnami/jasperreports/templates/pvc.yaml | 23 - bitnami/jasperreports/templates/secrets.yaml | 22 - bitnami/jasperreports/templates/svc.yaml | 36 - .../jasperreports/templates/tls-secrets.yaml | 44 - bitnami/jasperreports/values.yaml | 510 -- bitnami/jenkins/Chart.lock | 6 - bitnami/jenkins/Chart.yaml | 29 - bitnami/jenkins/README.md | 380 -- bitnami/jenkins/templates/NOTES.txt | 50 - bitnami/jenkins/templates/_helpers.tpl | 49 - bitnami/jenkins/templates/deployment.yaml | 228 - bitnami/jenkins/templates/ingress.yaml | 59 - bitnami/jenkins/templates/metrics-svc.yaml | 36 - bitnami/jenkins/templates/pvc.yaml | 28 - bitnami/jenkins/templates/secrets.yaml | 15 - bitnami/jenkins/templates/servicemonitor.yaml | 43 - bitnami/jenkins/templates/svc.yaml | 46 - bitnami/jenkins/templates/tls-secret.yaml | 44 - bitnami/jenkins/values.schema.json | 121 - bitnami/jenkins/values.yaml | 590 --- bitnami/joomla/Chart.lock | 9 - bitnami/joomla/Chart.yaml | 30 - bitnami/joomla/README.md | 411 -- bitnami/joomla/templates/NOTES.txt | 87 - bitnami/joomla/templates/_helpers.tpl | 107 - bitnami/joomla/templates/deployment.yaml | 218 - .../joomla/templates/externaldb-secrets.yaml | 17 - bitnami/joomla/templates/ingress.yaml | 57 - bitnami/joomla/templates/joomla-pvc.yaml | 24 - bitnami/joomla/templates/secrets.yaml | 22 - bitnami/joomla/templates/svc.yaml | 34 - bitnami/joomla/templates/tls-secrets.yaml | 20 - bitnami/joomla/values.schema.json | 188 - bitnami/joomla/values.yaml | 542 -- bitnami/jupyterhub/templates/proxy/pdb.yaml | 18 - bitnami/kiam/Chart.lock | 6 - bitnami/kiam/Chart.yaml | 26 - bitnami/kiam/README.md | 400 -- bitnami/kiam/templates/NOTES.txt | 31 - bitnami/kiam/templates/_helpers.tpl | 100 - .../kiam/templates/agent/agent-daemonset.yaml | 220 - .../agent/agent-psp-clusterrole.yaml | 25 - .../agent/agent-psp-clusterrolebinding.yaml | 24 - bitnami/kiam/templates/agent/agent-psp.yaml | 54 - .../kiam/templates/agent/agent-secret.yaml | 21 - .../agent/agent-service-account.yaml | 17 - .../kiam/templates/agent/agent-service.yaml | 49 - .../templates/agent/agent-servicemonitor.yaml | 41 - .../templates/server/server-daemonset.yaml | 209 - .../templates/server/server-deployment.yaml | 210 - .../server/server-psp-clusterrole.yaml | 25 - .../server/server-psp-clusterrolebinding.yaml | 24 - bitnami/kiam/templates/server/server-psp.yaml | 49 - .../server/server-read-clusterrole.yaml | 26 - .../server-read-clusterrolebinding.yaml | 24 - .../kiam/templates/server/server-secret.yaml | 21 - .../server/server-service-account.yaml | 17 - .../kiam/templates/server/server-service.yaml | 58 - .../server/server-servicemonitor.yaml | 41 - .../server/server-write-clusterrole.yaml | 24 - .../server-write-clusterrolebinding.yaml | 24 - bitnami/kiam/values.yaml | 791 --- bitnami/kibana/Chart.lock | 6 - bitnami/kibana/Chart.yaml | 28 - bitnami/kibana/README.md | 394 -- bitnami/kibana/ci/values-with-es.yaml | 5 - bitnami/kibana/templates/NOTES.txt | 50 - bitnami/kibana/templates/_helpers.tpl | 265 - bitnami/kibana/templates/configmap.yaml | 20 - bitnami/kibana/templates/deployment.yaml | 283 -- bitnami/kibana/templates/ingress.yaml | 58 - .../kibana/templates/plugins-configmap.yaml | 18 - bitnami/kibana/templates/pvc.yaml | 14 - .../templates/saved-objects-configmap.yaml | 39 - bitnami/kibana/templates/secret.yaml | 29 - bitnami/kibana/templates/service.yaml | 38 - bitnami/kibana/templates/serviceaccount.yaml | 20 - bitnami/kibana/templates/servicemonitor.yaml | 28 - bitnami/kibana/templates/tls-secret.yaml | 25 - bitnami/kibana/values.yaml | 557 --- bitnami/kong/Chart.lock | 12 - bitnami/kong/Chart.yaml | 37 - bitnami/kong/README.md | 535 -- .../kong/ci/values-editing-containers.yaml | 116 - .../kong/ci/values-external-cassandra.yaml | 13 - .../kong/ci/values-external-postgresql.yaml | 8 - bitnami/kong/ci/values-ingress.yaml | 2 - bitnami/kong/ci/values-metrics-hpa-pdb.yaml | 7 - .../crds/custom-resource-definitions.yaml | 426 -- bitnami/kong/templates/NOTES.txt | 116 - bitnami/kong/templates/_helpers.tpl | 217 - bitnami/kong/templates/dep-ds.yaml | 373 -- .../templates/external-database-secret.yaml | 23 - bitnami/kong/templates/hpa.yaml | 24 - .../templates/ingress-controller-rbac.yaml | 187 - bitnami/kong/templates/ingress.yaml | 59 - .../kong/templates/kong-prometheus-role.yaml | 11 - .../kong-prometheus-rolebinding.yaml | 19 - .../kong/templates/kong-script-configmap.yaml | 47 - .../templates/metrics-exporter-configmap.yaml | 30 - .../templates/metrics-script-configmap.yaml | 36 - bitnami/kong/templates/metrics-service.yaml | 36 - bitnami/kong/templates/migrate-job.yaml | 113 - bitnami/kong/templates/pdb.yaml | 25 - bitnami/kong/templates/service.yaml | 78 - bitnami/kong/templates/servicemonitor.yaml | 37 - bitnami/kong/templates/tls-secrets.yaml | 43 - bitnami/kong/values.yaml | 776 --- bitnami/kube-prometheus/Chart.lock | 12 - bitnami/kube-prometheus/Chart.yaml | 37 - bitnami/kube-prometheus/README.md | 675 --- .../crds/crd-alertmanager-config.yaml | 1869 ------- .../crds/crd-alertmanager.yaml | 3218 ------------ .../kube-prometheus/crds/crd-podmonitor.yaml | 358 -- bitnami/kube-prometheus/crds/crd-probes.yaml | 202 - .../kube-prometheus/crds/crd-prometheus.yaml | 4432 ----------------- .../crds/crd-prometheusrules.yaml | 90 - .../crds/crd-servicemonitor.yaml | 373 -- .../crds/crd-thanosrulers.yaml | 3342 ------------- bitnami/kube-prometheus/templates/NOTES.txt | 119 - .../kube-prometheus/templates/_helpers.tpl | 231 - .../templates/alertmanager/alertmanager.yaml | 180 - .../templates/alertmanager/ingress.yaml | 51 - .../templates/alertmanager/pdb.yaml | 19 - .../alertmanager/psp-clusterrole.yaml | 13 - .../alertmanager/psp-clusterrolebinding.yaml | 15 - .../templates/alertmanager/psp.yaml | 39 - .../templates/alertmanager/secrets.yaml | 13 - .../templates/alertmanager/service.yaml | 43 - .../alertmanager/serviceaccount.yaml | 12 - .../alertmanager/servicemonitor.yaml | 26 - .../templates/alertmanager/tls-secrets.yaml | 32 - .../templates/exporters/core-dns/service.yaml | 22 - .../exporters/core-dns/servicemonitor.yaml | 29 - .../kube-apiserver/servicemonitor.yaml | 35 - .../kube-controller-manager/endpoints.yaml | 18 - .../kube-controller-manager/service.yaml | 25 - .../servicemonitor.yaml | 40 - .../exporters/kube-proxy/endpoints.yaml | 18 - .../exporters/kube-proxy/service.yaml | 25 - .../exporters/kube-proxy/servicemonitor.yaml | 34 - .../exporters/kube-scheduler/endpoints.yaml | 18 - .../exporters/kube-scheduler/service.yaml | 25 - .../kube-scheduler/servicemonitor.yaml | 40 - .../exporters/kubelet/servicemonitor.yaml | 85 - .../prometheus-operator/clusterrole.yaml | 99 - .../clusterrolebinding.yaml | 15 - .../prometheus-operator/configmap.yaml | 10 - .../prometheus-operator/deployment.yaml | 120 - .../prometheus-operator/psp-clusterrole.yaml | 13 - .../psp-clusterrolebinding.yaml | 15 - .../templates/prometheus-operator/psp.yaml | 39 - .../prometheus-operator/service.yaml | 38 - .../prometheus-operator/serviceaccount.yaml | 9 - .../prometheus-operator/servicemonitor.yaml | 26 - .../prometheus/additionalPrometheusRules.yaml | 13 - .../prometheus/additionalScrapeJobs.yaml | 10 - .../templates/prometheus/clusterrole.yaml | 41 - .../prometheus/clusterrolebinding.yaml | 15 - .../templates/prometheus/ingress.yaml | 51 - .../templates/prometheus/pdb.yaml | 19 - .../templates/prometheus/prometheus.yaml | 349 -- .../templates/prometheus/psp-clusterrole.yaml | 13 - .../prometheus/psp-clusterrolebinding.yaml | 15 - .../templates/prometheus/psp.yaml | 39 - .../templates/prometheus/service.yaml | 44 - .../templates/prometheus/serviceaccount.yaml | 12 - .../templates/prometheus/servicemonitor.yaml | 26 - .../templates/prometheus/thanos-ingress.yaml | 32 - .../templates/prometheus/thanos-service.yaml | 39 - .../templates/prometheus/tls-secrets.yaml | 32 - bitnami/kube-prometheus/values.yaml | 1801 ------- bitnami/kube-state-metrics/Chart.lock | 6 - bitnami/kube-state-metrics/Chart.yaml | 26 - bitnami/kube-state-metrics/README.md | 227 - .../kube-state-metrics/templates/NOTES.txt | 36 - .../kube-state-metrics/templates/_helpers.tpl | 44 - .../templates/clusterrole.yaml | 182 - .../templates/clusterrolebinding.yaml | 21 - .../templates/deployment.yaml | 193 - .../templates/psp-clusterrole.yaml | 19 - .../templates/psp-clusterrolebinding.yaml | 21 - bitnami/kube-state-metrics/templates/psp.yaml | 38 - .../kube-state-metrics/templates/service.yaml | 45 - .../templates/serviceaccount.yaml | 14 - .../templates/servicemonitor.yaml | 47 - bitnami/kube-state-metrics/values.yaml | 365 -- bitnami/kubeapps/.gitignore | 1 - bitnami/kubeapps/Chart.lock | 12 - bitnami/kubeapps/Chart.yaml | 36 - bitnami/kubeapps/README.md | 965 ---- bitnami/kubeapps/crds/apprepository-crd.yaml | 114 - bitnami/kubeapps/templates/NOTES.txt | 86 - bitnami/kubeapps/templates/_helpers.tpl | 231 - .../apprepository/apprepositories-secret.yaml | 61 - .../apprepository/apprepositories.yaml | 64 - .../templates/apprepository/deployment.yaml | 97 - .../templates/apprepository/rbac.yaml | 217 - .../apprepository/serviceaccount.yaml | 13 - .../templates/assetsvc/deployment.yaml | 97 - .../kubeapps/templates/assetsvc/service.yaml | 28 - .../templates/dashboard/configmap.yaml | 81 - .../templates/dashboard/deployment.yaml | 153 - .../kubeapps/templates/dashboard/service.yaml | 28 - .../templates/frontend/configmap.yaml | 187 - .../templates/frontend/deployment.yaml | 200 - .../templates/frontend/oauth2-secret.yaml | 20 - .../kubeapps/templates/frontend/service.yaml | 76 - bitnami/kubeapps/templates/ingress.yaml | 63 - .../templates/kubeappsapis/deployment.yaml | 167 - .../kubeapps/templates/kubeappsapis/rbac.yaml | 55 - .../templates/kubeappsapis/service.yaml | 30 - .../kubeappsapis/serviceaccount.yaml | 17 - .../templates/kubeops/deployment.yaml | 142 - bitnami/kubeapps/templates/kubeops/rbac.yaml | 141 - .../kubeapps/templates/kubeops/service.yaml | 28 - .../templates/kubeops/serviceaccount.yaml | 13 - bitnami/kubeapps/templates/shared/config.yaml | 17 - bitnami/kubeapps/templates/tls-secrets.yaml | 44 - bitnami/kubeapps/values.schema.json | 142 - bitnami/kubeapps/values.yaml | 1773 ------- bitnami/kubernetes-event-exporter/.helmignore | 22 - bitnami/logstash/.helmignore | 22 - bitnami/logstash/Chart.lock | 6 - bitnami/logstash/Chart.yaml | 26 - bitnami/logstash/README.md | 310 -- .../ci/values-with-metrics-and-ingress.yaml | 12 - bitnami/logstash/templates/NOTES.txt | 62 - bitnami/logstash/templates/_helpers.tpl | 71 - .../logstash/templates/configuration-cm.yaml | 26 - bitnami/logstash/templates/headless-svc.yaml | 14 - bitnami/logstash/templates/ingress.yaml | 59 - bitnami/logstash/templates/metrics-svc.yaml | 32 - bitnami/logstash/templates/pdb.yaml | 16 - .../logstash/templates/servicemonitor.yaml | 28 - bitnami/logstash/templates/sts.yaml | 202 - bitnami/logstash/templates/svc.yaml | 28 - bitnami/logstash/templates/tls-secret.yaml | 41 - bitnami/logstash/values.yaml | 687 --- bitnami/magento/Chart.lock | 12 - bitnami/magento/Chart.yaml | 38 - bitnami/magento/README.md | 743 --- .../ci/values-production-with-host.yaml | 16 - .../ci/values-with-host-and-ingress.yaml | 16 - bitnami/magento/templates/NOTES.txt | 114 - bitnami/magento/templates/_helpers.tpl | 170 - bitnami/magento/templates/deployment.yaml | 298 -- bitnami/magento/templates/hpa.yaml | 35 - bitnami/magento/templates/ingress.yaml | 56 - bitnami/magento/templates/pv.yaml | 21 - bitnami/magento/templates/pvc.yaml | 24 - bitnami/magento/templates/secrets.yaml | 17 - bitnami/magento/templates/tls-secrets.yaml | 44 - bitnami/magento/values.yaml | 821 --- bitnami/metallb/.helmignore | 22 - bitnami/metallb/Chart.lock | 6 - bitnami/metallb/Chart.yaml | 33 - bitnami/metallb/README.md | 276 - bitnami/metallb/templates/NOTES.txt | 39 - bitnami/metallb/templates/_helpers.tpl | 47 - .../templates/controller/configmap.yaml | 16 - .../templates/controller/deployment.yaml | 101 - bitnami/metallb/templates/controller/psp.yaml | 47 - .../metallb/templates/controller/rbac.yaml | 68 - .../metallb/templates/controller/service.yaml | 24 - .../templates/controller/serviceaccount.yaml | 14 - .../templates/controller/servicemonitor.yaml | 33 - bitnami/metallb/templates/networkpolicy.yaml | 34 - .../templates/prometheus/metallb.alerts.yaml | 33 - bitnami/metallb/templates/rbac.yaml | 48 - .../metallb/templates/speaker/daemonset.yaml | 128 - bitnami/metallb/templates/speaker/psp.yaml | 41 - bitnami/metallb/templates/speaker/rbac.yaml | 102 - bitnami/metallb/templates/speaker/secret.yaml | 19 - .../metallb/templates/speaker/service.yaml | 24 - .../templates/speaker/serviceaccount.yaml | 14 - .../templates/speaker/servicemonitor.yaml | 33 - bitnami/metallb/values.yaml | 496 -- bitnami/metrics-server/Chart.lock | 6 - bitnami/metrics-server/Chart.yaml | 26 - bitnami/metrics-server/README.md | 201 - bitnami/metrics-server/ci/ct-values.yaml | 1 - .../metrics-server/ci/values-with-rbac.yaml | 12 - bitnami/metrics-server/templates/NOTES.txt | 30 - bitnami/metrics-server/templates/_helpers.tpl | 56 - .../templates/auth-delegator-crb.yaml | 22 - .../templates/cluster-role.yaml | 50 - .../metrics-server/templates/deployment.yaml | 103 - .../templates/metrics-api-service.yaml | 26 - .../templates/metrics-server-crb.yaml | 21 - bitnami/metrics-server/templates/pdb.yaml | 22 - .../templates/role-binding.yaml | 22 - .../templates/serviceaccount.yaml | 14 - bitnami/metrics-server/templates/svc.yaml | 37 - bitnami/metrics-server/values.yaml | 317 -- bitnami/moodle/.helmignore | 21 - bitnami/moodle/Chart.lock | 9 - bitnami/moodle/Chart.yaml | 28 - bitnami/moodle/README.md | 436 -- bitnami/moodle/templates/NOTES.txt | 95 - bitnami/moodle/templates/_helpers.tpl | 117 - bitnami/moodle/templates/deployment.yaml | 297 -- bitnami/moodle/templates/ingress.yaml | 59 - bitnami/moodle/templates/metrics-svc.yaml | 32 - bitnami/moodle/templates/pv.yaml | 20 - bitnami/moodle/templates/pvc.yaml | 23 - bitnami/moodle/templates/secrets.yaml | 23 - bitnami/moodle/templates/svc.yaml | 44 - bitnami/moodle/templates/tls-secrets.yaml | 19 - bitnami/moodle/values.yaml | 679 --- bitnami/mxnet/.helmignore | 21 - bitnami/mxnet/Chart.lock | 6 - bitnami/mxnet/Chart.yaml | 27 - bitnami/mxnet/README.md | 384 -- bitnami/mxnet/ci/values-production.yaml | 16 - bitnami/mxnet/templates/NOTES.txt | 46 - bitnami/mxnet/templates/_helpers.tpl | 126 - bitnami/mxnet/templates/configmap.yaml | 9 - bitnami/mxnet/templates/deployment-pvc.yaml | 16 - bitnami/mxnet/templates/headless-svc.yaml | 11 - .../mxnet/templates/scheduler-deployment.yaml | 169 - .../mxnet/templates/scheduler-service.yaml | 24 - .../mxnet/templates/server-statefulset.yaml | 209 - .../templates/standalone-deployment.yaml | 179 - .../mxnet/templates/worker-statefulset.yaml | 209 - bitnami/mxnet/values.yaml | 585 --- bitnami/mysql/.helmignore | 21 - bitnami/mysql/Chart.lock | 6 - bitnami/mysql/Chart.yaml | 28 - bitnami/mysql/README.md | 469 -- .../mysql/ci/values-production-with-rbac.yaml | 30 - bitnami/mysql/templates/NOTES.txt | 98 - bitnami/mysql/templates/_helpers.tpl | 158 - bitnami/mysql/templates/metrics-svc.yaml | 29 - bitnami/mysql/templates/networkpolicy.yaml | 38 - .../mysql/templates/primary/configmap.yaml | 18 - .../primary/initialization-configmap.yaml | 11 - bitnami/mysql/templates/primary/pdb.yaml | 25 - .../mysql/templates/primary/statefulset.yaml | 368 -- .../mysql/templates/primary/svc-headless.yaml | 24 - bitnami/mysql/templates/primary/svc.yaml | 41 - bitnami/mysql/templates/role.yaml | 21 - bitnami/mysql/templates/rolebinding.yaml | 21 - .../mysql/templates/secondary/configmap.yaml | 18 - bitnami/mysql/templates/secondary/pdb.yaml | 25 - .../templates/secondary/statefulset.yaml | 338 -- .../templates/secondary/svc-headless.yaml | 26 - bitnami/mysql/templates/secondary/svc.yaml | 43 - bitnami/mysql/templates/secrets.yaml | 39 - bitnami/mysql/templates/serviceaccount.yaml | 22 - bitnami/mysql/templates/servicemonitor.yaml | 42 - bitnami/mysql/values.schema.json | 178 - bitnami/mysql/values.yaml | 1020 ---- bitnami/nats/.helmignore | 21 - bitnami/nginx-ingress-controller/.helmignore | 21 - bitnami/nginx-ingress-controller/Chart.lock | 6 - bitnami/nginx-ingress-controller/Chart.yaml | 29 - bitnami/nginx-ingress-controller/README.md | 407 -- .../ci/ct-values.yaml | 2 - .../ci/values-production-with-psp.yaml | 13 - .../templates/NOTES.txt | 90 - .../templates/_helpers.tpl | 86 - .../templates/addheaders-configmap.yaml | 16 - .../templates/clusterrole.yaml | 80 - .../templates/clusterrolebinding.yaml | 22 - .../templates/controller-configmap.yaml | 28 - .../templates/controller-daemonset.yaml | 221 - .../templates/controller-deployment.yaml | 211 - .../templates/controller-hpa.yaml | 35 - .../templates/controller-metrics-service.yaml | 32 - .../controller-poddisruptionbudget.yaml | 25 - .../templates/controller-prometheusrules.yaml | 28 - .../templates/controller-service.yaml | 89 - .../templates/controller-servicemonitor.yaml | 38 - .../templates/default-backend-configmap.yaml | 18 - .../templates/default-backend-deployment.yaml | 104 - .../default-backend-poddisruptionbudget.yaml | 25 - .../templates/default-backend-service.yaml | 30 - .../templates/dh-param-secret.yaml | 16 - .../templates/extra-list.yaml | 4 - .../templates/podsecuritypolicy.yaml | 49 - .../templates/proxyheaders-configmap.yaml | 21 - .../templates/role.yaml | 91 - .../templates/rolebinding.yaml | 22 - .../templates/serviceaccount.yaml | 20 - .../templates/tcp-configmap.yaml | 16 - .../templates/udp-configmap.yaml | 16 - bitnami/nginx-ingress-controller/values.yaml | 804 --- bitnami/nginx/.helmignore | 21 - bitnami/nginx/Chart.yaml | 28 - bitnami/nginx/ci/ct-values.yaml | 2 - bitnami/nginx/templates/extra-list.yaml | 4 - bitnami/node-exporter/.helmignore | 21 - bitnami/node/.helmignore | 21 - bitnami/node/Chart.lock | 9 - bitnami/node/Chart.yaml | 31 - bitnami/node/README.md | 426 -- .../values-with-ingress-and-persistence.yaml | 9 - bitnami/node/templates/NOTES.txt | 36 - bitnami/node/templates/_helpers.tpl | 85 - bitnami/node/templates/deployment.yaml | 248 - bitnami/node/templates/extra-list.yaml | 4 - bitnami/node/templates/ingress.yaml | 59 - bitnami/node/templates/mongodb-binding.yaml | 17 - bitnami/node/templates/pvc.yaml | 22 - bitnami/node/templates/svc.yaml | 36 - bitnami/node/values.yaml | 548 -- bitnami/oauth2-proxy/.helmignore | 21 - .../oauth2-proxy/templates/extra-list.yaml | 4 - bitnami/odoo/.helmignore | 21 - bitnami/odoo/Chart.lock | 9 - bitnami/odoo/Chart.yaml | 30 - bitnami/odoo/README.md | 504 -- bitnami/odoo/ci/ct-values.yaml | 2 - bitnami/odoo/ci/values-hpa-pdb.yaml | 4 - bitnami/odoo/templates/NOTES.txt | 64 - bitnami/odoo/templates/_helpers.tpl | 137 - bitnami/odoo/templates/deployment.yaml | 263 - .../odoo/templates/externaldb-secrets.yaml | 18 - bitnami/odoo/templates/extra-list.yaml | 4 - bitnami/odoo/templates/ingress.yaml | 59 - bitnami/odoo/templates/pvc.yaml | 30 - bitnami/odoo/templates/secrets.yaml | 28 - bitnami/odoo/templates/serviceaccount.yaml | 14 - bitnami/odoo/templates/svc.yaml | 46 - bitnami/odoo/templates/tls-secrets.yaml | 44 - bitnami/odoo/values.yaml | 643 --- bitnami/opencart/.helmignore | 21 - bitnami/opencart/Chart.lock | 9 - bitnami/opencart/Chart.yaml | 32 - bitnami/opencart/README.md | 436 -- bitnami/opencart/ci/ct-values.yaml | 2 - bitnami/opencart/templates/NOTES.txt | 114 - bitnami/opencart/templates/_helpers.tpl | 144 - bitnami/opencart/templates/deployment.yaml | 308 -- .../templates/externaldb-secrets.yaml | 10 - bitnami/opencart/templates/extra-list.yaml | 4 - bitnami/opencart/templates/ingress.yaml | 56 - bitnami/opencart/templates/pv.yaml | 20 - bitnami/opencart/templates/pvc.yaml | 23 - bitnami/opencart/templates/secrets.yaml | 23 - bitnami/opencart/templates/svc.yaml | 44 - bitnami/opencart/templates/tls-secrets.yaml | 19 - bitnami/opencart/values.yaml | 666 --- bitnami/orangehrm/.helmignore | 21 - bitnami/orangehrm/Chart.lock | 9 - bitnami/orangehrm/Chart.yaml | 34 - bitnami/orangehrm/README.md | 509 -- bitnami/orangehrm/ci/ct-values.yaml | 2 - bitnami/orangehrm/templates/NOTES.txt | 75 - bitnami/orangehrm/templates/_helpers.tpl | 135 - bitnami/orangehrm/templates/deployment.yaml | 348 -- .../templates/externaldb-secrets.yaml | 10 - bitnami/orangehrm/templates/extra-list.yaml | 4 - bitnami/orangehrm/templates/ingress.yaml | 56 - bitnami/orangehrm/templates/pv.yaml | 20 - bitnami/orangehrm/templates/pvc.yaml | 23 - bitnami/orangehrm/templates/secrets.yaml | 21 - bitnami/orangehrm/templates/svc.yaml | 53 - bitnami/orangehrm/templates/tls-secrets.yaml | 43 - bitnami/orangehrm/values.yaml | 681 --- bitnami/osclass/.helmignore | 21 - bitnami/osclass/Chart.lock | 9 - bitnami/osclass/Chart.yaml | 34 - bitnami/osclass/README.md | 500 -- .../ci/values-with-host-and-ingress.yaml | 17 - bitnami/osclass/templates/NOTES.txt | 82 - bitnami/osclass/templates/_helpers.tpl | 128 - bitnami/osclass/templates/deployment.yaml | 291 -- .../osclass/templates/externaldb-secrets.yaml | 10 - bitnami/osclass/templates/extra-list.yaml | 4 - bitnami/osclass/templates/hpa.yaml | 34 - bitnami/osclass/templates/ingress.yaml | 56 - bitnami/osclass/templates/metrics-svc.yaml | 32 - bitnami/osclass/templates/osclass-pvc.yaml | 27 - bitnami/osclass/templates/pdb.yaml | 23 - bitnami/osclass/templates/secrets.yaml | 24 - bitnami/osclass/templates/svc.yaml | 45 - bitnami/osclass/templates/tls-secrets.yaml | 44 - bitnami/osclass/values.yaml | 824 --- bitnami/owncloud/.helmignore | 21 - bitnami/owncloud/ci/ct-values.yaml | 9 - bitnami/owncloud/templates/_certificates.tpl | 123 - .../templates/externaldb-secrets.yaml | 17 - bitnami/owncloud/templates/extra-list.yaml | 4 - bitnami/owncloud/templates/metrics-svc.yaml | 32 - bitnami/owncloud/templates/svc.yaml | 46 - bitnami/parse/.helmignore | 21 - bitnami/parse/ci/ct-values.yaml | 2 - bitnami/parse/templates/extra-list.yaml | 4 - bitnami/phabricator/.helmignore | 21 - bitnami/phabricator/ci/ct-values.yaml | 9 - bitnami/phabricator/templates/extra-list.yaml | 4 - bitnami/phabricator/templates/ingress.yaml | 59 - bitnami/phpbb/.helmignore | 21 - bitnami/phpbb/Chart.lock | 9 - bitnami/phpbb/Chart.yaml | 29 - bitnami/phpbb/README.md | 412 -- bitnami/phpbb/ci/ct-values.yaml | 2 - bitnami/phpbb/templates/NOTES.txt | 87 - bitnami/phpbb/templates/_helpers.tpl | 114 - bitnami/phpbb/templates/deployment.yaml | 237 - .../phpbb/templates/externaldb-secrets.yaml | 17 - bitnami/phpbb/templates/extra-list.yaml | 4 - bitnami/phpbb/templates/ingress.yaml | 57 - bitnami/phpbb/templates/phpbb-pvc.yaml | 24 - bitnami/phpbb/templates/secrets.yaml | 22 - bitnami/phpbb/templates/svc.yaml | 34 - bitnami/phpbb/templates/tls-secrets.yaml | 20 - bitnami/phpbb/values.yaml | 586 --- bitnami/phpmyadmin/.helmignore | 21 - bitnami/phpmyadmin/Chart.lock | 9 - bitnami/phpmyadmin/Chart.yaml | 32 - bitnami/phpmyadmin/README.md | 442 -- .../ci/metrics-and-ingress-values.yaml | 8 - bitnami/phpmyadmin/templates/NOTES.txt | 64 - bitnami/phpmyadmin/templates/_helpers.tpl | 70 - bitnami/phpmyadmin/templates/certs.yaml | 24 - bitnami/phpmyadmin/templates/deployment.yaml | 205 - bitnami/phpmyadmin/templates/extra-list.yaml | 4 - bitnami/phpmyadmin/templates/ingress.yaml | 58 - bitnami/phpmyadmin/templates/metrics-svc.yaml | 32 - bitnami/phpmyadmin/templates/service.yaml | 51 - .../phpmyadmin/templates/servicemonitor.yaml | 47 - bitnami/phpmyadmin/templates/tls-secrets.yaml | 43 - bitnami/phpmyadmin/values.yaml | 516 -- bitnami/postgresql-ha/.helmignore | 21 - .../postgresql-ha/templates/extra-list.yaml | 4 - bitnami/postgresql/.helmignore | 21 - bitnami/postgresql/templates/extra-list.yaml | 4 - bitnami/prestashop/.helmignore | 21 - bitnami/prestashop/Chart.lock | 9 - bitnami/prestashop/Chart.yaml | 32 - bitnami/prestashop/README.md | 479 -- bitnami/prestashop/ci/ct-values.yaml | 2 - bitnami/prestashop/templates/NOTES.txt | 115 - bitnami/prestashop/templates/_helpers.tpl | 155 - bitnami/prestashop/templates/deployment.yaml | 334 -- .../templates/externaldb-secrets.yaml | 10 - bitnami/prestashop/templates/extra-list.yaml | 4 - bitnami/prestashop/templates/ingress.yaml | 56 - bitnami/prestashop/templates/pv.yaml | 20 - bitnami/prestashop/templates/pvc.yaml | 23 - bitnami/prestashop/templates/secrets.yaml | 23 - bitnami/prestashop/templates/svc.yaml | 44 - bitnami/prestashop/templates/tls-secrets.yaml | 19 - bitnami/prestashop/values.yaml | 706 --- bitnami/pytorch/.helmignore | 21 - bitnami/pytorch/Chart.lock | 6 - bitnami/pytorch/Chart.yaml | 27 - bitnami/pytorch/README.md | 240 - bitnami/pytorch/ci/values-production.yaml | 6 - bitnami/pytorch/templates/NOTES.txt | 38 - bitnami/pytorch/templates/_helpers.tpl | 79 - bitnami/pytorch/templates/configmap.yaml | 9 - bitnami/pytorch/templates/deployment.yaml | 174 - bitnami/pytorch/templates/headless-svc.yaml | 13 - bitnami/pytorch/templates/pvc.yaml | 16 - bitnami/pytorch/templates/service.yaml | 22 - bitnami/pytorch/templates/statefulset.yaml | 184 - bitnami/pytorch/values.yaml | 333 -- bitnami/rabbitmq-cluster-operator/.helmignore | 21 - .../templates/extra-list.yaml | 4 - bitnami/rabbitmq/.helmignore | 21 - bitnami/rabbitmq/templates/extra-list.yaml | 4 - bitnami/redis-cluster/.helmignore | 21 - .../redis-cluster/templates/extra-list.yaml | 4 - bitnami/redis/.helmignore | 21 - bitnami/redis/img/redis-topology.png | Bin 9709 -> 0 bytes bitnami/redis/templates/extra-list.yaml | 4 - bitnami/redmine/.helmignore | 21 - bitnami/redmine/ci/ct-values.yaml | 2 - bitnami/redmine/templates/extra-list.yaml | 4 - .../redmine/templates/postinit-configmap.yaml | 18 - bitnami/spark/.helmignore | 21 - bitnami/spark/templates/extra-list.yaml | 4 - bitnami/spring-cloud-dataflow/.helmignore | 23 - bitnami/spring-cloud-dataflow/Chart.lock | 15 - bitnami/spring-cloud-dataflow/Chart.yaml | 42 - bitnami/spring-cloud-dataflow/README.md | 666 --- .../spring-cloud-dataflow/templates/NOTES.txt | 108 - .../templates/_helpers.tpl | 391 -- .../templates/externaldb-secrets.yaml | 17 - .../templates/externalrabbitmq-secrets.yaml | 17 - .../templates/extra-list.yaml | 4 - .../prometheus-proxy/deployment.yaml | 62 - .../templates/prometheus-proxy/hpa.yaml | 35 - .../templates/prometheus-proxy/pdb.yaml | 25 - .../templates/prometheus-proxy/service.yaml | 32 - .../servicemonitor-metrics.yaml | 42 - .../spring-cloud-dataflow/templates/role.yaml | 80 - .../templates/rolebinding.yaml | 22 - .../templates/scripts-configmap.yaml | 47 - .../templates/server/configmap.yaml | 103 - .../templates/server/deployment.yaml | 238 - .../templates/server/hpa.yaml | 35 - .../templates/server/ingress.yaml | 58 - .../templates/server/pdb.yaml | 25 - .../templates/server/service.yaml | 42 - .../templates/server/tls-secret.yaml | 43 - .../templates/serviceaccount.yaml | 18 - .../templates/skipper/configmap.yaml | 101 - .../templates/skipper/deployment.yaml | 209 - .../templates/skipper/hpa.yaml | 35 - .../templates/skipper/pdb.yaml | 25 - .../templates/skipper/service.yaml | 44 - .../spring-cloud-dataflow/values.schema.json | 354 -- bitnami/spring-cloud-dataflow/values.yaml | 1237 ----- bitnami/suitecrm/.helmignore | 21 - bitnami/suitecrm/Chart.lock | 9 - bitnami/suitecrm/Chart.yaml | 32 - bitnami/suitecrm/README.md | 477 -- bitnami/suitecrm/ci/ct-values.yaml | 2 - bitnami/suitecrm/templates/NOTES.txt | 112 - bitnami/suitecrm/templates/_helpers.tpl | 144 - bitnami/suitecrm/templates/deployment.yaml | 316 -- .../templates/externaldb-secrets.yaml | 16 - bitnami/suitecrm/templates/extra-list.yaml | 4 - bitnami/suitecrm/templates/metrics-svc.yaml | 32 - bitnami/suitecrm/templates/pv.yaml | 20 - bitnami/suitecrm/templates/pvc.yaml | 23 - bitnami/suitecrm/templates/secrets.yaml | 23 - bitnami/suitecrm/templates/svc.yaml | 45 - bitnami/suitecrm/templates/tls-secrets.yaml | 19 - bitnami/suitecrm/values.yaml | 696 --- bitnami/tensorflow-resnet/.helmignore | 21 - bitnami/tensorflow-resnet/Chart.lock | 6 - bitnami/tensorflow-resnet/Chart.yaml | 30 - bitnami/tensorflow-resnet/README.md | 199 - bitnami/tensorflow-resnet/ci/ct-values.yaml | 2 - .../ci/values-with-metrics.yaml | 5 - bitnami/tensorflow-resnet/templates/NOTES.txt | 32 - .../tensorflow-resnet/templates/_helpers.tpl | 28 - .../templates/deployment.yaml | 106 - bitnami/tensorflow-resnet/templates/svc.yaml | 31 - bitnami/tensorflow-resnet/values.yaml | 231 - bitnami/testlink/.helmignore | 21 - bitnami/testlink/ci/ct-values.yaml | 2 - .../templates/externaldb-secrets.yaml | 10 - bitnami/testlink/templates/extra-list.yaml | 4 - bitnami/testlink/templates/ingress.yaml | 45 - bitnami/testlink/templates/svc.yaml | 44 - bitnami/testlink/templates/tls-secrets.yaml | 19 - bitnami/thanos/.helmignore | 21 - bitnami/thanos/Chart.lock | 9 - bitnami/thanos/Chart.yaml | 31 - bitnami/thanos/README.md | 1229 ----- ...tweb-compactor-storegateway-and-minio.yaml | 28 - .../ci/values-with-ingress-and-metrics.yaml | 14 - bitnami/thanos/templates/NOTES.txt | 75 - bitnami/thanos/templates/_helpers.tpl | 381 -- .../templates/bucketweb/deployment.yaml | 138 - .../thanos/templates/bucketweb/ingress.yaml | 54 - bitnami/thanos/templates/bucketweb/pdb.yaml | 21 - .../thanos/templates/bucketweb/service.yaml | 44 - .../templates/bucketweb/serviceaccount.yaml | 15 - .../templates/bucketweb/servicemonitor.yaml | 32 - .../templates/bucketweb/tls-secrets.yaml | 18 - .../templates/compactor/deployment.yaml | 159 - .../thanos/templates/compactor/ingress.yaml | 50 - bitnami/thanos/templates/compactor/pvc.yaml | 20 - .../thanos/templates/compactor/service.yaml | 44 - .../templates/compactor/serviceaccount.yaml | 15 - .../templates/compactor/servicemonitor.yaml | 32 - bitnami/thanos/templates/objstore-secret.yaml | 21 - bitnami/thanos/templates/prometheusrule.yaml | 23 - .../templates/query-frontend/configmap.yaml | 14 - .../templates/query-frontend/deployment.yaml | 139 - .../thanos/templates/query-frontend/hpa.yaml | 31 - .../templates/query-frontend/ingress.yaml | 54 - .../thanos/templates/query-frontend/pdb.yaml | 21 - .../query-frontend/psp-clusterrole.yaml | 17 - .../psp-clusterrolebinding.yaml | 20 - .../thanos/templates/query-frontend/psp.yaml | 25 - .../templates/query-frontend/service.yaml | 45 - .../query-frontend/serviceaccount.yaml | 15 - .../query-frontend/servicemonitor.yaml | 32 - .../templates/query-frontend/tls-secrets.yaml | 18 - .../thanos/templates/query/deployment.yaml | 241 - bitnami/thanos/templates/query/hpa.yaml | 32 - .../thanos/templates/query/ingress-grpc.yaml | 52 - bitnami/thanos/templates/query/ingress.yaml | 55 - bitnami/thanos/templates/query/pdb.yaml | 22 - .../templates/query/psp-clusterrole.yaml | 18 - .../query/psp-clusterrolebinding.yaml | 21 - bitnami/thanos/templates/query/psp.yaml | 26 - .../thanos/templates/query/sd-configmap.yaml | 15 - bitnami/thanos/templates/query/service.yaml | 55 - .../templates/query/serviceaccount.yaml | 16 - .../templates/query/servicemonitor.yaml | 33 - .../templates/query/tls-client-secret.yaml | 23 - .../thanos/templates/query/tls-secrets.yaml | 19 - .../templates/query/tls-server-secret.yaml | 19 - .../thanos/templates/receive/configmap.yaml | 14 - .../thanos/templates/receive/distributor.yaml | 153 - bitnami/thanos/templates/receive/hpa.yaml | 31 - bitnami/thanos/templates/receive/ingress.yaml | 63 - bitnami/thanos/templates/receive/pdb.yaml | 21 - .../templates/receive/service-headless.yaml | 25 - bitnami/thanos/templates/receive/service.yaml | 67 - .../templates/receive/serviceaccount.yaml | 15 - .../templates/receive/servicemonitor.yaml | 32 - .../thanos/templates/receive/statefulset.yaml | 189 - .../thanos/templates/receive/tls-secrets.yaml | 18 - .../templates/receive/tls-server-secret.yaml | 16 - bitnami/thanos/templates/ruler/configmap.yaml | 14 - bitnami/thanos/templates/ruler/ingress.yaml | 54 - bitnami/thanos/templates/ruler/pdb.yaml | 21 - bitnami/thanos/templates/ruler/secret.yaml | 14 - .../templates/ruler/service-headless.yaml | 25 - bitnami/thanos/templates/ruler/service.yaml | 57 - .../templates/ruler/serviceaccount.yaml | 15 - .../templates/ruler/servicemonitor.yaml | 33 - .../thanos/templates/ruler/statefulset.yaml | 214 - .../templates/storegateway/configmap.yaml | 14 - .../thanos/templates/storegateway/hpa.yaml | 31 - .../templates/storegateway/ingress.yaml | 50 - .../thanos/templates/storegateway/pdb.yaml | 21 - .../storegateway/service-headless.yaml | 25 - .../storegateway/service-sharded.yaml | 71 - .../templates/storegateway/service.yaml | 57 - .../storegateway/serviceaccount.yaml | 15 - .../storegateway/servicemonitor.yaml | 33 - .../storegateway/statefulset-sharded.yaml | 258 - .../templates/storegateway/statefulset.yaml | 219 - .../storegateway/tls-server-secret.yaml | 16 - bitnami/thanos/templates/tls-auto-secret.yaml | 25 - bitnami/thanos/values.yaml | 3083 ------------ bitnami/tomcat/.helmignore | 21 - bitnami/tomcat/Chart.lock | 6 - bitnami/tomcat/Chart.yaml | 29 - bitnami/tomcat/README.md | 315 -- bitnami/tomcat/ci/ct-values.yaml | 2 - ...alues-with-ingress-and-initcontainers.yaml | 10 - bitnami/tomcat/templates/NOTES.txt | 53 - bitnami/tomcat/templates/_helpers.tpl | 36 - bitnami/tomcat/templates/_pod.tpl | 132 - bitnami/tomcat/templates/deployment.yaml | 29 - bitnami/tomcat/templates/extra-list.yaml | 4 - bitnami/tomcat/templates/ingress.yaml | 56 - bitnami/tomcat/templates/pvc.yaml | 23 - bitnami/tomcat/templates/secrets.yaml | 19 - bitnami/tomcat/templates/statefulset.yaml | 49 - bitnami/tomcat/templates/svc-headless.yaml | 24 - bitnami/tomcat/templates/svc.yaml | 36 - bitnami/tomcat/templates/tls-secrets.yaml | 43 - bitnami/tomcat/values.yaml | 480 -- .../wavefront-adapter-for-istio/Chart.lock | 9 - .../wavefront-adapter-for-istio/Chart.yaml | 33 - bitnami/wavefront-adapter-for-istio/README.md | 219 - .../ci/values-external.yaml | 6 - .../templates/NOTES.txt | 20 - .../templates/_helpers.tpl | 87 - .../templates/deployment.yaml | 149 - .../templates/extra-list.yaml | 4 - .../templates/istio/adapter.yaml | 23 - .../templates/istio/attribute-manifests.yaml | 187 - .../templates/istio/handler.yaml | 93 - .../templates/istio/instance-http.yaml | 117 - .../templates/istio/instance-tcp.yaml | 117 - .../templates/istio/metric-template.yaml | 19 - .../templates/istio/rule-http.yaml | 25 - .../templates/istio/rule-tcp.yaml | 60 - .../templates/service.yaml | 36 - .../wavefront-adapter-for-istio/values.yaml | 452 -- bitnami/wavefront-hpa-adapter/Chart.lock | 6 - bitnami/wavefront-hpa-adapter/Chart.yaml | 28 - bitnami/wavefront-hpa-adapter/README.md | 189 - bitnami/wavefront-hpa-adapter/ci/rules.yaml | 2 - .../wavefront-hpa-adapter/templates/NOTES.txt | 20 - .../templates/_helpers.tpl | 50 - ...r-auth-delegator-cluster-role-binding.yaml | 23 - ...cs-apiserver-auth-reader-role-binding.yaml | 23 - .../custom-metrics-apiserver-deployment.yaml | 170 - ...-resource-reader-cluster-role-binding.yaml | 23 - ...tom-metrics-apiserver-service-account.yaml | 15 - .../custom-metrics-apiserver-service.yaml | 36 - .../templates/custom-metrics-apiservice.yaml | 24 - .../custom-metrics-cluster-role.yaml | 18 - .../templates/custom-metrics-configmap.yaml | 18 - ...-metrics-resource-reader-cluster-role.yaml | 34 - .../external-metrics-apiservice.yaml | 24 - .../external-metrics-cluster-role.yaml | 20 - .../templates/extra-list.yaml | 4 - ...a-custom-metrics-cluster-role-binding.yaml | 23 - ...external-metrics-cluster-role-binding.yaml | 23 - bitnami/wavefront-hpa-adapter/values.yaml | 433 -- .../Chart.lock | 9 - .../Chart.yaml | 32 - .../README.md | 206 - .../ci/values-external.yaml | 6 - .../templates/NOTES.txt | 25 - .../templates/_helpers.tpl | 94 - .../templates/deployment.yaml | 146 - .../templates/extra-list.yaml | 4 - .../templates/service.yaml | 36 - .../values.yaml | 423 -- bitnami/wavefront/.helmignore | 21 - bitnami/wavefront/Chart.lock | 9 - bitnami/wavefront/Chart.yaml | 33 - bitnami/wavefront/README.md | 318 -- bitnami/wavefront/templates/NOTES.txt | 9 - bitnami/wavefront/templates/_helpers.tpl | 153 - .../wavefront/templates/api-token-secret.yaml | 17 - .../templates/collector-cluster-role.yaml | 103 - .../collector-clusterrolebinding.yaml | 22 - .../wavefront/templates/collector-config.yaml | 178 - .../templates/collector-daemonset.yaml | 157 - .../templates/collector-deployment.yaml | 138 - .../templates/collector-service-account.yaml | 15 - bitnami/wavefront/templates/extra-list.yaml | 4 - .../templates/podsecuritypolicy.yaml | 39 - .../project-pacific-rolebinding.yaml | 21 - .../wavefront/templates/proxy-deployment.yaml | 204 - .../templates/proxy-preprocessor-config.yaml | 16 - .../wavefront/templates/proxy-service.yaml | 67 - .../wavefront/templates/tkgi-rolebinding.yaml | 15 - bitnami/wavefront/values.yaml | 771 --- bitnami/wildfly/.helmignore | 21 - bitnami/wildfly/Chart.lock | 6 - bitnami/wildfly/Chart.yaml | 29 - bitnami/wildfly/README.md | 327 -- bitnami/wildfly/ci/ct-values.yaml | 2 - ...alues-with-ingress-and-initcontainers.yaml | 15 - bitnami/wildfly/templates/NOTES.txt | 78 - bitnami/wildfly/templates/_helpers.tpl | 29 - bitnami/wildfly/templates/deployment.yaml | 158 - bitnami/wildfly/templates/extra-list.yaml | 4 - bitnami/wildfly/templates/ingress.yaml | 62 - .../wildfly/templates/management-ingress.yaml | 62 - bitnami/wildfly/templates/pvc.yaml | 23 - bitnami/wildfly/templates/secrets.yaml | 19 - bitnami/wildfly/templates/svc.yaml | 52 - bitnami/wildfly/templates/tls-secrets.yaml | 86 - bitnami/wildfly/values.yaml | 551 -- bitnami/wordpress/.helmignore | 21 - bitnami/wordpress/ci/ct-values.yaml | 2 - bitnami/wordpress/ci/values-hpa-pdb.yaml | 4 - bitnami/wordpress/templates/extra-list.yaml | 4 - bitnami/wordpress/templates/hpa.yaml | 34 - bitnami/wordpress/templates/pdb.yaml | 23 - .../wordpress/templates/servicemonitor.yaml | 39 - bitnami/zookeeper/.helmignore | 21 - bitnami/zookeeper/templates/extra-list.yaml | 4 - metadata/artifacthub-pkg.yml | 59 - {bitnami => riftbit}/airflow/.helmignore | 0 {bitnami => riftbit}/airflow/Chart.lock | 0 {bitnami => riftbit}/airflow/Chart.yaml | 0 {bitnami => riftbit}/airflow/README.md | 0 .../ci/values-production-with-config.yaml | 0 .../airflow/files/dags/README.md | 0 .../airflow/templates/NOTES.txt | 0 .../airflow/templates/_git_helpers.tpl | 0 .../airflow/templates/_helpers.tpl | 0 .../airflow/templates/config/configmap.yaml | 0 .../templates/config/secret-external-db.yaml | 0 .../config/secret-external-redis.yaml | 0 .../airflow/templates/config/secret-ldap.yaml | 0 .../airflow/templates/config/secret.yaml | 0 .../airflow/templates/extradeploy.yaml | 0 .../airflow/templates/metrics/deployment.yaml | 0 .../airflow/templates/metrics/service.yaml | 0 .../templates/metrics/servicemonitor.yaml | 0 .../airflow/templates/rbac/role.yaml | 0 .../airflow/templates/rbac/rolebinding.yaml | 0 .../templates/rbac/serviceaccount.yaml | 0 .../templates/scheduler/deployment.yaml | 0 .../templates/scheduler/networkpolicy.yaml | 0 .../scheduler/poddisruptionbudget.yaml | 0 .../templates/scheduler/service-headless.yaml | 0 .../airflow/templates/web/deployment.yaml | 0 .../airflow/templates/web/ingress.yaml | 0 .../templates/web/poddisruptionbudget.yaml | 0 .../airflow/templates/web/service.yaml | 0 .../worker/horizontalpodautoscaler.yaml | 0 .../templates/worker/networkpolicy.yaml | 0 .../templates/worker/poddisruptionbudget.yaml | 0 .../templates/worker/service-headless.yaml | 0 .../airflow/templates/worker/statefulset.yaml | 0 {bitnami => riftbit}/airflow/values.yaml | 0 {bitnami => riftbit}/argo-cd/.helmignore | 0 {bitnami => riftbit}/argo-cd/Chart.lock | 0 {bitnami => riftbit}/argo-cd/Chart.yaml | 0 {bitnami => riftbit}/argo-cd/README.md | 0 .../argo-cd/crds/application.yaml | 0 .../argo-cd/crds/project.yaml | 0 .../argo-cd/templates/NOTES.txt | 0 .../argo-cd/templates/_helpers.tpl | 0 .../application-controller/clusterrole.yaml | 0 .../clusterrolebinding.yaml | 0 .../application-controller/deployment.yaml | 0 .../application-controller/metrics-svc.yaml | 0 .../prometheus-rule.yaml | 0 .../application-controller/role.yaml | 0 .../application-controller/rolebinding.yaml | 0 .../service-account.yaml | 0 .../application-controller/service.yaml | 0 .../servicemonitor.yaml | 0 .../argo-cd/templates/argocd-cm.yaml | 0 .../argo-cd/templates/argocd-secret.yaml | 0 .../argo-cd/templates/cluster-configs.yaml | 0 .../argo-cd/templates/dex/deployment.yaml | 0 .../argo-cd/templates/dex/metrics-svc.yaml | 0 .../argo-cd/templates/dex/role.yaml | 0 .../argo-cd/templates/dex/rolebinding.yaml | 0 .../templates/dex/service-account.yaml | 0 .../argo-cd/templates/dex/service.yaml | 0 .../argo-cd/templates/dex/servicemonitor.yaml | 0 .../argo-cd/templates/extra-list.yaml | 0 .../argo-cd/templates/known-hosts-cm.yaml | 0 .../templates/repo-server/deployment.yaml | 0 .../argo-cd/templates/repo-server/hpa.yaml | 0 .../templates/repo-server/metrics-svc.yaml | 0 .../repository-credentials-secret.yaml | 0 .../argo-cd/templates/repo-server/role.yaml | 0 .../templates/repo-server/rolebinding.yaml | 0 .../repo-server/service-account.yaml | 0 .../templates/repo-server/service.yaml | 0 .../templates/repo-server/servicemonitor.yaml | 0 .../argo-cd/templates/server/clusterrole.yaml | 0 .../templates/server/clusterrolebinding.yaml | 0 .../argo-cd/templates/server/deployment.yaml | 0 .../templates/server/grpc-tls-secret.yaml | 0 .../argo-cd/templates/server/hpa.yaml | 0 .../templates/server/ingress-grcp.yaml | 0 .../argo-cd/templates/server/ingress.yaml | 0 .../argo-cd/templates/server/metrics-svc.yaml | 0 .../argo-cd/templates/server/role.yaml | 0 .../argo-cd/templates/server/rolebinding.yaml | 0 .../templates/server/service-account.yaml | 0 .../argo-cd/templates/server/service.yaml | 0 .../templates/server/servicemonitor.yaml | 0 .../argo-cd/templates/server/tls-secret.yaml | 0 .../argo-cd/templates/styles-cm.yaml | 0 .../argo-cd/templates/tls-certs-cm.yaml | 0 {bitnami => riftbit}/argo-cd/values.yaml | 0 .../apache => riftbit/cassandra}/.helmignore | 0 {bitnami => riftbit}/cassandra/Chart.lock | 0 {bitnami => riftbit}/cassandra/Chart.yaml | 0 {bitnami => riftbit}/cassandra/README.md | 0 .../ci/values-volume-permissions.yaml | 0 .../cassandra/templates/NOTES.txt | 0 .../cassandra/templates/_helpers.tpl | 0 .../cassandra/templates/cassandra-secret.yaml | 0 .../cassandra}/templates/extra-list.yaml | 0 .../cassandra/templates/headless-svc.yaml | 0 .../cassandra/templates/networkpolicy.yaml | 0 .../cassandra/templates/pdb.yaml | 0 .../cassandra/templates/service.yaml | 0 .../cassandra/templates/serviceaccount.yaml | 0 .../cassandra/templates/servicemonitor.yaml | 0 .../cassandra/templates/statefulset.yaml | 0 .../cassandra/templates/tls-secret.yaml | 0 {bitnami => riftbit}/cassandra/values.yaml | 0 .../cert-manager}/.helmignore | 0 {bitnami => riftbit}/cert-manager/Chart.lock | 0 {bitnami => riftbit}/cert-manager/Chart.yaml | 0 {bitnami => riftbit}/cert-manager/README.md | 0 .../cert-manager/templates/NOTES.txt | 0 .../cert-manager/templates/_helpers.tpl | 0 .../templates/cainjector/deployment.yaml | 0 .../templates/cainjector/rbac.yaml | 0 .../templates/cainjector/serviceaccount.yaml | 0 .../templates/controller/deployment.yaml | 0 .../templates/controller/rbac.yaml | 0 .../templates/controller/service.yaml | 0 .../templates/controller/serviceaccount.yaml | 0 .../templates/controller/servicemonitor.yaml | 0 .../crds/crd-certificaterequests.yaml | 0 .../templates/crds/crd-certificates.yaml | 0 .../templates/crds/crd-challenges.yaml | 0 .../templates/crds/crd-clusterissuers.yaml | 0 .../templates/crds/crd-issuers.yaml | 0 .../templates/crds/crd-orders.yaml | 0 .../cert-manager}/templates/extra-list.yaml | 0 .../templates/webhook/deployment.yaml | 0 .../cert-manager/templates/webhook/rbac.yaml | 0 .../templates/webhook/service.yaml | 0 .../templates/webhook/serviceaccount.yaml | 0 {bitnami => riftbit}/cert-manager/values.yaml | 0 {bitnami => riftbit}/common/.helmignore | 0 {bitnami => riftbit}/common/Chart.yaml | 8 +- {bitnami => riftbit}/common/README.md | 4 +- .../common/templates/_affinities.tpl | 0 .../common/templates/_capabilities.tpl | 0 .../common/templates/_errors.tpl | 0 .../common/templates/_images.tpl | 0 .../common/templates/_ingress.tpl | 0 .../common/templates/_labels.tpl | 0 .../common/templates/_names.tpl | 0 .../common/templates/_secrets.tpl | 0 .../common/templates/_storage.tpl | 0 .../common/templates/_tplvalues.tpl | 0 .../common/templates/_utils.tpl | 0 .../common/templates/_warnings.tpl | 0 .../templates/validations/_cassandra.tpl | 0 .../common/templates/validations/_mariadb.tpl | 0 .../common/templates/validations/_mongodb.tpl | 0 .../templates/validations/_postgresql.tpl | 0 .../common/templates/validations/_redis.tpl | 0 .../templates/validations/_validations.tpl | 0 {bitnami => riftbit}/common/values.yaml | 0 .../concourse}/.helmignore | 0 {bitnami => riftbit}/concourse/Chart.lock | 0 {bitnami => riftbit}/concourse/Chart.yaml | 0 {bitnami => riftbit}/concourse/README.md | 0 .../concourse/templates/NOTES.txt | 0 .../concourse/templates/_helpers.tpl | 0 .../templates/config/secret-external-db.yaml | 0 .../concourse}/templates/extra-list.yaml | 0 .../concourse/templates/web/configmap.yaml | 0 .../concourse/templates/web/deployment.yaml | 0 .../templates/web/gateway-service.yaml | 0 .../concourse/templates/web/ingress.yaml | 0 .../templates/web/podsecuritypolicy.yaml | 0 .../concourse/templates/web/rbac.yaml | 0 .../concourse/templates/web/secret.yaml | 0 .../templates/web/service-account.yaml | 0 .../concourse/templates/web/service.yaml | 0 .../concourse/templates/web/tls-secrets.yaml | 0 .../templates/worker/deployment.yaml | 0 .../worker/horizontalpodautoscaler.yaml | 0 .../templates/worker/poddisruptionbudget.yaml | 0 .../templates/worker/podsecuritypolicy.yaml | 0 .../concourse/templates/worker/rbac.yaml | 0 .../concourse/templates/worker/secret.yaml | 0 .../templates/worker/service-account.yaml | 0 .../concourse/templates/worker/service.yaml | 0 .../templates/worker/statefulset.yaml | 0 {bitnami => riftbit}/concourse/values.yaml | 0 .../consul}/.helmignore | 0 {bitnami => riftbit}/consul/Chart.lock | 0 {bitnami => riftbit}/consul/Chart.yaml | 0 {bitnami => riftbit}/consul/README.md | 0 .../consul}/ci/values-ingress.yaml | 0 .../consul/templates/NOTES.txt | 0 .../consul/templates/_helpers.tpl | 0 .../consul/templates/configmap.yaml | 0 .../templates/consul-headless-service.yaml | 0 .../consul}/templates/extra-list.yaml | 0 .../consul/templates/gossip-secret.yaml | 0 .../consul/templates/ingress.yaml | 0 .../consul/templates/metrics-svc.yaml | 0 .../consul/templates/pdb.yaml | 0 .../consul/templates/service.yaml | 0 .../consul/templates/servicemonitor.yaml | 0 .../consul/templates/statefulset.yaml | 0 .../consul/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/consul/values.yaml | 0 {bitnami => riftbit}/discourse/.helmignore | 0 {bitnami => riftbit}/discourse/Chart.lock | 0 {bitnami => riftbit}/discourse/Chart.yaml | 0 {bitnami => riftbit}/discourse/README.md | 0 .../discourse/templates/NOTES.txt | 0 .../discourse/templates/_helpers.tpl | 0 .../discourse/templates/configmaps.yaml | 0 .../discourse/templates/deployment.yaml | 0 .../discourse/templates/ingress.yaml | 0 .../discourse/templates/pvc.yaml | 0 .../discourse/templates/secrets-database.yaml | 0 .../templates/secrets-discourse.yaml | 0 .../discourse/templates/secrets-redis.yaml | 0 .../discourse/templates/service.yaml | 0 .../discourse/templates/serviceaccount.yaml | 0 .../discourse/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/discourse/values.yaml | 0 .../dokuwiki}/.helmignore | 0 {bitnami => riftbit}/dokuwiki/Chart.lock | 0 {bitnami => riftbit}/dokuwiki/Chart.yaml | 0 {bitnami => riftbit}/dokuwiki/README.md | 0 .../dokuwiki/ci/ct-values.yaml | 0 .../dokuwiki/templates/NOTES.txt | 0 .../dokuwiki/templates/_helpers.tpl | 0 .../dokuwiki/templates/deployment.yaml | 0 .../dokuwiki/templates/dokuwiki-pvc.yaml | 0 .../dokuwiki}/templates/extra-list.yaml | 0 .../dokuwiki/templates/ingress.yaml | 0 .../dokuwiki/templates/secrets.yaml | 0 .../dokuwiki/templates/svc.yaml | 0 .../dokuwiki/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/dokuwiki/values.yaml | 0 .../elasticsearch}/.helmignore | 0 {bitnami => riftbit}/elasticsearch/Chart.lock | 0 {bitnami => riftbit}/elasticsearch/Chart.yaml | 0 {bitnami => riftbit}/elasticsearch/README.md | 0 .../elasticsearch/ci/ct-values.yaml | 0 .../elasticsearch/templates/NOTES.txt | 0 .../elasticsearch/templates/_helpers.tpl | 0 .../templates/configmap-curator.yaml | 0 .../elasticsearch/templates/configmap-es.yaml | 0 .../templates/configmap-initscripts.yaml | 0 .../templates/coordinating-hpa.yaml | 0 .../templates/coordinating-statefulset.yaml | 0 .../templates/coordinating-svc.yaml | 0 .../elasticsearch/templates/cronjob.yaml | 0 .../elasticsearch/templates/data-hpa.yaml | 0 .../templates/data-statefulset.yaml | 0 .../elasticsearch/templates/data-svc.yaml | 0 .../templates/hooks/job.install.yaml | 0 .../templates/ingest-statefulset.yaml | 0 .../elasticsearch/templates/ingest-svc.yaml | 0 .../elasticsearch/templates/master-hpa.yaml | 0 .../templates/master-statefulset.yaml | 0 .../elasticsearch/templates/master-svc.yaml | 0 .../templates/metrics-deploy.yaml | 0 .../elasticsearch/templates/metrics-svc.yaml | 0 .../templates/podsecuritypolicy.yaml | 0 .../elasticsearch/templates/role.yaml | 0 .../elasticsearch/templates/rolebinding.yaml | 0 .../elasticsearch/templates/secrets.yaml | 0 .../templates/serviceaccount.yaml | 0 .../templates/servicemonitor.yaml | 0 .../elasticsearch/templates/tls-secret.yaml | 0 .../elasticsearch/values.yaml | 0 .../dokuwiki => riftbit/etcd}/.helmignore | 0 {bitnami => riftbit}/etcd/Chart.lock | 0 {bitnami => riftbit}/etcd/Chart.yaml | 0 {bitnami => riftbit}/etcd/README.md | 0 .../etcd/ci/values-disaster-recovery.yaml | 0 .../etcd/ci/values-metrics.yaml | 0 {bitnami => riftbit}/etcd/ci/values-pdb.yaml | 0 {bitnami => riftbit}/etcd/templates/NOTES.txt | 0 .../etcd/templates/_helpers.tpl | 0 .../etcd/templates/configmap.yaml | 0 .../etcd/templates/cronjob.yaml | 0 .../etcd}/templates/extra-list.yaml | 0 .../etcd/templates/networkpolicy.yaml | 0 {bitnami => riftbit}/etcd/templates/pdb.yaml | 0 .../etcd/templates/podmonitor.yaml | 0 .../etcd/templates/secrets.yaml | 0 .../etcd/templates/serviceaccount.yaml | 0 .../etcd/templates/snapshot-pvc.yaml | 0 .../etcd/templates/statefulset.yaml | 0 .../etcd/templates/svc-headless.yaml | 0 {bitnami => riftbit}/etcd/templates/svc.yaml | 0 {bitnami => riftbit}/etcd/values.yaml | 0 .../drupal => riftbit/fluentd}/.helmignore | 0 {bitnami => riftbit}/fluentd/Chart.lock | 0 {bitnami => riftbit}/fluentd/Chart.yaml | 0 {bitnami => riftbit}/fluentd/README.md | 0 .../fluentd/templates/NOTES.txt | 0 .../fluentd/templates/_helpers.tpl | 0 .../templates/aggregator-configmap.yaml | 0 .../fluentd/templates/aggregator-hpa.yaml | 0 .../templates/aggregator-statefulset.yaml | 0 .../templates/aggregator-svc-headless.yaml | 0 .../fluentd/templates/aggregator-svc.yaml | 0 .../fluentd/templates}/extra-list.yaml | 0 .../templates/forwarder-clusterrole.yaml | 0 .../forwarder-clusterrolebinding.yaml | 0 .../templates/forwarder-configmap.yaml | 0 .../templates/forwarder-daemonset.yaml | 0 .../fluentd/templates/forwarder-psp.yaml | 0 .../fluentd/templates/forwarder-svc.yaml | 0 .../fluentd/templates/ingress.yaml | 0 .../fluentd/templates/metrics-svc.yaml | 0 .../fluentd/templates/serviceaccount.yaml | 0 .../fluentd/templates/servicemonitor.yaml | 0 .../fluentd/templates/tls-certs.yaml | 0 {bitnami => riftbit}/fluentd/values.yaml | 0 {bitnami/ejbca => riftbit/ghost}/.helmignore | 0 {bitnami => riftbit}/ghost/Chart.lock | 0 {bitnami => riftbit}/ghost/Chart.yaml | 0 {bitnami => riftbit}/ghost/README.md | 0 .../ghost}/ci/ct-values.yaml | 0 .../ci/values-with-metrics-and-ingress.yaml | 0 .../ghost/templates/NOTES.txt | 0 .../ghost/templates/_helpers.tpl | 0 .../ghost/templates/deployment.yaml | 0 .../ghost/templates/external-db-secrets.yaml | 0 .../ghost}/templates/extra-list.yaml | 0 .../ghost/templates/ingress.yaml | 0 {bitnami => riftbit}/ghost/templates/pvc.yaml | 0 .../ghost/templates/secrets.yaml | 0 {bitnami => riftbit}/ghost/templates/svc.yaml | 0 .../ghost/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/ghost/values.schema.json | 0 {bitnami => riftbit}/ghost/values.yaml | 0 .../grafana-tempo}/.helmignore | 0 {bitnami => riftbit}/grafana-tempo/Chart.lock | 0 {bitnami => riftbit}/grafana-tempo/Chart.yaml | 0 {bitnami => riftbit}/grafana-tempo/README.md | 0 .../grafana-tempo/templates/NOTES.txt | 0 .../grafana-tempo/templates/_helpers.tpl | 0 .../templates/compactor/deployment.yaml | 0 .../templates/compactor/service.yaml | 0 .../templates/compactor/servicemonitor.yaml | 0 .../templates/distributor/deployment.yaml | 0 .../templates/distributor/service.yaml | 0 .../templates/distributor/servicemonitor.yaml | 0 .../grafana-tempo}/templates/extra-list.yaml | 0 .../gossip-ring-headless-service.yaml | 0 .../templates/ingester/service.yaml | 0 .../templates/ingester/servicemonitor.yaml | 0 .../templates/ingester/statefulset.yaml | 0 .../templates/overrides-configmap.yaml | 0 .../templates/querier/deployment.yaml | 0 .../templates/querier/service.yaml | 0 .../templates/querier/servicemonitor.yaml | 0 .../templates/query-frontend/deployment.yaml | 0 .../query-frontend/headless-service.yaml | 0 .../query-frontend/query-configmap.yaml | 0 .../templates/query-frontend/service.yaml | 0 .../query-frontend/servicemonitor.yaml | 0 .../templates/service-account.yaml | 0 .../templates/tempo-configmap.yaml | 0 .../templates/vulture/deployment.yaml | 0 .../templates/vulture/service.yaml | 0 .../templates/vulture/servicemonitor.yaml | 0 .../grafana-tempo/values.yaml | 0 {bitnami => riftbit}/haproxy/Chart.lock | 0 {bitnami => riftbit}/haproxy/Chart.yaml | 0 {bitnami => riftbit}/haproxy/README.md | 0 .../haproxy/templates/NOTES.txt | 0 .../haproxy/templates/_helpers.tpl | 0 .../haproxy/templates/configmap.yaml | 0 .../haproxy/templates/deployment.yaml | 0 .../haproxy}/templates/extra-list.yaml | 0 .../haproxy/templates/hpa.yaml | 0 .../haproxy/templates/pdb.yaml | 0 .../haproxy/templates/service-account.yaml | 0 .../haproxy/templates/service.yaml | 0 {bitnami => riftbit}/haproxy/values.yaml | 0 {bitnami/etcd => riftbit/harbor}/.helmignore | 0 {bitnami => riftbit}/harbor/Chart.lock | 0 {bitnami => riftbit}/harbor/Chart.yaml | 0 {bitnami => riftbit}/harbor/README.md | 0 {bitnami => riftbit}/harbor/cert/tls.crt | 0 {bitnami => riftbit}/harbor/cert/tls.key | 0 .../harbor/ci/values-production.yaml | 0 {bitnami => riftbit}/harbor/conf/clair.yaml | 0 .../harbor/conf/notary-server.json | 0 .../harbor/conf/notary-signer.json | 0 .../harbor/templates/NOTES.txt | 0 .../harbor/templates/_helpers.tpl | 0 .../chartmuseum/chartmuseum-cm-envvars.yaml | 0 .../chartmuseum/chartmuseum-dpl.yaml | 0 .../chartmuseum/chartmuseum-pvc.yaml | 0 .../chartmuseum/chartmuseum-secret.yaml | 0 .../chartmuseum/chartmuseum-svc.yaml | 0 .../harbor/templates/clair/clair-dpl.yaml | 0 .../harbor/templates/clair/clair-secret.yaml | 0 .../harbor/templates/clair/clair-svc.yaml | 0 .../templates/core/core-cm-envvars.yaml | 0 .../harbor/templates/core/core-cm.yaml | 0 .../harbor/templates/core/core-dpl.yaml | 0 .../templates/core/core-secret-envvars.yaml | 0 .../harbor/templates/core/core-secret.yaml | 0 .../harbor/templates/core/core-svc.yaml | 0 .../harbor}/templates/extra-list.yaml | 0 .../harbor/templates/ingress/ingress.yaml | 0 .../harbor/templates/ingress/secret.yaml | 0 .../internal/internal-crt-secret.yaml | 0 .../jobservice/jobservice-cm-envvars.yaml | 0 .../templates/jobservice/jobservice-cm.yaml | 0 .../templates/jobservice/jobservice-dpl.yaml | 0 .../templates/jobservice/jobservice-pvc.yaml | 0 .../jobservice/jobservice-secret-envvars.yaml | 0 .../jobservice/jobservice-secrets.yaml | 0 .../templates/jobservice/jobservice-svc.yaml | 0 .../templates/nginx/configmap-http.yaml | 0 .../templates/nginx/configmap-https.yaml | 0 .../harbor/templates/nginx/deployment.yaml | 0 .../harbor/templates/nginx/secret.yaml | 0 .../harbor/templates/nginx/service.yaml | 0 .../notary/notary-secret-envvars.yaml | 0 .../templates/notary/notary-secret.yaml | 0 .../templates/notary/notary-server.yaml | 0 .../templates/notary/notary-signer.yaml | 0 .../harbor/templates/notary/notary-svc.yaml | 0 .../harbor/templates/portal/portal-cm.yaml | 0 .../harbor/templates/portal/portal-dpl.yaml | 0 .../harbor/templates/portal/portal-svc.yaml | 0 .../templates/registry/registry-cm.yaml | 0 .../templates/registry/registry-dpl.yaml | 0 .../templates/registry/registry-pvc.yaml | 0 .../templates/registry/registry-secret.yaml | 0 .../templates/registry/registry-svc.yaml | 0 .../templates/trivy/trivy-cm-envvars.yaml | 0 .../templates/trivy/trivy-secret-envvars.yaml | 0 .../harbor/templates/trivy/trivy-sts.yaml | 0 .../harbor/templates/trivy/trivy-svc.yaml | 0 {bitnami => riftbit}/harbor/values.yaml | 0 .../influxdb}/.helmignore | 0 {bitnami => riftbit}/influxdb/Chart.lock | 0 {bitnami => riftbit}/influxdb/Chart.yaml | 0 {bitnami => riftbit}/influxdb/README.md | 0 .../influxdb/files/conf/README.md | 0 .../docker-entrypoint-initdb.d/README.md | 0 .../influxdb/templates/NOTES.txt | 0 .../influxdb/templates/_helpers.tpl | 0 .../influxdb/templates/extradeploy.yaml | 0 .../templates/influxdb/configmap-backup.yaml | 0 .../influxdb/configmap-initdb-scripts.yaml | 0 .../templates/influxdb/configmap.yaml | 0 .../templates/influxdb/cronjob-backup.yaml | 0 .../influxdb/deployment-standalone.yaml | 0 .../templates/influxdb/pvc-backup.yaml | 0 .../influxdb/templates/influxdb/pvc.yaml | 0 .../templates/influxdb/secrets-backup.yaml | 0 .../influxdb/templates/influxdb/secrets.yaml | 0 .../templates/influxdb/service-headless.yaml | 0 .../templates/influxdb/service-metrics.yaml | 0 .../influxdb/templates/influxdb/service.yaml | 0 .../templates/influxdb/servicemonitor.yaml | 0 .../statefulset-high-availability.yaml | 0 .../influxdb/templates/ingress.yaml | 0 .../influxdb/templates/networkpolicy.yaml | 0 .../influxdb/templates/relay/configmap.yaml | 0 .../influxdb/templates/relay/deployment.yaml | 0 .../influxdb/templates/relay/service.yaml | 0 .../influxdb/templates/service-collectd.yaml | 0 {bitnami => riftbit}/influxdb/values.yaml | 0 {bitnami => riftbit}/jupyterhub/Chart.lock | 0 {bitnami => riftbit}/jupyterhub/Chart.yaml | 0 {bitnami => riftbit}/jupyterhub/README.md | 0 .../jupyterhub/templates/NOTES.txt | 0 .../jupyterhub/templates/_helpers.tpl | 0 .../jupyterhub}/templates/extra-list.yaml | 0 .../jupyterhub/templates/hub/configmap.yaml | 0 .../jupyterhub/templates/hub/deployment.yaml | 0 .../templates/hub/externaldb-secrets.yaml | 0 .../templates/hub/networkpolicy.yaml | 0 .../jupyterhub/templates/hub/pdb.yaml | 0 .../jupyterhub/templates/hub/role.yaml | 0 .../jupyterhub/templates/hub/rolebinding.yaml | 0 .../jupyterhub/templates/hub/secret.yaml | 0 .../templates/hub/service-account.yaml | 0 .../jupyterhub/templates/hub/service.yaml | 0 .../templates/image-puller/daemonset.yaml | 0 .../templates/proxy/deployment.yaml | 0 .../jupyterhub/templates/proxy/ingress.yaml | 0 .../templates/proxy/networkpolicy.yaml | 0 .../templates/proxy/service-api.yaml | 0 .../templates/proxy/service-public.yaml | 0 .../templates/proxy/tls-secret.yaml | 0 .../templates/singleuser/networkpolicy.yaml | 0 .../templates/singleuser/service-account.yaml | 0 {bitnami => riftbit}/jupyterhub/values.yaml | 0 .../fluentd => riftbit/kafka}/.helmignore | 0 {bitnami => riftbit}/kafka/Chart.lock | 0 {bitnami => riftbit}/kafka/Chart.yaml | 0 {bitnami => riftbit}/kafka/README.md | 0 .../kafka/files/tls/README.md | 0 .../kafka/templates/NOTES.txt | 0 .../kafka/templates/_helpers.tpl | 0 .../kafka/templates/configmap.yaml | 0 .../kafka}/templates/extra-list.yaml | 0 .../kafka/templates/jaas-secret.yaml | 0 .../kafka/templates/jmx-configmap.yaml | 0 .../kafka/templates/jmx-metrics-svc.yaml | 0 .../templates/kafka-metrics-deployment.yaml | 0 .../kafka/templates/kafka-metrics-svc.yaml | 0 .../kafka/templates/kafka-provisioning.yaml | 0 .../kafka/templates/log4j-configmap.yaml | 0 .../kafka/templates/poddisruptionbudget.yaml | 0 .../kafka/templates/role.yaml | 0 .../kafka/templates/rolebinding.yaml | 0 .../kafka/templates/scripts-configmap.yaml | 0 .../kafka/templates/serviceaccount.yaml | 0 .../templates/servicemonitor-jmx-metrics.yaml | 0 .../templates/servicemonitor-metrics.yaml | 0 .../kafka/templates/statefulset.yaml | 0 .../kafka/templates/svc-external-access.yaml | 0 .../kafka/templates/svc-headless.yaml | 0 {bitnami => riftbit}/kafka/templates/svc.yaml | 0 .../kafka/templates/tls-secret.yaml | 0 {bitnami => riftbit}/kafka/values.yaml | 0 {bitnami => riftbit}/keycloak/Chart.lock | 0 {bitnami => riftbit}/keycloak/Chart.yaml | 0 {bitnami => riftbit}/keycloak/README.md | 0 .../keycloak}/ci/ct-values.yaml | 0 .../keycloak/ci/values-ha.yaml | 0 .../keycloak}/ci/values-hpa-pdb.yaml | 0 .../keycloak/ci/values-init-scripts.yaml | 0 .../ci/values-metrics-and-ingress.yaml | 0 .../keycloak/templates/NOTES.txt | 0 .../keycloak/templates/_helpers.tpl | 0 .../templates/configmap-env-vars.yaml | 0 .../keycloak/templates/configmap.yaml | 0 .../keycloak}/templates/extra-list.yaml | 0 .../keycloak/templates/headless-service.yaml | 0 .../keycloak/templates/hpa.yaml | 0 .../keycloak/templates/ingress.yaml | 0 .../templates/init-scripts-configmap.yaml | 0 .../keycloak-config-cli-configmap.yaml | 0 .../templates/keycloak-config-cli-job.yaml | 0 .../keycloak/templates/metrics-service.yaml | 0 .../keycloak/templates/networkpolicy.yaml | 0 .../keycloak/templates/pdb.yaml | 0 .../keycloak/templates/role.yaml | 0 .../keycloak/templates/rolebinding.yaml | 0 .../keycloak/templates/secrets.yaml | 0 .../keycloak/templates/service.yaml | 0 .../keycloak/templates/serviceaccount.yaml | 0 .../keycloak/templates/servicemonitor.yaml | 0 .../keycloak/templates/statefulset.yaml | 0 .../keycloak/templates/tls-secret.yaml | 0 {bitnami => riftbit}/keycloak/values.yaml | 0 riftbit/kroki/Chart.yaml | 6 +- riftbit/kubebox/Chart.yaml | 6 +- .../kubernetes-event-exporter}/.helmignore | 0 .../kubernetes-event-exporter/Chart.lock | 0 .../kubernetes-event-exporter/Chart.yaml | 0 .../kubernetes-event-exporter/README.md | 0 .../templates/_helpers.tpl | 0 .../templates/configmap.yaml | 0 .../templates/deployment.yaml | 0 .../templates/extra-list.yaml | 0 .../templates/rbac.yaml | 0 .../templates/serviceaccount.yaml | 0 .../kubernetes-event-exporter/values.yaml | 0 riftbit/kubeview/Chart.yaml | 6 +- .../ghost => riftbit/kubewatch}/.helmignore | 0 {bitnami => riftbit}/kubewatch/Chart.lock | 0 {bitnami => riftbit}/kubewatch/Chart.yaml | 0 {bitnami => riftbit}/kubewatch/README.md | 0 .../kubewatch/templates/NOTES.txt | 0 .../kubewatch/templates/_helpers.tpl | 0 .../kubewatch/templates/clusterrole.yaml | 0 .../templates/clusterrolebinding.yaml | 0 .../kubewatch/templates/configmap.yaml | 0 .../kubewatch/templates/deployment.yaml | 0 .../kubewatch}/templates/extra-list.yaml | 0 .../kubewatch/templates/serviceaccount.yaml | 0 {bitnami => riftbit}/kubewatch/values.yaml | 0 .../mariadb-galera}/.helmignore | 0 .../mariadb-galera/Chart.lock | 0 .../mariadb-galera/Chart.yaml | 0 {bitnami => riftbit}/mariadb-galera/README.md | 0 .../ci/values-production-with-rbac.yaml | 0 .../docker-entrypoint-initdb.d/README.md | 0 .../mariadb-galera/templates/NOTES.txt | 0 .../mariadb-galera/templates/_helpers.tpl | 0 .../mariadb-galera/templates/configmap.yaml | 0 .../mariadb-galera}/templates/extra-list.yaml | 0 .../templates/headless-svc.yaml | 0 .../templates/initialization-configmap.yaml | 0 .../mariadb-galera/templates/metrics-svc.yaml | 0 .../mariadb-galera/templates/pdb.yaml | 0 .../templates/prometheusrules.yaml | 0 .../mariadb-galera/templates/role.yaml | 0 .../mariadb-galera/templates/rolebinding.yaml | 0 .../mariadb-galera/templates/secrets.yaml | 0 .../templates/serviceaccount.yaml | 0 .../templates/servicemonitor.yaml | 0 .../mariadb-galera/templates/statefulset.yaml | 0 .../mariadb-galera/templates/svc.yaml | 0 .../mariadb-galera/templates/tls-secrets.yaml | 0 .../mariadb-galera/values.schema.json | 0 .../mariadb-galera/values.yaml | 0 .../mariadb}/.helmignore | 0 {bitnami => riftbit}/mariadb/Chart.lock | 0 {bitnami => riftbit}/mariadb/Chart.yaml | 0 {bitnami => riftbit}/mariadb/README.md | 0 ...lues-production-with-rbac-and-metrics.yaml | 0 .../mariadb/templates/NOTES.txt | 0 .../mariadb/templates/_helpers.tpl | 0 .../mariadb}/templates/extra-list.yaml | 0 .../mariadb/templates/primary/configmap.yaml | 0 .../primary/initialization-configmap.yaml | 0 .../mariadb/templates/primary/pdb.yaml | 0 .../templates/primary/statefulset.yaml | 0 .../mariadb/templates/primary/svc.yaml | 0 .../mariadb/templates/role.yaml | 0 .../mariadb/templates/rolebinding.yaml | 0 .../templates/secondary/configmap.yaml | 0 .../mariadb/templates/secondary/pdb.yaml | 0 .../templates/secondary/statefulset.yaml | 0 .../mariadb/templates/secondary/svc.yaml | 0 .../mariadb/templates/secrets.yaml | 0 .../mariadb/templates/serviceaccount.yaml | 0 .../mariadb/templates/servicemonitor.yaml | 0 .../mariadb/values.schema.json | 0 {bitnami => riftbit}/mariadb/values.yaml | 0 .../grafana => riftbit/mediawiki}/.helmignore | 0 {bitnami => riftbit}/mediawiki/Chart.lock | 0 {bitnami => riftbit}/mediawiki/Chart.yaml | 0 {bitnami => riftbit}/mediawiki/README.md | 0 .../mediawiki/ci/ct-values.yaml | 0 .../ci/values-with-host-and-ingress.yaml | 0 .../mediawiki/templates/NOTES.txt | 0 .../mediawiki/templates/_helpers.tpl | 0 .../mediawiki/templates/deployment.yaml | 0 .../templates/externaldb-secrets.yaml | 0 .../mediawiki/templates/extra-list.yaml | 0 .../mediawiki/templates/ingress.yaml | 0 .../mediawiki/templates/mediawiki-pvc.yaml | 0 .../mediawiki/templates/metrics-svc.yaml | 0 .../mediawiki/templates/secrets.yaml | 0 .../mediawiki/templates/servicemonitor.yaml | 0 .../mediawiki/templates/svc.yaml | 0 .../mediawiki/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/mediawiki/values.yaml | 0 .../harbor => riftbit/memcached}/.helmignore | 0 {bitnami => riftbit}/memcached/Chart.lock | 0 {bitnami => riftbit}/memcached/Chart.yaml | 0 {bitnami => riftbit}/memcached/README.md | 0 .../memcached/ci/values-production.yaml | 0 .../memcached/templates/NOTES.txt | 0 .../memcached/templates/_helpers.tpl | 0 .../memcached/templates/deployment.yaml | 0 .../memcached}/templates/extra-list.yaml | 0 .../memcached/templates/hpa.yaml | 0 .../memcached/templates/pdb.yaml | 0 .../memcached/templates/secrets.yaml | 0 .../memcached/templates/service.yaml | 0 .../memcached/templates/serviceaccount.yaml | 0 .../memcached/templates/servicemonitor.yaml | 0 .../memcached/templates/statefulset.yaml | 0 .../memcached/templates/svc-metrics.yaml | 0 {bitnami => riftbit}/memcached/values.yaml | 0 .../influxdb => riftbit/minio}/.helmignore | 0 {bitnami => riftbit}/minio/Chart.lock | 0 {bitnami => riftbit}/minio/Chart.yaml | 0 {bitnami => riftbit}/minio/README.md | 0 .../minio/ci/values-gateway.yaml | 0 .../minio/ci/values-production.yaml | 0 .../minio/templates/NOTES.txt | 0 .../minio/templates/_helpers.tpl | 0 .../minio/templates/api-ingress.yaml | 0 .../templates/distributed/headless-svc.yaml | 0 .../minio/templates/distributed/pdb.yaml | 0 .../templates/distributed/statefulset.yaml | 0 .../minio}/templates/extra-list.yaml | 0 .../minio/templates/gateway/deployment.yaml | 0 .../minio/templates/gateway/hpa.yaml | 0 .../minio/templates/gateway/pdb.yaml | 0 .../minio/templates/ingress.yaml | 0 .../minio/templates/networkpolicy.yaml | 0 {bitnami => riftbit}/minio/templates/pvc.yaml | 0 .../minio/templates/secrets.yaml | 0 .../minio/templates/service.yaml | 0 .../minio/templates/serviceaccount.yaml | 0 .../minio/templates/servicemonitor.yaml | 0 .../templates/standalone/deployment.yaml | 0 .../minio/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/minio/values.yaml | 0 .../mongodb-sharded}/.helmignore | 0 .../mongodb-sharded/Chart.lock | 0 .../mongodb-sharded/Chart.yaml | 0 .../mongodb-sharded/README.md | 0 .../mongodb-sharded/templates/NOTES.txt | 0 .../mongodb-sharded/templates/_helpers.tpl | 0 .../config-server-configmap.yaml | 0 .../config-server-poddisruptionbudget.yaml | 0 .../config-server-podmonitor.yaml | 0 .../config-server-statefulset.yaml | 0 .../templates/headless-service.yaml | 0 .../templates/mongos/mongos-configmap.yaml | 0 .../templates/mongos/mongos-dep-sts.yaml | 0 .../mongos/mongos-poddisruptionbudget.yaml | 0 .../templates/mongos/mongos-podmonitor.yaml | 0 .../mongos/mongos-service-per-replica.yaml | 0 .../templates/mongos/mongos-service.yaml | 0 .../replicaset-entrypoint-configmap.yaml | 0 .../mongodb-sharded/templates/secrets.yaml | 0 .../templates/serviceaccount.yaml | 0 .../shard/shard-arbiter-configmap.yaml | 0 .../shard/shard-arbiter-statefulset.yaml | 0 .../templates/shard/shard-data-configmap.yaml | 0 .../shard/shard-data-poddisruptionbudget.yaml | 0 .../shard/shard-data-podmonitor.yaml | 0 .../shard/shard-data-statefulset.yaml | 0 .../mongodb-sharded/values.yaml | 0 .../jenkins => riftbit/mongodb}/.helmignore | 0 {bitnami => riftbit}/mongodb/Chart.lock | 0 {bitnami => riftbit}/mongodb/Chart.yaml | 0 {bitnami => riftbit}/mongodb/README.md | 0 .../ci/values-replicaset-with-rbac.yaml | 0 .../mongodb/templates/NOTES.txt | 0 .../mongodb/templates/_helpers.tpl | 0 .../mongodb/templates/arbiter/configmap.yaml | 0 .../templates/arbiter/headless-svc.yaml | 0 .../mongodb/templates/arbiter/pdb.yaml | 0 .../templates/arbiter/statefulset.yaml | 0 .../mongodb/templates/configmap.yaml | 0 .../mongodb}/templates/extra-list.yaml | 0 .../mongodb/templates/hidden/configmap.yaml | 0 .../templates/hidden/external-access-svc.yaml | 0 .../templates/hidden/headless-svc.yaml | 0 .../mongodb/templates/hidden/pdb.yaml | 0 .../mongodb/templates/hidden/statefulset.yaml | 0 .../templates/initialization-configmap.yaml | 0 .../mongodb/templates/metrics-svc.yaml | 0 .../mongodb/templates/prometheusrule.yaml | 0 .../mongodb/templates/psp.yaml | 0 .../replicaset/external-access-svc.yaml | 0 .../templates/replicaset/headless-svc.yaml | 0 .../mongodb/templates/replicaset/pdb.yaml | 0 .../replicaset/scripts-configmap.yaml | 0 .../templates/replicaset/statefulset.yaml | 0 .../mongodb/templates/replicaset/svc.yaml | 0 .../mongodb/templates/role.yaml | 0 .../mongodb/templates/rolebinding.yaml | 0 .../mongodb/templates/secrets-ca.yaml | 0 .../mongodb/templates/secrets.yaml | 0 .../mongodb/templates/serviceaccount.yaml | 0 .../mongodb/templates/servicemonitor.yaml | 0 .../mongodb/templates/standalone/dep-sts.yaml | 0 .../mongodb/templates/standalone/pvc.yaml | 0 .../mongodb/templates/standalone/svc.yaml | 0 .../mongodb/values.schema.json | 0 {bitnami => riftbit}/mongodb/values.yaml | 0 {bitnami/joomla => riftbit/nats}/.helmignore | 0 {bitnami => riftbit}/nats/Chart.lock | 0 {bitnami => riftbit}/nats/Chart.yaml | 0 {bitnami => riftbit}/nats/README.md | 0 {bitnami => riftbit}/nats/templates/NOTES.txt | 0 .../nats/templates/_helpers.tpl | 0 .../nats/templates/client-svc.yaml | 0 .../nats/templates/cluster-svc.yaml | 0 .../nats/templates/configmap.yaml | 0 .../nats/templates/deployment.yaml | 0 .../nats}/templates/extra-list.yaml | 0 .../nats/templates/headless-svc.yaml | 0 .../nats/templates/ingress.yaml | 0 .../nats/templates/metrics-svc.yaml | 0 .../nats/templates/monitoring-svc.yaml | 0 .../nats/templates/networkpolicy.yaml | 0 .../nats/templates/poddisruptionbudget.yaml | 0 .../nats/templates/servicemonitor.yaml | 0 .../nats/templates/statefulset.yaml | 0 .../nats/templates/tls-secret.yaml | 0 {bitnami => riftbit}/nats/values.yaml | 0 {bitnami/kafka => riftbit/nginx}/.helmignore | 0 {bitnami => riftbit}/nginx/Chart.lock | 0 {bitnami => riftbit}/nginx/README.md | 0 .../nginx}/ci/ct-values.yaml | 0 ...-with-ingress-metrics-and-serverblock.yaml | 0 .../nginx/templates/NOTES.txt | 0 .../nginx/templates/_helpers.tpl | 0 .../nginx/templates/deployment.yaml | 0 .../nginx}/templates/extra-list.yaml | 0 .../nginx/templates/health-ingress.yaml | 0 {bitnami => riftbit}/nginx/templates/hpa.yaml | 0 .../nginx/templates/ingress.yaml | 0 .../nginx/templates/ldap-daemon-secrets.yaml | 0 {bitnami => riftbit}/nginx/templates/pdb.yaml | 0 .../templates/server-block-configmap.yaml | 0 .../nginx/templates/serviceaccount.yaml | 0 .../nginx/templates/servicemonitor.yaml | 0 {bitnami => riftbit}/nginx/templates/svc.yaml | 0 .../nginx/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/nginx/values.schema.json | 0 {bitnami => riftbit}/nginx/values.yaml | 0 .../node-exporter}/.helmignore | 0 {bitnami => riftbit}/node-exporter/Chart.lock | 0 {bitnami => riftbit}/node-exporter/Chart.yaml | 0 {bitnami => riftbit}/node-exporter/README.md | 0 .../node-exporter/templates/NOTES.txt | 0 .../node-exporter/templates/_helpers.tpl | 0 .../node-exporter/templates/daemonset.yaml | 0 .../templates/psp-clusterrole.yaml | 0 .../templates/psp-clusterrolebinding.yaml | 0 .../node-exporter/templates/psp.yaml | 0 .../node-exporter/templates/service.yaml | 0 .../templates/serviceaccount.yaml | 0 .../templates/servicemonitor.yaml | 0 .../node-exporter/values.yaml | 0 .../oauth2-proxy}/.helmignore | 0 {bitnami => riftbit}/oauth2-proxy/Chart.lock | 0 {bitnami => riftbit}/oauth2-proxy/Chart.yaml | 0 {bitnami => riftbit}/oauth2-proxy/README.md | 0 .../oauth2-proxy/templates/NOTES.txt | 0 .../oauth2-proxy/templates/_helpers.tpl | 0 .../oauth2-proxy/templates/configmap.yaml | 0 .../oauth2-proxy/templates/deployment.yaml | 0 .../oauth2-proxy}/templates/extra-list.yaml | 0 .../oauth2-proxy/templates/ingress.yaml | 0 .../oauth2-proxy/templates/pdb.yaml | 0 .../secret-authenticated-emails-file.yaml | 0 .../oauth2-proxy/templates/secret-google.yaml | 0 .../templates/secret-htpasswd-file.yaml | 0 .../oauth2-proxy/templates/secret.yaml | 0 .../templates/service-account.yaml | 0 .../oauth2-proxy/templates/service.yaml | 0 {bitnami => riftbit}/oauth2-proxy/values.yaml | 0 .../kong => riftbit/owncloud}/.helmignore | 0 {bitnami => riftbit}/owncloud/Chart.lock | 0 {bitnami => riftbit}/owncloud/Chart.yaml | 0 {bitnami => riftbit}/owncloud/README.md | 0 .../owncloud}/ci/ct-values.yaml | 0 .../ci/values-with-host-and-ingress.yaml | 0 .../owncloud/templates/NOTES.txt | 0 .../owncloud}/templates/_certificates.tpl | 0 .../owncloud/templates/_helpers.tpl | 0 .../owncloud/templates/deployment.yaml | 0 .../templates/externaldb-secrets.yaml | 0 .../owncloud}/templates/extra-list.yaml | 0 .../owncloud/templates/ingress.yaml | 0 .../owncloud}/templates/metrics-svc.yaml | 0 .../owncloud/templates/pv.yaml | 0 .../owncloud/templates/pvc.yaml | 0 .../owncloud/templates/secrets.yaml | 0 .../owncloud}/templates/svc.yaml | 0 .../owncloud/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/owncloud/values.yaml | 0 .../parse}/.helmignore | 0 {bitnami => riftbit}/parse/Chart.lock | 0 {bitnami => riftbit}/parse/Chart.yaml | 0 {bitnami => riftbit}/parse/README.md | 0 .../parse}/ci/ct-values.yaml | 0 .../parse/files/cloud/README.md | 0 .../parse/templates/NOTES.txt | 0 .../parse/templates/_helpers.tpl | 0 .../parse/templates/cloud-code-configmap.yaml | 0 .../parse/templates/dashboard-deployment.yaml | 0 .../parse}/templates/extra-list.yaml | 0 .../parse/templates/ingress.yaml | 0 {bitnami => riftbit}/parse/templates/pvc.yaml | 0 .../parse/templates/secrets.yaml | 0 .../parse/templates/server-deployment.yaml | 0 {bitnami => riftbit}/parse/templates/svc.yaml | 0 {bitnami => riftbit}/parse/values.yaml | 0 .../phabricator}/.helmignore | 0 {bitnami => riftbit}/phabricator/Chart.lock | 0 {bitnami => riftbit}/phabricator/Chart.yaml | 0 {bitnami => riftbit}/phabricator/README.md | 0 .../phabricator}/ci/ct-values.yaml | 0 .../ci/values-with-host-and-ingress.yaml | 0 .../phabricator/templates/NOTES.txt | 0 .../phabricator/templates/_helpers.tpl | 0 .../phabricator/templates/deployment.yaml | 0 .../templates/externaldb-secrets.yaml | 0 .../phabricator}/templates/extra-list.yaml | 0 .../phabricator}/templates/ingress.yaml | 0 .../phabricator/templates/pv.yaml | 0 .../phabricator/templates/pvc.yaml | 0 .../phabricator/templates/secrets.yaml | 0 .../phabricator/templates/svc.yaml | 0 .../phabricator/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/phabricator/values.yaml | 0 .../postgresql-ha}/.helmignore | 0 {bitnami => riftbit}/postgresql-ha/Chart.lock | 0 {bitnami => riftbit}/postgresql-ha/Chart.yaml | 0 {bitnami => riftbit}/postgresql-ha/README.md | 0 .../postgresql-ha/ci/ct-values.yaml | 0 .../ci/values-production-with-pdb.yaml | 0 .../postgresql-ha/templates/NOTES.txt | 0 .../postgresql-ha/templates/_helpers.tpl | 0 .../postgresql-ha}/templates/extra-list.yaml | 0 .../postgresql-ha/templates/ldap-secrets.yaml | 0 .../templates/metrics-configmap.yaml | 0 .../templates/networkpolicy.yaml | 0 .../templates/pgpool/configmap.yaml | 0 .../pgpool/custom-users-secrets.yaml | 0 .../templates/pgpool/deployment.yaml | 0 .../pgpool/initdb-scripts-configmap.yaml | 0 .../postgresql-ha/templates/pgpool/pdb.yaml | 0 .../templates/pgpool/secrets.yaml | 0 .../templates/pgpool/service.yaml | 0 .../templates/postgresql/configmap.yaml | 0 .../postgresql/extended-configmap.yaml | 0 .../postgresql/hooks-scripts-configmap.yaml | 0 .../postgresql/initdb-scripts-configmap.yaml | 0 .../templates/postgresql/metrics-service.yaml | 0 .../templates/postgresql/pdb.yaml | 0 .../templates/postgresql/secrets.yaml | 0 .../postgresql/service-headless.yaml | 0 .../templates/postgresql/service.yaml | 0 .../templates/postgresql/servicemonitor.yaml | 0 .../templates/postgresql/statefulset.yaml | 0 .../templates/serviceaccount.yaml | 0 .../postgresql-ha/templates/tls-secrets.yaml | 0 .../postgresql-ha/values.yaml | 0 .../postgresql}/.helmignore | 0 {bitnami => riftbit}/postgresql/Chart.lock | 0 {bitnami => riftbit}/postgresql/Chart.yaml | 0 {bitnami => riftbit}/postgresql/README.md | 0 .../postgresql/ci/commonAnnotations.yaml | 0 .../postgresql/ci/default-values.yaml | 0 .../ci/shmvolume-disabled-values.yaml | 0 .../postgresql/files/README.md | 0 .../postgresql/files/conf.d/README.md | 0 .../docker-entrypoint-initdb.d/README.md | 0 .../postgresql/templates/NOTES.txt | 0 .../postgresql/templates/_helpers.tpl | 0 .../postgresql/templates/configmap.yaml | 0 .../templates/extended-config-configmap.yaml | 0 .../postgresql}/templates/extra-list.yaml | 0 .../templates/initialization-configmap.yaml | 0 .../templates/metrics-configmap.yaml | 0 .../postgresql/templates/metrics-svc.yaml | 0 .../postgresql/templates/networkpolicy.yaml | 0 .../templates/podsecuritypolicy.yaml | 0 .../postgresql/templates/prometheusrule.yaml | 0 .../postgresql/templates/role.yaml | 0 .../postgresql/templates/rolebinding.yaml | 0 .../postgresql/templates/secrets.yaml | 0 .../postgresql/templates/serviceaccount.yaml | 0 .../postgresql/templates/servicemonitor.yaml | 0 .../templates/statefulset-readreplicas.yaml | 0 .../postgresql/templates/statefulset.yaml | 0 .../postgresql/templates/svc-headless.yaml | 0 .../postgresql/templates/svc-read-set.yaml | 0 .../postgresql/templates/svc-read.yaml | 0 .../postgresql/templates/svc.yaml | 0 .../postgresql/templates/tls-secrets.yaml | 0 .../postgresql/values.schema.json | 0 {bitnami => riftbit}/postgresql/values.yaml | 0 riftbit/quickchart/Chart.yaml | 6 +- .../rabbitmq-cluster-operator}/.helmignore | 0 .../rabbitmq-cluster-operator/Chart.lock | 0 .../rabbitmq-cluster-operator/Chart.yaml | 0 .../rabbitmq-cluster-operator/README.md | 0 .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 0 .../templates/clusterrole.yaml | 0 .../templates/clusterrolebinding.yaml | 0 .../templates/crd-rabbitmq-cluster.yaml | 0 .../templates/deployment.yaml | 0 .../templates/extra-list.yaml | 0 .../templates/metrics-service.yaml | 0 .../templates/role.yaml | 0 .../templates/rolebinding.yaml | 0 .../templates/service-account.yaml | 0 .../templates/servicemonitor.yaml | 0 .../rabbitmq-cluster-operator/values.yaml | 0 .../rabbitmq}/.helmignore | 0 {bitnami => riftbit}/rabbitmq/Chart.lock | 0 {bitnami => riftbit}/rabbitmq/Chart.yaml | 0 {bitnami => riftbit}/rabbitmq/README.md | 0 .../rabbitmq/ci/default-values.yaml | 0 .../rabbitmq/ci/tolerations-values.yaml | 0 .../rabbitmq/templates/NOTES.txt | 0 .../rabbitmq/templates/_helpers.tpl | 0 .../rabbitmq/templates/configuration.yaml | 0 .../rabbitmq}/templates/extra-list.yaml | 0 .../rabbitmq/templates/ingress.yaml | 0 .../rabbitmq/templates/networkpolicy.yaml | 0 .../rabbitmq/templates/pdb.yaml | 0 .../rabbitmq/templates/prometheusrule.yaml | 0 .../rabbitmq/templates/role.yaml | 0 .../rabbitmq/templates/rolebinding.yaml | 0 .../rabbitmq/templates/secrets.yaml | 0 .../rabbitmq/templates/serviceaccount.yaml | 0 .../rabbitmq/templates/servicemonitor.yaml | 0 .../rabbitmq/templates/statefulset.yaml | 0 .../rabbitmq/templates/svc-headless.yaml | 0 .../rabbitmq/templates/svc.yaml | 0 .../rabbitmq/templates/tls-secrets.yaml | 0 .../rabbitmq/values.schema.json | 0 {bitnami => riftbit}/rabbitmq/values.yaml | 0 .../redis-cluster}/.helmignore | 0 {bitnami => riftbit}/redis-cluster/Chart.lock | 0 {bitnami => riftbit}/redis-cluster/Chart.yaml | 0 {bitnami => riftbit}/redis-cluster/README.md | 0 .../img/redis-cluster-topology.png | Bin .../redis-cluster/img/redis-topology.png | Bin .../redis-cluster/templates/NOTES.txt | 0 .../redis-cluster/templates/_helpers.tpl | 0 .../redis-cluster/templates/configmap.yaml | 0 .../redis-cluster}/templates/extra-list.yaml | 0 .../redis-cluster/templates/headless-svc.yaml | 0 .../templates/metrics-prometheus.yaml | 0 .../redis-cluster/templates/metrics-svc.yaml | 0 .../templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../templates/prometheusrule.yaml | 0 .../redis-cluster/templates/psp.yaml | 0 .../redis-cluster/templates/redis-role.yaml | 0 .../templates/redis-rolebinding.yaml | 0 .../templates/redis-serviceaccount.yaml | 0 .../templates/redis-statefulset.yaml | 0 .../redis-cluster/templates/redis-svc.yaml | 0 .../templates/scripts-configmap.yaml | 0 .../redis-cluster/templates/secret.yaml | 0 .../svc-cluster-external-access.yaml | 0 .../redis-cluster/templates/tls-secret.yaml | 0 .../templates/update-cluster.yaml | 0 .../redis-cluster/values.yaml | 0 .../mediawiki => riftbit/redis}/.helmignore | 0 {bitnami => riftbit}/redis/Chart.lock | 0 {bitnami => riftbit}/redis/Chart.yaml | 0 {bitnami => riftbit}/redis/README.md | 0 .../redis/ci/extra-flags-values.yaml | 0 .../redis/ci/sentinel-values.yaml | 0 .../redis/ci/standalone-values.yaml | 0 .../redis/img/redis-cluster-topology.png | Bin .../redis/templates/NOTES.txt | 0 .../redis/templates/_helpers.tpl | 0 .../redis/templates/configmap.yaml | 0 .../redis}/templates/extra-list.yaml | 0 .../redis/templates/headless-svc.yaml | 0 .../redis/templates/health-configmap.yaml | 0 .../redis/templates/master/psp.yaml | 0 .../redis/templates/master/service.yaml | 0 .../redis/templates/master/statefulset.yaml | 0 .../redis/templates/metrics-svc.yaml | 0 .../redis/templates/networkpolicy.yaml | 0 {bitnami => riftbit}/redis/templates/pdb.yaml | 0 .../redis/templates/prometheusrule.yaml | 0 .../redis/templates/replicas/hpa.yaml | 0 .../redis/templates/replicas/service.yaml | 0 .../redis/templates/replicas/statefulset.yaml | 0 .../redis/templates/role.yaml | 0 .../redis/templates/rolebinding.yaml | 0 .../redis/templates/scripts-configmap.yaml | 0 .../redis/templates/secret.yaml | 0 .../redis/templates/sentinel/hpa.yaml | 0 .../templates/sentinel/node-services.yaml | 0 .../templates/sentinel/ports-configmap.yaml | 0 .../redis/templates/sentinel/service.yaml | 0 .../redis/templates/sentinel/statefulset.yaml | 0 .../redis/templates/serviceaccount.yaml | 0 .../redis/templates/servicemonitor.yaml | 0 .../redis/templates/tls-secret.yaml | 0 {bitnami => riftbit}/redis/values.schema.json | 0 {bitnami => riftbit}/redis/values.yaml | 0 .../memcached => riftbit/redmine}/.helmignore | 0 {bitnami => riftbit}/redmine/Chart.lock | 0 {bitnami => riftbit}/redmine/Chart.yaml | 0 {bitnami => riftbit}/redmine/README.md | 0 .../redmine}/ci/ct-values.yaml | 0 .../redmine/templates/NOTES.txt | 0 .../redmine/templates/_certificates.tpl | 0 .../redmine/templates/_helpers.tpl | 0 .../redmine/templates/cronjob.yaml | 0 .../redmine/templates/deployment.yaml | 0 .../redmine/templates/externaldb-secret.yaml | 0 .../redmine}/templates/extra-list.yaml | 0 .../redmine/templates/ingress.yaml | 0 .../templates/mail-receiver-configmap.yaml | 0 .../redmine/templates/pdb.yaml | 0 .../templates/postinit-configmap.yaml | 0 .../redmine/templates/pvc.yaml | 0 .../redmine/templates/secrets.yaml | 0 .../redmine/templates/serviceaccount.yaml | 0 .../redmine/templates/svc.yaml | 0 .../redmine/templates/tls-secrets.yaml | 0 .../redmine/values.schema.json | 0 {bitnami => riftbit}/redmine/values.yaml | 0 {bitnami => riftbit}/solr/Chart.lock | 0 {bitnami => riftbit}/solr/Chart.yaml | 0 {bitnami => riftbit}/solr/README.md | 0 {bitnami => riftbit}/solr/templates/NOTES.txt | 0 .../solr/templates/_helpers.tpl | 0 .../solr/templates/exporter-deployment.yaml | 0 .../solr/templates/exporter-svc.yaml | 0 .../solr/templates/extra-list.yaml | 0 .../solr/templates/ingress.yaml | 0 .../solr/templates/secret.yaml | 0 .../solr/templates/service-account.yaml | 0 .../solr/templates/statefulset.yaml | 0 .../solr/templates/svc-headless.yaml | 0 {bitnami => riftbit}/solr/templates/svc.yaml | 0 .../solr/templates/tls-auto-secrets.yaml | 0 .../solr/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/solr/values.yaml | 0 .../spark}/.helmignore | 0 {bitnami => riftbit}/spark/Chart.lock | 0 {bitnami => riftbit}/spark/Chart.yaml | 0 {bitnami => riftbit}/spark/README.md | 0 .../values-with-ingress-and-autoscaling.yaml | 0 .../spark/templates/NOTES.txt | 0 .../spark/templates/_helpers.tpl | 0 .../spark}/templates/extra-list.yaml | 0 .../spark/templates/headless-svc.yaml | 0 .../spark/templates/hpa-worker.yaml | 0 .../spark/templates/ingress.yaml | 0 .../spark/templates/podmonitor.yaml | 0 .../spark/templates/prometheusrule.yaml | 0 .../spark/templates/secret.yaml | 0 .../spark/templates/statefulset-master.yaml | 0 .../spark/templates/statefulset-worker.yaml | 0 .../spark/templates/svc-master.yaml | 0 .../spark/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/spark/values.yaml | 0 .../minio => riftbit/testlink}/.helmignore | 0 {bitnami => riftbit}/testlink/Chart.lock | 0 {bitnami => riftbit}/testlink/Chart.yaml | 0 {bitnami => riftbit}/testlink/README.md | 0 .../testlink}/ci/ct-values.yaml | 0 .../testlink/templates/NOTES.txt | 0 .../testlink/templates/_helpers.tpl | 0 .../testlink/templates/deployment.yaml | 0 .../templates/externaldb-secrets.yaml | 0 .../testlink}/templates/extra-list.yaml | 0 .../testlink}/templates/ingress.yaml | 0 .../testlink/templates/pv.yaml | 0 .../testlink/templates/pvc.yaml | 0 .../testlink/templates/secrets.yaml | 0 .../testlink}/templates/svc.yaml | 0 .../testlink}/templates/tls-secrets.yaml | 0 {bitnami => riftbit}/testlink/values.yaml | 0 riftbit/vertical-pod-autoscaler/Chart.yaml | 6 +- riftbit/whoami/Chart.yaml | 15 +- .../wordpress}/.helmignore | 0 {bitnami => riftbit}/wordpress/Chart.lock | 0 {bitnami => riftbit}/wordpress/Chart.yaml | 0 {bitnami => riftbit}/wordpress/README.md | 0 .../wordpress}/ci/ct-values.yaml | 0 .../wordpress/ci/ingress-wildcard-values.yaml | 0 .../wordpress}/ci/values-hpa-pdb.yaml | 0 .../wordpress/ci/values-memcached.yaml | 0 .../ci/values-metrics-and-ingress.yaml | 0 .../wordpress/templates/NOTES.txt | 0 .../wordpress/templates/_helpers.tpl | 0 .../wordpress/templates/config-secret.yaml | 0 .../wordpress/templates/deployment.yaml | 0 .../templates/externaldb-secrets.yaml | 0 .../wordpress}/templates/extra-list.yaml | 0 .../wordpress}/templates/hpa.yaml | 0 .../wordpress/templates/httpd-configmap.yaml | 0 .../wordpress/templates/ingress.yaml | 0 .../wordpress/templates/metrics-svc.yaml | 0 .../wordpress}/templates/pdb.yaml | 0 .../templates/postinit-configmap.yaml | 0 .../wordpress/templates/pvc.yaml | 0 .../wordpress/templates/secrets.yaml | 0 .../wordpress}/templates/servicemonitor.yaml | 0 .../wordpress/templates/svc.yaml | 0 .../wordpress/templates/tls-secrets.yaml | 0 .../wordpress/values.schema.json | 0 {bitnami => riftbit}/wordpress/values.yaml | 0 .../mongodb => riftbit/zookeeper}/.helmignore | 0 {bitnami => riftbit}/zookeeper/Chart.lock | 0 {bitnami => riftbit}/zookeeper/Chart.yaml | 0 {bitnami => riftbit}/zookeeper/README.md | 0 .../zookeeper/templates/NOTES.txt | 0 .../zookeeper/templates/_helpers.tpl | 0 .../zookeeper/templates/configmap.yaml | 0 .../zookeeper}/templates/extra-list.yaml | 0 .../zookeeper/templates/metrics-svc.yaml | 0 .../zookeeper/templates/networkpolicy.yaml | 0 .../templates/poddisruptionbudget.yaml | 0 .../zookeeper/templates/prometheusrules.yaml | 0 .../zookeeper/templates/secrets.yaml | 0 .../zookeeper/templates/serviceaccount.yaml | 0 .../zookeeper/templates/servicemonitor.yaml | 0 .../zookeeper/templates/statefulset.yaml | 0 .../zookeeper/templates/svc-headless.yaml | 0 .../zookeeper/templates/svc.yaml | 0 .../zookeeper/templates/tls-secret.yaml | 0 {bitnami => riftbit}/zookeeper/values.yaml | 0 2216 files changed, 89 insertions(+), 120532 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report (2).md delete mode 100644 bitnami/apache/Chart.lock delete mode 100644 bitnami/apache/Chart.yaml delete mode 100644 bitnami/apache/README.md delete mode 100644 bitnami/apache/ci/ct-values.yaml delete mode 100644 bitnami/apache/files/README.md delete mode 100644 bitnami/apache/files/vhosts/README.md delete mode 100644 bitnami/apache/templates/NOTES.txt delete mode 100644 bitnami/apache/templates/_helpers.tpl delete mode 100644 bitnami/apache/templates/configmap-vhosts.yaml delete mode 100644 bitnami/apache/templates/configmap.yaml delete mode 100644 bitnami/apache/templates/deployment.yaml delete mode 100644 bitnami/apache/templates/ingress.yaml delete mode 100644 bitnami/apache/templates/svc.yaml delete mode 100644 bitnami/apache/values.schema.json delete mode 100644 bitnami/apache/values.yaml delete mode 100644 bitnami/aspnet-core/Chart.lock delete mode 100644 bitnami/aspnet-core/Chart.yaml delete mode 100644 bitnami/aspnet-core/README.md delete mode 100644 bitnami/aspnet-core/templates/NOTES.txt delete mode 100644 bitnami/aspnet-core/templates/_helpers.tpl delete mode 100644 bitnami/aspnet-core/templates/deployment.yaml delete mode 100644 bitnami/aspnet-core/templates/health-ingress.yaml delete mode 100644 bitnami/aspnet-core/templates/hpa.yaml delete mode 100644 bitnami/aspnet-core/templates/ingress.yaml delete mode 100644 bitnami/aspnet-core/templates/pdb.yaml delete mode 100644 bitnami/aspnet-core/templates/serviceaccount.yaml delete mode 100644 bitnami/aspnet-core/templates/svc.yaml delete mode 100644 bitnami/aspnet-core/templates/tls-secret.yaml delete mode 100644 bitnami/aspnet-core/values.yaml delete mode 100644 bitnami/consul/ci/values-ingress.yaml delete mode 100644 bitnami/contour/Chart.lock delete mode 100644 bitnami/contour/Chart.yaml delete mode 100644 bitnami/contour/README.md delete mode 100644 bitnami/contour/ci/ct-values-deployment.yaml delete mode 100644 bitnami/contour/ci/ct-values.yaml delete mode 100644 bitnami/contour/resources/extensionservices.yaml delete mode 100644 bitnami/contour/resources/httpproxies.yaml delete mode 100644 bitnami/contour/resources/tlscertificatedeligations.yaml delete mode 100644 bitnami/contour/templates/00-crds.yaml delete mode 100644 bitnami/contour/templates/NOTES.txt delete mode 100644 bitnami/contour/templates/_helpers.tpl delete mode 100644 bitnami/contour/templates/certgen/job.yaml delete mode 100644 bitnami/contour/templates/certgen/rbac.yaml delete mode 100644 bitnami/contour/templates/certgen/serviceaccount.yaml delete mode 100644 bitnami/contour/templates/contour/configmap.yaml delete mode 100644 bitnami/contour/templates/contour/deployment.yaml delete mode 100644 bitnami/contour/templates/contour/rbac.yaml delete mode 100644 bitnami/contour/templates/contour/service.yaml delete mode 100644 bitnami/contour/templates/contour/serviceaccount.yaml delete mode 100644 bitnami/contour/templates/contour/servicemonitor.yaml delete mode 100644 bitnami/contour/templates/default-backend/deployment.yaml delete mode 100644 bitnami/contour/templates/default-backend/ingress.yaml delete mode 100644 bitnami/contour/templates/default-backend/poddisruptionbudget.yaml delete mode 100644 bitnami/contour/templates/default-backend/service.yaml delete mode 100644 bitnami/contour/templates/envoy/daemonset.yaml delete mode 100644 bitnami/contour/templates/envoy/deployment.yaml delete mode 100644 bitnami/contour/templates/envoy/hpa.yaml delete mode 100644 bitnami/contour/templates/envoy/service.yaml delete mode 100644 bitnami/contour/templates/envoy/serviceaccount.yaml delete mode 100644 bitnami/contour/templates/envoy/servicemonitor.yaml delete mode 100644 bitnami/contour/values.yaml delete mode 100644 bitnami/dataplatform-bp1/Chart.lock delete mode 100644 bitnami/dataplatform-bp1/Chart.yaml delete mode 100644 bitnami/dataplatform-bp1/README.md delete mode 100644 bitnami/dataplatform-bp1/templates/NOTES.txt delete mode 100644 bitnami/dataplatform-bp1/templates/_helpers.tpl delete mode 100644 bitnami/dataplatform-bp1/templates/emitter-deployment.yaml delete mode 100644 bitnami/dataplatform-bp1/templates/emitter-svc.yaml delete mode 100644 bitnami/dataplatform-bp1/templates/exporter-deployment.yaml delete mode 100644 bitnami/dataplatform-bp1/templates/exporter-svc.yaml delete mode 100644 bitnami/dataplatform-bp1/templates/role.yaml delete mode 100644 bitnami/dataplatform-bp1/templates/rolebinding.yaml delete mode 100644 bitnami/dataplatform-bp1/templates/serviceaccount.yaml delete mode 100644 bitnami/dataplatform-bp1/values.schema.json delete mode 100644 bitnami/dataplatform-bp1/values.yaml delete mode 100644 bitnami/dataplatform-bp2/Chart.lock delete mode 100644 bitnami/dataplatform-bp2/Chart.yaml delete mode 100644 bitnami/dataplatform-bp2/README.md delete mode 100644 bitnami/dataplatform-bp2/templates/NOTES.txt delete mode 100644 bitnami/dataplatform-bp2/templates/_helpers.tpl delete mode 100644 bitnami/dataplatform-bp2/templates/emitter-deployment.yaml delete mode 100644 bitnami/dataplatform-bp2/templates/emitter-svc.yaml delete mode 100644 bitnami/dataplatform-bp2/templates/exporter-deployment.yaml delete mode 100644 bitnami/dataplatform-bp2/templates/exporter-svc.yaml delete mode 100644 bitnami/dataplatform-bp2/templates/role.yaml delete mode 100644 bitnami/dataplatform-bp2/templates/rolebinding.yaml delete mode 100644 bitnami/dataplatform-bp2/templates/serviceaccount.yaml delete mode 100644 bitnami/dataplatform-bp2/values.schema.json delete mode 100644 bitnami/dataplatform-bp2/values.yaml delete mode 100644 bitnami/drupal/Chart.lock delete mode 100644 bitnami/drupal/Chart.yaml delete mode 100644 bitnami/drupal/README.md delete mode 100644 bitnami/drupal/templates/NOTES.txt delete mode 100644 bitnami/drupal/templates/_helpers.tpl delete mode 100644 bitnami/drupal/templates/deployment.yaml delete mode 100644 bitnami/drupal/templates/externaldb-secrets.yaml delete mode 100644 bitnami/drupal/templates/ingress.yaml delete mode 100644 bitnami/drupal/templates/pv.yaml delete mode 100644 bitnami/drupal/templates/pvc.yaml delete mode 100644 bitnami/drupal/templates/secrets.yaml delete mode 100644 bitnami/drupal/values.schema.json delete mode 100644 bitnami/drupal/values.yaml delete mode 100644 bitnami/ejbca/Chart.lock delete mode 100644 bitnami/ejbca/Chart.yaml delete mode 100644 bitnami/ejbca/README.md delete mode 100644 bitnami/ejbca/templates/NOTES.txt delete mode 100644 bitnami/ejbca/templates/_helpers.tpl delete mode 100644 bitnami/ejbca/templates/deployment.yaml delete mode 100644 bitnami/ejbca/templates/externaldb-secrets.yaml delete mode 100644 bitnami/ejbca/templates/ingress.yaml delete mode 100644 bitnami/ejbca/templates/pvc.yaml delete mode 100644 bitnami/ejbca/templates/secrets.yaml delete mode 100644 bitnami/ejbca/templates/svc.yaml delete mode 100644 bitnami/ejbca/values.yaml delete mode 100644 bitnami/external-dns/Chart.lock delete mode 100644 bitnami/external-dns/Chart.yaml delete mode 100644 bitnami/external-dns/README.md delete mode 100644 bitnami/external-dns/templates/NOTES.txt delete mode 100644 bitnami/external-dns/templates/_helpers.tpl delete mode 100644 bitnami/external-dns/templates/clusterrole.yaml delete mode 100644 bitnami/external-dns/templates/clusterrolebinding.yaml delete mode 100644 bitnami/external-dns/templates/configmap.yaml delete mode 100644 bitnami/external-dns/templates/crd.yaml delete mode 100644 bitnami/external-dns/templates/deployment.yaml delete mode 100644 bitnami/external-dns/templates/pdb.yaml delete mode 100644 bitnami/external-dns/templates/psp-clusterrole.yaml delete mode 100644 bitnami/external-dns/templates/psp-clusterrolebinding.yaml delete mode 100644 bitnami/external-dns/templates/psp.yaml delete mode 100644 bitnami/external-dns/templates/role.yaml delete mode 100644 bitnami/external-dns/templates/rolebindings.yaml delete mode 100644 bitnami/external-dns/templates/secret.yaml delete mode 100644 bitnami/external-dns/templates/service.yaml delete mode 100644 bitnami/external-dns/templates/serviceaccount.yaml delete mode 100644 bitnami/external-dns/templates/servicemonitor.yaml delete mode 100644 bitnami/external-dns/templates/tls-secret.yaml delete mode 100644 bitnami/external-dns/values.yaml delete mode 100644 bitnami/grafana-operator/Chart.lock delete mode 100644 bitnami/grafana-operator/Chart.yaml delete mode 100644 bitnami/grafana-operator/README.md delete mode 100644 bitnami/grafana-operator/crds/grafanadashboards.yaml delete mode 100644 bitnami/grafana-operator/crds/grafanadatasources.yaml delete mode 100644 bitnami/grafana-operator/crds/grafanas.yaml delete mode 100644 bitnami/grafana-operator/templates/NOTES.txt delete mode 100644 bitnami/grafana-operator/templates/_helpers.tpl delete mode 100644 bitnami/grafana-operator/templates/deployment.yaml delete mode 100644 bitnami/grafana-operator/templates/grafana.yaml delete mode 100644 bitnami/grafana-operator/templates/rbac.yaml delete mode 100644 bitnami/grafana-operator/templates/serviceaccount.yaml delete mode 100644 bitnami/grafana-operator/templates/servicemonitor.yaml delete mode 100644 bitnami/grafana-operator/values.yaml delete mode 100644 bitnami/grafana/Chart.lock delete mode 100644 bitnami/grafana/Chart.yaml delete mode 100644 bitnami/grafana/README.md delete mode 100644 bitnami/grafana/templates/NOTES.txt delete mode 100644 bitnami/grafana/templates/_helpers.tpl delete mode 100644 bitnami/grafana/templates/configmap.yaml delete mode 100644 bitnami/grafana/templates/dashboard-provider.yaml delete mode 100644 bitnami/grafana/templates/deployment.yaml delete mode 100644 bitnami/grafana/templates/image-renderer-deployment.yaml delete mode 100644 bitnami/grafana/templates/image-renderer-service.yaml delete mode 100644 bitnami/grafana/templates/image-renderer-servicemonitor.yaml delete mode 100644 bitnami/grafana/templates/ingress.yaml delete mode 100644 bitnami/grafana/templates/pvc.yaml delete mode 100644 bitnami/grafana/templates/secret.yaml delete mode 100644 bitnami/grafana/templates/service.yaml delete mode 100644 bitnami/grafana/templates/serviceaccount.yaml delete mode 100644 bitnami/grafana/templates/servicemonitor.yaml delete mode 100644 bitnami/grafana/templates/smtp-secret.yaml delete mode 100644 bitnami/grafana/values.yaml delete mode 100644 bitnami/jasperreports/Chart.lock delete mode 100644 bitnami/jasperreports/Chart.yaml delete mode 100644 bitnami/jasperreports/README.md delete mode 100644 bitnami/jasperreports/ci/values-with-ingress.yaml delete mode 100644 bitnami/jasperreports/templates/NOTES.txt delete mode 100644 bitnami/jasperreports/templates/_helpers.tpl delete mode 100644 bitnami/jasperreports/templates/deployment.yaml delete mode 100644 bitnami/jasperreports/templates/externaldb-secrets.yaml delete mode 100644 bitnami/jasperreports/templates/pvc.yaml delete mode 100644 bitnami/jasperreports/templates/secrets.yaml delete mode 100644 bitnami/jasperreports/templates/svc.yaml delete mode 100644 bitnami/jasperreports/templates/tls-secrets.yaml delete mode 100644 bitnami/jasperreports/values.yaml delete mode 100644 bitnami/jenkins/Chart.lock delete mode 100644 bitnami/jenkins/Chart.yaml delete mode 100644 bitnami/jenkins/README.md delete mode 100644 bitnami/jenkins/templates/NOTES.txt delete mode 100644 bitnami/jenkins/templates/_helpers.tpl delete mode 100644 bitnami/jenkins/templates/deployment.yaml delete mode 100644 bitnami/jenkins/templates/ingress.yaml delete mode 100644 bitnami/jenkins/templates/metrics-svc.yaml delete mode 100644 bitnami/jenkins/templates/pvc.yaml delete mode 100644 bitnami/jenkins/templates/secrets.yaml delete mode 100644 bitnami/jenkins/templates/servicemonitor.yaml delete mode 100644 bitnami/jenkins/templates/svc.yaml delete mode 100644 bitnami/jenkins/templates/tls-secret.yaml delete mode 100644 bitnami/jenkins/values.schema.json delete mode 100644 bitnami/jenkins/values.yaml delete mode 100644 bitnami/joomla/Chart.lock delete mode 100644 bitnami/joomla/Chart.yaml delete mode 100644 bitnami/joomla/README.md delete mode 100644 bitnami/joomla/templates/NOTES.txt delete mode 100644 bitnami/joomla/templates/_helpers.tpl delete mode 100644 bitnami/joomla/templates/deployment.yaml delete mode 100644 bitnami/joomla/templates/externaldb-secrets.yaml delete mode 100644 bitnami/joomla/templates/ingress.yaml delete mode 100644 bitnami/joomla/templates/joomla-pvc.yaml delete mode 100644 bitnami/joomla/templates/secrets.yaml delete mode 100644 bitnami/joomla/templates/svc.yaml delete mode 100644 bitnami/joomla/templates/tls-secrets.yaml delete mode 100644 bitnami/joomla/values.schema.json delete mode 100644 bitnami/joomla/values.yaml delete mode 100644 bitnami/jupyterhub/templates/proxy/pdb.yaml delete mode 100644 bitnami/kiam/Chart.lock delete mode 100644 bitnami/kiam/Chart.yaml delete mode 100644 bitnami/kiam/README.md delete mode 100644 bitnami/kiam/templates/NOTES.txt delete mode 100644 bitnami/kiam/templates/_helpers.tpl delete mode 100644 bitnami/kiam/templates/agent/agent-daemonset.yaml delete mode 100644 bitnami/kiam/templates/agent/agent-psp-clusterrole.yaml delete mode 100644 bitnami/kiam/templates/agent/agent-psp-clusterrolebinding.yaml delete mode 100644 bitnami/kiam/templates/agent/agent-psp.yaml delete mode 100644 bitnami/kiam/templates/agent/agent-secret.yaml delete mode 100644 bitnami/kiam/templates/agent/agent-service-account.yaml delete mode 100644 bitnami/kiam/templates/agent/agent-service.yaml delete mode 100644 bitnami/kiam/templates/agent/agent-servicemonitor.yaml delete mode 100644 bitnami/kiam/templates/server/server-daemonset.yaml delete mode 100644 bitnami/kiam/templates/server/server-deployment.yaml delete mode 100644 bitnami/kiam/templates/server/server-psp-clusterrole.yaml delete mode 100644 bitnami/kiam/templates/server/server-psp-clusterrolebinding.yaml delete mode 100644 bitnami/kiam/templates/server/server-psp.yaml delete mode 100644 bitnami/kiam/templates/server/server-read-clusterrole.yaml delete mode 100644 bitnami/kiam/templates/server/server-read-clusterrolebinding.yaml delete mode 100644 bitnami/kiam/templates/server/server-secret.yaml delete mode 100644 bitnami/kiam/templates/server/server-service-account.yaml delete mode 100644 bitnami/kiam/templates/server/server-service.yaml delete mode 100644 bitnami/kiam/templates/server/server-servicemonitor.yaml delete mode 100644 bitnami/kiam/templates/server/server-write-clusterrole.yaml delete mode 100644 bitnami/kiam/templates/server/server-write-clusterrolebinding.yaml delete mode 100644 bitnami/kiam/values.yaml delete mode 100644 bitnami/kibana/Chart.lock delete mode 100644 bitnami/kibana/Chart.yaml delete mode 100644 bitnami/kibana/README.md delete mode 100644 bitnami/kibana/ci/values-with-es.yaml delete mode 100644 bitnami/kibana/templates/NOTES.txt delete mode 100644 bitnami/kibana/templates/_helpers.tpl delete mode 100644 bitnami/kibana/templates/configmap.yaml delete mode 100644 bitnami/kibana/templates/deployment.yaml delete mode 100644 bitnami/kibana/templates/ingress.yaml delete mode 100644 bitnami/kibana/templates/plugins-configmap.yaml delete mode 100644 bitnami/kibana/templates/pvc.yaml delete mode 100644 bitnami/kibana/templates/saved-objects-configmap.yaml delete mode 100644 bitnami/kibana/templates/secret.yaml delete mode 100644 bitnami/kibana/templates/service.yaml delete mode 100644 bitnami/kibana/templates/serviceaccount.yaml delete mode 100644 bitnami/kibana/templates/servicemonitor.yaml delete mode 100644 bitnami/kibana/templates/tls-secret.yaml delete mode 100644 bitnami/kibana/values.yaml delete mode 100644 bitnami/kong/Chart.lock delete mode 100644 bitnami/kong/Chart.yaml delete mode 100644 bitnami/kong/README.md delete mode 100644 bitnami/kong/ci/values-editing-containers.yaml delete mode 100644 bitnami/kong/ci/values-external-cassandra.yaml delete mode 100644 bitnami/kong/ci/values-external-postgresql.yaml delete mode 100644 bitnami/kong/ci/values-ingress.yaml delete mode 100644 bitnami/kong/ci/values-metrics-hpa-pdb.yaml delete mode 100644 bitnami/kong/crds/custom-resource-definitions.yaml delete mode 100644 bitnami/kong/templates/NOTES.txt delete mode 100644 bitnami/kong/templates/_helpers.tpl delete mode 100644 bitnami/kong/templates/dep-ds.yaml delete mode 100644 bitnami/kong/templates/external-database-secret.yaml delete mode 100644 bitnami/kong/templates/hpa.yaml delete mode 100644 bitnami/kong/templates/ingress-controller-rbac.yaml delete mode 100644 bitnami/kong/templates/ingress.yaml delete mode 100644 bitnami/kong/templates/kong-prometheus-role.yaml delete mode 100644 bitnami/kong/templates/kong-prometheus-rolebinding.yaml delete mode 100644 bitnami/kong/templates/kong-script-configmap.yaml delete mode 100644 bitnami/kong/templates/metrics-exporter-configmap.yaml delete mode 100644 bitnami/kong/templates/metrics-script-configmap.yaml delete mode 100644 bitnami/kong/templates/metrics-service.yaml delete mode 100644 bitnami/kong/templates/migrate-job.yaml delete mode 100644 bitnami/kong/templates/pdb.yaml delete mode 100644 bitnami/kong/templates/service.yaml delete mode 100644 bitnami/kong/templates/servicemonitor.yaml delete mode 100644 bitnami/kong/templates/tls-secrets.yaml delete mode 100644 bitnami/kong/values.yaml delete mode 100644 bitnami/kube-prometheus/Chart.lock delete mode 100644 bitnami/kube-prometheus/Chart.yaml delete mode 100644 bitnami/kube-prometheus/README.md delete mode 100644 bitnami/kube-prometheus/crds/crd-alertmanager-config.yaml delete mode 100644 bitnami/kube-prometheus/crds/crd-alertmanager.yaml delete mode 100644 bitnami/kube-prometheus/crds/crd-podmonitor.yaml delete mode 100644 bitnami/kube-prometheus/crds/crd-probes.yaml delete mode 100644 bitnami/kube-prometheus/crds/crd-prometheus.yaml delete mode 100644 bitnami/kube-prometheus/crds/crd-prometheusrules.yaml delete mode 100644 bitnami/kube-prometheus/crds/crd-servicemonitor.yaml delete mode 100644 bitnami/kube-prometheus/crds/crd-thanosrulers.yaml delete mode 100644 bitnami/kube-prometheus/templates/NOTES.txt delete mode 100644 bitnami/kube-prometheus/templates/_helpers.tpl delete mode 100644 bitnami/kube-prometheus/templates/alertmanager/alertmanager.yaml delete mode 100644 bitnami/kube-prometheus/templates/alertmanager/ingress.yaml delete mode 100644 bitnami/kube-prometheus/templates/alertmanager/pdb.yaml delete mode 100644 bitnami/kube-prometheus/templates/alertmanager/psp-clusterrole.yaml delete mode 100644 bitnami/kube-prometheus/templates/alertmanager/psp-clusterrolebinding.yaml delete mode 100644 bitnami/kube-prometheus/templates/alertmanager/psp.yaml delete mode 100644 bitnami/kube-prometheus/templates/alertmanager/secrets.yaml delete mode 100644 bitnami/kube-prometheus/templates/alertmanager/service.yaml delete mode 100644 bitnami/kube-prometheus/templates/alertmanager/serviceaccount.yaml delete mode 100644 bitnami/kube-prometheus/templates/alertmanager/servicemonitor.yaml delete mode 100644 bitnami/kube-prometheus/templates/alertmanager/tls-secrets.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/core-dns/service.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/core-dns/servicemonitor.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/kube-apiserver/servicemonitor.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/kube-controller-manager/endpoints.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/kube-controller-manager/service.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/kube-controller-manager/servicemonitor.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/kube-proxy/endpoints.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/kube-proxy/service.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/kube-proxy/servicemonitor.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/kube-scheduler/endpoints.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/kube-scheduler/service.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/kube-scheduler/servicemonitor.yaml delete mode 100644 bitnami/kube-prometheus/templates/exporters/kubelet/servicemonitor.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus-operator/clusterrole.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus-operator/clusterrolebinding.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus-operator/configmap.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus-operator/deployment.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus-operator/psp-clusterrole.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus-operator/psp-clusterrolebinding.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus-operator/psp.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus-operator/service.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus-operator/serviceaccount.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus-operator/servicemonitor.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/additionalPrometheusRules.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/additionalScrapeJobs.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/clusterrole.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/clusterrolebinding.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/ingress.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/pdb.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/prometheus.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/psp-clusterrole.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/psp-clusterrolebinding.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/psp.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/service.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/serviceaccount.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/servicemonitor.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/thanos-ingress.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/thanos-service.yaml delete mode 100644 bitnami/kube-prometheus/templates/prometheus/tls-secrets.yaml delete mode 100644 bitnami/kube-prometheus/values.yaml delete mode 100644 bitnami/kube-state-metrics/Chart.lock delete mode 100644 bitnami/kube-state-metrics/Chart.yaml delete mode 100644 bitnami/kube-state-metrics/README.md delete mode 100644 bitnami/kube-state-metrics/templates/NOTES.txt delete mode 100644 bitnami/kube-state-metrics/templates/_helpers.tpl delete mode 100644 bitnami/kube-state-metrics/templates/clusterrole.yaml delete mode 100644 bitnami/kube-state-metrics/templates/clusterrolebinding.yaml delete mode 100644 bitnami/kube-state-metrics/templates/deployment.yaml delete mode 100644 bitnami/kube-state-metrics/templates/psp-clusterrole.yaml delete mode 100644 bitnami/kube-state-metrics/templates/psp-clusterrolebinding.yaml delete mode 100644 bitnami/kube-state-metrics/templates/psp.yaml delete mode 100644 bitnami/kube-state-metrics/templates/service.yaml delete mode 100644 bitnami/kube-state-metrics/templates/serviceaccount.yaml delete mode 100644 bitnami/kube-state-metrics/templates/servicemonitor.yaml delete mode 100644 bitnami/kube-state-metrics/values.yaml delete mode 100644 bitnami/kubeapps/.gitignore delete mode 100644 bitnami/kubeapps/Chart.lock delete mode 100644 bitnami/kubeapps/Chart.yaml delete mode 100644 bitnami/kubeapps/README.md delete mode 100644 bitnami/kubeapps/crds/apprepository-crd.yaml delete mode 100644 bitnami/kubeapps/templates/NOTES.txt delete mode 100644 bitnami/kubeapps/templates/_helpers.tpl delete mode 100644 bitnami/kubeapps/templates/apprepository/apprepositories-secret.yaml delete mode 100644 bitnami/kubeapps/templates/apprepository/apprepositories.yaml delete mode 100644 bitnami/kubeapps/templates/apprepository/deployment.yaml delete mode 100644 bitnami/kubeapps/templates/apprepository/rbac.yaml delete mode 100644 bitnami/kubeapps/templates/apprepository/serviceaccount.yaml delete mode 100644 bitnami/kubeapps/templates/assetsvc/deployment.yaml delete mode 100644 bitnami/kubeapps/templates/assetsvc/service.yaml delete mode 100644 bitnami/kubeapps/templates/dashboard/configmap.yaml delete mode 100644 bitnami/kubeapps/templates/dashboard/deployment.yaml delete mode 100644 bitnami/kubeapps/templates/dashboard/service.yaml delete mode 100644 bitnami/kubeapps/templates/frontend/configmap.yaml delete mode 100644 bitnami/kubeapps/templates/frontend/deployment.yaml delete mode 100644 bitnami/kubeapps/templates/frontend/oauth2-secret.yaml delete mode 100644 bitnami/kubeapps/templates/frontend/service.yaml delete mode 100644 bitnami/kubeapps/templates/ingress.yaml delete mode 100644 bitnami/kubeapps/templates/kubeappsapis/deployment.yaml delete mode 100644 bitnami/kubeapps/templates/kubeappsapis/rbac.yaml delete mode 100644 bitnami/kubeapps/templates/kubeappsapis/service.yaml delete mode 100644 bitnami/kubeapps/templates/kubeappsapis/serviceaccount.yaml delete mode 100644 bitnami/kubeapps/templates/kubeops/deployment.yaml delete mode 100644 bitnami/kubeapps/templates/kubeops/rbac.yaml delete mode 100644 bitnami/kubeapps/templates/kubeops/service.yaml delete mode 100644 bitnami/kubeapps/templates/kubeops/serviceaccount.yaml delete mode 100644 bitnami/kubeapps/templates/shared/config.yaml delete mode 100644 bitnami/kubeapps/templates/tls-secrets.yaml delete mode 100644 bitnami/kubeapps/values.schema.json delete mode 100644 bitnami/kubeapps/values.yaml delete mode 100644 bitnami/kubernetes-event-exporter/.helmignore delete mode 100644 bitnami/logstash/.helmignore delete mode 100644 bitnami/logstash/Chart.lock delete mode 100644 bitnami/logstash/Chart.yaml delete mode 100644 bitnami/logstash/README.md delete mode 100644 bitnami/logstash/ci/values-with-metrics-and-ingress.yaml delete mode 100644 bitnami/logstash/templates/NOTES.txt delete mode 100644 bitnami/logstash/templates/_helpers.tpl delete mode 100644 bitnami/logstash/templates/configuration-cm.yaml delete mode 100644 bitnami/logstash/templates/headless-svc.yaml delete mode 100644 bitnami/logstash/templates/ingress.yaml delete mode 100644 bitnami/logstash/templates/metrics-svc.yaml delete mode 100644 bitnami/logstash/templates/pdb.yaml delete mode 100644 bitnami/logstash/templates/servicemonitor.yaml delete mode 100644 bitnami/logstash/templates/sts.yaml delete mode 100644 bitnami/logstash/templates/svc.yaml delete mode 100644 bitnami/logstash/templates/tls-secret.yaml delete mode 100644 bitnami/logstash/values.yaml delete mode 100644 bitnami/magento/Chart.lock delete mode 100644 bitnami/magento/Chart.yaml delete mode 100644 bitnami/magento/README.md delete mode 100644 bitnami/magento/ci/values-production-with-host.yaml delete mode 100644 bitnami/magento/ci/values-with-host-and-ingress.yaml delete mode 100644 bitnami/magento/templates/NOTES.txt delete mode 100644 bitnami/magento/templates/_helpers.tpl delete mode 100644 bitnami/magento/templates/deployment.yaml delete mode 100644 bitnami/magento/templates/hpa.yaml delete mode 100644 bitnami/magento/templates/ingress.yaml delete mode 100644 bitnami/magento/templates/pv.yaml delete mode 100644 bitnami/magento/templates/pvc.yaml delete mode 100644 bitnami/magento/templates/secrets.yaml delete mode 100644 bitnami/magento/templates/tls-secrets.yaml delete mode 100644 bitnami/magento/values.yaml delete mode 100644 bitnami/metallb/.helmignore delete mode 100644 bitnami/metallb/Chart.lock delete mode 100644 bitnami/metallb/Chart.yaml delete mode 100644 bitnami/metallb/README.md delete mode 100644 bitnami/metallb/templates/NOTES.txt delete mode 100644 bitnami/metallb/templates/_helpers.tpl delete mode 100644 bitnami/metallb/templates/controller/configmap.yaml delete mode 100644 bitnami/metallb/templates/controller/deployment.yaml delete mode 100644 bitnami/metallb/templates/controller/psp.yaml delete mode 100644 bitnami/metallb/templates/controller/rbac.yaml delete mode 100644 bitnami/metallb/templates/controller/service.yaml delete mode 100644 bitnami/metallb/templates/controller/serviceaccount.yaml delete mode 100644 bitnami/metallb/templates/controller/servicemonitor.yaml delete mode 100644 bitnami/metallb/templates/networkpolicy.yaml delete mode 100644 bitnami/metallb/templates/prometheus/metallb.alerts.yaml delete mode 100644 bitnami/metallb/templates/rbac.yaml delete mode 100644 bitnami/metallb/templates/speaker/daemonset.yaml delete mode 100644 bitnami/metallb/templates/speaker/psp.yaml delete mode 100644 bitnami/metallb/templates/speaker/rbac.yaml delete mode 100644 bitnami/metallb/templates/speaker/secret.yaml delete mode 100644 bitnami/metallb/templates/speaker/service.yaml delete mode 100644 bitnami/metallb/templates/speaker/serviceaccount.yaml delete mode 100644 bitnami/metallb/templates/speaker/servicemonitor.yaml delete mode 100644 bitnami/metallb/values.yaml delete mode 100644 bitnami/metrics-server/Chart.lock delete mode 100644 bitnami/metrics-server/Chart.yaml delete mode 100644 bitnami/metrics-server/README.md delete mode 100644 bitnami/metrics-server/ci/ct-values.yaml delete mode 100644 bitnami/metrics-server/ci/values-with-rbac.yaml delete mode 100644 bitnami/metrics-server/templates/NOTES.txt delete mode 100644 bitnami/metrics-server/templates/_helpers.tpl delete mode 100644 bitnami/metrics-server/templates/auth-delegator-crb.yaml delete mode 100644 bitnami/metrics-server/templates/cluster-role.yaml delete mode 100644 bitnami/metrics-server/templates/deployment.yaml delete mode 100644 bitnami/metrics-server/templates/metrics-api-service.yaml delete mode 100644 bitnami/metrics-server/templates/metrics-server-crb.yaml delete mode 100644 bitnami/metrics-server/templates/pdb.yaml delete mode 100644 bitnami/metrics-server/templates/role-binding.yaml delete mode 100644 bitnami/metrics-server/templates/serviceaccount.yaml delete mode 100644 bitnami/metrics-server/templates/svc.yaml delete mode 100644 bitnami/metrics-server/values.yaml delete mode 100644 bitnami/moodle/.helmignore delete mode 100644 bitnami/moodle/Chart.lock delete mode 100644 bitnami/moodle/Chart.yaml delete mode 100644 bitnami/moodle/README.md delete mode 100644 bitnami/moodle/templates/NOTES.txt delete mode 100644 bitnami/moodle/templates/_helpers.tpl delete mode 100644 bitnami/moodle/templates/deployment.yaml delete mode 100644 bitnami/moodle/templates/ingress.yaml delete mode 100644 bitnami/moodle/templates/metrics-svc.yaml delete mode 100644 bitnami/moodle/templates/pv.yaml delete mode 100644 bitnami/moodle/templates/pvc.yaml delete mode 100644 bitnami/moodle/templates/secrets.yaml delete mode 100644 bitnami/moodle/templates/svc.yaml delete mode 100644 bitnami/moodle/templates/tls-secrets.yaml delete mode 100644 bitnami/moodle/values.yaml delete mode 100644 bitnami/mxnet/.helmignore delete mode 100644 bitnami/mxnet/Chart.lock delete mode 100644 bitnami/mxnet/Chart.yaml delete mode 100644 bitnami/mxnet/README.md delete mode 100644 bitnami/mxnet/ci/values-production.yaml delete mode 100644 bitnami/mxnet/templates/NOTES.txt delete mode 100644 bitnami/mxnet/templates/_helpers.tpl delete mode 100644 bitnami/mxnet/templates/configmap.yaml delete mode 100644 bitnami/mxnet/templates/deployment-pvc.yaml delete mode 100644 bitnami/mxnet/templates/headless-svc.yaml delete mode 100644 bitnami/mxnet/templates/scheduler-deployment.yaml delete mode 100644 bitnami/mxnet/templates/scheduler-service.yaml delete mode 100644 bitnami/mxnet/templates/server-statefulset.yaml delete mode 100644 bitnami/mxnet/templates/standalone-deployment.yaml delete mode 100644 bitnami/mxnet/templates/worker-statefulset.yaml delete mode 100644 bitnami/mxnet/values.yaml delete mode 100644 bitnami/mysql/.helmignore delete mode 100644 bitnami/mysql/Chart.lock delete mode 100644 bitnami/mysql/Chart.yaml delete mode 100644 bitnami/mysql/README.md delete mode 100644 bitnami/mysql/ci/values-production-with-rbac.yaml delete mode 100644 bitnami/mysql/templates/NOTES.txt delete mode 100644 bitnami/mysql/templates/_helpers.tpl delete mode 100644 bitnami/mysql/templates/metrics-svc.yaml delete mode 100644 bitnami/mysql/templates/networkpolicy.yaml delete mode 100644 bitnami/mysql/templates/primary/configmap.yaml delete mode 100644 bitnami/mysql/templates/primary/initialization-configmap.yaml delete mode 100644 bitnami/mysql/templates/primary/pdb.yaml delete mode 100644 bitnami/mysql/templates/primary/statefulset.yaml delete mode 100644 bitnami/mysql/templates/primary/svc-headless.yaml delete mode 100644 bitnami/mysql/templates/primary/svc.yaml delete mode 100644 bitnami/mysql/templates/role.yaml delete mode 100644 bitnami/mysql/templates/rolebinding.yaml delete mode 100644 bitnami/mysql/templates/secondary/configmap.yaml delete mode 100644 bitnami/mysql/templates/secondary/pdb.yaml delete mode 100644 bitnami/mysql/templates/secondary/statefulset.yaml delete mode 100644 bitnami/mysql/templates/secondary/svc-headless.yaml delete mode 100644 bitnami/mysql/templates/secondary/svc.yaml delete mode 100644 bitnami/mysql/templates/secrets.yaml delete mode 100644 bitnami/mysql/templates/serviceaccount.yaml delete mode 100644 bitnami/mysql/templates/servicemonitor.yaml delete mode 100644 bitnami/mysql/values.schema.json delete mode 100644 bitnami/mysql/values.yaml delete mode 100644 bitnami/nats/.helmignore delete mode 100644 bitnami/nginx-ingress-controller/.helmignore delete mode 100644 bitnami/nginx-ingress-controller/Chart.lock delete mode 100644 bitnami/nginx-ingress-controller/Chart.yaml delete mode 100644 bitnami/nginx-ingress-controller/README.md delete mode 100644 bitnami/nginx-ingress-controller/ci/ct-values.yaml delete mode 100644 bitnami/nginx-ingress-controller/ci/values-production-with-psp.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/NOTES.txt delete mode 100644 bitnami/nginx-ingress-controller/templates/_helpers.tpl delete mode 100644 bitnami/nginx-ingress-controller/templates/addheaders-configmap.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/clusterrole.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/clusterrolebinding.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/controller-configmap.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/controller-daemonset.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/controller-deployment.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/controller-hpa.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/controller-metrics-service.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/controller-poddisruptionbudget.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/controller-prometheusrules.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/controller-service.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/controller-servicemonitor.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/default-backend-configmap.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/default-backend-deployment.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/default-backend-poddisruptionbudget.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/default-backend-service.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/dh-param-secret.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/extra-list.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/podsecuritypolicy.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/proxyheaders-configmap.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/role.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/rolebinding.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/serviceaccount.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/tcp-configmap.yaml delete mode 100644 bitnami/nginx-ingress-controller/templates/udp-configmap.yaml delete mode 100644 bitnami/nginx-ingress-controller/values.yaml delete mode 100644 bitnami/nginx/.helmignore delete mode 100644 bitnami/nginx/Chart.yaml delete mode 100644 bitnami/nginx/ci/ct-values.yaml delete mode 100644 bitnami/nginx/templates/extra-list.yaml delete mode 100644 bitnami/node-exporter/.helmignore delete mode 100644 bitnami/node/.helmignore delete mode 100644 bitnami/node/Chart.lock delete mode 100644 bitnami/node/Chart.yaml delete mode 100644 bitnami/node/README.md delete mode 100644 bitnami/node/ci/values-with-ingress-and-persistence.yaml delete mode 100644 bitnami/node/templates/NOTES.txt delete mode 100644 bitnami/node/templates/_helpers.tpl delete mode 100644 bitnami/node/templates/deployment.yaml delete mode 100644 bitnami/node/templates/extra-list.yaml delete mode 100644 bitnami/node/templates/ingress.yaml delete mode 100644 bitnami/node/templates/mongodb-binding.yaml delete mode 100644 bitnami/node/templates/pvc.yaml delete mode 100644 bitnami/node/templates/svc.yaml delete mode 100644 bitnami/node/values.yaml delete mode 100644 bitnami/oauth2-proxy/.helmignore delete mode 100644 bitnami/oauth2-proxy/templates/extra-list.yaml delete mode 100644 bitnami/odoo/.helmignore delete mode 100644 bitnami/odoo/Chart.lock delete mode 100644 bitnami/odoo/Chart.yaml delete mode 100644 bitnami/odoo/README.md delete mode 100644 bitnami/odoo/ci/ct-values.yaml delete mode 100644 bitnami/odoo/ci/values-hpa-pdb.yaml delete mode 100644 bitnami/odoo/templates/NOTES.txt delete mode 100644 bitnami/odoo/templates/_helpers.tpl delete mode 100644 bitnami/odoo/templates/deployment.yaml delete mode 100644 bitnami/odoo/templates/externaldb-secrets.yaml delete mode 100644 bitnami/odoo/templates/extra-list.yaml delete mode 100644 bitnami/odoo/templates/ingress.yaml delete mode 100644 bitnami/odoo/templates/pvc.yaml delete mode 100644 bitnami/odoo/templates/secrets.yaml delete mode 100644 bitnami/odoo/templates/serviceaccount.yaml delete mode 100644 bitnami/odoo/templates/svc.yaml delete mode 100644 bitnami/odoo/templates/tls-secrets.yaml delete mode 100644 bitnami/odoo/values.yaml delete mode 100644 bitnami/opencart/.helmignore delete mode 100644 bitnami/opencart/Chart.lock delete mode 100644 bitnami/opencart/Chart.yaml delete mode 100644 bitnami/opencart/README.md delete mode 100644 bitnami/opencart/ci/ct-values.yaml delete mode 100644 bitnami/opencart/templates/NOTES.txt delete mode 100644 bitnami/opencart/templates/_helpers.tpl delete mode 100644 bitnami/opencart/templates/deployment.yaml delete mode 100644 bitnami/opencart/templates/externaldb-secrets.yaml delete mode 100644 bitnami/opencart/templates/extra-list.yaml delete mode 100644 bitnami/opencart/templates/ingress.yaml delete mode 100644 bitnami/opencart/templates/pv.yaml delete mode 100644 bitnami/opencart/templates/pvc.yaml delete mode 100644 bitnami/opencart/templates/secrets.yaml delete mode 100644 bitnami/opencart/templates/svc.yaml delete mode 100644 bitnami/opencart/templates/tls-secrets.yaml delete mode 100644 bitnami/opencart/values.yaml delete mode 100644 bitnami/orangehrm/.helmignore delete mode 100644 bitnami/orangehrm/Chart.lock delete mode 100644 bitnami/orangehrm/Chart.yaml delete mode 100644 bitnami/orangehrm/README.md delete mode 100644 bitnami/orangehrm/ci/ct-values.yaml delete mode 100644 bitnami/orangehrm/templates/NOTES.txt delete mode 100644 bitnami/orangehrm/templates/_helpers.tpl delete mode 100644 bitnami/orangehrm/templates/deployment.yaml delete mode 100644 bitnami/orangehrm/templates/externaldb-secrets.yaml delete mode 100644 bitnami/orangehrm/templates/extra-list.yaml delete mode 100644 bitnami/orangehrm/templates/ingress.yaml delete mode 100644 bitnami/orangehrm/templates/pv.yaml delete mode 100644 bitnami/orangehrm/templates/pvc.yaml delete mode 100644 bitnami/orangehrm/templates/secrets.yaml delete mode 100644 bitnami/orangehrm/templates/svc.yaml delete mode 100644 bitnami/orangehrm/templates/tls-secrets.yaml delete mode 100644 bitnami/orangehrm/values.yaml delete mode 100644 bitnami/osclass/.helmignore delete mode 100644 bitnami/osclass/Chart.lock delete mode 100644 bitnami/osclass/Chart.yaml delete mode 100644 bitnami/osclass/README.md delete mode 100644 bitnami/osclass/ci/values-with-host-and-ingress.yaml delete mode 100644 bitnami/osclass/templates/NOTES.txt delete mode 100644 bitnami/osclass/templates/_helpers.tpl delete mode 100644 bitnami/osclass/templates/deployment.yaml delete mode 100644 bitnami/osclass/templates/externaldb-secrets.yaml delete mode 100644 bitnami/osclass/templates/extra-list.yaml delete mode 100644 bitnami/osclass/templates/hpa.yaml delete mode 100644 bitnami/osclass/templates/ingress.yaml delete mode 100644 bitnami/osclass/templates/metrics-svc.yaml delete mode 100644 bitnami/osclass/templates/osclass-pvc.yaml delete mode 100644 bitnami/osclass/templates/pdb.yaml delete mode 100644 bitnami/osclass/templates/secrets.yaml delete mode 100644 bitnami/osclass/templates/svc.yaml delete mode 100644 bitnami/osclass/templates/tls-secrets.yaml delete mode 100644 bitnami/osclass/values.yaml delete mode 100644 bitnami/owncloud/.helmignore delete mode 100644 bitnami/owncloud/ci/ct-values.yaml delete mode 100644 bitnami/owncloud/templates/_certificates.tpl delete mode 100644 bitnami/owncloud/templates/externaldb-secrets.yaml delete mode 100644 bitnami/owncloud/templates/extra-list.yaml delete mode 100644 bitnami/owncloud/templates/metrics-svc.yaml delete mode 100644 bitnami/owncloud/templates/svc.yaml delete mode 100644 bitnami/parse/.helmignore delete mode 100644 bitnami/parse/ci/ct-values.yaml delete mode 100644 bitnami/parse/templates/extra-list.yaml delete mode 100644 bitnami/phabricator/.helmignore delete mode 100644 bitnami/phabricator/ci/ct-values.yaml delete mode 100644 bitnami/phabricator/templates/extra-list.yaml delete mode 100644 bitnami/phabricator/templates/ingress.yaml delete mode 100644 bitnami/phpbb/.helmignore delete mode 100644 bitnami/phpbb/Chart.lock delete mode 100644 bitnami/phpbb/Chart.yaml delete mode 100644 bitnami/phpbb/README.md delete mode 100644 bitnami/phpbb/ci/ct-values.yaml delete mode 100644 bitnami/phpbb/templates/NOTES.txt delete mode 100644 bitnami/phpbb/templates/_helpers.tpl delete mode 100644 bitnami/phpbb/templates/deployment.yaml delete mode 100644 bitnami/phpbb/templates/externaldb-secrets.yaml delete mode 100644 bitnami/phpbb/templates/extra-list.yaml delete mode 100644 bitnami/phpbb/templates/ingress.yaml delete mode 100644 bitnami/phpbb/templates/phpbb-pvc.yaml delete mode 100644 bitnami/phpbb/templates/secrets.yaml delete mode 100644 bitnami/phpbb/templates/svc.yaml delete mode 100644 bitnami/phpbb/templates/tls-secrets.yaml delete mode 100644 bitnami/phpbb/values.yaml delete mode 100644 bitnami/phpmyadmin/.helmignore delete mode 100644 bitnami/phpmyadmin/Chart.lock delete mode 100644 bitnami/phpmyadmin/Chart.yaml delete mode 100644 bitnami/phpmyadmin/README.md delete mode 100644 bitnami/phpmyadmin/ci/metrics-and-ingress-values.yaml delete mode 100644 bitnami/phpmyadmin/templates/NOTES.txt delete mode 100644 bitnami/phpmyadmin/templates/_helpers.tpl delete mode 100644 bitnami/phpmyadmin/templates/certs.yaml delete mode 100644 bitnami/phpmyadmin/templates/deployment.yaml delete mode 100644 bitnami/phpmyadmin/templates/extra-list.yaml delete mode 100644 bitnami/phpmyadmin/templates/ingress.yaml delete mode 100644 bitnami/phpmyadmin/templates/metrics-svc.yaml delete mode 100644 bitnami/phpmyadmin/templates/service.yaml delete mode 100644 bitnami/phpmyadmin/templates/servicemonitor.yaml delete mode 100644 bitnami/phpmyadmin/templates/tls-secrets.yaml delete mode 100644 bitnami/phpmyadmin/values.yaml delete mode 100644 bitnami/postgresql-ha/.helmignore delete mode 100644 bitnami/postgresql-ha/templates/extra-list.yaml delete mode 100644 bitnami/postgresql/.helmignore delete mode 100644 bitnami/postgresql/templates/extra-list.yaml delete mode 100644 bitnami/prestashop/.helmignore delete mode 100644 bitnami/prestashop/Chart.lock delete mode 100644 bitnami/prestashop/Chart.yaml delete mode 100644 bitnami/prestashop/README.md delete mode 100644 bitnami/prestashop/ci/ct-values.yaml delete mode 100644 bitnami/prestashop/templates/NOTES.txt delete mode 100644 bitnami/prestashop/templates/_helpers.tpl delete mode 100644 bitnami/prestashop/templates/deployment.yaml delete mode 100644 bitnami/prestashop/templates/externaldb-secrets.yaml delete mode 100644 bitnami/prestashop/templates/extra-list.yaml delete mode 100644 bitnami/prestashop/templates/ingress.yaml delete mode 100644 bitnami/prestashop/templates/pv.yaml delete mode 100644 bitnami/prestashop/templates/pvc.yaml delete mode 100644 bitnami/prestashop/templates/secrets.yaml delete mode 100644 bitnami/prestashop/templates/svc.yaml delete mode 100644 bitnami/prestashop/templates/tls-secrets.yaml delete mode 100644 bitnami/prestashop/values.yaml delete mode 100644 bitnami/pytorch/.helmignore delete mode 100644 bitnami/pytorch/Chart.lock delete mode 100644 bitnami/pytorch/Chart.yaml delete mode 100644 bitnami/pytorch/README.md delete mode 100644 bitnami/pytorch/ci/values-production.yaml delete mode 100644 bitnami/pytorch/templates/NOTES.txt delete mode 100644 bitnami/pytorch/templates/_helpers.tpl delete mode 100644 bitnami/pytorch/templates/configmap.yaml delete mode 100644 bitnami/pytorch/templates/deployment.yaml delete mode 100644 bitnami/pytorch/templates/headless-svc.yaml delete mode 100644 bitnami/pytorch/templates/pvc.yaml delete mode 100644 bitnami/pytorch/templates/service.yaml delete mode 100644 bitnami/pytorch/templates/statefulset.yaml delete mode 100644 bitnami/pytorch/values.yaml delete mode 100644 bitnami/rabbitmq-cluster-operator/.helmignore delete mode 100644 bitnami/rabbitmq-cluster-operator/templates/extra-list.yaml delete mode 100644 bitnami/rabbitmq/.helmignore delete mode 100644 bitnami/rabbitmq/templates/extra-list.yaml delete mode 100644 bitnami/redis-cluster/.helmignore delete mode 100644 bitnami/redis-cluster/templates/extra-list.yaml delete mode 100644 bitnami/redis/.helmignore delete mode 100644 bitnami/redis/img/redis-topology.png delete mode 100644 bitnami/redis/templates/extra-list.yaml delete mode 100644 bitnami/redmine/.helmignore delete mode 100644 bitnami/redmine/ci/ct-values.yaml delete mode 100644 bitnami/redmine/templates/extra-list.yaml delete mode 100644 bitnami/redmine/templates/postinit-configmap.yaml delete mode 100644 bitnami/spark/.helmignore delete mode 100644 bitnami/spark/templates/extra-list.yaml delete mode 100644 bitnami/spring-cloud-dataflow/.helmignore delete mode 100644 bitnami/spring-cloud-dataflow/Chart.lock delete mode 100644 bitnami/spring-cloud-dataflow/Chart.yaml delete mode 100644 bitnami/spring-cloud-dataflow/README.md delete mode 100644 bitnami/spring-cloud-dataflow/templates/NOTES.txt delete mode 100644 bitnami/spring-cloud-dataflow/templates/_helpers.tpl delete mode 100644 bitnami/spring-cloud-dataflow/templates/externaldb-secrets.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/externalrabbitmq-secrets.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/extra-list.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/prometheus-proxy/deployment.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/prometheus-proxy/hpa.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/prometheus-proxy/pdb.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/prometheus-proxy/service.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/prometheus-proxy/servicemonitor-metrics.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/role.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/rolebinding.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/scripts-configmap.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/server/configmap.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/server/deployment.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/server/hpa.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/server/ingress.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/server/pdb.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/server/service.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/server/tls-secret.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/serviceaccount.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/skipper/configmap.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/skipper/deployment.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/skipper/hpa.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/skipper/pdb.yaml delete mode 100644 bitnami/spring-cloud-dataflow/templates/skipper/service.yaml delete mode 100644 bitnami/spring-cloud-dataflow/values.schema.json delete mode 100644 bitnami/spring-cloud-dataflow/values.yaml delete mode 100644 bitnami/suitecrm/.helmignore delete mode 100644 bitnami/suitecrm/Chart.lock delete mode 100644 bitnami/suitecrm/Chart.yaml delete mode 100644 bitnami/suitecrm/README.md delete mode 100644 bitnami/suitecrm/ci/ct-values.yaml delete mode 100644 bitnami/suitecrm/templates/NOTES.txt delete mode 100644 bitnami/suitecrm/templates/_helpers.tpl delete mode 100644 bitnami/suitecrm/templates/deployment.yaml delete mode 100644 bitnami/suitecrm/templates/externaldb-secrets.yaml delete mode 100644 bitnami/suitecrm/templates/extra-list.yaml delete mode 100644 bitnami/suitecrm/templates/metrics-svc.yaml delete mode 100644 bitnami/suitecrm/templates/pv.yaml delete mode 100644 bitnami/suitecrm/templates/pvc.yaml delete mode 100644 bitnami/suitecrm/templates/secrets.yaml delete mode 100644 bitnami/suitecrm/templates/svc.yaml delete mode 100644 bitnami/suitecrm/templates/tls-secrets.yaml delete mode 100644 bitnami/suitecrm/values.yaml delete mode 100644 bitnami/tensorflow-resnet/.helmignore delete mode 100644 bitnami/tensorflow-resnet/Chart.lock delete mode 100644 bitnami/tensorflow-resnet/Chart.yaml delete mode 100644 bitnami/tensorflow-resnet/README.md delete mode 100644 bitnami/tensorflow-resnet/ci/ct-values.yaml delete mode 100644 bitnami/tensorflow-resnet/ci/values-with-metrics.yaml delete mode 100644 bitnami/tensorflow-resnet/templates/NOTES.txt delete mode 100644 bitnami/tensorflow-resnet/templates/_helpers.tpl delete mode 100644 bitnami/tensorflow-resnet/templates/deployment.yaml delete mode 100644 bitnami/tensorflow-resnet/templates/svc.yaml delete mode 100644 bitnami/tensorflow-resnet/values.yaml delete mode 100644 bitnami/testlink/.helmignore delete mode 100644 bitnami/testlink/ci/ct-values.yaml delete mode 100644 bitnami/testlink/templates/externaldb-secrets.yaml delete mode 100644 bitnami/testlink/templates/extra-list.yaml delete mode 100644 bitnami/testlink/templates/ingress.yaml delete mode 100644 bitnami/testlink/templates/svc.yaml delete mode 100644 bitnami/testlink/templates/tls-secrets.yaml delete mode 100644 bitnami/thanos/.helmignore delete mode 100644 bitnami/thanos/Chart.lock delete mode 100644 bitnami/thanos/Chart.yaml delete mode 100644 bitnami/thanos/README.md delete mode 100644 bitnami/thanos/ci/values-with-bucketweb-compactor-storegateway-and-minio.yaml delete mode 100644 bitnami/thanos/ci/values-with-ingress-and-metrics.yaml delete mode 100644 bitnami/thanos/templates/NOTES.txt delete mode 100644 bitnami/thanos/templates/_helpers.tpl delete mode 100644 bitnami/thanos/templates/bucketweb/deployment.yaml delete mode 100644 bitnami/thanos/templates/bucketweb/ingress.yaml delete mode 100644 bitnami/thanos/templates/bucketweb/pdb.yaml delete mode 100644 bitnami/thanos/templates/bucketweb/service.yaml delete mode 100644 bitnami/thanos/templates/bucketweb/serviceaccount.yaml delete mode 100644 bitnami/thanos/templates/bucketweb/servicemonitor.yaml delete mode 100644 bitnami/thanos/templates/bucketweb/tls-secrets.yaml delete mode 100644 bitnami/thanos/templates/compactor/deployment.yaml delete mode 100644 bitnami/thanos/templates/compactor/ingress.yaml delete mode 100644 bitnami/thanos/templates/compactor/pvc.yaml delete mode 100644 bitnami/thanos/templates/compactor/service.yaml delete mode 100644 bitnami/thanos/templates/compactor/serviceaccount.yaml delete mode 100644 bitnami/thanos/templates/compactor/servicemonitor.yaml delete mode 100644 bitnami/thanos/templates/objstore-secret.yaml delete mode 100644 bitnami/thanos/templates/prometheusrule.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/configmap.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/deployment.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/hpa.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/ingress.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/pdb.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/psp-clusterrole.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/psp-clusterrolebinding.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/psp.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/service.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/serviceaccount.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/servicemonitor.yaml delete mode 100644 bitnami/thanos/templates/query-frontend/tls-secrets.yaml delete mode 100644 bitnami/thanos/templates/query/deployment.yaml delete mode 100644 bitnami/thanos/templates/query/hpa.yaml delete mode 100644 bitnami/thanos/templates/query/ingress-grpc.yaml delete mode 100644 bitnami/thanos/templates/query/ingress.yaml delete mode 100644 bitnami/thanos/templates/query/pdb.yaml delete mode 100644 bitnami/thanos/templates/query/psp-clusterrole.yaml delete mode 100644 bitnami/thanos/templates/query/psp-clusterrolebinding.yaml delete mode 100644 bitnami/thanos/templates/query/psp.yaml delete mode 100644 bitnami/thanos/templates/query/sd-configmap.yaml delete mode 100644 bitnami/thanos/templates/query/service.yaml delete mode 100644 bitnami/thanos/templates/query/serviceaccount.yaml delete mode 100644 bitnami/thanos/templates/query/servicemonitor.yaml delete mode 100644 bitnami/thanos/templates/query/tls-client-secret.yaml delete mode 100644 bitnami/thanos/templates/query/tls-secrets.yaml delete mode 100644 bitnami/thanos/templates/query/tls-server-secret.yaml delete mode 100644 bitnami/thanos/templates/receive/configmap.yaml delete mode 100644 bitnami/thanos/templates/receive/distributor.yaml delete mode 100644 bitnami/thanos/templates/receive/hpa.yaml delete mode 100644 bitnami/thanos/templates/receive/ingress.yaml delete mode 100644 bitnami/thanos/templates/receive/pdb.yaml delete mode 100644 bitnami/thanos/templates/receive/service-headless.yaml delete mode 100644 bitnami/thanos/templates/receive/service.yaml delete mode 100644 bitnami/thanos/templates/receive/serviceaccount.yaml delete mode 100644 bitnami/thanos/templates/receive/servicemonitor.yaml delete mode 100644 bitnami/thanos/templates/receive/statefulset.yaml delete mode 100644 bitnami/thanos/templates/receive/tls-secrets.yaml delete mode 100644 bitnami/thanos/templates/receive/tls-server-secret.yaml delete mode 100644 bitnami/thanos/templates/ruler/configmap.yaml delete mode 100644 bitnami/thanos/templates/ruler/ingress.yaml delete mode 100644 bitnami/thanos/templates/ruler/pdb.yaml delete mode 100644 bitnami/thanos/templates/ruler/secret.yaml delete mode 100644 bitnami/thanos/templates/ruler/service-headless.yaml delete mode 100644 bitnami/thanos/templates/ruler/service.yaml delete mode 100644 bitnami/thanos/templates/ruler/serviceaccount.yaml delete mode 100644 bitnami/thanos/templates/ruler/servicemonitor.yaml delete mode 100644 bitnami/thanos/templates/ruler/statefulset.yaml delete mode 100644 bitnami/thanos/templates/storegateway/configmap.yaml delete mode 100644 bitnami/thanos/templates/storegateway/hpa.yaml delete mode 100644 bitnami/thanos/templates/storegateway/ingress.yaml delete mode 100644 bitnami/thanos/templates/storegateway/pdb.yaml delete mode 100644 bitnami/thanos/templates/storegateway/service-headless.yaml delete mode 100644 bitnami/thanos/templates/storegateway/service-sharded.yaml delete mode 100644 bitnami/thanos/templates/storegateway/service.yaml delete mode 100644 bitnami/thanos/templates/storegateway/serviceaccount.yaml delete mode 100644 bitnami/thanos/templates/storegateway/servicemonitor.yaml delete mode 100644 bitnami/thanos/templates/storegateway/statefulset-sharded.yaml delete mode 100644 bitnami/thanos/templates/storegateway/statefulset.yaml delete mode 100644 bitnami/thanos/templates/storegateway/tls-server-secret.yaml delete mode 100644 bitnami/thanos/templates/tls-auto-secret.yaml delete mode 100644 bitnami/thanos/values.yaml delete mode 100644 bitnami/tomcat/.helmignore delete mode 100644 bitnami/tomcat/Chart.lock delete mode 100644 bitnami/tomcat/Chart.yaml delete mode 100644 bitnami/tomcat/README.md delete mode 100644 bitnami/tomcat/ci/ct-values.yaml delete mode 100644 bitnami/tomcat/ci/values-with-ingress-and-initcontainers.yaml delete mode 100644 bitnami/tomcat/templates/NOTES.txt delete mode 100644 bitnami/tomcat/templates/_helpers.tpl delete mode 100644 bitnami/tomcat/templates/_pod.tpl delete mode 100644 bitnami/tomcat/templates/deployment.yaml delete mode 100644 bitnami/tomcat/templates/extra-list.yaml delete mode 100644 bitnami/tomcat/templates/ingress.yaml delete mode 100644 bitnami/tomcat/templates/pvc.yaml delete mode 100644 bitnami/tomcat/templates/secrets.yaml delete mode 100644 bitnami/tomcat/templates/statefulset.yaml delete mode 100644 bitnami/tomcat/templates/svc-headless.yaml delete mode 100644 bitnami/tomcat/templates/svc.yaml delete mode 100644 bitnami/tomcat/templates/tls-secrets.yaml delete mode 100644 bitnami/tomcat/values.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/Chart.lock delete mode 100644 bitnami/wavefront-adapter-for-istio/Chart.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/README.md delete mode 100644 bitnami/wavefront-adapter-for-istio/ci/values-external.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/NOTES.txt delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/_helpers.tpl delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/deployment.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/extra-list.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/istio/adapter.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/istio/attribute-manifests.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/istio/handler.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/istio/instance-http.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/istio/instance-tcp.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/istio/metric-template.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/istio/rule-http.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/istio/rule-tcp.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/templates/service.yaml delete mode 100644 bitnami/wavefront-adapter-for-istio/values.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/Chart.lock delete mode 100644 bitnami/wavefront-hpa-adapter/Chart.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/README.md delete mode 100644 bitnami/wavefront-hpa-adapter/ci/rules.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/NOTES.txt delete mode 100644 bitnami/wavefront-hpa-adapter/templates/_helpers.tpl delete mode 100644 bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-deployment.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-service-account.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-service.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiservice.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/custom-metrics-cluster-role.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/custom-metrics-configmap.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/external-metrics-apiservice.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/external-metrics-cluster-role.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/extra-list.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml delete mode 100644 bitnami/wavefront-hpa-adapter/values.yaml delete mode 100644 bitnami/wavefront-prometheus-storage-adapter/Chart.lock delete mode 100644 bitnami/wavefront-prometheus-storage-adapter/Chart.yaml delete mode 100644 bitnami/wavefront-prometheus-storage-adapter/README.md delete mode 100644 bitnami/wavefront-prometheus-storage-adapter/ci/values-external.yaml delete mode 100644 bitnami/wavefront-prometheus-storage-adapter/templates/NOTES.txt delete mode 100644 bitnami/wavefront-prometheus-storage-adapter/templates/_helpers.tpl delete mode 100644 bitnami/wavefront-prometheus-storage-adapter/templates/deployment.yaml delete mode 100644 bitnami/wavefront-prometheus-storage-adapter/templates/extra-list.yaml delete mode 100644 bitnami/wavefront-prometheus-storage-adapter/templates/service.yaml delete mode 100644 bitnami/wavefront-prometheus-storage-adapter/values.yaml delete mode 100644 bitnami/wavefront/.helmignore delete mode 100644 bitnami/wavefront/Chart.lock delete mode 100644 bitnami/wavefront/Chart.yaml delete mode 100644 bitnami/wavefront/README.md delete mode 100644 bitnami/wavefront/templates/NOTES.txt delete mode 100644 bitnami/wavefront/templates/_helpers.tpl delete mode 100644 bitnami/wavefront/templates/api-token-secret.yaml delete mode 100644 bitnami/wavefront/templates/collector-cluster-role.yaml delete mode 100644 bitnami/wavefront/templates/collector-clusterrolebinding.yaml delete mode 100644 bitnami/wavefront/templates/collector-config.yaml delete mode 100644 bitnami/wavefront/templates/collector-daemonset.yaml delete mode 100644 bitnami/wavefront/templates/collector-deployment.yaml delete mode 100644 bitnami/wavefront/templates/collector-service-account.yaml delete mode 100644 bitnami/wavefront/templates/extra-list.yaml delete mode 100644 bitnami/wavefront/templates/podsecuritypolicy.yaml delete mode 100644 bitnami/wavefront/templates/project-pacific-rolebinding.yaml delete mode 100644 bitnami/wavefront/templates/proxy-deployment.yaml delete mode 100644 bitnami/wavefront/templates/proxy-preprocessor-config.yaml delete mode 100644 bitnami/wavefront/templates/proxy-service.yaml delete mode 100644 bitnami/wavefront/templates/tkgi-rolebinding.yaml delete mode 100644 bitnami/wavefront/values.yaml delete mode 100644 bitnami/wildfly/.helmignore delete mode 100644 bitnami/wildfly/Chart.lock delete mode 100644 bitnami/wildfly/Chart.yaml delete mode 100644 bitnami/wildfly/README.md delete mode 100644 bitnami/wildfly/ci/ct-values.yaml delete mode 100644 bitnami/wildfly/ci/values-with-ingress-and-initcontainers.yaml delete mode 100644 bitnami/wildfly/templates/NOTES.txt delete mode 100644 bitnami/wildfly/templates/_helpers.tpl delete mode 100644 bitnami/wildfly/templates/deployment.yaml delete mode 100644 bitnami/wildfly/templates/extra-list.yaml delete mode 100644 bitnami/wildfly/templates/ingress.yaml delete mode 100644 bitnami/wildfly/templates/management-ingress.yaml delete mode 100644 bitnami/wildfly/templates/pvc.yaml delete mode 100644 bitnami/wildfly/templates/secrets.yaml delete mode 100644 bitnami/wildfly/templates/svc.yaml delete mode 100644 bitnami/wildfly/templates/tls-secrets.yaml delete mode 100644 bitnami/wildfly/values.yaml delete mode 100644 bitnami/wordpress/.helmignore delete mode 100644 bitnami/wordpress/ci/ct-values.yaml delete mode 100644 bitnami/wordpress/ci/values-hpa-pdb.yaml delete mode 100644 bitnami/wordpress/templates/extra-list.yaml delete mode 100644 bitnami/wordpress/templates/hpa.yaml delete mode 100644 bitnami/wordpress/templates/pdb.yaml delete mode 100644 bitnami/wordpress/templates/servicemonitor.yaml delete mode 100644 bitnami/zookeeper/.helmignore delete mode 100644 bitnami/zookeeper/templates/extra-list.yaml delete mode 100644 metadata/artifacthub-pkg.yml rename {bitnami => riftbit}/airflow/.helmignore (100%) rename {bitnami => riftbit}/airflow/Chart.lock (100%) rename {bitnami => riftbit}/airflow/Chart.yaml (100%) rename {bitnami => riftbit}/airflow/README.md (100%) rename {bitnami => riftbit}/airflow/ci/values-production-with-config.yaml (100%) rename {bitnami => riftbit}/airflow/files/dags/README.md (100%) rename {bitnami => riftbit}/airflow/templates/NOTES.txt (100%) rename {bitnami => riftbit}/airflow/templates/_git_helpers.tpl (100%) rename {bitnami => riftbit}/airflow/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/airflow/templates/config/configmap.yaml (100%) rename {bitnami => riftbit}/airflow/templates/config/secret-external-db.yaml (100%) rename {bitnami => riftbit}/airflow/templates/config/secret-external-redis.yaml (100%) rename {bitnami => riftbit}/airflow/templates/config/secret-ldap.yaml (100%) rename {bitnami => riftbit}/airflow/templates/config/secret.yaml (100%) rename {bitnami => riftbit}/airflow/templates/extradeploy.yaml (100%) rename {bitnami => riftbit}/airflow/templates/metrics/deployment.yaml (100%) rename {bitnami => riftbit}/airflow/templates/metrics/service.yaml (100%) rename {bitnami => riftbit}/airflow/templates/metrics/servicemonitor.yaml (100%) rename {bitnami => riftbit}/airflow/templates/rbac/role.yaml (100%) rename {bitnami => riftbit}/airflow/templates/rbac/rolebinding.yaml (100%) rename {bitnami => riftbit}/airflow/templates/rbac/serviceaccount.yaml (100%) rename {bitnami => riftbit}/airflow/templates/scheduler/deployment.yaml (100%) rename {bitnami => riftbit}/airflow/templates/scheduler/networkpolicy.yaml (100%) rename {bitnami => riftbit}/airflow/templates/scheduler/poddisruptionbudget.yaml (100%) rename {bitnami => riftbit}/airflow/templates/scheduler/service-headless.yaml (100%) rename {bitnami => riftbit}/airflow/templates/web/deployment.yaml (100%) rename {bitnami => riftbit}/airflow/templates/web/ingress.yaml (100%) rename {bitnami => riftbit}/airflow/templates/web/poddisruptionbudget.yaml (100%) rename {bitnami => riftbit}/airflow/templates/web/service.yaml (100%) rename {bitnami => riftbit}/airflow/templates/worker/horizontalpodautoscaler.yaml (100%) rename {bitnami => riftbit}/airflow/templates/worker/networkpolicy.yaml (100%) rename {bitnami => riftbit}/airflow/templates/worker/poddisruptionbudget.yaml (100%) rename {bitnami => riftbit}/airflow/templates/worker/service-headless.yaml (100%) rename {bitnami => riftbit}/airflow/templates/worker/statefulset.yaml (100%) rename {bitnami => riftbit}/airflow/values.yaml (100%) rename {bitnami => riftbit}/argo-cd/.helmignore (100%) rename {bitnami => riftbit}/argo-cd/Chart.lock (100%) rename {bitnami => riftbit}/argo-cd/Chart.yaml (100%) rename {bitnami => riftbit}/argo-cd/README.md (100%) rename {bitnami => riftbit}/argo-cd/crds/application.yaml (100%) rename {bitnami => riftbit}/argo-cd/crds/project.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/NOTES.txt (100%) rename {bitnami => riftbit}/argo-cd/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/argo-cd/templates/application-controller/clusterrole.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/application-controller/clusterrolebinding.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/application-controller/deployment.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/application-controller/metrics-svc.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/application-controller/prometheus-rule.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/application-controller/role.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/application-controller/rolebinding.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/application-controller/service-account.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/application-controller/service.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/application-controller/servicemonitor.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/argocd-cm.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/argocd-secret.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/cluster-configs.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/dex/deployment.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/dex/metrics-svc.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/dex/role.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/dex/rolebinding.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/dex/service-account.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/dex/service.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/dex/servicemonitor.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/known-hosts-cm.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/repo-server/deployment.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/repo-server/hpa.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/repo-server/metrics-svc.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/repo-server/repository-credentials-secret.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/repo-server/role.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/repo-server/rolebinding.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/repo-server/service-account.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/repo-server/service.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/repo-server/servicemonitor.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/clusterrole.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/clusterrolebinding.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/deployment.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/grpc-tls-secret.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/hpa.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/ingress-grcp.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/ingress.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/metrics-svc.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/role.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/rolebinding.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/service-account.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/service.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/servicemonitor.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/server/tls-secret.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/styles-cm.yaml (100%) rename {bitnami => riftbit}/argo-cd/templates/tls-certs-cm.yaml (100%) rename {bitnami => riftbit}/argo-cd/values.yaml (100%) rename {bitnami/apache => riftbit/cassandra}/.helmignore (100%) rename {bitnami => riftbit}/cassandra/Chart.lock (100%) rename {bitnami => riftbit}/cassandra/Chart.yaml (100%) rename {bitnami => riftbit}/cassandra/README.md (100%) rename {bitnami => riftbit}/cassandra/ci/values-volume-permissions.yaml (100%) rename {bitnami => riftbit}/cassandra/templates/NOTES.txt (100%) rename {bitnami => riftbit}/cassandra/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/cassandra/templates/cassandra-secret.yaml (100%) rename {bitnami/apache => riftbit/cassandra}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/cassandra/templates/headless-svc.yaml (100%) rename {bitnami => riftbit}/cassandra/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/cassandra/templates/pdb.yaml (100%) rename {bitnami => riftbit}/cassandra/templates/service.yaml (100%) rename {bitnami => riftbit}/cassandra/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/cassandra/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/cassandra/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/cassandra/templates/tls-secret.yaml (100%) rename {bitnami => riftbit}/cassandra/values.yaml (100%) rename {bitnami/aspnet-core => riftbit/cert-manager}/.helmignore (100%) rename {bitnami => riftbit}/cert-manager/Chart.lock (100%) rename {bitnami => riftbit}/cert-manager/Chart.yaml (100%) rename {bitnami => riftbit}/cert-manager/README.md (100%) rename {bitnami => riftbit}/cert-manager/templates/NOTES.txt (100%) rename {bitnami => riftbit}/cert-manager/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/cert-manager/templates/cainjector/deployment.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/cainjector/rbac.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/cainjector/serviceaccount.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/controller/deployment.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/controller/rbac.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/controller/service.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/controller/serviceaccount.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/controller/servicemonitor.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/crds/crd-certificaterequests.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/crds/crd-certificates.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/crds/crd-challenges.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/crds/crd-clusterissuers.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/crds/crd-issuers.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/crds/crd-orders.yaml (100%) rename {bitnami/aspnet-core => riftbit/cert-manager}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/webhook/deployment.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/webhook/rbac.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/webhook/service.yaml (100%) rename {bitnami => riftbit}/cert-manager/templates/webhook/serviceaccount.yaml (100%) rename {bitnami => riftbit}/cert-manager/values.yaml (100%) rename {bitnami => riftbit}/common/.helmignore (100%) rename {bitnami => riftbit}/common/Chart.yaml (69%) rename {bitnami => riftbit}/common/README.md (99%) rename {bitnami => riftbit}/common/templates/_affinities.tpl (100%) rename {bitnami => riftbit}/common/templates/_capabilities.tpl (100%) rename {bitnami => riftbit}/common/templates/_errors.tpl (100%) rename {bitnami => riftbit}/common/templates/_images.tpl (100%) rename {bitnami => riftbit}/common/templates/_ingress.tpl (100%) rename {bitnami => riftbit}/common/templates/_labels.tpl (100%) rename {bitnami => riftbit}/common/templates/_names.tpl (100%) rename {bitnami => riftbit}/common/templates/_secrets.tpl (100%) rename {bitnami => riftbit}/common/templates/_storage.tpl (100%) rename {bitnami => riftbit}/common/templates/_tplvalues.tpl (100%) rename {bitnami => riftbit}/common/templates/_utils.tpl (100%) rename {bitnami => riftbit}/common/templates/_warnings.tpl (100%) rename {bitnami => riftbit}/common/templates/validations/_cassandra.tpl (100%) rename {bitnami => riftbit}/common/templates/validations/_mariadb.tpl (100%) rename {bitnami => riftbit}/common/templates/validations/_mongodb.tpl (100%) rename {bitnami => riftbit}/common/templates/validations/_postgresql.tpl (100%) rename {bitnami => riftbit}/common/templates/validations/_redis.tpl (100%) rename {bitnami => riftbit}/common/templates/validations/_validations.tpl (100%) rename {bitnami => riftbit}/common/values.yaml (100%) rename {bitnami/cassandra => riftbit/concourse}/.helmignore (100%) rename {bitnami => riftbit}/concourse/Chart.lock (100%) rename {bitnami => riftbit}/concourse/Chart.yaml (100%) rename {bitnami => riftbit}/concourse/README.md (100%) rename {bitnami => riftbit}/concourse/templates/NOTES.txt (100%) rename {bitnami => riftbit}/concourse/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/concourse/templates/config/secret-external-db.yaml (100%) rename {bitnami/cassandra => riftbit/concourse}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/concourse/templates/web/configmap.yaml (100%) rename {bitnami => riftbit}/concourse/templates/web/deployment.yaml (100%) rename {bitnami => riftbit}/concourse/templates/web/gateway-service.yaml (100%) rename {bitnami => riftbit}/concourse/templates/web/ingress.yaml (100%) rename {bitnami => riftbit}/concourse/templates/web/podsecuritypolicy.yaml (100%) rename {bitnami => riftbit}/concourse/templates/web/rbac.yaml (100%) rename {bitnami => riftbit}/concourse/templates/web/secret.yaml (100%) rename {bitnami => riftbit}/concourse/templates/web/service-account.yaml (100%) rename {bitnami => riftbit}/concourse/templates/web/service.yaml (100%) rename {bitnami => riftbit}/concourse/templates/web/tls-secrets.yaml (100%) rename {bitnami => riftbit}/concourse/templates/worker/deployment.yaml (100%) rename {bitnami => riftbit}/concourse/templates/worker/horizontalpodautoscaler.yaml (100%) rename {bitnami => riftbit}/concourse/templates/worker/poddisruptionbudget.yaml (100%) rename {bitnami => riftbit}/concourse/templates/worker/podsecuritypolicy.yaml (100%) rename {bitnami => riftbit}/concourse/templates/worker/rbac.yaml (100%) rename {bitnami => riftbit}/concourse/templates/worker/secret.yaml (100%) rename {bitnami => riftbit}/concourse/templates/worker/service-account.yaml (100%) rename {bitnami => riftbit}/concourse/templates/worker/service.yaml (100%) rename {bitnami => riftbit}/concourse/templates/worker/statefulset.yaml (100%) rename {bitnami => riftbit}/concourse/values.yaml (100%) rename {bitnami/cert-manager => riftbit/consul}/.helmignore (100%) rename {bitnami => riftbit}/consul/Chart.lock (100%) rename {bitnami => riftbit}/consul/Chart.yaml (100%) rename {bitnami => riftbit}/consul/README.md (100%) rename {bitnami/aspnet-core => riftbit/consul}/ci/values-ingress.yaml (100%) rename {bitnami => riftbit}/consul/templates/NOTES.txt (100%) rename {bitnami => riftbit}/consul/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/consul/templates/configmap.yaml (100%) rename {bitnami => riftbit}/consul/templates/consul-headless-service.yaml (100%) rename {bitnami/cert-manager => riftbit/consul}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/consul/templates/gossip-secret.yaml (100%) rename {bitnami => riftbit}/consul/templates/ingress.yaml (100%) rename {bitnami => riftbit}/consul/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/consul/templates/pdb.yaml (100%) rename {bitnami => riftbit}/consul/templates/service.yaml (100%) rename {bitnami => riftbit}/consul/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/consul/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/consul/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/consul/values.yaml (100%) rename {bitnami => riftbit}/discourse/.helmignore (100%) rename {bitnami => riftbit}/discourse/Chart.lock (100%) rename {bitnami => riftbit}/discourse/Chart.yaml (100%) rename {bitnami => riftbit}/discourse/README.md (100%) rename {bitnami => riftbit}/discourse/templates/NOTES.txt (100%) rename {bitnami => riftbit}/discourse/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/discourse/templates/configmaps.yaml (100%) rename {bitnami => riftbit}/discourse/templates/deployment.yaml (100%) rename {bitnami => riftbit}/discourse/templates/ingress.yaml (100%) rename {bitnami => riftbit}/discourse/templates/pvc.yaml (100%) rename {bitnami => riftbit}/discourse/templates/secrets-database.yaml (100%) rename {bitnami => riftbit}/discourse/templates/secrets-discourse.yaml (100%) rename {bitnami => riftbit}/discourse/templates/secrets-redis.yaml (100%) rename {bitnami => riftbit}/discourse/templates/service.yaml (100%) rename {bitnami => riftbit}/discourse/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/discourse/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/discourse/values.yaml (100%) rename {bitnami/concourse => riftbit/dokuwiki}/.helmignore (100%) rename {bitnami => riftbit}/dokuwiki/Chart.lock (100%) rename {bitnami => riftbit}/dokuwiki/Chart.yaml (100%) rename {bitnami => riftbit}/dokuwiki/README.md (100%) rename {bitnami => riftbit}/dokuwiki/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/dokuwiki/templates/NOTES.txt (100%) rename {bitnami => riftbit}/dokuwiki/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/dokuwiki/templates/deployment.yaml (100%) rename {bitnami => riftbit}/dokuwiki/templates/dokuwiki-pvc.yaml (100%) rename {bitnami/concourse => riftbit/dokuwiki}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/dokuwiki/templates/ingress.yaml (100%) rename {bitnami => riftbit}/dokuwiki/templates/secrets.yaml (100%) rename {bitnami => riftbit}/dokuwiki/templates/svc.yaml (100%) rename {bitnami => riftbit}/dokuwiki/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/dokuwiki/values.yaml (100%) rename {bitnami/consul => riftbit/elasticsearch}/.helmignore (100%) rename {bitnami => riftbit}/elasticsearch/Chart.lock (100%) rename {bitnami => riftbit}/elasticsearch/Chart.yaml (100%) rename {bitnami => riftbit}/elasticsearch/README.md (100%) rename {bitnami => riftbit}/elasticsearch/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/NOTES.txt (100%) rename {bitnami => riftbit}/elasticsearch/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/elasticsearch/templates/configmap-curator.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/configmap-es.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/configmap-initscripts.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/coordinating-hpa.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/coordinating-statefulset.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/coordinating-svc.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/cronjob.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/data-hpa.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/data-statefulset.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/data-svc.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/hooks/job.install.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/ingest-statefulset.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/ingest-svc.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/master-hpa.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/master-statefulset.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/master-svc.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/metrics-deploy.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/podsecuritypolicy.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/role.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/rolebinding.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/secrets.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/elasticsearch/templates/tls-secret.yaml (100%) rename {bitnami => riftbit}/elasticsearch/values.yaml (100%) rename {bitnami/dokuwiki => riftbit/etcd}/.helmignore (100%) rename {bitnami => riftbit}/etcd/Chart.lock (100%) rename {bitnami => riftbit}/etcd/Chart.yaml (100%) rename {bitnami => riftbit}/etcd/README.md (100%) rename {bitnami => riftbit}/etcd/ci/values-disaster-recovery.yaml (100%) rename {bitnami => riftbit}/etcd/ci/values-metrics.yaml (100%) rename {bitnami => riftbit}/etcd/ci/values-pdb.yaml (100%) rename {bitnami => riftbit}/etcd/templates/NOTES.txt (100%) rename {bitnami => riftbit}/etcd/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/etcd/templates/configmap.yaml (100%) rename {bitnami => riftbit}/etcd/templates/cronjob.yaml (100%) rename {bitnami/consul => riftbit/etcd}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/etcd/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/etcd/templates/pdb.yaml (100%) rename {bitnami => riftbit}/etcd/templates/podmonitor.yaml (100%) rename {bitnami => riftbit}/etcd/templates/secrets.yaml (100%) rename {bitnami => riftbit}/etcd/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/etcd/templates/snapshot-pvc.yaml (100%) rename {bitnami => riftbit}/etcd/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/etcd/templates/svc-headless.yaml (100%) rename {bitnami => riftbit}/etcd/templates/svc.yaml (100%) rename {bitnami => riftbit}/etcd/values.yaml (100%) rename {bitnami/drupal => riftbit/fluentd}/.helmignore (100%) rename {bitnami => riftbit}/fluentd/Chart.lock (100%) rename {bitnami => riftbit}/fluentd/Chart.yaml (100%) rename {bitnami => riftbit}/fluentd/README.md (100%) rename {bitnami => riftbit}/fluentd/templates/NOTES.txt (100%) rename {bitnami => riftbit}/fluentd/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/fluentd/templates/aggregator-configmap.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/aggregator-hpa.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/aggregator-statefulset.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/aggregator-svc-headless.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/aggregator-svc.yaml (100%) rename {bitnami/contour/templates/envoy => riftbit/fluentd/templates}/extra-list.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/forwarder-clusterrole.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/forwarder-clusterrolebinding.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/forwarder-configmap.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/forwarder-daemonset.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/forwarder-psp.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/forwarder-svc.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/ingress.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/fluentd/templates/tls-certs.yaml (100%) rename {bitnami => riftbit}/fluentd/values.yaml (100%) rename {bitnami/ejbca => riftbit/ghost}/.helmignore (100%) rename {bitnami => riftbit}/ghost/Chart.lock (100%) rename {bitnami => riftbit}/ghost/Chart.yaml (100%) rename {bitnami => riftbit}/ghost/README.md (100%) rename {bitnami/drupal => riftbit/ghost}/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/ghost/ci/values-with-metrics-and-ingress.yaml (100%) rename {bitnami => riftbit}/ghost/templates/NOTES.txt (100%) rename {bitnami => riftbit}/ghost/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/ghost/templates/deployment.yaml (100%) rename {bitnami => riftbit}/ghost/templates/external-db-secrets.yaml (100%) rename {bitnami/dokuwiki => riftbit/ghost}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/ghost/templates/ingress.yaml (100%) rename {bitnami => riftbit}/ghost/templates/pvc.yaml (100%) rename {bitnami => riftbit}/ghost/templates/secrets.yaml (100%) rename {bitnami => riftbit}/ghost/templates/svc.yaml (100%) rename {bitnami => riftbit}/ghost/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/ghost/values.schema.json (100%) rename {bitnami => riftbit}/ghost/values.yaml (100%) rename {bitnami/elasticsearch => riftbit/grafana-tempo}/.helmignore (100%) rename {bitnami => riftbit}/grafana-tempo/Chart.lock (100%) rename {bitnami => riftbit}/grafana-tempo/Chart.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/README.md (100%) rename {bitnami => riftbit}/grafana-tempo/templates/NOTES.txt (100%) rename {bitnami => riftbit}/grafana-tempo/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/grafana-tempo/templates/compactor/deployment.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/compactor/service.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/compactor/servicemonitor.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/distributor/deployment.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/distributor/service.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/distributor/servicemonitor.yaml (100%) rename {bitnami/drupal => riftbit/grafana-tempo}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/gossip-ring-headless-service.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/ingester/service.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/ingester/servicemonitor.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/ingester/statefulset.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/overrides-configmap.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/querier/deployment.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/querier/service.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/querier/servicemonitor.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/query-frontend/deployment.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/query-frontend/headless-service.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/query-frontend/query-configmap.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/query-frontend/service.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/query-frontend/servicemonitor.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/service-account.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/tempo-configmap.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/vulture/deployment.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/vulture/service.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/templates/vulture/servicemonitor.yaml (100%) rename {bitnami => riftbit}/grafana-tempo/values.yaml (100%) rename {bitnami => riftbit}/haproxy/Chart.lock (100%) rename {bitnami => riftbit}/haproxy/Chart.yaml (100%) rename {bitnami => riftbit}/haproxy/README.md (100%) rename {bitnami => riftbit}/haproxy/templates/NOTES.txt (100%) rename {bitnami => riftbit}/haproxy/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/haproxy/templates/configmap.yaml (100%) rename {bitnami => riftbit}/haproxy/templates/deployment.yaml (100%) rename {bitnami/etcd => riftbit/haproxy}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/haproxy/templates/hpa.yaml (100%) rename {bitnami => riftbit}/haproxy/templates/pdb.yaml (100%) rename {bitnami => riftbit}/haproxy/templates/service-account.yaml (100%) rename {bitnami => riftbit}/haproxy/templates/service.yaml (100%) rename {bitnami => riftbit}/haproxy/values.yaml (100%) rename {bitnami/etcd => riftbit/harbor}/.helmignore (100%) rename {bitnami => riftbit}/harbor/Chart.lock (100%) rename {bitnami => riftbit}/harbor/Chart.yaml (100%) rename {bitnami => riftbit}/harbor/README.md (100%) rename {bitnami => riftbit}/harbor/cert/tls.crt (100%) rename {bitnami => riftbit}/harbor/cert/tls.key (100%) rename {bitnami => riftbit}/harbor/ci/values-production.yaml (100%) rename {bitnami => riftbit}/harbor/conf/clair.yaml (100%) rename {bitnami => riftbit}/harbor/conf/notary-server.json (100%) rename {bitnami => riftbit}/harbor/conf/notary-signer.json (100%) rename {bitnami => riftbit}/harbor/templates/NOTES.txt (100%) rename {bitnami => riftbit}/harbor/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/harbor/templates/chartmuseum/chartmuseum-cm-envvars.yaml (100%) rename {bitnami => riftbit}/harbor/templates/chartmuseum/chartmuseum-dpl.yaml (100%) rename {bitnami => riftbit}/harbor/templates/chartmuseum/chartmuseum-pvc.yaml (100%) rename {bitnami => riftbit}/harbor/templates/chartmuseum/chartmuseum-secret.yaml (100%) rename {bitnami => riftbit}/harbor/templates/chartmuseum/chartmuseum-svc.yaml (100%) rename {bitnami => riftbit}/harbor/templates/clair/clair-dpl.yaml (100%) rename {bitnami => riftbit}/harbor/templates/clair/clair-secret.yaml (100%) rename {bitnami => riftbit}/harbor/templates/clair/clair-svc.yaml (100%) rename {bitnami => riftbit}/harbor/templates/core/core-cm-envvars.yaml (100%) rename {bitnami => riftbit}/harbor/templates/core/core-cm.yaml (100%) rename {bitnami => riftbit}/harbor/templates/core/core-dpl.yaml (100%) rename {bitnami => riftbit}/harbor/templates/core/core-secret-envvars.yaml (100%) rename {bitnami => riftbit}/harbor/templates/core/core-secret.yaml (100%) rename {bitnami => riftbit}/harbor/templates/core/core-svc.yaml (100%) rename {bitnami/fluentd => riftbit/harbor}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/harbor/templates/ingress/ingress.yaml (100%) rename {bitnami => riftbit}/harbor/templates/ingress/secret.yaml (100%) rename {bitnami => riftbit}/harbor/templates/internal/internal-crt-secret.yaml (100%) rename {bitnami => riftbit}/harbor/templates/jobservice/jobservice-cm-envvars.yaml (100%) rename {bitnami => riftbit}/harbor/templates/jobservice/jobservice-cm.yaml (100%) rename {bitnami => riftbit}/harbor/templates/jobservice/jobservice-dpl.yaml (100%) rename {bitnami => riftbit}/harbor/templates/jobservice/jobservice-pvc.yaml (100%) rename {bitnami => riftbit}/harbor/templates/jobservice/jobservice-secret-envvars.yaml (100%) rename {bitnami => riftbit}/harbor/templates/jobservice/jobservice-secrets.yaml (100%) rename {bitnami => riftbit}/harbor/templates/jobservice/jobservice-svc.yaml (100%) rename {bitnami => riftbit}/harbor/templates/nginx/configmap-http.yaml (100%) rename {bitnami => riftbit}/harbor/templates/nginx/configmap-https.yaml (100%) rename {bitnami => riftbit}/harbor/templates/nginx/deployment.yaml (100%) rename {bitnami => riftbit}/harbor/templates/nginx/secret.yaml (100%) rename {bitnami => riftbit}/harbor/templates/nginx/service.yaml (100%) rename {bitnami => riftbit}/harbor/templates/notary/notary-secret-envvars.yaml (100%) rename {bitnami => riftbit}/harbor/templates/notary/notary-secret.yaml (100%) rename {bitnami => riftbit}/harbor/templates/notary/notary-server.yaml (100%) rename {bitnami => riftbit}/harbor/templates/notary/notary-signer.yaml (100%) rename {bitnami => riftbit}/harbor/templates/notary/notary-svc.yaml (100%) rename {bitnami => riftbit}/harbor/templates/portal/portal-cm.yaml (100%) rename {bitnami => riftbit}/harbor/templates/portal/portal-dpl.yaml (100%) rename {bitnami => riftbit}/harbor/templates/portal/portal-svc.yaml (100%) rename {bitnami => riftbit}/harbor/templates/registry/registry-cm.yaml (100%) rename {bitnami => riftbit}/harbor/templates/registry/registry-dpl.yaml (100%) rename {bitnami => riftbit}/harbor/templates/registry/registry-pvc.yaml (100%) rename {bitnami => riftbit}/harbor/templates/registry/registry-secret.yaml (100%) rename {bitnami => riftbit}/harbor/templates/registry/registry-svc.yaml (100%) rename {bitnami => riftbit}/harbor/templates/trivy/trivy-cm-envvars.yaml (100%) rename {bitnami => riftbit}/harbor/templates/trivy/trivy-secret-envvars.yaml (100%) rename {bitnami => riftbit}/harbor/templates/trivy/trivy-sts.yaml (100%) rename {bitnami => riftbit}/harbor/templates/trivy/trivy-svc.yaml (100%) rename {bitnami => riftbit}/harbor/values.yaml (100%) rename {bitnami/external-dns => riftbit/influxdb}/.helmignore (100%) rename {bitnami => riftbit}/influxdb/Chart.lock (100%) rename {bitnami => riftbit}/influxdb/Chart.yaml (100%) rename {bitnami => riftbit}/influxdb/README.md (100%) rename {bitnami => riftbit}/influxdb/files/conf/README.md (100%) rename {bitnami => riftbit}/influxdb/files/docker-entrypoint-initdb.d/README.md (100%) rename {bitnami => riftbit}/influxdb/templates/NOTES.txt (100%) rename {bitnami => riftbit}/influxdb/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/influxdb/templates/extradeploy.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/configmap-backup.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/configmap-initdb-scripts.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/configmap.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/cronjob-backup.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/deployment-standalone.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/pvc-backup.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/pvc.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/secrets-backup.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/secrets.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/service-headless.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/service-metrics.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/service.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/servicemonitor.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/influxdb/statefulset-high-availability.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/ingress.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/relay/configmap.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/relay/deployment.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/relay/service.yaml (100%) rename {bitnami => riftbit}/influxdb/templates/service-collectd.yaml (100%) rename {bitnami => riftbit}/influxdb/values.yaml (100%) rename {bitnami => riftbit}/jupyterhub/Chart.lock (100%) rename {bitnami => riftbit}/jupyterhub/Chart.yaml (100%) rename {bitnami => riftbit}/jupyterhub/README.md (100%) rename {bitnami => riftbit}/jupyterhub/templates/NOTES.txt (100%) rename {bitnami => riftbit}/jupyterhub/templates/_helpers.tpl (100%) rename {bitnami/ghost => riftbit/jupyterhub}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/hub/configmap.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/hub/deployment.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/hub/externaldb-secrets.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/hub/networkpolicy.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/hub/pdb.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/hub/role.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/hub/rolebinding.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/hub/secret.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/hub/service-account.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/hub/service.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/image-puller/daemonset.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/proxy/deployment.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/proxy/ingress.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/proxy/networkpolicy.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/proxy/service-api.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/proxy/service-public.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/proxy/tls-secret.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/singleuser/networkpolicy.yaml (100%) rename {bitnami => riftbit}/jupyterhub/templates/singleuser/service-account.yaml (100%) rename {bitnami => riftbit}/jupyterhub/values.yaml (100%) rename {bitnami/fluentd => riftbit/kafka}/.helmignore (100%) rename {bitnami => riftbit}/kafka/Chart.lock (100%) rename {bitnami => riftbit}/kafka/Chart.yaml (100%) rename {bitnami => riftbit}/kafka/README.md (100%) rename {bitnami => riftbit}/kafka/files/tls/README.md (100%) rename {bitnami => riftbit}/kafka/templates/NOTES.txt (100%) rename {bitnami => riftbit}/kafka/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/kafka/templates/configmap.yaml (100%) rename {bitnami/grafana-operator => riftbit/kafka}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/kafka/templates/jaas-secret.yaml (100%) rename {bitnami => riftbit}/kafka/templates/jmx-configmap.yaml (100%) rename {bitnami => riftbit}/kafka/templates/jmx-metrics-svc.yaml (100%) rename {bitnami => riftbit}/kafka/templates/kafka-metrics-deployment.yaml (100%) rename {bitnami => riftbit}/kafka/templates/kafka-metrics-svc.yaml (100%) rename {bitnami => riftbit}/kafka/templates/kafka-provisioning.yaml (100%) rename {bitnami => riftbit}/kafka/templates/log4j-configmap.yaml (100%) rename {bitnami => riftbit}/kafka/templates/poddisruptionbudget.yaml (100%) rename {bitnami => riftbit}/kafka/templates/role.yaml (100%) rename {bitnami => riftbit}/kafka/templates/rolebinding.yaml (100%) rename {bitnami => riftbit}/kafka/templates/scripts-configmap.yaml (100%) rename {bitnami => riftbit}/kafka/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/kafka/templates/servicemonitor-jmx-metrics.yaml (100%) rename {bitnami => riftbit}/kafka/templates/servicemonitor-metrics.yaml (100%) rename {bitnami => riftbit}/kafka/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/kafka/templates/svc-external-access.yaml (100%) rename {bitnami => riftbit}/kafka/templates/svc-headless.yaml (100%) rename {bitnami => riftbit}/kafka/templates/svc.yaml (100%) rename {bitnami => riftbit}/kafka/templates/tls-secret.yaml (100%) rename {bitnami => riftbit}/kafka/values.yaml (100%) rename {bitnami => riftbit}/keycloak/Chart.lock (100%) rename {bitnami => riftbit}/keycloak/Chart.yaml (100%) rename {bitnami => riftbit}/keycloak/README.md (100%) rename {bitnami/ghost => riftbit/keycloak}/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/keycloak/ci/values-ha.yaml (100%) rename {bitnami/aspnet-core => riftbit/keycloak}/ci/values-hpa-pdb.yaml (100%) rename {bitnami => riftbit}/keycloak/ci/values-init-scripts.yaml (100%) rename {bitnami => riftbit}/keycloak/ci/values-metrics-and-ingress.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/NOTES.txt (100%) rename {bitnami => riftbit}/keycloak/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/keycloak/templates/configmap-env-vars.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/configmap.yaml (100%) rename {bitnami/grafana-tempo => riftbit/keycloak}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/headless-service.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/hpa.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/ingress.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/init-scripts-configmap.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/keycloak-config-cli-configmap.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/keycloak-config-cli-job.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/metrics-service.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/pdb.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/role.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/rolebinding.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/secrets.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/service.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/keycloak/templates/tls-secret.yaml (100%) rename {bitnami => riftbit}/keycloak/values.yaml (100%) rename {bitnami/contour => riftbit/kubernetes-event-exporter}/.helmignore (100%) rename {bitnami => riftbit}/kubernetes-event-exporter/Chart.lock (100%) rename {bitnami => riftbit}/kubernetes-event-exporter/Chart.yaml (100%) rename {bitnami => riftbit}/kubernetes-event-exporter/README.md (100%) rename {bitnami => riftbit}/kubernetes-event-exporter/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/kubernetes-event-exporter/templates/configmap.yaml (100%) rename {bitnami => riftbit}/kubernetes-event-exporter/templates/deployment.yaml (100%) rename {bitnami/grafana => riftbit/kubernetes-event-exporter}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/kubernetes-event-exporter/templates/rbac.yaml (100%) rename {bitnami => riftbit}/kubernetes-event-exporter/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/kubernetes-event-exporter/values.yaml (100%) rename {bitnami/ghost => riftbit/kubewatch}/.helmignore (100%) rename {bitnami => riftbit}/kubewatch/Chart.lock (100%) rename {bitnami => riftbit}/kubewatch/Chart.yaml (100%) rename {bitnami => riftbit}/kubewatch/README.md (100%) rename {bitnami => riftbit}/kubewatch/templates/NOTES.txt (100%) rename {bitnami => riftbit}/kubewatch/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/kubewatch/templates/clusterrole.yaml (100%) rename {bitnami => riftbit}/kubewatch/templates/clusterrolebinding.yaml (100%) rename {bitnami => riftbit}/kubewatch/templates/configmap.yaml (100%) rename {bitnami => riftbit}/kubewatch/templates/deployment.yaml (100%) rename {bitnami/haproxy => riftbit/kubewatch}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/kubewatch/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/kubewatch/values.yaml (100%) rename {bitnami/grafana-operator => riftbit/mariadb-galera}/.helmignore (100%) rename {bitnami => riftbit}/mariadb-galera/Chart.lock (100%) rename {bitnami => riftbit}/mariadb-galera/Chart.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/README.md (100%) rename {bitnami => riftbit}/mariadb-galera/ci/values-production-with-rbac.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/files/docker-entrypoint-initdb.d/README.md (100%) rename {bitnami => riftbit}/mariadb-galera/templates/NOTES.txt (100%) rename {bitnami => riftbit}/mariadb-galera/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/mariadb-galera/templates/configmap.yaml (100%) rename {bitnami/harbor => riftbit/mariadb-galera}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/headless-svc.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/initialization-configmap.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/pdb.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/prometheusrules.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/role.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/rolebinding.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/secrets.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/svc.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/mariadb-galera/values.schema.json (100%) rename {bitnami => riftbit}/mariadb-galera/values.yaml (100%) rename {bitnami/grafana-tempo => riftbit/mariadb}/.helmignore (100%) rename {bitnami => riftbit}/mariadb/Chart.lock (100%) rename {bitnami => riftbit}/mariadb/Chart.yaml (100%) rename {bitnami => riftbit}/mariadb/README.md (100%) rename {bitnami => riftbit}/mariadb/ci/values-production-with-rbac-and-metrics.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/NOTES.txt (100%) rename {bitnami => riftbit}/mariadb/templates/_helpers.tpl (100%) rename {bitnami/jasperreports => riftbit/mariadb}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/primary/configmap.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/primary/initialization-configmap.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/primary/pdb.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/primary/statefulset.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/primary/svc.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/role.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/rolebinding.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/secondary/configmap.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/secondary/pdb.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/secondary/statefulset.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/secondary/svc.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/secrets.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/mariadb/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/mariadb/values.schema.json (100%) rename {bitnami => riftbit}/mariadb/values.yaml (100%) rename {bitnami/grafana => riftbit/mediawiki}/.helmignore (100%) rename {bitnami => riftbit}/mediawiki/Chart.lock (100%) rename {bitnami => riftbit}/mediawiki/Chart.yaml (100%) rename {bitnami => riftbit}/mediawiki/README.md (100%) rename {bitnami => riftbit}/mediawiki/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/mediawiki/ci/values-with-host-and-ingress.yaml (100%) rename {bitnami => riftbit}/mediawiki/templates/NOTES.txt (100%) rename {bitnami => riftbit}/mediawiki/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/mediawiki/templates/deployment.yaml (100%) rename {bitnami => riftbit}/mediawiki/templates/externaldb-secrets.yaml (100%) rename {bitnami => riftbit}/mediawiki/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/mediawiki/templates/ingress.yaml (100%) rename {bitnami => riftbit}/mediawiki/templates/mediawiki-pvc.yaml (100%) rename {bitnami => riftbit}/mediawiki/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/mediawiki/templates/secrets.yaml (100%) rename {bitnami => riftbit}/mediawiki/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/mediawiki/templates/svc.yaml (100%) rename {bitnami => riftbit}/mediawiki/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/mediawiki/values.yaml (100%) rename {bitnami/harbor => riftbit/memcached}/.helmignore (100%) rename {bitnami => riftbit}/memcached/Chart.lock (100%) rename {bitnami => riftbit}/memcached/Chart.yaml (100%) rename {bitnami => riftbit}/memcached/README.md (100%) rename {bitnami => riftbit}/memcached/ci/values-production.yaml (100%) rename {bitnami => riftbit}/memcached/templates/NOTES.txt (100%) rename {bitnami => riftbit}/memcached/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/memcached/templates/deployment.yaml (100%) rename {bitnami/jenkins => riftbit/memcached}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/memcached/templates/hpa.yaml (100%) rename {bitnami => riftbit}/memcached/templates/pdb.yaml (100%) rename {bitnami => riftbit}/memcached/templates/secrets.yaml (100%) rename {bitnami => riftbit}/memcached/templates/service.yaml (100%) rename {bitnami => riftbit}/memcached/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/memcached/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/memcached/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/memcached/templates/svc-metrics.yaml (100%) rename {bitnami => riftbit}/memcached/values.yaml (100%) rename {bitnami/influxdb => riftbit/minio}/.helmignore (100%) rename {bitnami => riftbit}/minio/Chart.lock (100%) rename {bitnami => riftbit}/minio/Chart.yaml (100%) rename {bitnami => riftbit}/minio/README.md (100%) rename {bitnami => riftbit}/minio/ci/values-gateway.yaml (100%) rename {bitnami => riftbit}/minio/ci/values-production.yaml (100%) rename {bitnami => riftbit}/minio/templates/NOTES.txt (100%) rename {bitnami => riftbit}/minio/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/minio/templates/api-ingress.yaml (100%) rename {bitnami => riftbit}/minio/templates/distributed/headless-svc.yaml (100%) rename {bitnami => riftbit}/minio/templates/distributed/pdb.yaml (100%) rename {bitnami => riftbit}/minio/templates/distributed/statefulset.yaml (100%) rename {bitnami/joomla => riftbit/minio}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/minio/templates/gateway/deployment.yaml (100%) rename {bitnami => riftbit}/minio/templates/gateway/hpa.yaml (100%) rename {bitnami => riftbit}/minio/templates/gateway/pdb.yaml (100%) rename {bitnami => riftbit}/minio/templates/ingress.yaml (100%) rename {bitnami => riftbit}/minio/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/minio/templates/pvc.yaml (100%) rename {bitnami => riftbit}/minio/templates/secrets.yaml (100%) rename {bitnami => riftbit}/minio/templates/service.yaml (100%) rename {bitnami => riftbit}/minio/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/minio/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/minio/templates/standalone/deployment.yaml (100%) rename {bitnami => riftbit}/minio/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/minio/values.yaml (100%) rename {bitnami/jasperreports => riftbit/mongodb-sharded}/.helmignore (100%) rename {bitnami => riftbit}/mongodb-sharded/Chart.lock (100%) rename {bitnami => riftbit}/mongodb-sharded/Chart.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/README.md (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/NOTES.txt (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/config-server/config-server-configmap.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/config-server/config-server-poddisruptionbudget.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/config-server/config-server-podmonitor.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/config-server/config-server-statefulset.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/headless-service.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/mongos/mongos-configmap.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/mongos/mongos-dep-sts.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/mongos/mongos-poddisruptionbudget.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/mongos/mongos-podmonitor.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/mongos/mongos-service-per-replica.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/mongos/mongos-service.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/replicaset-entrypoint-configmap.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/secrets.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/shard/shard-arbiter-configmap.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/shard/shard-arbiter-statefulset.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/shard/shard-data-configmap.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/shard/shard-data-poddisruptionbudget.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/shard/shard-data-podmonitor.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/templates/shard/shard-data-statefulset.yaml (100%) rename {bitnami => riftbit}/mongodb-sharded/values.yaml (100%) rename {bitnami/jenkins => riftbit/mongodb}/.helmignore (100%) rename {bitnami => riftbit}/mongodb/Chart.lock (100%) rename {bitnami => riftbit}/mongodb/Chart.yaml (100%) rename {bitnami => riftbit}/mongodb/README.md (100%) rename {bitnami => riftbit}/mongodb/ci/values-replicaset-with-rbac.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/NOTES.txt (100%) rename {bitnami => riftbit}/mongodb/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/mongodb/templates/arbiter/configmap.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/arbiter/headless-svc.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/arbiter/pdb.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/arbiter/statefulset.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/configmap.yaml (100%) rename {bitnami/jupyterhub => riftbit/mongodb}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/hidden/configmap.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/hidden/external-access-svc.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/hidden/headless-svc.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/hidden/pdb.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/hidden/statefulset.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/initialization-configmap.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/prometheusrule.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/psp.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/replicaset/external-access-svc.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/replicaset/headless-svc.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/replicaset/pdb.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/replicaset/scripts-configmap.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/replicaset/statefulset.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/replicaset/svc.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/role.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/rolebinding.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/secrets-ca.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/secrets.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/standalone/dep-sts.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/standalone/pvc.yaml (100%) rename {bitnami => riftbit}/mongodb/templates/standalone/svc.yaml (100%) rename {bitnami => riftbit}/mongodb/values.schema.json (100%) rename {bitnami => riftbit}/mongodb/values.yaml (100%) rename {bitnami/joomla => riftbit/nats}/.helmignore (100%) rename {bitnami => riftbit}/nats/Chart.lock (100%) rename {bitnami => riftbit}/nats/Chart.yaml (100%) rename {bitnami => riftbit}/nats/README.md (100%) rename {bitnami => riftbit}/nats/templates/NOTES.txt (100%) rename {bitnami => riftbit}/nats/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/nats/templates/client-svc.yaml (100%) rename {bitnami => riftbit}/nats/templates/cluster-svc.yaml (100%) rename {bitnami => riftbit}/nats/templates/configmap.yaml (100%) rename {bitnami => riftbit}/nats/templates/deployment.yaml (100%) rename {bitnami/kafka => riftbit/nats}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/nats/templates/headless-svc.yaml (100%) rename {bitnami => riftbit}/nats/templates/ingress.yaml (100%) rename {bitnami => riftbit}/nats/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/nats/templates/monitoring-svc.yaml (100%) rename {bitnami => riftbit}/nats/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/nats/templates/poddisruptionbudget.yaml (100%) rename {bitnami => riftbit}/nats/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/nats/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/nats/templates/tls-secret.yaml (100%) rename {bitnami => riftbit}/nats/values.yaml (100%) rename {bitnami/kafka => riftbit/nginx}/.helmignore (100%) rename {bitnami => riftbit}/nginx/Chart.lock (100%) rename {bitnami => riftbit}/nginx/README.md (100%) rename {bitnami/jasperreports => riftbit/nginx}/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/nginx/ci/values-with-ingress-metrics-and-serverblock.yaml (100%) rename {bitnami => riftbit}/nginx/templates/NOTES.txt (100%) rename {bitnami => riftbit}/nginx/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/nginx/templates/deployment.yaml (100%) rename {bitnami/keycloak => riftbit/nginx}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/nginx/templates/health-ingress.yaml (100%) rename {bitnami => riftbit}/nginx/templates/hpa.yaml (100%) rename {bitnami => riftbit}/nginx/templates/ingress.yaml (100%) rename {bitnami => riftbit}/nginx/templates/ldap-daemon-secrets.yaml (100%) rename {bitnami => riftbit}/nginx/templates/pdb.yaml (100%) rename {bitnami => riftbit}/nginx/templates/server-block-configmap.yaml (100%) rename {bitnami => riftbit}/nginx/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/nginx/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/nginx/templates/svc.yaml (100%) rename {bitnami => riftbit}/nginx/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/nginx/values.schema.json (100%) rename {bitnami => riftbit}/nginx/values.yaml (100%) rename {bitnami/kiam => riftbit/node-exporter}/.helmignore (100%) rename {bitnami => riftbit}/node-exporter/Chart.lock (100%) rename {bitnami => riftbit}/node-exporter/Chart.yaml (100%) rename {bitnami => riftbit}/node-exporter/README.md (100%) rename {bitnami => riftbit}/node-exporter/templates/NOTES.txt (100%) rename {bitnami => riftbit}/node-exporter/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/node-exporter/templates/daemonset.yaml (100%) rename {bitnami => riftbit}/node-exporter/templates/psp-clusterrole.yaml (100%) rename {bitnami => riftbit}/node-exporter/templates/psp-clusterrolebinding.yaml (100%) rename {bitnami => riftbit}/node-exporter/templates/psp.yaml (100%) rename {bitnami => riftbit}/node-exporter/templates/service.yaml (100%) rename {bitnami => riftbit}/node-exporter/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/node-exporter/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/node-exporter/values.yaml (100%) rename {bitnami/kibana => riftbit/oauth2-proxy}/.helmignore (100%) rename {bitnami => riftbit}/oauth2-proxy/Chart.lock (100%) rename {bitnami => riftbit}/oauth2-proxy/Chart.yaml (100%) rename {bitnami => riftbit}/oauth2-proxy/README.md (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/NOTES.txt (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/configmap.yaml (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/deployment.yaml (100%) rename {bitnami/kiam => riftbit/oauth2-proxy}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/ingress.yaml (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/pdb.yaml (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/secret-authenticated-emails-file.yaml (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/secret-google.yaml (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/secret-htpasswd-file.yaml (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/secret.yaml (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/service-account.yaml (100%) rename {bitnami => riftbit}/oauth2-proxy/templates/service.yaml (100%) rename {bitnami => riftbit}/oauth2-proxy/values.yaml (100%) rename {bitnami/kong => riftbit/owncloud}/.helmignore (100%) rename {bitnami => riftbit}/owncloud/Chart.lock (100%) rename {bitnami => riftbit}/owncloud/Chart.yaml (100%) rename {bitnami => riftbit}/owncloud/README.md (100%) rename {bitnami/magento => riftbit/owncloud}/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/owncloud/ci/values-with-host-and-ingress.yaml (100%) rename {bitnami => riftbit}/owncloud/templates/NOTES.txt (100%) rename {bitnami/magento => riftbit/owncloud}/templates/_certificates.tpl (100%) rename {bitnami => riftbit}/owncloud/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/owncloud/templates/deployment.yaml (100%) rename {bitnami/magento => riftbit/owncloud}/templates/externaldb-secrets.yaml (100%) rename {bitnami/kong => riftbit/owncloud}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/owncloud/templates/ingress.yaml (100%) rename {bitnami/magento => riftbit/owncloud}/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/owncloud/templates/pv.yaml (100%) rename {bitnami => riftbit}/owncloud/templates/pvc.yaml (100%) rename {bitnami => riftbit}/owncloud/templates/secrets.yaml (100%) rename {bitnami/magento => riftbit/owncloud}/templates/svc.yaml (100%) rename {bitnami => riftbit}/owncloud/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/owncloud/values.yaml (100%) rename {bitnami/kube-prometheus => riftbit/parse}/.helmignore (100%) rename {bitnami => riftbit}/parse/Chart.lock (100%) rename {bitnami => riftbit}/parse/Chart.yaml (100%) rename {bitnami => riftbit}/parse/README.md (100%) rename {bitnami/jenkins => riftbit/parse}/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/parse/files/cloud/README.md (100%) rename {bitnami => riftbit}/parse/templates/NOTES.txt (100%) rename {bitnami => riftbit}/parse/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/parse/templates/cloud-code-configmap.yaml (100%) rename {bitnami => riftbit}/parse/templates/dashboard-deployment.yaml (100%) rename {bitnami/kubeapps => riftbit/parse}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/parse/templates/ingress.yaml (100%) rename {bitnami => riftbit}/parse/templates/pvc.yaml (100%) rename {bitnami => riftbit}/parse/templates/secrets.yaml (100%) rename {bitnami => riftbit}/parse/templates/server-deployment.yaml (100%) rename {bitnami => riftbit}/parse/templates/svc.yaml (100%) rename {bitnami => riftbit}/parse/values.yaml (100%) rename {bitnami/kube-state-metrics => riftbit/phabricator}/.helmignore (100%) rename {bitnami => riftbit}/phabricator/Chart.lock (100%) rename {bitnami => riftbit}/phabricator/Chart.yaml (100%) rename {bitnami => riftbit}/phabricator/README.md (100%) rename {bitnami/osclass => riftbit/phabricator}/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/phabricator/ci/values-with-host-and-ingress.yaml (100%) rename {bitnami => riftbit}/phabricator/templates/NOTES.txt (100%) rename {bitnami => riftbit}/phabricator/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/phabricator/templates/deployment.yaml (100%) rename {bitnami => riftbit}/phabricator/templates/externaldb-secrets.yaml (100%) rename {bitnami/kubernetes-event-exporter => riftbit/phabricator}/templates/extra-list.yaml (100%) rename {bitnami/jasperreports => riftbit/phabricator}/templates/ingress.yaml (100%) rename {bitnami => riftbit}/phabricator/templates/pv.yaml (100%) rename {bitnami => riftbit}/phabricator/templates/pvc.yaml (100%) rename {bitnami => riftbit}/phabricator/templates/secrets.yaml (100%) rename {bitnami => riftbit}/phabricator/templates/svc.yaml (100%) rename {bitnami => riftbit}/phabricator/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/phabricator/values.yaml (100%) rename {bitnami/kubeapps => riftbit/postgresql-ha}/.helmignore (100%) rename {bitnami => riftbit}/postgresql-ha/Chart.lock (100%) rename {bitnami => riftbit}/postgresql-ha/Chart.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/README.md (100%) rename {bitnami => riftbit}/postgresql-ha/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/ci/values-production-with-pdb.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/NOTES.txt (100%) rename {bitnami => riftbit}/postgresql-ha/templates/_helpers.tpl (100%) rename {bitnami/kubewatch => riftbit/postgresql-ha}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/ldap-secrets.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/metrics-configmap.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/pgpool/configmap.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/pgpool/custom-users-secrets.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/pgpool/deployment.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/pgpool/initdb-scripts-configmap.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/pgpool/pdb.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/pgpool/secrets.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/pgpool/service.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/postgresql/configmap.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/postgresql/extended-configmap.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/postgresql/hooks-scripts-configmap.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/postgresql/initdb-scripts-configmap.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/postgresql/metrics-service.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/postgresql/pdb.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/postgresql/secrets.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/postgresql/service-headless.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/postgresql/service.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/postgresql/servicemonitor.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/postgresql/statefulset.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/postgresql-ha/values.yaml (100%) rename {bitnami/kubewatch => riftbit/postgresql}/.helmignore (100%) rename {bitnami => riftbit}/postgresql/Chart.lock (100%) rename {bitnami => riftbit}/postgresql/Chart.yaml (100%) rename {bitnami => riftbit}/postgresql/README.md (100%) rename {bitnami => riftbit}/postgresql/ci/commonAnnotations.yaml (100%) rename {bitnami => riftbit}/postgresql/ci/default-values.yaml (100%) rename {bitnami => riftbit}/postgresql/ci/shmvolume-disabled-values.yaml (100%) rename {bitnami => riftbit}/postgresql/files/README.md (100%) rename {bitnami => riftbit}/postgresql/files/conf.d/README.md (100%) rename {bitnami => riftbit}/postgresql/files/docker-entrypoint-initdb.d/README.md (100%) rename {bitnami => riftbit}/postgresql/templates/NOTES.txt (100%) rename {bitnami => riftbit}/postgresql/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/postgresql/templates/configmap.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/extended-config-configmap.yaml (100%) rename {bitnami/logstash => riftbit/postgresql}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/initialization-configmap.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/metrics-configmap.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/podsecuritypolicy.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/prometheusrule.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/role.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/rolebinding.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/secrets.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/statefulset-readreplicas.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/svc-headless.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/svc-read-set.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/svc-read.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/svc.yaml (100%) rename {bitnami => riftbit}/postgresql/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/postgresql/values.schema.json (100%) rename {bitnami => riftbit}/postgresql/values.yaml (100%) rename {bitnami/magento => riftbit/rabbitmq-cluster-operator}/.helmignore (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/Chart.lock (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/Chart.yaml (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/README.md (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/templates/NOTES.txt (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/templates/clusterrole.yaml (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/templates/clusterrolebinding.yaml (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/templates/crd-rabbitmq-cluster.yaml (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/templates/deployment.yaml (100%) rename {bitnami/magento => riftbit/rabbitmq-cluster-operator}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/templates/metrics-service.yaml (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/templates/role.yaml (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/templates/rolebinding.yaml (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/templates/service-account.yaml (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/rabbitmq-cluster-operator/values.yaml (100%) rename {bitnami/mariadb-galera => riftbit/rabbitmq}/.helmignore (100%) rename {bitnami => riftbit}/rabbitmq/Chart.lock (100%) rename {bitnami => riftbit}/rabbitmq/Chart.yaml (100%) rename {bitnami => riftbit}/rabbitmq/README.md (100%) rename {bitnami => riftbit}/rabbitmq/ci/default-values.yaml (100%) rename {bitnami => riftbit}/rabbitmq/ci/tolerations-values.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/NOTES.txt (100%) rename {bitnami => riftbit}/rabbitmq/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/rabbitmq/templates/configuration.yaml (100%) rename {bitnami/mariadb-galera => riftbit/rabbitmq}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/ingress.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/pdb.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/prometheusrule.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/role.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/rolebinding.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/secrets.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/svc-headless.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/svc.yaml (100%) rename {bitnami => riftbit}/rabbitmq/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/rabbitmq/values.schema.json (100%) rename {bitnami => riftbit}/rabbitmq/values.yaml (100%) rename {bitnami/mariadb => riftbit/redis-cluster}/.helmignore (100%) rename {bitnami => riftbit}/redis-cluster/Chart.lock (100%) rename {bitnami => riftbit}/redis-cluster/Chart.yaml (100%) rename {bitnami => riftbit}/redis-cluster/README.md (100%) rename {bitnami => riftbit}/redis-cluster/img/redis-cluster-topology.png (100%) rename {bitnami => riftbit}/redis-cluster/img/redis-topology.png (100%) rename {bitnami => riftbit}/redis-cluster/templates/NOTES.txt (100%) rename {bitnami => riftbit}/redis-cluster/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/redis-cluster/templates/configmap.yaml (100%) rename {bitnami/mariadb => riftbit/redis-cluster}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/headless-svc.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/metrics-prometheus.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/poddisruptionbudget.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/prometheusrule.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/psp.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/redis-role.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/redis-rolebinding.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/redis-serviceaccount.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/redis-statefulset.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/redis-svc.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/scripts-configmap.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/secret.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/svc-cluster-external-access.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/tls-secret.yaml (100%) rename {bitnami => riftbit}/redis-cluster/templates/update-cluster.yaml (100%) rename {bitnami => riftbit}/redis-cluster/values.yaml (100%) rename {bitnami/mediawiki => riftbit/redis}/.helmignore (100%) rename {bitnami => riftbit}/redis/Chart.lock (100%) rename {bitnami => riftbit}/redis/Chart.yaml (100%) rename {bitnami => riftbit}/redis/README.md (100%) rename {bitnami => riftbit}/redis/ci/extra-flags-values.yaml (100%) rename {bitnami => riftbit}/redis/ci/sentinel-values.yaml (100%) rename {bitnami => riftbit}/redis/ci/standalone-values.yaml (100%) rename {bitnami => riftbit}/redis/img/redis-cluster-topology.png (100%) rename {bitnami => riftbit}/redis/templates/NOTES.txt (100%) rename {bitnami => riftbit}/redis/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/redis/templates/configmap.yaml (100%) rename {bitnami/memcached => riftbit/redis}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/redis/templates/headless-svc.yaml (100%) rename {bitnami => riftbit}/redis/templates/health-configmap.yaml (100%) rename {bitnami => riftbit}/redis/templates/master/psp.yaml (100%) rename {bitnami => riftbit}/redis/templates/master/service.yaml (100%) rename {bitnami => riftbit}/redis/templates/master/statefulset.yaml (100%) rename {bitnami => riftbit}/redis/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/redis/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/redis/templates/pdb.yaml (100%) rename {bitnami => riftbit}/redis/templates/prometheusrule.yaml (100%) rename {bitnami => riftbit}/redis/templates/replicas/hpa.yaml (100%) rename {bitnami => riftbit}/redis/templates/replicas/service.yaml (100%) rename {bitnami => riftbit}/redis/templates/replicas/statefulset.yaml (100%) rename {bitnami => riftbit}/redis/templates/role.yaml (100%) rename {bitnami => riftbit}/redis/templates/rolebinding.yaml (100%) rename {bitnami => riftbit}/redis/templates/scripts-configmap.yaml (100%) rename {bitnami => riftbit}/redis/templates/secret.yaml (100%) rename {bitnami => riftbit}/redis/templates/sentinel/hpa.yaml (100%) rename {bitnami => riftbit}/redis/templates/sentinel/node-services.yaml (100%) rename {bitnami => riftbit}/redis/templates/sentinel/ports-configmap.yaml (100%) rename {bitnami => riftbit}/redis/templates/sentinel/service.yaml (100%) rename {bitnami => riftbit}/redis/templates/sentinel/statefulset.yaml (100%) rename {bitnami => riftbit}/redis/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/redis/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/redis/templates/tls-secret.yaml (100%) rename {bitnami => riftbit}/redis/values.schema.json (100%) rename {bitnami => riftbit}/redis/values.yaml (100%) rename {bitnami/memcached => riftbit/redmine}/.helmignore (100%) rename {bitnami => riftbit}/redmine/Chart.lock (100%) rename {bitnami => riftbit}/redmine/Chart.yaml (100%) rename {bitnami => riftbit}/redmine/README.md (100%) rename {bitnami/joomla => riftbit/redmine}/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/redmine/templates/NOTES.txt (100%) rename {bitnami => riftbit}/redmine/templates/_certificates.tpl (100%) rename {bitnami => riftbit}/redmine/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/redmine/templates/cronjob.yaml (100%) rename {bitnami => riftbit}/redmine/templates/deployment.yaml (100%) rename {bitnami => riftbit}/redmine/templates/externaldb-secret.yaml (100%) rename {bitnami/minio => riftbit/redmine}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/redmine/templates/ingress.yaml (100%) rename {bitnami => riftbit}/redmine/templates/mail-receiver-configmap.yaml (100%) rename {bitnami => riftbit}/redmine/templates/pdb.yaml (100%) rename {bitnami/odoo => riftbit/redmine}/templates/postinit-configmap.yaml (100%) rename {bitnami => riftbit}/redmine/templates/pvc.yaml (100%) rename {bitnami => riftbit}/redmine/templates/secrets.yaml (100%) rename {bitnami => riftbit}/redmine/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/redmine/templates/svc.yaml (100%) rename {bitnami => riftbit}/redmine/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/redmine/values.schema.json (100%) rename {bitnami => riftbit}/redmine/values.yaml (100%) rename {bitnami => riftbit}/solr/Chart.lock (100%) rename {bitnami => riftbit}/solr/Chart.yaml (100%) rename {bitnami => riftbit}/solr/README.md (100%) rename {bitnami => riftbit}/solr/templates/NOTES.txt (100%) rename {bitnami => riftbit}/solr/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/solr/templates/exporter-deployment.yaml (100%) rename {bitnami => riftbit}/solr/templates/exporter-svc.yaml (100%) rename {bitnami => riftbit}/solr/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/solr/templates/ingress.yaml (100%) rename {bitnami => riftbit}/solr/templates/secret.yaml (100%) rename {bitnami => riftbit}/solr/templates/service-account.yaml (100%) rename {bitnami => riftbit}/solr/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/solr/templates/svc-headless.yaml (100%) rename {bitnami => riftbit}/solr/templates/svc.yaml (100%) rename {bitnami => riftbit}/solr/templates/tls-auto-secrets.yaml (100%) rename {bitnami => riftbit}/solr/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/solr/values.yaml (100%) rename {bitnami/metrics-server => riftbit/spark}/.helmignore (100%) rename {bitnami => riftbit}/spark/Chart.lock (100%) rename {bitnami => riftbit}/spark/Chart.yaml (100%) rename {bitnami => riftbit}/spark/README.md (100%) rename {bitnami => riftbit}/spark/ci/values-with-ingress-and-autoscaling.yaml (100%) rename {bitnami => riftbit}/spark/templates/NOTES.txt (100%) rename {bitnami => riftbit}/spark/templates/_helpers.tpl (100%) rename {bitnami/mongodb => riftbit/spark}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/spark/templates/headless-svc.yaml (100%) rename {bitnami => riftbit}/spark/templates/hpa-worker.yaml (100%) rename {bitnami => riftbit}/spark/templates/ingress.yaml (100%) rename {bitnami => riftbit}/spark/templates/podmonitor.yaml (100%) rename {bitnami => riftbit}/spark/templates/prometheusrule.yaml (100%) rename {bitnami => riftbit}/spark/templates/secret.yaml (100%) rename {bitnami => riftbit}/spark/templates/statefulset-master.yaml (100%) rename {bitnami => riftbit}/spark/templates/statefulset-worker.yaml (100%) rename {bitnami => riftbit}/spark/templates/svc-master.yaml (100%) rename {bitnami => riftbit}/spark/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/spark/values.yaml (100%) rename {bitnami/minio => riftbit/testlink}/.helmignore (100%) rename {bitnami => riftbit}/testlink/Chart.lock (100%) rename {bitnami => riftbit}/testlink/Chart.yaml (100%) rename {bitnami => riftbit}/testlink/README.md (100%) rename {bitnami/keycloak => riftbit/testlink}/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/testlink/templates/NOTES.txt (100%) rename {bitnami => riftbit}/testlink/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/testlink/templates/deployment.yaml (100%) rename {bitnami/moodle => riftbit/testlink}/templates/externaldb-secrets.yaml (100%) rename {bitnami/moodle => riftbit/testlink}/templates/extra-list.yaml (100%) rename {bitnami/suitecrm => riftbit/testlink}/templates/ingress.yaml (100%) rename {bitnami => riftbit}/testlink/templates/pv.yaml (100%) rename {bitnami => riftbit}/testlink/templates/pvc.yaml (100%) rename {bitnami => riftbit}/testlink/templates/secrets.yaml (100%) rename {bitnami/drupal => riftbit/testlink}/templates/svc.yaml (100%) rename {bitnami/drupal => riftbit/testlink}/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/testlink/values.yaml (100%) rename {bitnami/mongodb-sharded => riftbit/wordpress}/.helmignore (100%) rename {bitnami => riftbit}/wordpress/Chart.lock (100%) rename {bitnami => riftbit}/wordpress/Chart.yaml (100%) rename {bitnami => riftbit}/wordpress/README.md (100%) rename {bitnami/moodle => riftbit/wordpress}/ci/ct-values.yaml (100%) rename {bitnami => riftbit}/wordpress/ci/ingress-wildcard-values.yaml (100%) rename {bitnami/keycloak => riftbit/wordpress}/ci/values-hpa-pdb.yaml (100%) rename {bitnami => riftbit}/wordpress/ci/values-memcached.yaml (100%) rename {bitnami => riftbit}/wordpress/ci/values-metrics-and-ingress.yaml (100%) rename {bitnami => riftbit}/wordpress/templates/NOTES.txt (100%) rename {bitnami => riftbit}/wordpress/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/wordpress/templates/config-secret.yaml (100%) rename {bitnami => riftbit}/wordpress/templates/deployment.yaml (100%) rename {bitnami => riftbit}/wordpress/templates/externaldb-secrets.yaml (100%) rename {bitnami/mysql => riftbit/wordpress}/templates/extra-list.yaml (100%) rename {bitnami/odoo => riftbit/wordpress}/templates/hpa.yaml (100%) rename {bitnami => riftbit}/wordpress/templates/httpd-configmap.yaml (100%) rename {bitnami => riftbit}/wordpress/templates/ingress.yaml (100%) rename {bitnami => riftbit}/wordpress/templates/metrics-svc.yaml (100%) rename {bitnami/odoo => riftbit/wordpress}/templates/pdb.yaml (100%) rename {bitnami => riftbit}/wordpress/templates/postinit-configmap.yaml (100%) rename {bitnami => riftbit}/wordpress/templates/pvc.yaml (100%) rename {bitnami => riftbit}/wordpress/templates/secrets.yaml (100%) rename {bitnami/osclass => riftbit/wordpress}/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/wordpress/templates/svc.yaml (100%) rename {bitnami => riftbit}/wordpress/templates/tls-secrets.yaml (100%) rename {bitnami => riftbit}/wordpress/values.schema.json (100%) rename {bitnami => riftbit}/wordpress/values.yaml (100%) rename {bitnami/mongodb => riftbit/zookeeper}/.helmignore (100%) rename {bitnami => riftbit}/zookeeper/Chart.lock (100%) rename {bitnami => riftbit}/zookeeper/Chart.yaml (100%) rename {bitnami => riftbit}/zookeeper/README.md (100%) rename {bitnami => riftbit}/zookeeper/templates/NOTES.txt (100%) rename {bitnami => riftbit}/zookeeper/templates/_helpers.tpl (100%) rename {bitnami => riftbit}/zookeeper/templates/configmap.yaml (100%) rename {bitnami/nats => riftbit/zookeeper}/templates/extra-list.yaml (100%) rename {bitnami => riftbit}/zookeeper/templates/metrics-svc.yaml (100%) rename {bitnami => riftbit}/zookeeper/templates/networkpolicy.yaml (100%) rename {bitnami => riftbit}/zookeeper/templates/poddisruptionbudget.yaml (100%) rename {bitnami => riftbit}/zookeeper/templates/prometheusrules.yaml (100%) rename {bitnami => riftbit}/zookeeper/templates/secrets.yaml (100%) rename {bitnami => riftbit}/zookeeper/templates/serviceaccount.yaml (100%) rename {bitnami => riftbit}/zookeeper/templates/servicemonitor.yaml (100%) rename {bitnami => riftbit}/zookeeper/templates/statefulset.yaml (100%) rename {bitnami => riftbit}/zookeeper/templates/svc-headless.yaml (100%) rename {bitnami => riftbit}/zookeeper/templates/svc.yaml (100%) rename {bitnami => riftbit}/zookeeper/templates/tls-secret.yaml (100%) rename {bitnami => riftbit}/zookeeper/values.yaml (100%) diff --git a/.github/ISSUE_TEMPLATE/bug_report (2).md b/.github/ISSUE_TEMPLATE/bug_report (2).md new file mode 100644 index 0000000..2f56681 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report (2).md @@ -0,0 +1,48 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + + + +**Which chart**: +The name (and version) of the affected chart + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: + +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Version of Helm and Kubernetes**: + +- Output of `helm version`: + +``` +(paste your output here) +``` + +- Output of `kubectl version`: + +``` +(paste your output here) +``` + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ct-install.yaml b/.github/ct-install.yaml index 0570a18..901ff7f 100644 --- a/.github/ct-install.yaml +++ b/.github/ct-install.yaml @@ -7,6 +7,7 @@ chart-dirs: - riftbit chart-repos: - bitnami=https://charts.bitnami.com/bitnami/ + - riftbit=https://charts.riftbit.com/ helm-extra-args: --timeout 600s excluded-charts: diff --git a/.github/ct-lint.yaml b/.github/ct-lint.yaml index 92c7fc9..cb7c5cb 100644 --- a/.github/ct-lint.yaml +++ b/.github/ct-lint.yaml @@ -7,6 +7,7 @@ chart-dirs: - riftbit chart-repos: - bitnami=https://charts.bitnami.com/bitnami/ + - riftbit=https://charts.riftbit.com/ helm-extra-args: --timeout 600s check-version-increment: true diff --git a/bitnami/apache/Chart.lock b/bitnami/apache/Chart.lock deleted file mode 100644 index b2cc564..0000000 --- a/bitnami/apache/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:6d608d323ac01a7950ba64fa7caf4169a5d9d33e442c99e23e123caaf303b6b9 -generated: "2021-09-15T08:37:14.612925023Z" diff --git a/bitnami/apache/Chart.yaml b/bitnami/apache/Chart.yaml deleted file mode 100644 index 0777681..0000000 --- a/bitnami/apache/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 2.4.49 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Chart for Apache HTTP Server -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/apache -icon: https://bitnami.com/assets/stacks/apache/img/apache-stack-220x234.png -keywords: - - apache - - http - - https - - www - - web - - reverse proxy -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: apache -sources: - - https://github.com/bitnami/bitnami-docker-apache - - https://httpd.apache.org -version: 8.7.0 diff --git a/bitnami/apache/README.md b/bitnami/apache/README.md deleted file mode 100644 index d94caa5..0000000 --- a/bitnami/apache/README.md +++ /dev/null @@ -1,250 +0,0 @@ -# Apache - -The [Apache HTTP Server Project](https://httpd.apache.org/) is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. - -The Apache HTTP Server ("httpd") was launched in 1995 and it has been the most popular web server on the Internet since April 1996. It has celebrated its 20th birthday as a project in February 2015. - -## TL;DR - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/apache -``` - -## Introduction - -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - -This chart bootstraps a [Apache](https://github.com/bitnami/bitnami-docker-apache) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/apache -``` - -These commands deploy Apache on the Kubernetes cluster in the default configuration. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------- | ----- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### Apache parameters - -| Name | Description | Value | -| -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ---------------------- | -| `image.registry` | Apache image registry | `docker.io` | -| `image.repository` | Apache image repository | `bitnami/apache` | -| `image.tag` | Apache image tag (immutable tags are recommended) | `2.4.49-debian-10-r0` | -| `image.pullPolicy` | Apache image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Apache image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `git.registry` | Git image registry | `docker.io` | -| `git.repository` | Git image name | `bitnami/git` | -| `git.tag` | Git image tag | `2.33.0-debian-10-r30` | -| `git.pullPolicy` | Git image pull policy | `IfNotPresent` | -| `git.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `replicaCount` | Number of replicas of the Apache deployment | `1` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `cloneHtdocsFromGit.enabled` | Get the server static content from a git repository | `false` | -| `cloneHtdocsFromGit.repository` | Repository to clone static content from | `""` | -| `cloneHtdocsFromGit.branch` | Branch inside the git repository | `""` | -| `cloneHtdocsFromGit.interval` | Interval for sidecar container pull from the repository | `60` | -| `cloneHtdocsFromGit.resources` | Init container git resource requests | `{}` | -| `cloneHtdocsFromGit.extraVolumeMounts` | Add extra volume mounts for the GIT containers | `[]` | -| `htdocsConfigMap` | Name of a config map with the server static content | `""` | -| `htdocsPVC` | Name of a PVC with the server static content | `""` | -| `vhostsConfigMap` | Name of a config map with the virtual hosts content | `""` | -| `httpdConfConfigMap` | Name of a config map with the httpd.conf file contents | `""` | -| `podLabels` | Extra labels for Apache pods | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `resources.limits` | The resources limits for the container | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `livenessProbe.enabled` | Enable liveness probe | `true` | -| `livenessProbe.path` | Path to access on the HTTP server | `/` | -| `livenessProbe.port` | Port for livenessProbe | `http` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readiness probe | `true` | -| `readinessProbe.path` | Path to access on the HTTP server | `/` | -| `readinessProbe.port` | Port for readinessProbe | `http` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `extraVolumes` | Array to add extra volumes (evaluated as a template) | `[]` | -| `extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes, evaluated as a template) | `[]` | -| `extraEnvVars` | Array to add extra environment variables | `[]` | -| `initContainers` | Add additional init containers to the Apache pods | `[]` | -| `sidecars` | Add additional sidecar containers to the Apache pods | `[]` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ------------------------------- | ----------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Apache Service type | `LoadBalancer` | -| `service.port` | Apache service HTTP port | `80` | -| `service.httpsPort` | Apache service HTTPS port | `443` | -| `service.nodePorts.http` | Node port for HTTP | `""` | -| `service.nodePorts.https` | Node port for HTTPS | `""` | -| `service.loadBalancerIP` | Apache service Load Balancer IP | `""` | -| `service.annotations` | Additional custom annotations for Apache service | `{}` | -| `service.externalTrafficPolicy` | Apache service external traffic policy | `Cluster` | -| `ingress.enabled` | Enable ingress record generation for Apache | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `ingress.hostname` | Default host for the ingress record | `example.local` | -| `ingress.path` | Default path for the ingress record | `/` | -| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` | -| `ingress.tls` | Enable TLS configuration for the hosts defined | `[]` | -| `ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` | -| `ingress.hosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | -| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | - - -### Metrics Parameters - -| Name | Description | Value | -| ---------------------------- | ------------------------------------------------------------ | ------------------------- | -| `metrics.enabled` | Start a sidecar prometheus exporter to expose Apache metrics | `false` | -| `metrics.image.registry` | Apache Exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache Exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache Exporter image tag (immutable tags are recommended) | `0.10.0-debian-10-r48` | -| `metrics.image.pullPolicy` | Apache Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Apache Exporter image pull secrets | `[]` | -| `metrics.podAnnotations` | Additional custom annotations for Apache exporter service | `{}` | -| `metrics.resources.limits` | The resources limits for the container | `{}` | -| `metrics.resources.requests` | The requested resources for the container | `{}` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set imagePullPolicy=Always \ - bitnami/apache -``` - -The above command sets the `imagePullPolicy` to `Always`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/apache -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Deploying a custom web application - -The Apache chart allows you to deploy a custom web application using one of the following methods: - -- Cloning from a git repository: Set `cloneHtdocsFromGit.enabled` to `true` and set the repository and branch using the `cloneHtdocsFromGit.repository` and `cloneHtdocsFromGit.branch` parameters. A sidecar will also pull the latest changes in an interval set by `cloneHtdocsFromGit.interval`. -- Providing a ConfigMap: Set the `htdocsConfigMap` value to mount a ConfigMap in the Apache htdocs folder. -- Using an existing PVC: Set the `htdocsPVC` value to mount an PersistentVolumeClaim with the web application content. - -Refer to the [chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/apache/get-started/deploy-custom-application/) for more information. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available in the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Notable changes - -### 7.4.0 - -This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### 7.0.0 - -This release updates the Bitnami Apache container to `2.4.41-debian-9-r40`, which is based on Bash instead of Node.js. - -### 6.0.0 - -This release allows you to use your custom static application. In order to do so, check [this section](#deploying-your-custom-web-application). - -## Upgrading - -### To 8.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/apache/administration/upgrade-helm3/). - -### To 2.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 2.0.0. The following example assumes that the release name is apache: - -```console -$ kubectl patch deployment apache --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` diff --git a/bitnami/apache/ci/ct-values.yaml b/bitnami/apache/ci/ct-values.yaml deleted file mode 100644 index 9333456..0000000 --- a/bitnami/apache/ci/ct-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -service: - type: ClusterIP - -hostAliases: [] diff --git a/bitnami/apache/files/README.md b/bitnami/apache/files/README.md deleted file mode 100644 index 97e0581..0000000 --- a/bitnami/apache/files/README.md +++ /dev/null @@ -1 +0,0 @@ -Copy here your `httpd.conf` file to use mount it as a config map. \ No newline at end of file diff --git a/bitnami/apache/files/vhosts/README.md b/bitnami/apache/files/vhosts/README.md deleted file mode 100644 index 584300f..0000000 --- a/bitnami/apache/files/vhosts/README.md +++ /dev/null @@ -1 +0,0 @@ -Copy here your `*.conf` virtual host files to have them mounted to the container as a config map. \ No newline at end of file diff --git a/bitnami/apache/templates/NOTES.txt b/bitnami/apache/templates/NOTES.txt deleted file mode 100644 index 078560e..0000000 --- a/bitnami/apache/templates/NOTES.txt +++ /dev/null @@ -1,47 +0,0 @@ - -** Please be patient while the chart is being deployed ** - -1. Get the Apache URL by running: - -{{- if .Values.ingress.enabled }} - - You should be able to access your new Apache installation through: - - {{- if .Values.ingress.hostname }} - - http://{{ .Values.ingress.hostname }} - {{- end }} - {{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - - http://{{ $host.name }}{{ . }} - {{- end }} - {{- end }} - -{{- else if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT/ - -{{- else if contains "LoadBalancer" .Values.service.type }} - -** Please ensure an external IP is associated to the {{ template "common.names.fullname" . }} service before proceeding ** -** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }} ** - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $port:=.Values.service.port | toString }} - echo URL : http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/ -{{- else if contains "ClusterIP" .Values.service.type }} - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 8080:{{ .Values.service.port}} - echo URL : http://127.0.0.1:8080/ -{{- end }} - -{{/* WARNINGS */}} -{{- if not (include "apache.useHtdocs" .) }} -WARNING: You did not provide a custom web application. Apache will be deployed with a default page. Check the README section "Deploying your custom web application" in https://github.com/bitnami/charts/blob/master/bitnami/apache/README.md#deploying-your-custom-web-application. -{{- end }} -{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{ include "apache.validateValues" . }} diff --git a/bitnami/apache/templates/_helpers.tpl b/bitnami/apache/templates/_helpers.tpl deleted file mode 100644 index 4f30d98..0000000 --- a/bitnami/apache/templates/_helpers.tpl +++ /dev/null @@ -1,130 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Apache image name -*/}} -{{- define "apache.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Apache Docker Image Registry Secret Names -*/}} -{{- define "apache.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "apache.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return true if mouting a static web page -*/}} -{{- define "apache.useHtdocs" -}} -{{ default "" (or .Values.cloneHtdocsFromGit.enabled .Values.htdocsConfigMap .Values.htdocsPVC) }} -{{- end -}} - -{{/* -Return associated volume -*/}} -{{- define "apache.htdocsVolume" -}} -{{- if .Values.cloneHtdocsFromGit.enabled }} -emptyDir: {} -{{- else if .Values.htdocsConfigMap }} -configMap: - name: {{ .Values.htdocsConfigMap }} -{{- else if .Values.htdocsPVC }} -persistentVolumeClaim: - claimName: {{ .Values.htdocsPVC }} -{{- end }} -{{- end -}} - -{{/* -Validate data -*/}} -{{- define "apache.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "apache.validateValues.htdocs" .) -}} -{{- $messages := append $messages (include "apache.validateValues.htdocsGit" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - {{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "apache.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Validate data (htdocs) -*/}} -{{- define "apache.validateValues.htdocs" -}} -{{- if or (and .Values.cloneHtdocsFromGit.enabled (or .Values.htdocsPVC .htdocsConfigMap )) (and .Values.htdocsPVC (or .Values.htdocsConfigMap .Values.cloneHtdocsFromGit.enabled )) (and .Values.htdocsConfigMap (or .Values.htdocsPVC .Values.cloneHtdocsFromGit.enabled )) }} -apache: htdocs - You have selected more than one way of deploying htdocs. Please select only one of htdocsConfigMap cloneHtdocsFromGit or htdocsVolume -{{- end }} -{{- end -}} - -{{/* -Validate data (htdocs git) -*/}} -{{- define "apache.validateValues.htdocsGit" -}} -{{- if .Values.cloneHtdocsFromGit.enabled }} - {{- if not .Values.cloneHtdocsFromGit.repository }} -apache: htdocs-git-repository - You did not specify a git repository to clone. Please set cloneHtdocsFromGit.repository - {{- end }} - {{- if not .Values.cloneHtdocsFromGit.branch }} -apache: htdocs-git-branch - You did not specify a branch to checkout in the git repository. Please set cloneHtdocsFromGit.branch - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Apache - Incorrect extra volume settings -*/}} -{{- define "apache.validateValues.extraVolumes" -}} -{{- if and (.Values.extraVolumes) (not (or .Values.extraVolumeMounts .Values.cloneHtdocsFromGit.extraVolumeMounts)) -}} -apache: missing-extra-volume-mounts - You specified extra volumes but not mount points for them. Please set - the extraVolumeMounts value -{{- end -}} -{{- end -}} - -{{/* -Return the proper git image name -*/}} -{{- define "git.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.git "global" .Values.global) -}} -{{- end -}} - -{{/* -Get the vhosts config map name. -*/}} -{{- define "apache.vhostsConfigMap" -}} -{{- if .Values.vhostsConfigMap -}} - {{- printf "%s" (tpl .Values.vhostsConfigMap $) -}} -{{- else -}} - {{- printf "%s-vhosts" (include "common.names.fullname" . ) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the httpd.conf config map name. -*/}} -{{- define "apache.httpdConfConfigMap" -}} -{{- if .Values.httpdConfConfigMap -}} - {{- printf "%s" (tpl .Values.httpdConfConfigMap $) -}} -{{- else -}} - {{- printf "%s-httpd-conf" (include "common.names.fullname" . ) -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/apache/templates/configmap-vhosts.yaml b/bitnami/apache/templates/configmap-vhosts.yaml deleted file mode 100644 index 6b16fdf..0000000 --- a/bitnami/apache/templates/configmap-vhosts.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and (.Files.Glob "files/vhosts/*.conf") (not .Values.vhostsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-vhosts - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{ (.Files.Glob "files/vhosts/*.conf").AsConfig | indent 2 }} -{{ end }} diff --git a/bitnami/apache/templates/configmap.yaml b/bitnami/apache/templates/configmap.yaml deleted file mode 100644 index 337e180..0000000 --- a/bitnami/apache/templates/configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{ if and (.Files.Glob "files/httpd.conf") (not .Values.httpdConfConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-httpd-conf - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{ (.Files.Glob "files/httpd.conf").AsConfig | indent 2 }} -{{ end }} diff --git a/bitnami/apache/templates/deployment.yaml b/bitnami/apache/templates/deployment.yaml deleted file mode 100644 index 176ee7d..0000000 --- a/bitnami/apache/templates/deployment.yaml +++ /dev/null @@ -1,201 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "apache.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if or .Values.initContainers .Values.cloneHtdocsFromGit.enabled }} - initContainers: - {{- if .Values.cloneHtdocsFromGit.enabled }} - - name: git-clone-repository - image: {{ include "git.image" . }} - imagePullPolicy: {{ .Values.git.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh" - git clone {{ .Values.cloneHtdocsFromGit.repository }} --branch {{ .Values.cloneHtdocsFromGit.branch }} /app - resources: {{- toYaml .Values.cloneHtdocsFromGit.resources | nindent 12 }} - volumeMounts: - - name: htdocs - mountPath: /app - {{- if .Values.cloneHtdocsFromGit.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.cloneHtdocsFromGit.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - {{- if .Values.cloneHtdocsFromGit.enabled }} - - name: git-repo-syncer - image: {{ include "git.image" . }} - imagePullPolicy: {{ .Values.git.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh" - while true; do - cd /app && git pull origin {{ .Values.cloneHtdocsFromGit.branch }} - sleep {{ .Values.cloneHtdocsFromGit.interval }} - done - resources: {{- toYaml .Values.cloneHtdocsFromGit.resources | nindent 12 }} - volumeMounts: - - name: htdocs - mountPath: /app - {{- if .Values.cloneHtdocsFromGit.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.cloneHtdocsFromGit.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - - name: apache - image: {{ include "apache.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: 8080 - - name: https - containerPort: 8443 - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if (include "apache.useHtdocs" .) }} - - name: htdocs - mountPath: /app - {{- end }} - {{- if or (.Files.Glob "files/vhosts/*.conf") (.Values.vhostsConfigMap) }} - - name: vhosts - mountPath: /vhosts - {{- end }} - {{- if or (.Files.Glob "files/httpd.conf") (.Values.httpdConfConfigMap) }} - - name: httpd-conf - mountPath: /opt/bitnami/apache/conf/httpd.conf - subPath: httpd.conf - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "apache.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: ['/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:8080/server-status/?auto'] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if (include "apache.useHtdocs" .) }} - - name: htdocs - {{- include "apache.htdocsVolume" . | nindent 10 }} - {{- end }} - {{- if or (.Files.Glob "files/vhosts/*.conf") (.Values.vhostsConfigMap) }} - - name: vhosts - configMap: - name: {{ include "apache.vhostsConfigMap" . }} - {{- end }} - {{- if or (.Files.Glob "files/httpd.conf") (.Values.httpdConfConfigMap) }} - - name: httpd-conf - configMap: - name: {{ include "apache.httpdConfConfigMap" . }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/apache/templates/ingress.yaml b/bitnami/apache/templates/ingress.yaml deleted file mode 100644 index 15df6c2..0000000 --- a/bitnami/apache/templates/ingress.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.hosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: {{- toYaml .Values.ingress.tls | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/apache/templates/svc.yaml b/bitnami/apache/templates/svc.yaml deleted file mode 100644 index 2c944df..0000000 --- a/bitnami/apache/templates/svc.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: https - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/apache/values.schema.json b/bitnami/apache/values.schema.json deleted file mode 100644 index 27dcfb0..0000000 --- a/bitnami/apache/values.schema.json +++ /dev/null @@ -1,66 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "ingress": { - "type": "object", - "form": true, - "title": "Ingress Configuration", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Use a custom hostname", - "description": "Enable the ingress resource that allows you to access the Apache installation." - }, - "certManager": { - "type": "boolean", - "form": true, - "title": "Enable TLS annotations via cert-manager", - "description": "Set this to true in order to add the corresponding annotations for cert-manager", - "hidden": { - "value": false, - "path": "ingress/enabled" - } - }, - "hostname": { - "type": "string", - "form": true, - "title": "Hostname", - "hidden": { - "value": false, - "path": "ingress/enabled" - } - } - } - }, - "service": { - "type": "object", - "form": true, - "title": "Service Configuration", - "properties": { - "type": { - "type": "string", - "form": true, - "title": "Service Type", - "description": "Allowed values: \"ClusterIP\", \"NodePort\" and \"LoadBalancer\"" - } - } - }, - "replicaCount": { - "type": "integer", - "form": true, - "title": "Number of Replicas" - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Configure metrics exporter", - "form": true - } - } - } - } -} diff --git a/bitnami/apache/values.yaml b/bitnami/apache/values.yaml deleted file mode 100644 index 0714e72..0000000 --- a/bitnami/apache/values.yaml +++ /dev/null @@ -1,430 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section Apache parameters - -## Bitnami Apache image -## ref: https://hub.docker.com/r/bitnami/apache/tags/ -## @param image.registry Apache image registry -## @param image.repository Apache image repository -## @param image.tag Apache image tag (immutable tags are recommended) -## @param image.pullPolicy Apache image pull policy -## @param image.pullSecrets Apache image pull secrets -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/apache - tag: 2.4.49-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false -## Bitnami Git image version -## ref: https://hub.docker.com/r/bitnami/git/tags/ -## @param git.registry Git image registry -## @param git.repository Git image name -## @param git.tag Git image tag -## @param git.pullPolicy Git image pull policy -## @param git.pullSecrets Specify docker-registry secret names as an array -## -git: - registry: docker.io - repository: bitnami/git - tag: 2.33.0-debian-10-r30 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param replicaCount Number of replicas of the Apache deployment -## -replicaCount: 1 -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods -## -topologySpreadConstraints: [] -## Get the server static content from a git repository -## @param cloneHtdocsFromGit.enabled Get the server static content from a git repository -## @param cloneHtdocsFromGit.repository Repository to clone static content from -## @param cloneHtdocsFromGit.branch Branch inside the git repository -## @param cloneHtdocsFromGit.interval Interval for sidecar container pull from the repository -## @param cloneHtdocsFromGit.resources Init container git resource requests -## @param cloneHtdocsFromGit.extraVolumeMounts Add extra volume mounts for the GIT containers -## -cloneHtdocsFromGit: - enabled: false - repository: "" - branch: "" - interval: 60 - resources: {} - ## Useful to mount keys to connect through ssh. (normally used with extraVolumes) - ## E.g: - ## extraVolumeMounts: - ## - name: ssh-dir - ## mountPath: /root/.ssh/ - ## - extraVolumeMounts: [] -## @param htdocsConfigMap Name of a config map with the server static content -## -htdocsConfigMap: "" -## @param htdocsPVC Name of a PVC with the server static content -## -htdocsPVC: "" -## @param vhostsConfigMap Name of a config map with the virtual hosts content -## -vhostsConfigMap: "" -## @param httpdConfConfigMap Name of a config map with the httpd.conf file contents -## -httpdConfConfigMap: "" -## @param podLabels Extra labels for Apache pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param hostAliases [array] Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - ## Necessary for apache-exporter to work - ## - - ip: "127.0.0.1" - hostnames: - - "status.localhost" -## Apache pods' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the container -## @param resources.requests The requested resources for the container -## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} -## Configure extra options for containers' liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable liveness probe -## @param livenessProbe.path Path to access on the HTTP server -## @param livenessProbe.port Port for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: "/" - port: http - initialDelaySeconds: 180 - periodSeconds: 20 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param readinessProbe.enabled Enable readiness probe -## @param readinessProbe.path Path to access on the HTTP server -## @param readinessProbe.port Port for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: "/" - port: http - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param extraVolumes Array to add extra volumes (evaluated as a template) -## -extraVolumes: [] -## @param extraVolumeMounts Array to add extra mounts (normally used with extraVolumes, evaluated as a template) -## -extraVolumeMounts: [] -## @param extraEnvVars Array to add extra environment variables -## -extraEnvVars: [] -## @param initContainers Add additional init containers to the Apache pods -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param sidecars Add additional sidecar containers to the Apache pods -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] - -## @section Traffic Exposure Parameters - -## Apache service parameters -## -service: - ## @param service.type Apache Service type - ## - type: LoadBalancer - ## @param service.port Apache service HTTP port - ## - port: 80 - ## @param service.httpsPort Apache service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## - nodePorts: - http: "" - https: "" - ## @param service.loadBalancerIP Apache service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.annotations Additional custom annotations for Apache service - ## This can be used to set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - ## @param service.externalTrafficPolicy Apache service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster -## Configure the ingress resource that allows you to access the Apache installation -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress record generation for Apache - ## - enabled: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## IngressClassName is used to reference the IngressClass that should be used to implement this Ingress. - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param ingress.hostname Default host for the ingress record - ## - hostname: example.local - ## @param ingress.path Default path for the ingress record - ## - path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## NOTE: If `ingress.certManager=true`, annotation `ingress.kubernetes.io/secure-backends: "true"` will automatically be added - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## - annotations: {} - ## @param ingress.tls [array] Enable TLS configuration for the hosts defined - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## - tls: - - hosts: - - example.local - secretName: example.local-tls - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## - certManager: false - ## @param ingress.hosts An array with additional hostname(s) to be covered with the ingress record - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## e.g: - ## hosts: - ## - name: example.local - ## path: / - ## - hosts: [] - ## @param ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: ghost.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] - -## @section Metrics Parameters - -metrics: - ## @param metrics.enabled Start a sidecar prometheus exporter to expose Apache metrics - ## - enabled: false - ## Bitnami Apache Prometheus Exporter image - ## ref: https://hub.docker.com/r/bitnami/apache-exporter/tags/ - ## @param metrics.image.registry Apache Exporter image registry - ## @param metrics.image.repository Apache Exporter image repository - ## @param metrics.image.tag Apache Exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Apache Exporter image pull policy - ## @param metrics.image.pullSecrets Apache Exporter image pull secrets - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.0-debian-10-r48 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.podAnnotations [object] Additional custom annotations for Apache exporter service - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" - ## Apache Prometheus exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for the container - ## @param metrics.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} diff --git a/bitnami/aspnet-core/Chart.lock b/bitnami/aspnet-core/Chart.lock deleted file mode 100644 index 65e1ca2..0000000 --- a/bitnami/aspnet-core/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:6d608d323ac01a7950ba64fa7caf4169a5d9d33e442c99e23e123caaf303b6b9 -generated: "2021-09-14T19:08:06.666017763Z" diff --git a/bitnami/aspnet-core/Chart.yaml b/bitnami/aspnet-core/Chart.yaml deleted file mode 100644 index cf346d8..0000000 --- a/bitnami/aspnet-core/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - category: DeveloperTools -apiVersion: v2 -appVersion: 3.1.19 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: ASP.NET Core is an open-source framework created by Microsoft for building cloud-enabled, modern applications. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/aspnet-core -icon: https://bitnami.com/assets/stacks/aspnet-core/img/aspnet-core-stack-220x234.png -keywords: - - asp.net - - dotnet -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: aspnet-core -sources: - - https://github.com/bitnami/bitnami-docker-aspnet-core - - https://dotnet.microsoft.com/apps/aspnet -version: 1.3.17 diff --git a/bitnami/aspnet-core/README.md b/bitnami/aspnet-core/README.md deleted file mode 100644 index cb3b64a..0000000 --- a/bitnami/aspnet-core/README.md +++ /dev/null @@ -1,408 +0,0 @@ -# ASP.NET Core - -[ASP.NET Core](https://docs.microsoft.com/en-us/aspnet/core) is an open-source framework created by Microsoft for building cloud-enabled, modern applications. - -## TL;DR - -```console - helm repo add bitnami https://charts.bitnami.com/bitnami - helm install my-release bitnami/aspnet-core -``` - -## Introduction - -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - -This chart bootstraps an [ASP.NET Core](https://github.com/bitnami/bitnami-docker-aspnet-core) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/aspnet-core -``` - -These commands deploy a ASP.NET Core application on the Kubernetes cluster in the default configuration. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------------- | --------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override aspnet-core.fullname | `""` | -| `fullnameOverride` | String to fully override aspnet-core.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### ASP.NET Core parameters - -| Name | Description | Value | -| -------------------- | -------------------------------------------------------------------- | --------------------- | -| `image.registry` | ASP.NET Core image registry | `docker.io` | -| `image.repository` | ASP.NET Core image repository | `bitnami/aspnet-core` | -| `image.tag` | ASP.NET Core image tag (immutable tags are recommended) | `3.1.19-debian-10-r0` | -| `image.pullPolicy` | ASP.NET Core image pull policy | `IfNotPresent` | -| `image.pullSecrets` | ASP.NET Core image pull secrets | `[]` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `bindURLs` | URLs to bind | `http://+:8080` | -| `extraEnvVars` | Extra environment variables to be set on ASP.NET Core container | `[]` | -| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `extraEnvVarsSecret` | Secret with extra environment variables | `""` | - - -### ASP.NET Core deployment parameters - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------------------------------------------------------- | --------------- | -| `replicaCount` | Number of ASP.NET Core replicas to deploy | `1` | -| `strategyType` | ASP.NET Core deployment strategy type. Set it to `RollingUpdate` or `Recreate` | `RollingUpdate` | -| `priorityClassName` | ASP.NET Core pod priority class name | `""` | -| `hostAliases` | ASP.NET Core pod host aliases | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes for ASP.NET Core pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for ASP.NET Core container(s) | `[]` | -| `sidecars` | Add additional sidecar containers to the ASP.NET Core pods | `[]` | -| `initContainers` | Add additional init containers to the ASP.NET Core pods | `[]` | -| `lifecycleHooks` | Add lifecycle hooks to the ASP.NET Core deployment | `{}` | -| `podAnnotations` | Annotations for ASP.NET Core pods | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `resources.limits` | The resources limits for the ASP.NET Core container | `{}` | -| `resources.requests` | The requested resources for the ASP.NET Core container | `{}` | -| `containerPort` | Port to expose at ASP.NET Core container level | `8080` | -| `podSecurityContext.enabled` | Enabled ASP.NET Core pods' Security Context | `false` | -| `podSecurityContext.sysctls` | Set namespaced sysctls for the ASP.NET Core pods | `[]` | -| `containerSecurityContext.enabled` | Enabled ASP.NET Core containers' Security Context | `false` | -| `containerSecurityContext.runAsUser` | Set ASP.NET Core container's Security Context runAsUser | `0` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `autoscaling.enabled` | Enable autoscaling for ASP.NET Core | `false` | -| `autoscaling.minReplicas` | Minimum number of ASP.NET Core replicas | `1` | -| `autoscaling.maxReplicas` | Maximum number of ASP.NET Core replicas | `11` | -| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` | - - -### Custom ASP.NET Core application parameters - -| Name | Description | Value | -| ----------------------------------------------- | ---------------------------------------------------------------------- | ------------------------------------------------------------------- | -| `appFromExternalRepo.enabled` | Enable to download/build ASP.NET Core app from external git repository | `true` | -| `appFromExternalRepo.clone.image.registry` | Git image registry | `docker.io` | -| `appFromExternalRepo.clone.image.repository` | Git image repository | `bitnami/git` | -| `appFromExternalRepo.clone.image.tag` | Git image tag (immutable tags are recommended) | `2.33.0-debian-10-r28` | -| `appFromExternalRepo.clone.image.pullPolicy` | Git image pull policy | `IfNotPresent` | -| `appFromExternalRepo.clone.image.pullSecrets` | Git image pull secrets | `[]` | -| `appFromExternalRepo.clone.repository` | Git repository to clone | `https://github.com/dotnet/AspNetCore.Docs.git` | -| `appFromExternalRepo.clone.revision` | Git revision to checkout | `main` | -| `appFromExternalRepo.clone.extraVolumeMounts` | Add extra volume mounts for the GIT container | `[]` | -| `appFromExternalRepo.publish.image.registry` | .NET SDK image registry | `docker.io` | -| `appFromExternalRepo.publish.image.repository` | .NET SDK image repository | `bitnami/dotnet-sdk` | -| `appFromExternalRepo.publish.image.tag` | .NET SDK image tag (immutable tags are recommended) | `3.1.412-debian-10-r33` | -| `appFromExternalRepo.publish.image.pullPolicy` | .NET SDK image pull policy | `IfNotPresent` | -| `appFromExternalRepo.publish.image.pullSecrets` | .NET SDK image pull secrets | `[]` | -| `appFromExternalRepo.publish.subFolder` | Sub folder under the Git repository containing the ASP.NET Core app | `aspnetcore/fundamentals/servers/kestrel/samples/3.x/KestrelSample` | -| `appFromExternalRepo.publish.extraFlags` | Extra flags to be appended to "dotnet publish" command | `[]` | -| `appFromExternalRepo.startCommand` | Command used to start ASP.NET Core app | `["dotnet","KestrelSample.dll"]` | -| `appFromExistingPVC.enabled` | Enable mounting your ASP.NET Core app from an existing PVC | `false` | -| `appFromExistingPVC.existingClaim` | A existing Persistent Volume Claim containing your ASP.NET Core app | `""` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | ----------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | ASP.NET Core service type | `ClusterIP` | -| `service.port` | ASP.NET Core service HTTP port | `80` | -| `service.nodePort` | Node ports to expose | `""` | -| `service.clusterIP` | ASP.NET Core service Cluster IP | `""` | -| `service.loadBalancerIP` | ASP.NET Core service Load Balancer IP | `""` | -| `service.loadBalancerSourceRanges` | ASP.NET Core service Load Balancer sources | `[]` | -| `service.externalTrafficPolicy` | ASP.NET Core service external traffic policy | `Cluster` | -| `service.annotations` | Additional custom annotations for ASP.NET Core service | `{}` | -| `ingress.enabled` | Enable ingress record generation for ASP.NET Core | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource, a host pointing to this will be created | `aspnet-core.local` | -| `ingress.path` | Default path for the ingress record | `/` | -| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` | -| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | -| `ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` | -| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | -| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | -| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | -| `healthIngress.enabled` | Enable healthIngress record generation for ASP.NET Core | `false` | -| `healthIngress.hostname` | When the health ingress is enabled, a host pointing to this will be created | `aspnet-core.local` | -| `healthIngress.annotations` | Additional custom annotations for the ingress record | `{}` | -| `healthIngress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | -| `healthIngress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `healthIngress.extraHosts` | n array with additional hostname(s) to be covered with the ingress record | `[]` | -| `healthIngress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | -| `healthIngress.secrets` | Custom TLS certificates as secrets | `[]` | - - -### RBAC parameters - -| Name | Description | Value | -| ---------------------------- | ---------------------------------------------------- | ------ | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install my-release --set replicaCount=2 bitnami/aspnet-core -``` - -The above command install ASP.NET Core chart with 2 replicas. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/aspnet-core -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Deploying your custom ASP.NET Core application - -The ASP.NET Core chart allows you to deploy a custom application using one of the following methods: - -- Using a Docker image containing your ASP.NET Core application ready to be executed. -- Cloning your ASP.NET Core application code from a GIT repository. -- Mounting your ASP.NET Core application from an existing PVC - -#### Using a Docker image containing your ASP.NET Core application ready to be executed - -You can build your own Docker image containing your ASP.NET Core application ready to be executed. To do so, overwrite the default image setting the `image.*` parameters, and set your custom command and arguments setting the `command` and `args` parameters: - -```console -appFromExternalRepo.enabled=false -image.registry=docker.io -image.repository=your-image -image.tag=your-tag -command=[command] -args=[arguments] -``` - -Find more information about the process to create your own image in the guide below: - -- [Develop and Publish an ASP.NET Web Application using Bitnami Containers](https://docs.bitnami.com/tutorials/develop-aspnet-application-bitnami-containers). - -#### Cloning your ASP.NET Core application code from a GIT repository - -This is done using two different init containers: - -- `clone-repository`: uses the [Bitnami GIT Image](https://github.com/bitnami/bitnami-docker-git) to download the repository. -- `dotnet-publish`: uses the [Bitnami .Net SDK Image](https://github.com/bitnami/bitnami-docker-dotnet-sdk) to build/publish the ASP.NET Core application. - -To use this feature, set the `appFromExternalRepo.enabled` to `true` and set the repository and branch to use setting the `appFromExternalRepo.clone.repository` and `appFromExternalRepo.clone.revision` parameters. Then, specify the sub folder under the Git repository containing the ASP.NET Core app setting the `appFromExternalRepo.publish.subFolder` parameter. Finally, provide the start command to use setting the `appFromExternalRepo.startCommand`. - -> Note: you can append any custom flag for the "dotnet publish" command setting the `appFromExternalRepo.publish.extraFlags` parameter. - -For example, you can deploy a sample [Kestrel server](https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel) using the parameters below: - -```console -appFromExternalRepo.enabled=true -appFromExternalRepo.clone.repository=https://github.com/dotnet/AspNetCore.Docs.git -appFromExternalRepo.clone.revision=main -appFromExternalRepo.publish.aspnetcore/fundamentals/servers/kestrel/samples/3.x/KestrelSample -appFromExternalRepo.startCommand[0]=dotnet -appFromExternalRepo.startCommand[1]=KestrelSample.dll -``` - -#### Mounting your ASP.NET Core application from an existing PVC - -If you previously created a PVC with your application code ready to be executed, you can mount it in the ASP.NET Core container setting the `appFromExistingPVC.enabled` parameter to `true`. Then, specify the name of your existing PVC setting the `appFromExistingPVC.existingClaim` parameter. - -For example, if you created a PVC named `my-custom-apsnet-core-app` containing your application, use the parameters below: - -```console -appFromExistingPVC.enabled=true -appFromExistingPVC.existingClaim=my-custom-apsnet-core-app -``` - -### Adding extra environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -kong: - extraEnvVars: - - name: LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as the ASP.NET Core app (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Deploying extra resources - -There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. The following example would create a ConfigMap including some app's configuration, and it will mount it in the ASP.NET Core app's container: - -```yaml -extraDeploy: |- - - apiVersion: v1 - kind: ConfigMap - metadata: - name: aspnet-core-configuration - labels: {{- include "common.labels.standard" . | nindent 6 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 6 }} - {{- end }} - data: - appsettings.json: |- - { - "AllowedHosts": "*" - } -extraVolumeMounts: - - name: configuration - mountPath: /app/config/ - readOnly: true -extraVolumes: - - name: configuration - configMap: - name: aspnet-core-configuration -``` - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -### Ingress - -This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress](https://kubeapps.com/charts/stable/nginx-ingress) or [traefik](https://kubeapps.com/charts/stable/traefik) you can utilize the ingress controller to serve your ASP.NET Core application. - -To enable ingress integration, please set `ingress.enabled` to `true`. - -#### Hosts - -Most likely you will only want to have one hostname that maps to this ASP.NET Core installation. If that's your case, the property `ingress.hostname` will set it. However, it is possible to have more than one host. To facilitate this, the `ingress.extraHosts` object can be specified as an array. You can also use `ingress.extraTLS` to add the TLS configuration for extra hosts. - -For each host indicated at `ingress.extraHosts`, please indicate a `name`, `path`, and any `annotations` that you may want the ingress controller to know about. - -For annotations, please see [this document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/bitnami/aspnet-core/templates/NOTES.txt b/bitnami/aspnet-core/templates/NOTES.txt deleted file mode 100644 index 38bae09..0000000 --- a/bitnami/aspnet-core/templates/NOTES.txt +++ /dev/null @@ -1,51 +0,0 @@ - -** Please be patient while the chart is being deployed ** - -ASP.NET Core can be accessed through the following DNS name from within your cluster: - - {{ include "aspnet-core.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.service.port }}) - -To access ASP.NET Core from outside the cluster execute the following commands: - -{{- if .Values.ingress.enabled }} - -1. Get the ASP.NET Core URL and associate its hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "ASP.NET Core URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}" - echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts - -{{- else }} - -1. Get the ASP.NET Core URL by running these commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "aspnet-core.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "http://${NODE_IP}:${NODE_PORT}" - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "aspnet-core.fullname" . }}' - - export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "aspnet-core.fullname" . }}) - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "aspnet-core.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo "http://${SERVICE_IP}:${SERVICE_PORT}" - -{{- else if contains "ClusterIP" .Values.service.type }} - - export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "aspnet-core.fullname" . }}) - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "aspnet-core.fullname" . }} ${SERVICE_PORT}:${SERVICE_PORT} & - echo "http://127.0.0.1:${SERVICE_PORT}" - -{{- end }} -{{- end }} - -2. Access ASP.NET Core using the obtained URL. - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.appFromExternalRepo.clone.image }} -{{- include "common.warnings.rollingTag" .Values.appFromExternalRepo.publish.image }} -{{- include "aspnet-core.validateValues" . }} diff --git a/bitnami/aspnet-core/templates/_helpers.tpl b/bitnami/aspnet-core/templates/_helpers.tpl deleted file mode 100644 index c7806d5..0000000 --- a/bitnami/aspnet-core/templates/_helpers.tpl +++ /dev/null @@ -1,100 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "aspnet-core.fullname" -}} -{{- include "common.names.fullname" . -}} -{{- end }} - -{{/* -Return the proper ASP.NET Core image name -*/}} -{{- define "aspnet-core.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper GIT image name -*/}} -{{- define "aspnet-core.git.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.appFromExternalRepo.clone.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper .NET SDK image name -*/}} -{{- define "aspnet-core.sdk.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.appFromExternalRepo.publish.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "aspnet-core.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.appFromExternalRepo.clone.image .Values.appFromExternalRepo.publish.image) "global" .Values.global) }} -{{- end -}} - -{{/* -Create the name of the Service Account to use -*/}} -{{- define "aspnet-core.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} - {{- default (include "aspnet-core.fullname" .) .Values.serviceAccount.name }} -{{- else }} - {{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "aspnet-core.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "aspnet-core.validateValues.customApp" .) -}} -{{- $messages := append $messages (include "aspnet-core.validateValues.appFromExistingPVC" .) -}} -{{- $messages := append $messages (include "aspnet-core.validateValues.extraVolumes" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of ASP.NET Core - Methods to mount custom app */}} -{{- define "aspnet-core.validateValues.customApp" -}} -{{- if and .Values.appFromExternalRepo.enabled .Values.appFromExistingPVC.enabled -}} -aspnet-core: custom app - You cannot download your custom ASP.NET Core app from a GitHub repo - and mount it from an existing PVC at the same time. Please use one - method or the other: - - appFromExternalRepo.enabled=true - appFromExistingPVC.enabled=false - - or: - - appFromExternalRepo.enabled=false - appFromExistingPVC.enabled=true -{{- end -}} -{{- end -}} - -{{/* Validate values of ASP.NET Core - Mounte app from existing PVC */}} -{{- define "aspnet-core.validateValues.appFromExistingPVC" -}} -{{- if and .Values.appFromExistingPVC.enabled (empty .Values.appFromExistingPVC.existingClaim) -}} -aspnet-core: appFromExistingPVC - You enabled mounting your custom ASP.NET Core app from an existing PVC, - but you didn't set the appFromExistingPVC.existingClaim parameter. -{{- end -}} -{{- end -}} - -{{/* Validate values of ASP.NET Core - Incorrect extra volume settings */}} -{{- define "aspnet-core.validateValues.extraVolumes" -}} -{{- if and .Values.extraVolumes (not (or .Values.extraVolumeMounts .Values.appFromExternalRepo.clone.extraVolumeMounts)) -}} -aspnet-core: missing-extra-volume-mounts - You specified extra volumes but not mount points for them. - Please also set the extraVolumeMounts parameter. -{{- end -}} -{{- end -}} diff --git a/bitnami/aspnet-core/templates/deployment.yaml b/bitnami/aspnet-core/templates/deployment.yaml deleted file mode 100644 index 950e3f4..0000000 --- a/bitnami/aspnet-core/templates/deployment.yaml +++ /dev/null @@ -1,196 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "aspnet-core.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - strategy: - type: {{ .Values.strategyType }} - {{- if (eq "Recreate" .Values.strategyType) }} - rollingUpdate: null - {{- end }} - template: - metadata: - {{- if .Values.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - spec: - {{- include "aspnet-core.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "aspnet-core.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.podSecurityContext.fsGroup }} - {{- if .Values.podSecurityContext.sysctls }} - sysctls: - {{- toYaml .Values.podSecurityContext.sysctls | nindent 10 }} - {{- end }} - {{- end }} - {{- if or .Values.appFromExternalRepo.enabled .Values.initContainers }} - initContainers: - {{- if .Values.appFromExternalRepo.enabled }} - - name: clone-repository - image: {{ include "aspnet-core.git.image" . }} - imagePullPolicy: {{ .Values.appFromExternalRepo.clone.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh" - git clone {{ .Values.appFromExternalRepo.clone.repository }} --branch {{ .Values.appFromExternalRepo.clone.revision }} /repo - volumeMounts: - - name: repo - mountPath: /repo - {{- if .Values.appFromExternalRepo.clone.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.appFromExternalRepo.clone.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - - name: dotnet-publish - image: {{ include "aspnet-core.sdk.image" . }} - imagePullPolicy: {{ .Values.appFromExternalRepo.publish.image.pullPolicy | quote }} - workingDir: /repo - command: - - /bin/bash - - -ec - - | - cd {{ .Values.appFromExternalRepo.publish.subFolder }} - dotnet publish -o /app {{ .Values.appFromExternalRepo.publish.extraFlags | join " " }} - volumeMounts: - - name: app - mountPath: /app - - name: repo - mountPath: /repo - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: aspnet-core - image: {{ include "aspnet-core.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.containerSecurityContext.runAsUser }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - workingDir: /app - command: - {{- if .Values.command }} - {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- else if .Values.appFromExternalRepo.enabled }} - {{- include "common.tplvalues.render" (dict "value" .Values.appFromExternalRepo.startCommand "context" $) | nindent 12 }} - {{- else }} - - dotnet - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: ASPNETCORE_URLS - value: {{ .Values.bindURLs | quote }} - {{- range $key, $value := .Values.extraEnvVars }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPort }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - tcpSocket: - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if or .Values.appFromExternalRepo.enabled .Values.appFromExistingPVC.enabled .Values.extraVolumeMounts }} - volumeMounts: - {{- if or .Values.appFromExternalRepo.enabled .Values.appFromExistingPVC.enabled }} - - name: app - mountPath: /app - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- if or .Values.appFromExternalRepo.enabled .Values.appFromExistingPVC.enabled .Values.extraVolumes }} - volumes: - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if or .Values.appFromExternalRepo.enabled .Values.appFromExistingPVC.enabled }} - - name: app - {{- if .Values.appFromExistingPVC.enabled }} - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl (default "" .Values.appFromExistingPVC.existingClaim) .) }} - {{- else }} - emptyDir: {} - - name: repo - emptyDir: {} - {{- end }} - {{- end }} - {{- end }} diff --git a/bitnami/aspnet-core/templates/health-ingress.yaml b/bitnami/aspnet-core/templates/health-ingress.yaml deleted file mode 100644 index 19f59c3..0000000 --- a/bitnami/aspnet-core/templates/health-ingress.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.healthIngress.enabled -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ include "aspnet-core.fullname" . }}-health - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.healthIngress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.healthIngress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.healthIngress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.healthIngress.hostname }} - - host: {{ .Values.healthIngress.hostname }} - http: - paths: - - path: / - backend: - serviceName: {{ include "aspnet-core.fullname" . }} - servicePort: http - {{- end }} - {{- range .Values.healthIngress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - backend: - serviceName: {{ include "aspnet-core.fullname" $ }} - servicePort: http - {{- end }} - {{- if or .Values.healthIngress.tls .Values.healthIngress.extraTls .Values.healthIngress.hosts }} - tls: - {{- if .Values.healthIngress.tls }} - - hosts: - - {{ .Values.healthIngress.hostname }} - secretName: {{ printf "%s-tls" .Values.healthIngress.hostname }} - {{- end }} - {{- if .Values.healthIngress.extraTls }} - {{- toYaml .Values.healthIngress.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/aspnet-core/templates/hpa.yaml b/bitnami/aspnet-core/templates/hpa.yaml deleted file mode 100644 index af7bd89..0000000 --- a/bitnami/aspnet-core/templates/hpa.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "aspnet-core.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ include "aspnet-core.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- end }} - {{- if .Values.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- end }} -{{- end }} diff --git a/bitnami/aspnet-core/templates/ingress.yaml b/bitnami/aspnet-core/templates/ingress.yaml deleted file mode 100644 index 432d094..0000000 --- a/bitnami/aspnet-core/templates/ingress.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "aspnet-core.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "aspnet-core.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - backend: - serviceName: {{ include "aspnet-core.fullname" $ }} - servicePort: http - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls .Values.ingress.hosts }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- toYaml .Values.ingress.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/aspnet-core/templates/pdb.yaml b/bitnami/aspnet-core/templates/pdb.yaml deleted file mode 100644 index 3540a20..0000000 --- a/bitnami/aspnet-core/templates/pdb.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "aspnet-core.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/bitnami/aspnet-core/templates/serviceaccount.yaml b/bitnami/aspnet-core/templates/serviceaccount.yaml deleted file mode 100644 index f5f760c..0000000 --- a/bitnami/aspnet-core/templates/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "aspnet-core.serviceAccountName" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/aspnet-core/templates/svc.yaml b/bitnami/aspnet-core/templates/svc.yaml deleted file mode 100644 index 6d49647..0000000 --- a/bitnami/aspnet-core/templates/svc.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "aspnet-core.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort))) }} - nodePort: {{ .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/aspnet-core/templates/tls-secret.yaml b/bitnami/aspnet-core/templates/tls-secret.yaml deleted file mode 100644 index 39784f1..0000000 --- a/bitnami/aspnet-core/templates/tls-secret.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- else if and .Values.ingress.tls (not .Values.ingress.certManager) }} -{{- $ca := genCA "aspnet-core-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/aspnet-core/values.yaml b/bitnami/aspnet-core/values.yaml deleted file mode 100644 index 13d0199..0000000 --- a/bitnami/aspnet-core/values.yaml +++ /dev/null @@ -1,572 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override aspnet-core.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override aspnet-core.fullname -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section ASP.NET Core parameters - -## Bitnami ASP.NET Core image -## ref: https://hub.docker.com/r/bitnami/aspnet-core/tags/ -## @param image.registry ASP.NET Core image registry -## @param image.repository ASP.NET Core image repository -## @param image.tag ASP.NET Core image tag (immutable tags are recommended) -## @param image.pullPolicy ASP.NET Core image pull policy -## @param image.pullSecrets ASP.NET Core image pull secrets -## -image: - registry: docker.io - repository: bitnami/aspnet-core - tag: 3.1.19-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param bindURLs URLs to bind -## -bindURLs: http://+:8080 -## @param extraEnvVars Extra environment variables to be set on ASP.NET Core container -## E.g: -## extraEnvVars: -## - name: FOO -## value: BAR -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap with extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret with extra environment variables -## -extraEnvVarsSecret: "" - -## @section ASP.NET Core deployment parameters - -## @param replicaCount Number of ASP.NET Core replicas to deploy -## -replicaCount: 1 -## @param strategyType ASP.NET Core deployment strategy type. Set it to `RollingUpdate` or `Recreate` -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## -strategyType: RollingUpdate -## @param priorityClassName ASP.NET Core pod priority class name -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ -## -priorityClassName: "" -## @param hostAliases ASP.NET Core pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param extraVolumes Optionally specify extra list of additional volumes for ASP.NET Core pods -## e.g: -## extraVolumes: -## - name: extras -## emptyDir: {} -## -extraVolumes: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for ASP.NET Core container(s) -## Example: -## extraVolumeMounts: -## - name: extras -## mountPath: /usr/share/extras -## readOnly: true -## -extraVolumeMounts: [] -## @param sidecars Add additional sidecar containers to the ASP.NET Core pods -## e.g: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @param initContainers Add additional init containers to the ASP.NET Core pods -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## e.g: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param lifecycleHooks Add lifecycle hooks to the ASP.NET Core deployment -## -lifecycleHooks: {} -## @param podAnnotations Annotations for ASP.NET Core pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## ASP.NET Core containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the ASP.NET Core container -## @param resources.requests The requested resources for the ASP.NET Core container -## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} -## @param containerPort Port to expose at ASP.NET Core container level -## -containerPort: 8080 -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled ASP.NET Core pods' Security Context -## @param podSecurityContext.sysctls Set namespaced sysctls for the ASP.NET Core pods -## -podSecurityContext: - enabled: false - ## e.g: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled ASP.NET Core containers' Security Context -## @param containerSecurityContext.runAsUser Set ASP.NET Core container's Security Context runAsUser -## -containerSecurityContext: - enabled: false - runAsUser: 0 -## Configure extra options for ASP.NET Core containers' liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 10 - timeoutSeconds: 1 - periodSeconds: 20 - failureThreshold: 6 - successThreshold: 1 -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 10 - timeoutSeconds: 1 - periodSeconds: 20 - failureThreshold: 6 - successThreshold: 1 -## @param customLivenessProbe Custom livenessProbe that overrides the default one -## -customLivenessProbe: {} -## @param customReadinessProbe Custom readinessProbe that overrides the default one -## -customReadinessProbe: {} -## Configure Pod Disruption Budget -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## @param pdb.create Enable/disable a Pod Disruption Budget creation -## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled -## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable -## -pdb: - create: false - minAvailable: 1 - maxUnavailable: "" -## ASP.NET Core Autoscaling parameters. -## @param autoscaling.enabled Enable autoscaling for ASP.NET Core -## @param autoscaling.minReplicas Minimum number of ASP.NET Core replicas -## @param autoscaling.maxReplicas Maximum number of ASP.NET Core replicas -## @param autoscaling.targetCPU Target CPU utilization percentage -## @param autoscaling.targetMemory Target Memory utilization percentage -## -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 11 - targetCPU: "" - targetMemory: "" - -## @section Custom ASP.NET Core application parameters - -## Enable to download/build ASP.NET Core app from external git repository. -## Do not enable it if your docker image already includes your application -## -appFromExternalRepo: - ## @param appFromExternalRepo.enabled Enable to download/build ASP.NET Core app from external git repository - ## - enabled: true - clone: - ## Bitnami Git image version - ## ref: https://hub.docker.com/r/bitnami/git/tags/ - ## @param appFromExternalRepo.clone.image.registry Git image registry - ## @param appFromExternalRepo.clone.image.repository Git image repository - ## @param appFromExternalRepo.clone.image.tag Git image tag (immutable tags are recommended) - ## @param appFromExternalRepo.clone.image.pullPolicy Git image pull policy - ## @param appFromExternalRepo.clone.image.pullSecrets Git image pull secrets - ## - image: - registry: docker.io - repository: bitnami/git - tag: 2.33.0-debian-10-r28 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param appFromExternalRepo.clone.repository Git repository to clone - ## - repository: https://github.com/dotnet/AspNetCore.Docs.git - ## @param appFromExternalRepo.clone.revision Git revision to checkout - ## - revision: main - ## @param appFromExternalRepo.clone.extraVolumeMounts Add extra volume mounts for the GIT container - ## Useful to mount keys to connect through ssh. (normally used with extraVolumes) - ## e.g: - ## extraVolumeMounts: - ## - name: ssh-dir - ## mountPath: /root/.ssh/ - ## - extraVolumeMounts: [] - publish: - ## Bitnami .NET SDK image version - ## ref: https://hub.docker.com/r/bitnami/dotnet-sdk/tags/ - ## @param appFromExternalRepo.publish.image.registry .NET SDK image registry - ## @param appFromExternalRepo.publish.image.repository .NET SDK image repository - ## @param appFromExternalRepo.publish.image.tag .NET SDK image tag (immutable tags are recommended) - ## @param appFromExternalRepo.publish.image.pullPolicy .NET SDK image pull policy - ## @param appFromExternalRepo.publish.image.pullSecrets .NET SDK image pull secrets - ## - image: - registry: docker.io - repository: bitnami/dotnet-sdk - tag: 3.1.412-debian-10-r33 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param appFromExternalRepo.publish.subFolder Sub folder under the Git repository containing the ASP.NET Core app - ## - subFolder: aspnetcore/fundamentals/servers/kestrel/samples/3.x/KestrelSample - ## @param appFromExternalRepo.publish.extraFlags Extra flags to be appended to "dotnet publish" command - ## - extraFlags: [] - ## @param appFromExternalRepo.startCommand Command used to start ASP.NET Core app - ## - startCommand: ["dotnet", "KestrelSample.dll"] -## Enable mounting your ASP.NET Core app from an existing PVC -## Do not enable it if your docker image already includes your application -## @param appFromExistingPVC.enabled Enable mounting your ASP.NET Core app from an existing PVC -## @param appFromExistingPVC.existingClaim A existing Persistent Volume Claim containing your ASP.NET Core app -## -appFromExistingPVC: - enabled: false - ## PVC must be created manually before volume will be bound. The value is evaluated as a template - ## - existingClaim: "" - -## @section Traffic Exposure Parameters - -## ASP.NET Core Service parameters. -## -service: - ## @param service.type ASP.NET Core service type - ## - type: ClusterIP - ## @param service.port ASP.NET Core service HTTP port - ## - port: 80 - ## @param service.nodePort Node ports to expose - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param service.clusterIP ASP.NET Core service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerIP ASP.NET Core service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges ASP.NET Core service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy ASP.NET Core service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for ASP.NET Core service - ## - annotations: {} -## Configure the ingress resource that allows you to access the ASP.NET Core app -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress record generation for ASP.NET Core - ## - enabled: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource, a host pointing to this will be created - ## - hostname: aspnet-core.local - ## @param ingress.path Default path for the ingress record - ## - path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## - certManager: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: aspnet-core.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - aspnet-core.local - ## secretName: aspnet-core.local-tls - ## - extraTls: [] - ## @param ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: aspnet-core.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] -## Health Ingress -## -healthIngress: - ## @param healthIngress.enabled Enable healthIngress record generation for ASP.NET Core - ## - enabled: false - ## @param healthIngress.hostname When the health ingress is enabled, a host pointing to this will be created - ## - hostname: aspnet-core.local - ## @param healthIngress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## - annotations: {} - ## @param healthIngress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates - ## - tls: false - ## @param healthIngress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param healthIngress.extraHosts n array with additional hostname(s) to be covered with the ingress record - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: aspnet-core.local - ## path: / - ## - extraHosts: [] - ## @param healthIngress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - aspnet-core.local - ## secretName: aspnet-core.local-tls - ## - extraTls: [] - ## @param healthIngress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: aspnet-core.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] - -## @section RBAC parameters - -## K8s Service Account. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the aspnet-core.fullname template - ## - name: "" - ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} diff --git a/bitnami/consul/ci/values-ingress.yaml b/bitnami/consul/ci/values-ingress.yaml deleted file mode 100644 index 2b2574e..0000000 --- a/bitnami/consul/ci/values-ingress.yaml +++ /dev/null @@ -1,3 +0,0 @@ -ingress: - enabled: true - tls: true diff --git a/bitnami/contour/Chart.lock b/bitnami/contour/Chart.lock deleted file mode 100644 index 73b1d8f..0000000 --- a/bitnami/contour/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:6d608d323ac01a7950ba64fa7caf4169a5d9d33e442c99e23e123caaf303b6b9 -generated: "2021-09-20T08:14:57.250332035Z" diff --git a/bitnami/contour/Chart.yaml b/bitnami/contour/Chart.yaml deleted file mode 100644 index 8bb89d1..0000000 --- a/bitnami/contour/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 1.18.1 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Contour Ingress controller for Kubernetes -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/contour -icon: https://bitnami.com/assets/stacks/contour/img/contour-stack-220x234.png -keywords: - - ingress - - envoy - - contour -maintainers: - - name: cellebyte - url: https://github.com/Cellebyte - - email: containers@bitnami.com - name: Bitnami -name: contour -sources: - - https://github.com/projectcontour/contour - - https://github.com/envoyproxy/envoy - - https://github.com/bitnami/bitnami-docker-contour - - https://projectcontour.io -version: 5.5.3 diff --git a/bitnami/contour/README.md b/bitnami/contour/README.md deleted file mode 100644 index 71b5b95..0000000 --- a/bitnami/contour/README.md +++ /dev/null @@ -1,509 +0,0 @@ -# contour - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/contour -``` - -## Introduction - -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - -This chart bootstraps a [Contour](https://projectcontour.io) Ingress Controller Deployment and a [Envoy Proxy](https://www.envoyproxy.io) Daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- An Operator for `ServiceType: LoadBalancer` like [MetalLB](../metallb/README.md) - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/contour -``` - -These commands deploy contour on the Kubernetes cluster in the default configuration. The [Parameters](##parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` or `helm ls --all-namespaces` - -## Uninstalling the Chart - -:warning: Uninstalling this chart will also remove CRDs. Removing CRDs will **remove all instances of it's Custom Resources**. If you wish to retain your Custom Resources for the future, run the following commands before uninstalling. - -```console -$ kubectl get -o yaml extensionservice,httpproxy,tlscertificatedelegation -A > backup.yaml -``` - -To uninstall/delete the `my-release` helm release: - -```console -$ helm uninstall my-release -``` - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | - - -### Common parameters - -| Name | Description | Value | -| -------------------- | -------------------------------------------------------------------------------------- | ----- | -| `nameOverride` | String to partially override contour.fullname include (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override contour.fullname template | `""` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### Contour parameters - -| Name | Description | Value | -| -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | -| `replicaCount` | Number of Contour Pod replicas | `2` | -| `existingConfigMap` | Specifies the name of an externally-defined ConfigMap to use as the configuration (this is mutually exclusive with `configInline`) | `""` | -| `configInline` | Specifies Contour's configuration directly in YAML format | `{}` | -| `contour.enabled` | Contour Deployment creation. | `true` | -| `contour.image.registry` | Contour image registry | `docker.io` | -| `contour.image.repository` | Contour image name | `bitnami/contour` | -| `contour.image.tag` | Contour image tag | `1.18.1-debian-10-r20` | -| `contour.image.pullPolicy` | Contour Image pull policy | `IfNotPresent` | -| `contour.image.pullSecrets` | Contour Image pull secrets | `[]` | -| `contour.hostAliases` | Add deployment host aliases | `[]` | -| `contour.extraArgs` | Extra arguments passed to Contour container | `[]` | -| `contour.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` | -| `contour.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` | -| `contour.manageCRDs` | Manage the creation, upgrade and deletion of Contour CRDs. | `true` | -| `contour.podAffinityPreset` | Contour Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `contour.podAntiAffinityPreset` | Contour Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `contour.nodeAffinityPreset.type` | Contour Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `contour.nodeAffinityPreset.key` | Contour Node label key to match Ignored if `affinity` is set. | `""` | -| `contour.nodeAffinityPreset.values` | Contour Node label values to match. Ignored if `affinity` is set. | `[]` | -| `contour.affinity` | Affinity for Contour pod assignment | `{}` | -| `contour.nodeSelector` | Node labels for Contour pod assignment | `{}` | -| `contour.tolerations` | Tolerations for Contour pod assignment | `[]` | -| `contour.podAnnotations` | Contour Pod annotations | `{}` | -| `contour.serviceAccount.create` | Create a serviceAccount for the Contour pod | `true` | -| `contour.serviceAccount.name` | Use the serviceAccount with the specified name, a name is generated using the fullname template | `""` | -| `contour.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `contour.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | -| `contour.livenessProbe.periodSeconds` | How often to perform the probe | `20` | -| `contour.livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `contour.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | -| `contour.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `contour.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | -| `contour.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `15` | -| `contour.readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `contour.readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `contour.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | -| `contour.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `contour.securityContext.enabled` | If the pod should run in a securityContext. | `true` | -| `contour.securityContext.runAsNonRoot` | If the pod should run as a non root container. | `true` | -| `contour.securityContext.runAsUser` | define the uid with which the pod will run | `1001` | -| `contour.securityContext.runAsGroup` | define the gid with which the pod will run | `1001` | -| `contour.certgen.serviceAccount.create` | Create a serviceAccount for the Contour pod | `true` | -| `contour.certgen.serviceAccount.name` | Use the serviceAccount with the specified name, a name is generated using the fullname template | `""` | -| `contour.tlsExistingSecret` | Name of the existingSecret to be use in Contour deployment. If it is not nil `contour.certgen` will be disabled. | `""` | -| `contour.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `contour.initContainers` | Attach additional init containers to Contour pods | `[]` | -| `contour.sidecars` | Add additional sidecar containers to the Contour pods | `[]` | -| `contour.extraVolumes` | Array to add extra volumes | `[]` | -| `contour.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | -| `contour.extraEnvVars` | Array containing extra env vars to be added to all Contour containers | `[]` | -| `contour.extraEnvVarsConfigMap` | ConfigMap containing extra env vars to be added to all Contour containers | `""` | -| `contour.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Contour containers | `""` | -| `contour.ingressClass` | Name of the ingress class to route through this controller | `contour` | - - -### Envoy parameters - -| Name | Description | Value | -| --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ---------------------- | -| `envoy.enabled` | Envoy Proxy creation | `true` | -| `envoy.image.registry` | Envoy Proxy image registry | `docker.io` | -| `envoy.image.repository` | Envoy Proxy image repository | `bitnami/envoy` | -| `envoy.image.tag` | Envoy Proxy image tag (immutable tags are recommended) | `1.19.1-debian-10-r26` | -| `envoy.image.pullPolicy` | Envoy image pull policy | `IfNotPresent` | -| `envoy.image.pullSecrets` | Envoy image pull secrets | `[]` | -| `envoy.extraArgs` | Extra arguments passed to Envoy container | `[]` | -| `envoy.hostAliases` | Add deployment host aliases | `[]` | -| `envoy.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` | -| `envoy.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` | -| `envoy.shutdownManager.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` | -| `envoy.shutdownManager.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` | -| `envoy.kind` | Install as deployment or daemonset | `daemonset` | -| `envoy.replicaCount` | Desired number of Controller pods | `1` | -| `envoy.updateStrategy` | Strategy to use to update Pods | `{}` | -| `envoy.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | -| `envoy.autoscaling.enabled` | Enable autoscaling for Controller | `false` | -| `envoy.autoscaling.minReplicas` | Minimum number of Controller replicas | `1` | -| `envoy.autoscaling.maxReplicas` | Maximum number of Controller replicas | `11` | -| `envoy.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `envoy.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | -| `envoy.podAffinityPreset` | Envoy Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `envoy.podAntiAffinityPreset` | Envoy Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `envoy.nodeAffinityPreset.type` | Envoy Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `envoy.nodeAffinityPreset.key` | Envoy Node label key to match Ignored if `affinity` is set. | `""` | -| `envoy.nodeAffinityPreset.values` | Envoy Node label values to match. Ignored if `affinity` is set. | `[]` | -| `envoy.affinity` | Affinity for Envoy pod assignment | `{}` | -| `envoy.nodeSelector` | Node labels for Envoy pod assignment | `{}` | -| `envoy.tolerations` | Tolerations for Envoy pod assignment | `[]` | -| `envoy.podAnnotations` | Envoy Pod annotations | `{}` | -| `envoy.podSecurityContext.enabled` | Envoy Pod securityContext | `false` | -| `envoy.containerSecurityContext.enabled` | Envoy Container securityContext | `true` | -| `envoy.containerSecurityContext.runAsUser` | User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) | `0` | -| `envoy.hostNetwork` | Envoy Pod host network access | `false` | -| `envoy.dnsPolicy` | Envoy Pod Dns Policy's DNS Policy | `ClusterFirst` | -| `envoy.tlsExistingSecret` | Name of the existingSecret to be use in Envoy deployment | `""` | -| `envoy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `envoy.serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `envoy.serviceAccount.automountServiceAccountToken` | Whether to auto mount API credentials for a service account | `false` | -| `envoy.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `envoy.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `envoy.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `envoy.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `envoy.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `envoy.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `envoy.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | -| `envoy.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` | -| `envoy.readinessProbe.periodSeconds` | How often to perform the probe | `3` | -| `envoy.readinessProbe.timeoutSeconds` | When the probe times out | `1` | -| `envoy.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | -| `envoy.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `envoy.terminationGracePeriodSeconds` | Envoy termination grace period in seconds | `300` | -| `envoy.logLevel` | Envoy log level | `info` | -| `envoy.service.type` | Type of Envoy service to create | `LoadBalancer` | -| `envoy.service.externalTrafficPolicy` | Envoy Service external cluster policy. If `envoy.service.type` is NodePort or LoadBalancer | `Local` | -| `envoy.service.clusterIP` | Internal envoy cluster service IP | `""` | -| `envoy.service.externalIPs` | Envoy service external IP addresses | `[]` | -| `envoy.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `envoy.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `envoy.service.annotations` | Annotations for Envoy service | `{}` | -| `envoy.service.ports.http` | Sets service http port | `80` | -| `envoy.service.ports.https` | Sets service https port | `443` | -| `envoy.service.nodePorts.http` | HTTP Port. If `envoy.service.type` is NodePort and this is non-empty | `""` | -| `envoy.service.nodePorts.https` | HTTPS Port. If `envoy.service.type` is NodePort and this is non-empty | `""` | -| `envoy.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `envoy.useHostPort` | Enable/disable `hostPort` for TCP/80 and TCP/443 | `true` | -| `envoy.useHostIP` | Enable/disable `hostIP` | `false` | -| `envoy.hostPorts.http` | Sets `hostPort` http port | `80` | -| `envoy.hostPorts.https` | Sets `hostPort` https port | `443` | -| `envoy.hostIPs.http` | Sets `hostIP` http IP | `127.0.0.1` | -| `envoy.hostIPs.https` | Sets `hostIP` https IP | `127.0.0.1` | -| `envoy.containerPorts.http` | Sets http port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `80` | -| `envoy.containerPorts.https` | Sets https port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `443` | -| `envoy.initContainers` | Attach additional init containers to Envoy pods | `[]` | -| `envoy.extraVolumes` | Array to add extra volumes | `[]` | -| `envoy.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | -| `envoy.extraEnvVars` | Array containing extra env vars to be added to all Envoy containers | `[]` | -| `envoy.extraEnvVarsConfigMap` | ConfigMap containing extra env vars to be added to all Envoy containers | `""` | -| `envoy.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Envoy containers | `""` | - - -### Default backend parameters - -| Name | Description | Value | -| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ---------------------- | -| `defaultBackend.enabled` | Enable a default backend based on NGINX | `false` | -| `defaultBackend.image.registry` | Default backend image registry | `docker.io` | -| `defaultBackend.image.repository` | Default backend image name | `bitnami/nginx` | -| `defaultBackend.image.tag` | Default backend image tag | `1.21.3-debian-10-r12` | -| `defaultBackend.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `defaultBackend.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `defaultBackend.extraArgs` | Additional command line arguments to pass to NGINX container | `{}` | -| `defaultBackend.containerPort` | HTTP container port number | `8080` | -| `defaultBackend.hostAliases` | Add deployment host aliases | `[]` | -| `defaultBackend.replicaCount` | Desired number of default backend pods | `1` | -| `defaultBackend.podSecurityContext.enabled` | Default backend Pod securityContext | `true` | -| `defaultBackend.podSecurityContext.fsGroup` | Set Default backend Pod's Security Context fsGroup | `1001` | -| `defaultBackend.containerSecurityContext.enabled` | Default backend container securityContext | `true` | -| `defaultBackend.containerSecurityContext.runAsUser` | User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) | `1001` | -| `defaultBackend.resources.limits` | The resources limits for the Default backend container | `{}` | -| `defaultBackend.resources.requests` | The requested resources for the Default backend container | `{}` | -| `defaultBackend.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `defaultBackend.livenessProbe.httpGet` | Path, port and scheme for the livenessProbe | `{}` | -| `defaultBackend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `defaultBackend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `defaultBackend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `defaultBackend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `defaultBackend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `defaultBackend.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `defaultBackend.readinessProbe.httpGet` | Path, port and scheme for the readinessProbe | `{}` | -| `defaultBackend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `defaultBackend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `defaultBackend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `defaultBackend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `defaultBackend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `defaultBackend.customLivenessProbe` | Override default liveness probe, it overrides the default one (evaluated as a template) | `{}` | -| `defaultBackend.customReadinessProbe` | Override default readiness probe, it overrides the default one (evaluated as a template) | `{}` | -| `defaultBackend.podLabels` | Extra labels for Controller pods | `{}` | -| `defaultBackend.podAnnotations` | Annotations for Controller pods | `{}` | -| `defaultBackend.priorityClassName` | Priority class assigned to the pods | `""` | -| `defaultBackend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `defaultBackend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `defaultBackend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `defaultBackend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `defaultBackend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `defaultBackend.affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `defaultBackend.nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `defaultBackend.tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `defaultBackend.service.type` | Service type | `ClusterIP` | -| `defaultBackend.service.port` | Service port | `80` | -| `defaultBackend.pdb.create` | Enable Pod Disruption Budget configuration | `false` | -| `defaultBackend.pdb.minAvailable` | Minimum number/percentage of Default backend pods that should remain scheduled | `1` | -| `defaultBackend.pdb.maxUnavailable` | Maximum number/percentage of Default backend pods that should remain scheduled | `""` | - - -### Metrics parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------ | -| `prometheus.serviceMonitor.namespace` | Specify if the servicemonitors will be deployed into a different namespace (blank deploys into same namespace as chart) | `""` | -| `prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator. | `false` | -| `prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | -| `prometheus.serviceMonitor.interval` | Specify the scrape interval if not specified use default prometheus scrapeIntervall, the Prometheus default scrape interval is used. | `""` | -| `prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics. | `[]` | -| `prometheus.serviceMonitor.relabelings` | Specify general relabeling. | `[]` | - - -### Other parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------------------------------------------------------------------------- | ------ | -| `rbac.create` | Create the RBAC roles for API accessibility | `true` | -| `rbac.rules` | Custom RBAC rules to set | `[]` | -| `tlsExistingSecret` | Name of the existingSecret to be use in both contour and envoy. If it is not nil `contour.certgen` will be disabled. | `""` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set envoy.readinessProbe.successThreshold=5 \ - bitnami/contour -``` - -The above command sets the `envoy.readinessProbe.successThreshold` to `5`. - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -To configure [Contour](https://projectcontour.io) please look into the configuration section [Contour Configuration](https://projectcontour.io/docs/main/configuration/). - -### Example Quickstart Contour Confiuration - -```yaml -configInline: - # should contour expect to be running inside a k8s cluster - # incluster: true - # - # path to kubeconfig (if not running inside a k8s cluster) - # kubeconfig: /path/to/.kube/config - # - # Client request timeout to be passed to Envoy - # as the connection manager request_timeout. - # Defaults to 0, which Envoy interprets as disabled. - # Note that this is the timeout for the whole request, - # not an idle timeout. - # request-timeout: 0s - # disable ingressroute permitInsecure field - disablePermitInsecure: false - tls: - # minimum TLS version that Contour will negotiate - # minimum-protocol-version: "1.1" - # Defines the Kubernetes name/namespace matching a secret to use - # as the fallback certificate when requests which don't match the - # SNI defined for a vhost. - fallback-certificate: - # name: fallback-secret-name - # namespace: projectcontour - # The following config shows the defaults for the leader election. - # leaderelection: - # configmap-name: leader-elect - # configmap-namespace: projectcontour - ### Logging options - # Default setting - accesslog-format: envoy - # To enable JSON logging in Envoy - # accesslog-format: json - # The default fields that will be logged are specified below. - # To customise this list, just add or remove entries. - # The canonical list is available at - # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields - # json-fields: - # - "@timestamp" - # - "authority" - # - "bytes_received" - # - "bytes_sent" - # - "downstream_local_address" - # - "downstream_remote_address" - # - "duration" - # - "method" - # - "path" - # - "protocol" - # - "request_id" - # - "requested_server_name" - # - "response_code" - # - "response_flags" - # - "uber_trace_id" - # - "upstream_cluster" - # - "upstream_host" - # - "upstream_local_address" - # - "upstream_service_time" - # - "user_agent" - # - "x_forwarded_for" - # - # default-http-versions: - # - "HTTP/2" - # - "HTTP/1.1" - # - # The following shows the default proxy timeout settings. - # timeouts: - # request-timeout: infinity - # connection-idle-timeout: 60s - # stream-idle-timeout: 5m - # max-connection-duration: infinity - # connection-shutdown-grace-period: 5s -``` - -### Deploying Contour with an AWS NLB - -By default, Contour is launched with a AWS Classic ELB. To launch contour backed by a NLB, please set [these settings](https://github.com/projectcontour/contour/tree/master/examples/contour#deploying-with-host-networking-enabled-for-envoy): - -```yaml -envoy: - service: - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: nlb - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600" - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm: arn:aws:acm:XX-XXXX-X:XXXXXXXXX:certificate/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX - - containerPorts: - http: 80 - https: 80 -``` - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -Please carefully read through the guide "Upgrading Contour" at https://projectcontour.io/resources/upgrading/. - -### To 5.2.0 - -This version bumps the Envoy container from 1.17.X to 1.19.X; this Envoy version is officially supported by Contour since 1.18.0, see https://github.com/projectcontour/contour/releases/tag/v1.18.0 - -### To 5.0.0 - -In this version it was synchronized CRD with the official [Contour repository](https://github.com/projectcontour/contour/blob/main/examples/render/contour.yaml) - -**Considerations when upgrading to this version** - -If you are installing a fresh chart, you can ignore this section. - -If you are upgrading from 4.x of this Helm chart, this is a breaking change as the new CRDs will not overwrite the existing ones. Therefore, you will need to delete the CRDs and let the chart recreate them. Make sure to back up any existing CRs (`kubectl get -o yaml extensionservice,httpproxy,tlscertificatedelegation -A > backup.yaml`) unless you have other ways of recreating them. - -### To 4.0.0 - -The 4.0 version of this chart introduces changes to handle Contour CRD upgrades. While Helm 3.x introduced the `crd` folder to place CRDs, Helm explicitly does not handle the [CRD upgrade scenario](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations). - -**What changes were introduced in this major version?** - -- The `resources` directory was added that contains all the Contour CRDs, which are imported by the `templates/00-crds.yaml` manifest on installation and upgrade. -- If you do not wish for this chart to manage Contour CRDs, set the flag `contour.manageCRDs` to `false` when running Helm. - -**Considerations when upgrading to this version** - -If you are installing a fresh chart, or if you are upgrading from a 4.x version of this chart, you can ignore this section. - -If you are upgrading from 3.x of this Helm chart, this is a breaking change as the new CRDs will not overwrite the existing ones. Therefore, you will need to delete the CRDs and let the chart recreate them. Make sure to back up any existing CRs (`kubectl get -o yaml extensionservice,httpproxy,tlscertificatedelegation -A > backup.yaml`) unless you have other ways of recreating them. - -If required, back up your existing Custom Resources: - -```console -$ kubectl get -o yaml extensionservice,httpproxy,tlscertificatedelegation -A > backup.yaml -``` - -Delete the existing Contour CRDs. Note that this step will *also delete* the associated CRs and impact availability until the upgrade is complete and the backup restored: - -```console -$ kubectl delete extensionservices.projectcontour.io -$ kubectl delete httpproxies.projectcontour.io -$ kubectl delete tlscertificatedelegations.projectcontour.io -``` - -Upgrade the Contour chart with the release name `my-release`: - -```console -$ helm upgrade my-release bitnami/contour -``` - -If you made a backup earlier, restore the objects: - -```console -$ kubectl apply -f backup.yaml -``` - -### To 3.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 2.0.0 - -Most important changes are: - -- Using helm hooks to generate new TLS certificates for gRPC calls between Contour and Envoy. This enables us to use the same container image for the contour controller and the certgen job without upgrade issues due to JobSpec immutablility. -- Rename parameter `contour.createCustomResource` to `contour.installCRDs` -- Sync CRDs with [upstream project examples](https://github.com/projectcontour/contour/tree/main/examples/contour). Please remember that helm does not touch existing CRDs. As of today, the most reliable way to update the CRDs is, to do it outside helm (Use `--skip-crds` when using helm v3 and `--set contour.installCRDs=false` when using helm v2). Read [Upgrading Contour](https://projectcontour.io/resources/upgrading/) and execute the following `kubectl` command before helm upgrade: - -```console -$ kubectl apply -f https://raw.githubusercontent.com/projectcontour/contour/release-{{version}}/examples/contour/01-crds.yaml -``` - -This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. diff --git a/bitnami/contour/ci/ct-values-deployment.yaml b/bitnami/contour/ci/ct-values-deployment.yaml deleted file mode 100644 index 7e502f3..0000000 --- a/bitnami/contour/ci/ct-values-deployment.yaml +++ /dev/null @@ -1,5 +0,0 @@ -kind: Deployment -envoy: - service: - type: ClusterIP - externalTrafficPolicy: null diff --git a/bitnami/contour/ci/ct-values.yaml b/bitnami/contour/ci/ct-values.yaml deleted file mode 100644 index 9525053..0000000 --- a/bitnami/contour/ci/ct-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -envoy: - service: - type: ClusterIP - externalTrafficPolicy: null diff --git a/bitnami/contour/resources/extensionservices.yaml b/bitnami/contour/resources/extensionservices.yaml deleted file mode 100644 index 919b688..0000000 --- a/bitnami/contour/resources/extensionservices.yaml +++ /dev/null @@ -1,399 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - name: extensionservices.projectcontour.io -spec: - preserveUnknownFields: false - group: projectcontour.io - names: - kind: ExtensionService - listKind: ExtensionServiceList - plural: extensionservices - shortNames: - - extensionservice - - extensionservices - singular: extensionservice - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ExtensionService is the schema for the Contour extension services - API. An ExtensionService resource binds a network service to the Contour - API so that Contour API features can be implemented by collaborating components. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ExtensionServiceSpec defines the desired state of an ExtensionService - resource. - properties: - loadBalancerPolicy: - description: The policy for load balancing GRPC service requests. - Note that the `Cookie` and `RequestHash` load balancing strategies - cannot be used here. - properties: - requestHashPolicies: - description: RequestHashPolicies contains a list of hash policies - to apply when the `RequestHash` load balancing strategy is chosen. - If an element of the supplied list of hash policies is invalid, - it will be ignored. If the list of hash policies is empty after - validation, the load balancing strategy will fall back the the - default `RoundRobin`. - items: - description: RequestHashPolicy contains configuration for an - individual hash policy on a request attribute. - properties: - headerHashOptions: - description: HeaderHashOptions should be set when request - header hash based load balancing is desired. It must be - the only hash option field set, otherwise this request - hash policy object will be ignored. - properties: - headerName: - description: HeaderName is the name of the HTTP request - header that will be used to calculate the hash key. - If the header specified is not present on a request, - no hash will be produced. - minLength: 1 - type: string - type: object - terminal: - description: Terminal is a flag that allows for short-circuiting - computing of a hash for a given request. If set to true, - and the request attribute specified in the attribute hash - options is present, no further hash policies will be used - to calculate a hash for the request. - type: boolean - type: object - type: array - strategy: - description: Strategy specifies the policy used to balance requests - across the pool of backend pods. Valid policy names are `Random`, - `RoundRobin`, `WeightedLeastRequest`, `Cookie`, and `RequestHash`. - If an unknown strategy name is specified or no policy is supplied, - the default `RoundRobin` policy is used. - type: string - type: object - protocol: - description: Protocol may be used to specify (or override) the protocol - used to reach this Service. Values may be h2 or h2c. If omitted, - protocol-selection falls back on Service annotations. - enum: - - h2 - - h2c - type: string - protocolVersion: - description: This field sets the version of the GRPC protocol that - Envoy uses to send requests to the extension service. Since Contour - always uses the v3 Envoy API, this is currently fixed at "v3". However, - other protocol options will be available in future. - enum: - - v3 - type: string - services: - description: Services specifies the set of Kubernetes Service resources - that receive GRPC extension API requests. If no weights are specified - for any of the entries in this array, traffic will be spread evenly - across all the services. Otherwise, traffic is balanced proportionally - to the Weight field in each entry. - items: - description: ExtensionServiceTarget defines an Kubernetes Service - to target with extension service traffic. - properties: - name: - description: Name is the name of Kubernetes service that will - accept service traffic. - type: string - port: - description: Port (defined as Integer) to proxy traffic to since - a service can have multiple defined. - exclusiveMaximum: true - maximum: 65536 - minimum: 1 - type: integer - weight: - description: Weight defines proportion of traffic to balance - to the Kubernetes Service. - format: int32 - type: integer - required: - - name - - port - type: object - minItems: 1 - type: array - timeoutPolicy: - description: The timeout policy for requests to the services. - properties: - idle: - description: Timeout after which, if there are no active requests - for this route, the connection between Envoy and the backend - or Envoy and the external client will be closed. If not specified, - there is no per-route idle timeout, though a connection manager-wide - stream_idle_timeout default of 5m still applies. - pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ - type: string - response: - description: Timeout for receiving a response from the server - after processing a request from client. If not supplied, Envoy's - default value of 15s applies. - pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ - type: string - type: object - validation: - description: UpstreamValidation defines how to verify the backend - service's certificate - properties: - caSecret: - description: Name or namespaced name of the Kubernetes secret - used to validate the certificate presented by the backend - type: string - subjectName: - description: Key which is expected to be present in the 'subjectAltName' - of the presented certificate - type: string - required: - - caSecret - - subjectName - type: object - required: - - services - type: object - status: - description: ExtensionServiceStatus defines the observed state of an ExtensionService - resource. - properties: - conditions: - description: "Conditions contains the current status of the ExtensionService - resource. \n Contour will update a single condition, `Valid`, that - is in normal-true polarity. \n Contour will not modify any other - Conditions set in this block, in case some other controller wants - to add a Condition." - items: - description: "DetailedCondition is an extension of the normal Kubernetes - conditions, with two extra fields to hold sub-conditions, which - provide more detailed reasons for the state (True or False) of - the condition. \n `errors` holds information about sub-conditions - which are fatal to that condition and render its state False. - \n `warnings` holds information about sub-conditions which are - not fatal to that condition and do not force the state to be False. - \n Remember that Conditions have a type, a status, and a reason. - \n The type is the type of the condition, the most important one - in this CRD set is `Valid`. `Valid` is a positive-polarity condition: - when it is `status: true` there are no problems. \n In more detail, - `status: true` means that the object is has been ingested into - Contour with no errors. `warnings` may still be present, and will - be indicated in the Reason field. There must be zero entries in - the `errors` slice in this case. \n `Valid`, `status: false` means - that the object has had one or more fatal errors during processing - into Contour. The details of the errors will be present under - the `errors` field. There must be at least one error in the `errors` - slice if `status` is `false`. \n For DetailedConditions of types - other than `Valid`, the Condition must be in the negative polarity. - When they have `status` `true`, there is an error. There must - be at least one entry in the `errors` Subcondition slice. When - they have `status` `false`, there are no serious errors, and there - must be zero entries in the `errors` slice. In either case, there - may be entries in the `warnings` slice. \n Regardless of the polarity, - the `reason` and `message` fields must be updated with either - the detail of the reason (if there is one and only one entry in - total across both the `errors` and `warnings` slices), or `MultipleReasons` - if there is more than one entry." - properties: - errors: - description: "Errors contains a slice of relevant error subconditions - for this object. \n Subconditions are expected to appear when - relevant (when there is a error), and disappear when not relevant. - An empty slice here indicates no errors." - items: - description: "SubCondition is a Condition-like type intended - for use as a subcondition inside a DetailedCondition. \n - It contains a subset of the Condition fields. \n It is intended - for warnings and errors, so `type` names should use abnormal-true - polarity, that is, they should be of the form \"ErrorPresent: - true\". \n The expected lifecycle for these errors is that - they should only be present when the error or warning is, - and should be removed when they are not relevant." - properties: - message: - description: "Message is a human readable message indicating - details about the transition. \n This may be an empty - string." - maxLength: 32768 - type: string - reason: - description: "Reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. \n The value - should be a CamelCase string. \n This field may not - be empty." - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. - \n This must be in abnormal-true polarity, that is, - `ErrorFound` or `controller.io/ErrorFound`. \n The regex - it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - message - - reason - - status - - type - type: object - type: array - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - warnings: - description: "Warnings contains a slice of relevant warning - subconditions for this object. \n Subconditions are expected - to appear when relevant (when there is a warning), and disappear - when not relevant. An empty slice here indicates no warnings." - items: - description: "SubCondition is a Condition-like type intended - for use as a subcondition inside a DetailedCondition. \n - It contains a subset of the Condition fields. \n It is intended - for warnings and errors, so `type` names should use abnormal-true - polarity, that is, they should be of the form \"ErrorPresent: - true\". \n The expected lifecycle for these errors is that - they should only be present when the error or warning is, - and should be removed when they are not relevant." - properties: - message: - description: "Message is a human readable message indicating - details about the transition. \n This may be an empty - string." - maxLength: 32768 - type: string - reason: - description: "Reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. \n The value - should be a CamelCase string. \n This field may not - be empty." - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. - \n This must be in abnormal-true polarity, that is, - `ErrorFound` or `controller.io/ErrorFound`. \n The regex - it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - message - - reason - - status - - type - type: object - type: array - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/contour/resources/httpproxies.yaml b/bitnami/contour/resources/httpproxies.yaml deleted file mode 100644 index ec3468e..0000000 --- a/bitnami/contour/resources/httpproxies.yaml +++ /dev/null @@ -1,1783 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - name: httpproxies.projectcontour.io -spec: - preserveUnknownFields: false - group: projectcontour.io - names: - kind: HTTPProxy - listKind: HTTPProxyList - plural: httpproxies - shortNames: - - proxy - - proxies - singular: httpproxy - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Fully qualified domain name - jsonPath: .spec.virtualhost.fqdn - name: FQDN - type: string - - description: Secret with TLS credentials - jsonPath: .spec.virtualhost.tls.secretName - name: TLS Secret - type: string - - description: The current status of the HTTPProxy - jsonPath: .status.currentStatus - name: Status - type: string - - description: Description of the current status - jsonPath: .status.description - name: Status Description - type: string - name: v1 - schema: - openAPIV3Schema: - description: HTTPProxy is an Ingress CRD specification. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HTTPProxySpec defines the spec of the CRD. - properties: - includes: - description: Includes allow for specific routing configuration to - be included from another HTTPProxy, possibly in another namespace. - items: - description: Include describes a set of policies that can be applied - to an HTTPProxy in a namespace. - properties: - conditions: - description: 'Conditions are a set of rules that are applied - to included HTTPProxies. In effect, they are added onto the - Conditions of included HTTPProxy Route structs. When applied, - they are merged using AND, with one exception: There can be - only one Prefix MatchCondition per Conditions slice. More - than one Prefix, or contradictory Conditions, will make the - include invalid.' - items: - description: MatchCondition are a general holder for matching - rules for HTTPProxies. One of Prefix or Header must be provided. - properties: - header: - description: Header specifies the header condition to - match. - properties: - contains: - description: Contains specifies a substring that must - be present in the header value. - type: string - exact: - description: Exact specifies a string that the header - value must be equal to. - type: string - name: - description: Name is the name of the header to match - against. Name is required. Header names are case - insensitive. - type: string - notcontains: - description: NotContains specifies a substring that - must not be present in the header value. - type: string - notexact: - description: NoExact specifies a string that the header - value must not be equal to. The condition is true - if the header has any other value. - type: string - notpresent: - description: NotPresent specifies that condition is - true when the named header is not present. Note - that setting NotPresent to false does not make the - condition true if the named header is present. - type: boolean - present: - description: Present specifies that condition is true - when the named header is present, regardless of - its value. Note that setting Present to false does - not make the condition true if the named header - is absent. - type: boolean - required: - - name - type: object - prefix: - description: Prefix defines a prefix match for a request. - type: string - type: object - type: array - name: - description: Name of the HTTPProxy - type: string - namespace: - description: Namespace of the HTTPProxy to include. Defaults - to the current namespace if not supplied. - type: string - required: - - name - type: object - type: array - ingressClassName: - description: IngressClassName optionally specifies the ingress class - to use for this HTTPProxy. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when that annotation is - set, it is given precedence over this field. - type: string - routes: - description: Routes are the ingress routes. If TCPProxy is present, - Routes is ignored. - items: - description: Route contains the set of routes for a virtual host. - properties: - authPolicy: - description: AuthPolicy updates the authorization policy that - was set on the root HTTPProxy object for client requests that - match this route. - properties: - context: - additionalProperties: - type: string - description: Context is a set of key/value pairs that are - sent to the authentication server in the check request. - If a context is provided at an enclosing scope, the entries - are merged such that the inner scope overrides matching - keys from the outer scope. - type: object - disabled: - description: When true, this field disables client request - authentication for the scope of the policy. - type: boolean - type: object - conditions: - description: 'Conditions are a set of rules that are applied - to a Route. When applied, they are merged using AND, with - one exception: There can be only one Prefix MatchCondition - per Conditions slice. More than one Prefix, or contradictory - Conditions, will make the route invalid.' - items: - description: MatchCondition are a general holder for matching - rules for HTTPProxies. One of Prefix or Header must be provided. - properties: - header: - description: Header specifies the header condition to - match. - properties: - contains: - description: Contains specifies a substring that must - be present in the header value. - type: string - exact: - description: Exact specifies a string that the header - value must be equal to. - type: string - name: - description: Name is the name of the header to match - against. Name is required. Header names are case - insensitive. - type: string - notcontains: - description: NotContains specifies a substring that - must not be present in the header value. - type: string - notexact: - description: NoExact specifies a string that the header - value must not be equal to. The condition is true - if the header has any other value. - type: string - notpresent: - description: NotPresent specifies that condition is - true when the named header is not present. Note - that setting NotPresent to false does not make the - condition true if the named header is present. - type: boolean - present: - description: Present specifies that condition is true - when the named header is present, regardless of - its value. Note that setting Present to false does - not make the condition true if the named header - is absent. - type: boolean - required: - - name - type: object - prefix: - description: Prefix defines a prefix match for a request. - type: string - type: object - type: array - enableWebsockets: - description: Enables websocket support for the route. - type: boolean - healthCheckPolicy: - description: The health check policy for this route. - properties: - healthyThresholdCount: - description: The number of healthy health checks required - before a host is marked healthy - format: int64 - minimum: 0 - type: integer - host: - description: The value of the host header in the HTTP health - check request. If left empty (default value), the name - "contour-envoy-healthcheck" will be used. - type: string - intervalSeconds: - description: The interval (seconds) between health checks - format: int64 - type: integer - path: - description: HTTP endpoint used to perform health checks - on upstream service - type: string - timeoutSeconds: - description: The time to wait (seconds) for a health check - response - format: int64 - type: integer - unhealthyThresholdCount: - description: The number of unhealthy health checks required - before a host is marked unhealthy - format: int64 - minimum: 0 - type: integer - required: - - path - type: object - loadBalancerPolicy: - description: The load balancing policy for this route. - properties: - requestHashPolicies: - description: RequestHashPolicies contains a list of hash - policies to apply when the `RequestHash` load balancing - strategy is chosen. If an element of the supplied list - of hash policies is invalid, it will be ignored. If the - list of hash policies is empty after validation, the load - balancing strategy will fall back the the default `RoundRobin`. - items: - description: RequestHashPolicy contains configuration - for an individual hash policy on a request attribute. - properties: - headerHashOptions: - description: HeaderHashOptions should be set when - request header hash based load balancing is desired. - It must be the only hash option field set, otherwise - this request hash policy object will be ignored. - properties: - headerName: - description: HeaderName is the name of the HTTP - request header that will be used to calculate - the hash key. If the header specified is not - present on a request, no hash will be produced. - minLength: 1 - type: string - type: object - terminal: - description: Terminal is a flag that allows for short-circuiting - computing of a hash for a given request. If set - to true, and the request attribute specified in - the attribute hash options is present, no further - hash policies will be used to calculate a hash for - the request. - type: boolean - type: object - type: array - strategy: - description: Strategy specifies the policy used to balance - requests across the pool of backend pods. Valid policy - names are `Random`, `RoundRobin`, `WeightedLeastRequest`, - `Cookie`, and `RequestHash`. If an unknown strategy name - is specified or no policy is supplied, the default `RoundRobin` - policy is used. - type: string - type: object - pathRewritePolicy: - description: The policy for rewriting the path of the request - URL after the request has been routed to a Service. - properties: - replacePrefix: - description: ReplacePrefix describes how the path prefix - should be replaced. - items: - description: ReplacePrefix describes a path prefix replacement. - properties: - prefix: - description: "Prefix specifies the URL path prefix - to be replaced. \n If Prefix is specified, it must - exactly match the MatchCondition prefix that is - rendered by the chain of including HTTPProxies and - only that path prefix will be replaced by Replacement. - This allows HTTPProxies that are included through - multiple roots to only replace specific path prefixes, - leaving others unmodified. \n If Prefix is not specified, - all routing prefixes rendered by the include chain - will be replaced." - minLength: 1 - type: string - replacement: - description: Replacement is the string that the routing - path prefix will be replaced with. This must not - be empty. - minLength: 1 - type: string - required: - - replacement - type: object - type: array - type: object - permitInsecure: - description: Allow this path to respond to insecure requests - over HTTP which are normally not permitted when a `virtualhost.tls` - block is present. - type: boolean - rateLimitPolicy: - description: The policy for rate limiting on the route. - properties: - global: - description: Global defines global rate limiting parameters, - i.e. parameters defining descriptors that are sent to - an external rate limit service (RLS) for a rate limit - decision on each request. - properties: - descriptors: - description: Descriptors defines the list of descriptors - that will be generated and sent to the rate limit - service. Each descriptor contains 1+ key-value pair - entries. - items: - description: RateLimitDescriptor defines a list of - key-value pair generators. - properties: - entries: - description: Entries is the list of key-value - pair generators. - items: - description: RateLimitDescriptorEntry is a key-value - pair generator. Exactly one field on this - struct must be non-nil. - properties: - genericKey: - description: GenericKey defines a descriptor - entry with a static key and value. - properties: - key: - description: Key defines the key of - the descriptor entry. If not set, - the key is set to "generic_key". - type: string - value: - description: Value defines the value - of the descriptor entry. - minLength: 1 - type: string - type: object - remoteAddress: - description: RemoteAddress defines a descriptor - entry with a key of "remote_address" and - a value equal to the client's IP address - (from x-forwarded-for). - type: object - requestHeader: - description: RequestHeader defines a descriptor - entry that's populated only if a given - header is present on the request. The - descriptor key is static, and the descriptor - value is equal to the value of the header. - properties: - descriptorKey: - description: DescriptorKey defines the - key to use on the descriptor entry. - minLength: 1 - type: string - headerName: - description: HeaderName defines the - name of the header to look for on - the request. - minLength: 1 - type: string - type: object - requestHeaderValueMatch: - description: RequestHeaderValueMatch defines - a descriptor entry that's populated if - the request's headers match a set of 1+ - match criteria. The descriptor key is - "header_match", and the descriptor value - is static. - properties: - expectMatch: - default: true - description: ExpectMatch defines whether - the request must positively match - the match criteria in order to generate - a descriptor entry (i.e. true), or - not match the match criteria in order - to generate a descriptor entry (i.e. - false). The default is true. - type: boolean - headers: - description: Headers is a list of 1+ - match criteria to apply against the - request to determine whether to populate - the descriptor entry or not. - items: - description: HeaderMatchCondition - specifies how to conditionally match - against HTTP headers. The Name field - is required, but only one of the - remaining fields should be be provided. - properties: - contains: - description: Contains specifies - a substring that must be present - in the header value. - type: string - exact: - description: Exact specifies a - string that the header value - must be equal to. - type: string - name: - description: Name is the name - of the header to match against. - Name is required. Header names - are case insensitive. - type: string - notcontains: - description: NotContains specifies - a substring that must not be - present in the header value. - type: string - notexact: - description: NoExact specifies - a string that the header value - must not be equal to. The condition - is true if the header has any - other value. - type: string - notpresent: - description: NotPresent specifies - that condition is true when - the named header is not present. - Note that setting NotPresent - to false does not make the condition - true if the named header is - present. - type: boolean - present: - description: Present specifies - that condition is true when - the named header is present, - regardless of its value. Note - that setting Present to false - does not make the condition - true if the named header is - absent. - type: boolean - required: - - name - type: object - minItems: 1 - type: array - value: - description: Value defines the value - of the descriptor entry. - minLength: 1 - type: string - type: object - type: object - minItems: 1 - type: array - type: object - minItems: 1 - type: array - type: object - local: - description: Local defines local rate limiting parameters, - i.e. parameters for rate limiting that occurs within each - Envoy pod as requests are handled. - properties: - burst: - description: Burst defines the number of requests above - the requests per unit that should be allowed within - a short period of time. - format: int32 - type: integer - requests: - description: Requests defines how many requests per - unit of time should be allowed before rate limiting - occurs. - format: int32 - minimum: 1 - type: integer - responseHeadersToAdd: - description: ResponseHeadersToAdd is an optional list - of response headers to set when a request is rate-limited. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - responseStatusCode: - description: ResponseStatusCode is the HTTP status code - to use for responses to rate-limited requests. Codes - must be in the 400-599 range (inclusive). If not specified, - the Envoy default of 429 (Too Many Requests) is used. - format: int32 - maximum: 599 - minimum: 400 - type: integer - unit: - description: Unit defines the period of time within - which requests over the limit will be rate limited. - Valid values are "second", "minute" and "hour". - enum: - - second - - minute - - hour - type: string - required: - - requests - - unit - type: object - type: object - requestHeadersPolicy: - description: The policy for managing request headers during - proxying. - properties: - remove: - description: Remove specifies a list of HTTP header names - to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header does - not exist it will be added, otherwise it will be overwritten - with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - responseHeadersPolicy: - description: The policy for managing response headers during - proxying. Rewriting the 'Host' header is not supported. - properties: - remove: - description: Remove specifies a list of HTTP header names - to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header does - not exist it will be added, otherwise it will be overwritten - with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - retryPolicy: - description: The retry policy for this route. - properties: - count: - description: NumRetries is maximum allowed number of retries. - If not supplied, the number of retries is one. - format: int64 - minimum: 0 - type: integer - perTryTimeout: - description: PerTryTimeout specifies the timeout per retry - attempt. Ignored if NumRetries is not supplied. - pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ - type: string - retriableStatusCodes: - description: "RetriableStatusCodes specifies the HTTP status - codes that should be retried. \n This field is only respected - when you include `retriable-status-codes` in the `RetryOn` - field." - items: - format: int32 - type: integer - type: array - retryOn: - description: "RetryOn specifies the conditions on which - to retry a request. \n Supported [HTTP conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on): - \n - `5xx` - `gateway-error` - `reset` - `connect-failure` - - `retriable-4xx` - `refused-stream` - `retriable-status-codes` - - `retriable-headers` \n Supported [gRPC conditions](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on): - \n - `cancelled` - `deadline-exceeded` - `internal` - - `resource-exhausted` - `unavailable`" - items: - description: RetryOn is a string type alias with validation - to ensure that the value is valid. - enum: - - 5xx - - gateway-error - - reset - - connect-failure - - retriable-4xx - - refused-stream - - retriable-status-codes - - retriable-headers - - cancelled - - deadline-exceeded - - internal - - resource-exhausted - - unavailable - type: string - type: array - type: object - services: - description: Services are the services to proxy traffic. - items: - description: Service defines an Kubernetes Service to proxy - traffic. - properties: - mirror: - description: If Mirror is true the Service will receive - a read only mirror of the traffic for this route. - type: boolean - name: - description: Name is the name of Kubernetes service to - proxy traffic. Names defined here will be used to look - up corresponding endpoints which contain the ips to - route. - type: string - port: - description: Port (defined as Integer) to proxy traffic - to since a service can have multiple defined. - exclusiveMaximum: true - maximum: 65536 - minimum: 1 - type: integer - protocol: - description: Protocol may be used to specify (or override) - the protocol used to reach this Service. Values may - be tls, h2, h2c. If omitted, protocol-selection falls - back on Service annotations. - enum: - - h2 - - h2c - - tls - type: string - requestHeadersPolicy: - description: The policy for managing request headers during - proxying. Rewriting the 'Host' header is not supported. - properties: - remove: - description: Remove specifies a list of HTTP header - names to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header - does not exist it will be added, otherwise it will - be overwritten with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a - header specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - responseHeadersPolicy: - description: The policy for managing response headers - during proxying. Rewriting the 'Host' header is not - supported. - properties: - remove: - description: Remove specifies a list of HTTP header - names to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header - does not exist it will be added, otherwise it will - be overwritten with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a - header specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - validation: - description: UpstreamValidation defines how to verify - the backend service's certificate - properties: - caSecret: - description: Name or namespaced name of the Kubernetes - secret used to validate the certificate presented - by the backend - type: string - subjectName: - description: Key which is expected to be present in - the 'subjectAltName' of the presented certificate - type: string - required: - - caSecret - - subjectName - type: object - weight: - description: Weight defines percentage of traffic to balance - traffic - format: int64 - minimum: 0 - type: integer - required: - - name - - port - type: object - minItems: 1 - type: array - timeoutPolicy: - description: The timeout policy for this route. - properties: - idle: - description: Timeout after which, if there are no active - requests for this route, the connection between Envoy - and the backend or Envoy and the external client will - be closed. If not specified, there is no per-route idle - timeout, though a connection manager-wide stream_idle_timeout - default of 5m still applies. - pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ - type: string - response: - description: Timeout for receiving a response from the server - after processing a request from client. If not supplied, - Envoy's default value of 15s applies. - pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ - type: string - type: object - required: - - services - type: object - type: array - tcpproxy: - description: TCPProxy holds TCP proxy information. - properties: - healthCheckPolicy: - description: The health check policy for this tcp proxy - properties: - healthyThresholdCount: - description: The number of healthy health checks required - before a host is marked healthy - format: int32 - type: integer - intervalSeconds: - description: The interval (seconds) between health checks - format: int64 - type: integer - timeoutSeconds: - description: The time to wait (seconds) for a health check - response - format: int64 - type: integer - unhealthyThresholdCount: - description: The number of unhealthy health checks required - before a host is marked unhealthy - format: int32 - type: integer - type: object - include: - description: Include specifies that this tcpproxy should be delegated - to another HTTPProxy. - properties: - name: - description: Name of the child HTTPProxy - type: string - namespace: - description: Namespace of the HTTPProxy to include. Defaults - to the current namespace if not supplied. - type: string - required: - - name - type: object - includes: - description: "IncludesDeprecated allow for specific routing configuration - to be appended to another HTTPProxy in another namespace. \n - Exists due to a mistake when developing HTTPProxy and the field - was marked plural when it should have been singular. This field - should stay to not break backwards compatibility to v1 users." - properties: - name: - description: Name of the child HTTPProxy - type: string - namespace: - description: Namespace of the HTTPProxy to include. Defaults - to the current namespace if not supplied. - type: string - required: - - name - type: object - loadBalancerPolicy: - description: The load balancing policy for the backend services. - Note that the `Cookie` and `RequestHash` load balancing strategies - cannot be used here. - properties: - requestHashPolicies: - description: RequestHashPolicies contains a list of hash policies - to apply when the `RequestHash` load balancing strategy - is chosen. If an element of the supplied list of hash policies - is invalid, it will be ignored. If the list of hash policies - is empty after validation, the load balancing strategy will - fall back the the default `RoundRobin`. - items: - description: RequestHashPolicy contains configuration for - an individual hash policy on a request attribute. - properties: - headerHashOptions: - description: HeaderHashOptions should be set when request - header hash based load balancing is desired. It must - be the only hash option field set, otherwise this - request hash policy object will be ignored. - properties: - headerName: - description: HeaderName is the name of the HTTP - request header that will be used to calculate - the hash key. If the header specified is not present - on a request, no hash will be produced. - minLength: 1 - type: string - type: object - terminal: - description: Terminal is a flag that allows for short-circuiting - computing of a hash for a given request. If set to - true, and the request attribute specified in the attribute - hash options is present, no further hash policies - will be used to calculate a hash for the request. - type: boolean - type: object - type: array - strategy: - description: Strategy specifies the policy used to balance - requests across the pool of backend pods. Valid policy names - are `Random`, `RoundRobin`, `WeightedLeastRequest`, `Cookie`, - and `RequestHash`. If an unknown strategy name is specified - or no policy is supplied, the default `RoundRobin` policy - is used. - type: string - type: object - services: - description: Services are the services to proxy traffic - items: - description: Service defines an Kubernetes Service to proxy - traffic. - properties: - mirror: - description: If Mirror is true the Service will receive - a read only mirror of the traffic for this route. - type: boolean - name: - description: Name is the name of Kubernetes service to proxy - traffic. Names defined here will be used to look up corresponding - endpoints which contain the ips to route. - type: string - port: - description: Port (defined as Integer) to proxy traffic - to since a service can have multiple defined. - exclusiveMaximum: true - maximum: 65536 - minimum: 1 - type: integer - protocol: - description: Protocol may be used to specify (or override) - the protocol used to reach this Service. Values may be - tls, h2, h2c. If omitted, protocol-selection falls back - on Service annotations. - enum: - - h2 - - h2c - - tls - type: string - requestHeadersPolicy: - description: The policy for managing request headers during - proxying. Rewriting the 'Host' header is not supported. - properties: - remove: - description: Remove specifies a list of HTTP header - names to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header - does not exist it will be added, otherwise it will - be overwritten with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - responseHeadersPolicy: - description: The policy for managing response headers during - proxying. Rewriting the 'Host' header is not supported. - properties: - remove: - description: Remove specifies a list of HTTP header - names to remove. - items: - type: string - type: array - set: - description: Set specifies a list of HTTP header values - that will be set in the HTTP header. If the header - does not exist it will be added, otherwise it will - be overwritten with the new value. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - type: object - validation: - description: UpstreamValidation defines how to verify the - backend service's certificate - properties: - caSecret: - description: Name or namespaced name of the Kubernetes - secret used to validate the certificate presented - by the backend - type: string - subjectName: - description: Key which is expected to be present in - the 'subjectAltName' of the presented certificate - type: string - required: - - caSecret - - subjectName - type: object - weight: - description: Weight defines percentage of traffic to balance - traffic - format: int64 - minimum: 0 - type: integer - required: - - name - - port - type: object - type: array - type: object - virtualhost: - description: Virtualhost appears at most once. If it is present, the - object is considered to be a "root" HTTPProxy. - properties: - authorization: - description: This field configures an extension service to perform - authorization for this virtual host. Authorization can only - be configured on virtual hosts that have TLS enabled. If the - TLS configuration requires client certificate validation, the - client certificate is always included in the authentication - check request. - properties: - authPolicy: - description: AuthPolicy sets a default authorization policy - for client requests. This policy will be used unless overridden - by individual routes. - properties: - context: - additionalProperties: - type: string - description: Context is a set of key/value pairs that - are sent to the authentication server in the check request. - If a context is provided at an enclosing scope, the - entries are merged such that the inner scope overrides - matching keys from the outer scope. - type: object - disabled: - description: When true, this field disables client request - authentication for the scope of the policy. - type: boolean - type: object - extensionRef: - description: ExtensionServiceRef specifies the extension resource - that will authorize client requests. - properties: - apiVersion: - description: API version of the referent. If this field - is not specified, the default "projectcontour.io/v1alpha1" - will be used - minLength: 1 - type: string - name: - description: "Name of the referent. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - minLength: 1 - type: string - namespace: - description: "Namespace of the referent. If this field - is not specifies, the namespace of the resource that - targets the referent will be used. \n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/" - minLength: 1 - type: string - type: object - failOpen: - description: If FailOpen is true, the client request is forwarded - to the upstream service even if the authorization server - fails to respond. This field should not be set in most cases. - It is intended for use only while migrating applications - from internal authorization to Contour external authorization. - type: boolean - responseTimeout: - description: ResponseTimeout configures maximum time to wait - for a check response from the authorization server. Timeout - durations are expressed in the Go [Duration format](https://godoc.org/time#ParseDuration). - Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", - "h". The string "infinity" is also a valid input and specifies - no timeout. - pattern: ^(((\d*(\.\d*)?h)|(\d*(\.\d*)?m)|(\d*(\.\d*)?s)|(\d*(\.\d*)?ms)|(\d*(\.\d*)?us)|(\d*(\.\d*)?µs)|(\d*(\.\d*)?ns))+|infinity|infinite)$ - type: string - required: - - extensionRef - type: object - corsPolicy: - description: Specifies the cross-origin policy to apply to the - VirtualHost. - properties: - allowCredentials: - description: Specifies whether the resource allows credentials. - type: boolean - allowHeaders: - description: AllowHeaders specifies the content for the *access-control-allow-headers* - header. - items: - description: CORSHeaderValue specifies the value of the - string headers returned by a cross-domain request. - pattern: ^[a-zA-Z0-9!#$%&'*+.^_`|~-]+$ - type: string - type: array - allowMethods: - description: AllowMethods specifies the content for the *access-control-allow-methods* - header. - items: - description: CORSHeaderValue specifies the value of the - string headers returned by a cross-domain request. - pattern: ^[a-zA-Z0-9!#$%&'*+.^_`|~-]+$ - type: string - type: array - allowOrigin: - description: AllowOrigin specifies the origins that will be - allowed to do CORS requests. "*" means allow any origin. - items: - type: string - type: array - exposeHeaders: - description: ExposeHeaders Specifies the content for the *access-control-expose-headers* - header. - items: - description: CORSHeaderValue specifies the value of the - string headers returned by a cross-domain request. - pattern: ^[a-zA-Z0-9!#$%&'*+.^_`|~-]+$ - type: string - type: array - maxAge: - description: MaxAge indicates for how long the results of - a preflight request can be cached. MaxAge durations are - expressed in the Go [Duration format](https://godoc.org/time#ParseDuration). - Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", - "h". Only positive values are allowed while 0 disables the - cache requiring a preflight OPTIONS check for all cross-origin - requests. - type: string - required: - - allowMethods - - allowOrigin - type: object - fqdn: - description: The fully qualified domain name of the root of the - ingress tree all leaves of the DAG rooted at this object relate - to the fqdn. - type: string - rateLimitPolicy: - description: The policy for rate limiting on the virtual host. - properties: - global: - description: Global defines global rate limiting parameters, - i.e. parameters defining descriptors that are sent to an - external rate limit service (RLS) for a rate limit decision - on each request. - properties: - descriptors: - description: Descriptors defines the list of descriptors - that will be generated and sent to the rate limit service. - Each descriptor contains 1+ key-value pair entries. - items: - description: RateLimitDescriptor defines a list of key-value - pair generators. - properties: - entries: - description: Entries is the list of key-value pair - generators. - items: - description: RateLimitDescriptorEntry is a key-value - pair generator. Exactly one field on this struct - must be non-nil. - properties: - genericKey: - description: GenericKey defines a descriptor - entry with a static key and value. - properties: - key: - description: Key defines the key of the - descriptor entry. If not set, the key - is set to "generic_key". - type: string - value: - description: Value defines the value of - the descriptor entry. - minLength: 1 - type: string - type: object - remoteAddress: - description: RemoteAddress defines a descriptor - entry with a key of "remote_address" and - a value equal to the client's IP address - (from x-forwarded-for). - type: object - requestHeader: - description: RequestHeader defines a descriptor - entry that's populated only if a given header - is present on the request. The descriptor - key is static, and the descriptor value - is equal to the value of the header. - properties: - descriptorKey: - description: DescriptorKey defines the - key to use on the descriptor entry. - minLength: 1 - type: string - headerName: - description: HeaderName defines the name - of the header to look for on the request. - minLength: 1 - type: string - type: object - requestHeaderValueMatch: - description: RequestHeaderValueMatch defines - a descriptor entry that's populated if the - request's headers match a set of 1+ match - criteria. The descriptor key is "header_match", - and the descriptor value is static. - properties: - expectMatch: - default: true - description: ExpectMatch defines whether - the request must positively match the - match criteria in order to generate - a descriptor entry (i.e. true), or not - match the match criteria in order to - generate a descriptor entry (i.e. false). - The default is true. - type: boolean - headers: - description: Headers is a list of 1+ match - criteria to apply against the request - to determine whether to populate the - descriptor entry or not. - items: - description: HeaderMatchCondition specifies - how to conditionally match against - HTTP headers. The Name field is required, - but only one of the remaining fields - should be be provided. - properties: - contains: - description: Contains specifies - a substring that must be present - in the header value. - type: string - exact: - description: Exact specifies a string - that the header value must be - equal to. - type: string - name: - description: Name is the name of - the header to match against. Name - is required. Header names are - case insensitive. - type: string - notcontains: - description: NotContains specifies - a substring that must not be present - in the header value. - type: string - notexact: - description: NoExact specifies a - string that the header value must - not be equal to. The condition - is true if the header has any - other value. - type: string - notpresent: - description: NotPresent specifies - that condition is true when the - named header is not present. Note - that setting NotPresent to false - does not make the condition true - if the named header is present. - type: boolean - present: - description: Present specifies that - condition is true when the named - header is present, regardless - of its value. Note that setting - Present to false does not make - the condition true if the named - header is absent. - type: boolean - required: - - name - type: object - minItems: 1 - type: array - value: - description: Value defines the value of - the descriptor entry. - minLength: 1 - type: string - type: object - type: object - minItems: 1 - type: array - type: object - minItems: 1 - type: array - type: object - local: - description: Local defines local rate limiting parameters, - i.e. parameters for rate limiting that occurs within each - Envoy pod as requests are handled. - properties: - burst: - description: Burst defines the number of requests above - the requests per unit that should be allowed within - a short period of time. - format: int32 - type: integer - requests: - description: Requests defines how many requests per unit - of time should be allowed before rate limiting occurs. - format: int32 - minimum: 1 - type: integer - responseHeadersToAdd: - description: ResponseHeadersToAdd is an optional list - of response headers to set when a request is rate-limited. - items: - description: HeaderValue represents a header name/value - pair - properties: - name: - description: Name represents a key of a header - minLength: 1 - type: string - value: - description: Value represents the value of a header - specified by a key - minLength: 1 - type: string - required: - - name - - value - type: object - type: array - responseStatusCode: - description: ResponseStatusCode is the HTTP status code - to use for responses to rate-limited requests. Codes - must be in the 400-599 range (inclusive). If not specified, - the Envoy default of 429 (Too Many Requests) is used. - format: int32 - maximum: 599 - minimum: 400 - type: integer - unit: - description: Unit defines the period of time within which - requests over the limit will be rate limited. Valid - values are "second", "minute" and "hour". - enum: - - second - - minute - - hour - type: string - required: - - requests - - unit - type: object - type: object - tls: - description: If present the fields describes TLS properties of - the virtual host. The SNI names that will be matched on are - described in fqdn, the tls.secretName secret must contain a - certificate that itself contains a name that matches the FQDN. - properties: - clientValidation: - description: "ClientValidation defines how to verify the client - certificate when an external client establishes a TLS connection - to Envoy. \n This setting: \n 1. Enables TLS client certificate - validation. 2. Specifies how the client certificate will - be validated (i.e. validation required or skipped). \n - Note: Setting client certificate validation to be skipped - should be only used in conjunction with an external authorization - server that performs client validation as Contour will ensure - client certificates are passed along." - properties: - caSecret: - description: Name of a Kubernetes secret that contains - a CA certificate bundle. The client certificate must - validate against the certificates in the bundle. If - specified and SkipClientCertValidation is true, client - certificates will be required on requests. - minLength: 1 - type: string - skipClientCertValidation: - description: SkipClientCertValidation disables downstream - client certificate validation. Defaults to false. This - field is intended to be used in conjunction with external - authorization in order to enable the external authorization - server to validate client certificates. When this field - is set to true, client certificates are requested but - not verified by Envoy. If CACertificate is specified, - client certificates are required on requests, but not - verified. If external authorization is in use, they - are presented to the external authorization server. - type: boolean - type: object - enableFallbackCertificate: - description: EnableFallbackCertificate defines if the vhost - should allow a default certificate to be applied which handles - all requests which don't match the SNI defined in this vhost. - type: boolean - minimumProtocolVersion: - description: MinimumProtocolVersion is the minimum TLS version - this vhost should negotiate. Valid options are `1.2` (default) - and `1.3`. Any other value defaults to TLS 1.2. - type: string - passthrough: - description: Passthrough defines whether the encrypted TLS - handshake will be passed through to the backing cluster. - Either Passthrough or SecretName must be specified, but - not both. - type: boolean - secretName: - description: SecretName is the name of a TLS secret in the - current namespace. Either SecretName or Passthrough must - be specified, but not both. If specified, the named secret - must contain a matching certificate for the virtual host's - FQDN. - type: string - type: object - required: - - fqdn - type: object - type: object - status: - description: Status is a container for computed information about the - HTTPProxy. - properties: - conditions: - description: "Conditions contains information about the current status - of the HTTPProxy, in an upstream-friendly container. \n Contour - will update a single condition, `Valid`, that is in normal-true - polarity. That is, when `currentStatus` is `valid`, the `Valid` - condition will be `status: true`, and vice versa. \n Contour will - leave untouched any other Conditions set in this block, in case - some other controller wants to add a Condition. \n If you are another - controller owner and wish to add a condition, you *should* namespace - your condition with a label, like `controller.domain.com/ConditionName`." - items: - description: "DetailedCondition is an extension of the normal Kubernetes - conditions, with two extra fields to hold sub-conditions, which - provide more detailed reasons for the state (True or False) of - the condition. \n `errors` holds information about sub-conditions - which are fatal to that condition and render its state False. - \n `warnings` holds information about sub-conditions which are - not fatal to that condition and do not force the state to be False. - \n Remember that Conditions have a type, a status, and a reason. - \n The type is the type of the condition, the most important one - in this CRD set is `Valid`. `Valid` is a positive-polarity condition: - when it is `status: true` there are no problems. \n In more detail, - `status: true` means that the object is has been ingested into - Contour with no errors. `warnings` may still be present, and will - be indicated in the Reason field. There must be zero entries in - the `errors` slice in this case. \n `Valid`, `status: false` means - that the object has had one or more fatal errors during processing - into Contour. The details of the errors will be present under - the `errors` field. There must be at least one error in the `errors` - slice if `status` is `false`. \n For DetailedConditions of types - other than `Valid`, the Condition must be in the negative polarity. - When they have `status` `true`, there is an error. There must - be at least one entry in the `errors` Subcondition slice. When - they have `status` `false`, there are no serious errors, and there - must be zero entries in the `errors` slice. In either case, there - may be entries in the `warnings` slice. \n Regardless of the polarity, - the `reason` and `message` fields must be updated with either - the detail of the reason (if there is one and only one entry in - total across both the `errors` and `warnings` slices), or `MultipleReasons` - if there is more than one entry." - properties: - errors: - description: "Errors contains a slice of relevant error subconditions - for this object. \n Subconditions are expected to appear when - relevant (when there is a error), and disappear when not relevant. - An empty slice here indicates no errors." - items: - description: "SubCondition is a Condition-like type intended - for use as a subcondition inside a DetailedCondition. \n - It contains a subset of the Condition fields. \n It is intended - for warnings and errors, so `type` names should use abnormal-true - polarity, that is, they should be of the form \"ErrorPresent: - true\". \n The expected lifecycle for these errors is that - they should only be present when the error or warning is, - and should be removed when they are not relevant." - properties: - message: - description: "Message is a human readable message indicating - details about the transition. \n This may be an empty - string." - maxLength: 32768 - type: string - reason: - description: "Reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. \n The value - should be a CamelCase string. \n This field may not - be empty." - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. - \n This must be in abnormal-true polarity, that is, - `ErrorFound` or `controller.io/ErrorFound`. \n The regex - it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - message - - reason - - status - - type - type: object - type: array - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - warnings: - description: "Warnings contains a slice of relevant warning - subconditions for this object. \n Subconditions are expected - to appear when relevant (when there is a warning), and disappear - when not relevant. An empty slice here indicates no warnings." - items: - description: "SubCondition is a Condition-like type intended - for use as a subcondition inside a DetailedCondition. \n - It contains a subset of the Condition fields. \n It is intended - for warnings and errors, so `type` names should use abnormal-true - polarity, that is, they should be of the form \"ErrorPresent: - true\". \n The expected lifecycle for these errors is that - they should only be present when the error or warning is, - and should be removed when they are not relevant." - properties: - message: - description: "Message is a human readable message indicating - details about the transition. \n This may be an empty - string." - maxLength: 32768 - type: string - reason: - description: "Reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. \n The value - should be a CamelCase string. \n This field may not - be empty." - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. - \n This must be in abnormal-true polarity, that is, - `ErrorFound` or `controller.io/ErrorFound`. \n The regex - it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - message - - reason - - status - - type - type: object - type: array - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - currentStatus: - type: string - description: - type: string - loadBalancer: - description: LoadBalancer contains the current status of the load - balancer. - properties: - ingress: - description: Ingress is a list containing ingress points for the - load-balancer. Traffic intended for the service should be sent - to these ingress points. - items: - description: 'LoadBalancerIngress represents the status of a - load-balancer ingress point: traffic intended for the service - should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress points - that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress points - that are IP based (typically GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service ports - If used, every port defined in the service should have - an entry in it - items: - properties: - error: - description: 'Error is to record the problem with - the service port The format of the error shall comply - with the following rules: - built-in error values - shall be specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply with the format - foo.example.com/CamelCase. --- The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the service - port of which status is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of the service - port of which status is recorded here The supported - values are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/contour/resources/tlscertificatedeligations.yaml b/bitnami/contour/resources/tlscertificatedeligations.yaml deleted file mode 100644 index 5194b57..0000000 --- a/bitnami/contour/resources/tlscertificatedeligations.yaml +++ /dev/null @@ -1,296 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - creationTimestamp: null - name: tlscertificatedelegations.projectcontour.io -spec: - preserveUnknownFields: false - group: projectcontour.io - names: - kind: TLSCertificateDelegation - listKind: TLSCertificateDelegationList - plural: tlscertificatedelegations - shortNames: - - tlscerts - singular: tlscertificatedelegation - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: TLSCertificateDelegation is an TLS Certificate Delegation CRD - specification. See design/tls-certificate-delegation.md for details. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TLSCertificateDelegationSpec defines the spec of the CRD - properties: - delegations: - items: - description: CertificateDelegation maps the authority to reference - a secret in the current namespace to a set of namespaces. - properties: - secretName: - description: required, the name of a secret in the current namespace. - type: string - targetNamespaces: - description: required, the namespaces the authority to reference - the the secret will be delegated to. If TargetNamespaces is - nil or empty, the CertificateDelegation' is ignored. If the - TargetNamespace list contains the character, "*" the secret - will be delegated to all namespaces. - items: - type: string - type: array - required: - - secretName - - targetNamespaces - type: object - type: array - required: - - delegations - type: object - status: - description: TLSCertificateDelegationStatus allows for the status of the - delegation to be presented to the user. - properties: - conditions: - description: "Conditions contains information about the current status - of the HTTPProxy, in an upstream-friendly container. \n Contour - will update a single condition, `Valid`, that is in normal-true - polarity. That is, when `currentStatus` is `valid`, the `Valid` - condition will be `status: true`, and vice versa. \n Contour will - leave untouched any other Conditions set in this block, in case - some other controller wants to add a Condition. \n If you are another - controller owner and wish to add a condition, you *should* namespace - your condition with a label, like `controller.domain.com\\ConditionName`." - items: - description: "DetailedCondition is an extension of the normal Kubernetes - conditions, with two extra fields to hold sub-conditions, which - provide more detailed reasons for the state (True or False) of - the condition. \n `errors` holds information about sub-conditions - which are fatal to that condition and render its state False. - \n `warnings` holds information about sub-conditions which are - not fatal to that condition and do not force the state to be False. - \n Remember that Conditions have a type, a status, and a reason. - \n The type is the type of the condition, the most important one - in this CRD set is `Valid`. `Valid` is a positive-polarity condition: - when it is `status: true` there are no problems. \n In more detail, - `status: true` means that the object is has been ingested into - Contour with no errors. `warnings` may still be present, and will - be indicated in the Reason field. There must be zero entries in - the `errors` slice in this case. \n `Valid`, `status: false` means - that the object has had one or more fatal errors during processing - into Contour. The details of the errors will be present under - the `errors` field. There must be at least one error in the `errors` - slice if `status` is `false`. \n For DetailedConditions of types - other than `Valid`, the Condition must be in the negative polarity. - When they have `status` `true`, there is an error. There must - be at least one entry in the `errors` Subcondition slice. When - they have `status` `false`, there are no serious errors, and there - must be zero entries in the `errors` slice. In either case, there - may be entries in the `warnings` slice. \n Regardless of the polarity, - the `reason` and `message` fields must be updated with either - the detail of the reason (if there is one and only one entry in - total across both the `errors` and `warnings` slices), or `MultipleReasons` - if there is more than one entry." - properties: - errors: - description: "Errors contains a slice of relevant error subconditions - for this object. \n Subconditions are expected to appear when - relevant (when there is a error), and disappear when not relevant. - An empty slice here indicates no errors." - items: - description: "SubCondition is a Condition-like type intended - for use as a subcondition inside a DetailedCondition. \n - It contains a subset of the Condition fields. \n It is intended - for warnings and errors, so `type` names should use abnormal-true - polarity, that is, they should be of the form \"ErrorPresent: - true\". \n The expected lifecycle for these errors is that - they should only be present when the error or warning is, - and should be removed when they are not relevant." - properties: - message: - description: "Message is a human readable message indicating - details about the transition. \n This may be an empty - string." - maxLength: 32768 - type: string - reason: - description: "Reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. \n The value - should be a CamelCase string. \n This field may not - be empty." - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. - \n This must be in abnormal-true polarity, that is, - `ErrorFound` or `controller.io/ErrorFound`. \n The regex - it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - message - - reason - - status - - type - type: object - type: array - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - warnings: - description: "Warnings contains a slice of relevant warning - subconditions for this object. \n Subconditions are expected - to appear when relevant (when there is a warning), and disappear - when not relevant. An empty slice here indicates no warnings." - items: - description: "SubCondition is a Condition-like type intended - for use as a subcondition inside a DetailedCondition. \n - It contains a subset of the Condition fields. \n It is intended - for warnings and errors, so `type` names should use abnormal-true - polarity, that is, they should be of the form \"ErrorPresent: - true\". \n The expected lifecycle for these errors is that - they should only be present when the error or warning is, - and should be removed when they are not relevant." - properties: - message: - description: "Message is a human readable message indicating - details about the transition. \n This may be an empty - string." - maxLength: 32768 - type: string - reason: - description: "Reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. \n The value - should be a CamelCase string. \n This field may not - be empty." - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: "Type of condition in `CamelCase` or in `foo.example.com/CamelCase`. - \n This must be in abnormal-true polarity, that is, - `ErrorFound` or `controller.io/ErrorFound`. \n The regex - it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)" - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - message - - reason - - status - - type - type: object - type: array - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - metadata - - spec - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/contour/templates/00-crds.yaml b/bitnami/contour/templates/00-crds.yaml deleted file mode 100644 index b7141ad..0000000 --- a/bitnami/contour/templates/00-crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{ if .Values.contour.manageCRDs }} -{{ range $path, $_ := .Files.Glob "resources/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{ end }} -{{ end }} diff --git a/bitnami/contour/templates/NOTES.txt b/bitnami/contour/templates/NOTES.txt deleted file mode 100644 index 5ac4479..0000000 --- a/bitnami/contour/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -{{- if eq .Values.envoy.service.type "LoadBalancer" }} -1. Get Contours's load balancer IP/hostname: - - NOTE: It may take a few minutes for this to become available. - - You can watch the status by running: - - $ kubectl get svc {{ include "common.names.fullname" . }}-envoy --namespace {{ .Release.Namespace }} -w - - Once 'EXTERNAL-IP' is no longer '': - - $ kubectl describe svc {{ include "common.names.fullname" . }}-envoy --namespace {{ .Release.Namespace }} | grep Ingress | awk '{print $3}' - -2. Configure DNS records corresponding to Kubernetes ingress resources to point to the load balancer IP/hostname found in step 1 -{{- end }} -{{- if eq .Values.envoy.service.type "NodePort" }} -{{- if (and (not (empty .Values.envoy.service.nodePorts.https)) (not (empty .Values.envoy.service.nodePorts.http)))}} -1. Contour is listening on the following ports on the host machine: - - http - {{ .Values.envoy.service.nodePorts.http }} - https - {{ .Values.envoy.service.nodePorts.https }} -{{- else }} -1. Contour has been started. You can find out the port numbers being used by Contour by running: - - $ kubectl describe svc {{ include "common.names.fullname" . }} --namespace {{ .Release.Namespace }} - -{{- end }} - -2. Configure DNS records corresponding to Kubernetes ingress resources to point to the NODE_IP/NODE_HOST -{{- end }} - -{{- include "contour.validateValues" . }} -{{- include "common.warnings.rollingTag" .Values.contour.image }} -{{- include "common.warnings.rollingTag" .Values.envoy.image }} diff --git a/bitnami/contour/templates/_helpers.tpl b/bitnami/contour/templates/_helpers.tpl deleted file mode 100644 index 0494f1f..0000000 --- a/bitnami/contour/templates/_helpers.tpl +++ /dev/null @@ -1,95 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Create the name of the envoy service account to use -*/}} -{{- define "envoy.envoyServiceAccountName" -}} -{{- if .Values.contour.serviceAccount.create -}} - {{ default (printf "%s-envoy" (include "common.names.fullname" .)) .Values.envoy.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.envoy.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the contour service account to use -*/}} -{{- define "contour.contourServiceAccountName" -}} -{{- if .Values.contour.serviceAccount.create -}} - {{ default (printf "%s-contour" (include "common.names.fullname" .)) .Values.contour.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.contour.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the contour-certgen service account to use -*/}} -{{- define "contour.contourCertGenServiceAccountName" -}} -{{- if .Values.contour.certgen.serviceAccount.create -}} - {{ default (printf "%s-contour-certgen" (include "common.names.fullname" .)) .Values.contour.certgen.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.contour.certgen.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Whether to enabled contour-certgen or not -*/}} -{{- define "contour.contour-certgen.enabled" -}} -{{- if and (not .Values.tlsExistingSecret) (or (not .Values.contour.tlsExistingSecret) (not .Values.envoy.tlsExistingSecret)) -}} - true -{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Contour certs secret name -*/}} -{{- define "contour.contour.certs-secret.name" -}} -{{- $existingSecret := default .Values.tlsExistingSecret .Values.contour.tlsExistingSecret -}} -{{- $name := default "contourcert" $existingSecret -}} -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Envoy certs secret name -*/}} -{{- define "contour.envoy.certs-secret.name" -}} -{{- $existingSecret := default .Values.tlsExistingSecret .Values.envoy.tlsExistingSecret -}} -{{- $name := default "envoycert" $existingSecret -}} -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Create the name of the settings ConfigMap to use. -*/}} -{{- define "contour.configMapName" -}} -{{- if .Values.configInline -}} - {{ include "common.names.fullname" . }} -{{- else -}} - {{ .Values.existingConfigMap }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "contour.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "contour.validateValues.envoy.kind" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Contour - must provide a valid Envoy kind */}} -{{- define "contour.validateValues.envoy.kind" -}} -{{- if and .Values.envoy.enabled (ne .Values.envoy.kind "deployment") (ne .Values.envoy.kind "daemonset") -}} -contour: envoy.kind - Invalid envoy.kind selected. Valid values are "daemonset" and - "deployment". Please set a valid kind (--set envoy.kind="xxxx") -{{- end -}} -{{- end -}} diff --git a/bitnami/contour/templates/certgen/job.yaml b/bitnami/contour/templates/certgen/job.yaml deleted file mode 100644 index 0b7c6ed..0000000 --- a/bitnami/contour/templates/certgen/job.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- if and .Values.contour.enabled (include "contour.contour-certgen.enabled" .) }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.names.fullname" . }}-contour-certgen - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: contour-certgen -spec: - ttlSecondsAfterFinished: 0 - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: contour-certgen - spec: - {{- include "common.images.pullSecrets" ( dict "images" (list .Values.contour.image) "global" .Values.global) | nindent 6 }} - {{- if .Values.contour.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.contour.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.contour.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.contour.affinity "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.contour.tolerations}} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.contour.tolerations "context" $) | nindent 8 }} - {{- end }} - containers: - - name: contour - image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.contour.image.pullPolicy }} - command: - - contour - args: - - certgen - - --kube - - --incluster - - --overwrite - - --secrets-format=compact - - --namespace=$(CONTOUR_NAMESPACE) - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.contour.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.contour.extraEnvVarsConfigMap .Values.contour.extraEnvVarsSecret }} - envFrom: - {{- if .Values.contour.extraEnvVarsConfigMap }} - - configMapRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsConfigMap "context" $ ) }} - {{- end }} - {{- if .Values.contour.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} - {{- end }} - {{- end }} - resources: {{ toYaml .Values.contour.resources | nindent 12 }} - restartPolicy: Never - serviceAccountName: {{ include "contour.contourCertGenServiceAccountName" . }} - {{- if .Values.contour.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.contour.securityContext.runAsUser }} - runAsGroup: {{ .Values.contour.securityContext.runAsGroup }} - fsGroup: {{ .Values.contour.securityContext.fsGroup }} - runAsNonRoot: {{ .Values.contour.securityContext.runAsNonRoot }} - {{- end }} - parallelism: 1 - completions: 1 - backoffLimit: 1 -{{- end }} diff --git a/bitnami/contour/templates/certgen/rbac.yaml b/bitnami/contour/templates/certgen/rbac.yaml deleted file mode 100644 index 9ce3501..0000000 --- a/bitnami/contour/templates/certgen/rbac.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.rbac.create .Values.contour.enabled (include "contour.contour-certgen.enabled" .) }} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "common.names.fullname" .}}-contour-certgen - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: contour-certgen -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - update ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ include "common.names.fullname" .}}-contour-certgen - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: contour-certgen -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "common.names.fullname" .}}-contour-certgen -subjects: - - kind: ServiceAccount - name: {{ include "contour.contourCertGenServiceAccountName" . }} -{{- end }} diff --git a/bitnami/contour/templates/certgen/serviceaccount.yaml b/bitnami/contour/templates/certgen/serviceaccount.yaml deleted file mode 100644 index 5067e1c..0000000 --- a/bitnami/contour/templates/certgen/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.contour.certgen.serviceAccount.create (include "contour.contour-certgen.enabled" .) }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "contour.contourCertGenServiceAccountName" . }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": "pre-install,pre-upgrade" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: contour-certgen -{{- end }} diff --git a/bitnami/contour/templates/contour/configmap.yaml b/bitnami/contour/templates/contour/configmap.yaml deleted file mode 100644 index d8ca520..0000000 --- a/bitnami/contour/templates/contour/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.configInline }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4}} - app.kubernetes.io/component: contour -data: - contour.yaml: | -{{ include "common.tplvalues.render" ( dict "value" .Values.configInline "context" $) | indent 4 }} -{{- end }} diff --git a/bitnami/contour/templates/contour/deployment.yaml b/bitnami/contour/templates/contour/deployment.yaml deleted file mode 100644 index e0715e1..0000000 --- a/bitnami/contour/templates/contour/deployment.yaml +++ /dev/null @@ -1,170 +0,0 @@ -{{- if .Values.contour.enabled }} ---- -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }}-contour - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: contour -spec: - replicas: {{ .Values.replicaCount }} - strategy: - type: RollingUpdate - rollingUpdate: - # This value of maxSurge means that during a rolling update - # the new ReplicaSet will be created first. - maxSurge: 50% - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: contour - template: - metadata: - {{- if or .Values.configInline .Values.contour.podAnnotations }} - annotations: - {{- if .Values.contour.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.contour.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.configInline }} - checksum/config: {{ include (print $.Template.BasePath "/contour/configmap.yaml") . | sha256sum }} - {{- end }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: contour - spec: - {{- include "common.images.pullSecrets" ( dict "images" (list .Values.contour.image) "global" .Values.global) | nindent 6 }} - {{- if .Values.contour.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.contour.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.contour.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.contour.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.contour.podAffinityPreset "component" "contour" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.contour.podAntiAffinityPreset "component" "contour" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.contour.nodeAffinityPreset.type "key" .Values.contour.nodeAffinityPreset.key "values" .Values.contour.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.contour.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.contour.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.contour.tolerations}} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.contour.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.contour.initContainers }} - initContainers: - {{- include "common.tplvalues.render" ( dict "value" .Values.contour.initContainers "context" $ ) | nindent 6 }} - {{- end }} - containers: - - command: - - contour - args: - - serve - - --incluster - - --xds-address=0.0.0.0 - - --xds-port=8001 - - --envoy-service-http-port={{ .Values.envoy.containerPorts.http }} - - --envoy-service-https-port={{ .Values.envoy.containerPorts.https }} - - --contour-cafile=/certs/ca.crt - - --contour-cert-file=/certs/tls.crt - - --contour-key-file=/certs/tls.key - - --config-path=/config/contour.yaml - {{- if .Values.contour.ingressClass }} - - --ingress-class-name={{ .Values.contour.ingressClass }} - {{- end }} - {{- if .Values.contour.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraArgs "context" $) | nindent 12 }} - {{- end }} - image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.contour.image.pullPolicy }} - name: contour - ports: - - containerPort: 8001 - name: xds - protocol: TCP - - containerPort: 8000 - name: metrics - protocol: TCP - {{- if .Values.contour.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /healthz - port: 8000 - initialDelaySeconds: {{ .Values.contour.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.contour.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.contour.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.contour.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.contour.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.contour.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: 8001 - initialDelaySeconds: {{ .Values.contour.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.contour.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.contour.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.contour.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.contour.readinessProbe.failureThreshold }} - {{- end }} - resources: {{ toYaml .Values.contour.resources | nindent 12 }} - volumeMounts: - - name: contourcert - mountPath: /certs - readOnly: true - - name: contour-config - mountPath: /config - readOnly: true - {{- if .Values.contour.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.contour.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - {{- if .Values.contour.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.contour.extraEnvVarsConfigMap .Values.contour.extraEnvVarsSecret }} - envFrom: - {{- if .Values.contour.extraEnvVarsConfigMap }} - - configMapRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsConfigMap "context" $ ) }} - {{- end }} - {{- if .Values.contour.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} - {{- end }} - {{- end }} - {{- if .Values.contour.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.contour.sidecars "context" $) | nindent 8 }} - {{- end }} - dnsPolicy: ClusterFirst - serviceAccountName: {{ include "contour.contourServiceAccountName" . }} - {{- if .Values.contour.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.contour.securityContext.runAsUser }} - runAsGroup: {{ .Values.contour.securityContext.runAsGroup }} - fsGroup: {{ .Values.contour.securityContext.fsGroup }} - runAsNonRoot: {{ .Values.contour.securityContext.runAsNonRoot }} - {{- end }} - volumes: - - name: contourcert - secret: - secretName: {{ include "contour.contour.certs-secret.name" . }} - - name: contour-config - configMap: - name: {{ include "contour.configMapName" . }} - defaultMode: 0644 - items: - - key: contour.yaml - path: contour.yaml - {{- if .Values.contour.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.contour.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/contour/templates/contour/rbac.yaml b/bitnami/contour/templates/contour/rbac.yaml deleted file mode 100644 index c8b5873..0000000 --- a/bitnami/contour/templates/contour/rbac.yaml +++ /dev/null @@ -1,132 +0,0 @@ -{{- if and .Values.rbac.create .Values.contour.enabled }} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ include "common.names.fullname" .}}-contour - labels: {{- include "common.labels.standard" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - update - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - apiGroups: - - networking.k8s.io - resources: - - gatewayclasses - - gateways - - httproutes - - tcproutes - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - create - - get - - update - - apiGroups: - - projectcontour.io - resources: - - extensionservices - verbs: - - get - - list - - watch - - apiGroups: - - projectcontour.io - resources: - - extensionservices/status - verbs: - - create - - get - - update - - apiGroups: - - projectcontour.io - resources: - - httpproxies - - tlscertificatedelegations - verbs: - - get - - list - - watch - - apiGroups: - - projectcontour.io - resources: - - httpproxies/status - verbs: - - create - - get - - update - {{- if .Values.rbac.rules }} - {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} - {{- end }} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ include "common.names.fullname" .}}-contour - labels: {{- include "common.labels.standard" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "common.names.fullname" .}}-contour -subjects: - - kind: ServiceAccount - name: {{ include "contour.contourServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/contour/templates/contour/service.yaml b/bitnami/contour/templates/contour/service.yaml deleted file mode 100644 index db8c639..0000000 --- a/bitnami/contour/templates/contour/service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.contour.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: contour -spec: - ports: - - port: 8001 - name: xds - protocol: TCP - targetPort: 8001 - {{- if .Values.contour.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.contour.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: contour - type: ClusterIP -{{- if .Values.prometheus.serviceMonitor.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-contour-metrics - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: contour -spec: - type: ClusterIP - clusterIP: None - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: contour - ports: - - name: metrics - port: 8000 - protocol: TCP - targetPort: 8000 -{{- end }} -{{- end }} diff --git a/bitnami/contour/templates/contour/serviceaccount.yaml b/bitnami/contour/templates/contour/serviceaccount.yaml deleted file mode 100644 index f31d103..0000000 --- a/bitnami/contour/templates/contour/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and .Values.contour.serviceAccount.create .Values.contour.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "contour.contourServiceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: contour -{{- end }} diff --git a/bitnami/contour/templates/contour/servicemonitor.yaml b/bitnami/contour/templates/contour/servicemonitor.yaml deleted file mode 100644 index 15be061..0000000 --- a/bitnami/contour/templates/contour/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.prometheus.serviceMonitor.enabled .Values.contour.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-contour - {{- if .Values.prometheus.serviceMonitor.namespace }} - namespace: {{ .Values.prometheus.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: contour -spec: - jobLabel: {{ .Values.prometheus.serviceMonitor.jobLabel | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: contour - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: metrics - {{- if .Values.prometheus.serviceMonitor.interval }} - interval: {{ .Values.prometheus.serviceMonitor.interval }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: {{ toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.relabelings }} - relabelings: {{ toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 6 }} - {{- end }} -{{- end }} diff --git a/bitnami/contour/templates/default-backend/deployment.yaml b/bitnami/contour/templates/default-backend/deployment.yaml deleted file mode 100644 index 974f9ef..0000000 --- a/bitnami/contour/templates/default-backend/deployment.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.defaultBackend.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }}-default-backend - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: default-backend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: default-backend - replicas: {{ .Values.defaultBackend.replicaCount }} - template: - metadata: - {{- if .Values.defaultBackend.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: default-backend - {{- if .Values.defaultBackend.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "common.images.pullSecrets" ( dict "images" (list .Values.defaultBackend.image) "global" .Values.global) | nindent 6 }} - {{- if .Values.defaultBackend.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.defaultBackend.priorityClassName }} - priorityClassName: {{ .Values.defaultBackend.priorityClassName | quote }} - {{- end }} - {{- if .Values.defaultBackend.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.defaultBackend.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.defaultBackend.podAffinityPreset "component" "default-backend" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.defaultBackend.podAntiAffinityPreset "component" "default-backend" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.defaultBackend.nodeAffinityPreset.type "key" .Values.defaultBackend.nodeAffinityPreset.key "values" .Values.defaultBackend.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.defaultBackend.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.defaultBackend.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.defaultBackend.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.defaultBackend.podSecurityContext }} - securityContext: {{- omit .Values.defaultBackend.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - automountServiceAccountToken: false - serviceAccountName: {{ include "envoy.envoyServiceAccountName" . }} - terminationGracePeriodSeconds: 60 - containers: - - name: default-backend - image: {{ include "common.images.image" ( dict "imageRoot" .Values.defaultBackend.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy | quote }} - {{- if .Values.defaultBackend.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.defaultBackend.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - {{- range $key, $value := .Values.defaultBackend.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if .Values.defaultBackend.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.defaultBackend.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.defaultBackend.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.defaultBackend.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.defaultBackend.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.defaultBackend.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.defaultBackend.containerPort }} - protocol: TCP - {{- if .Values.defaultBackend.resources }} - resources: {{- toYaml .Values.defaultBackend.resources | nindent 12 }} - {{- end }} -{{- end }} diff --git a/bitnami/contour/templates/default-backend/ingress.yaml b/bitnami/contour/templates/default-backend/ingress.yaml deleted file mode 100644 index 16870a5..0000000 --- a/bitnami/contour/templates/default-backend/ingress.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.defaultBackend.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }}-default-backend - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: default-backend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingressClass }} - kubernetes.io/ingress.class: {{ .Values.ingressClass }} - {{- else }} - kubernetes.io/ingress.class: contour - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} - backend: - serviceName: {{ include "common.names.fullname" . }}-default-backend - servicePort: http - {{- else }} - defaultBackend: - service: - name: {{ include "common.names.fullname" . }}-default-backend - port: - name: http - {{- end }} -{{- end }} diff --git a/bitnami/contour/templates/default-backend/poddisruptionbudget.yaml b/bitnami/contour/templates/default-backend/poddisruptionbudget.yaml deleted file mode 100644 index fc655bd..0000000 --- a/bitnami/contour/templates/default-backend/poddisruptionbudget.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }}-default-backend - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: default-backend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.defaultBackend.pdb.minAvailable }} - minAvailable: {{ .Values.defaultBackend.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.defaultBackend.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: default-backend -{{- end }} diff --git a/bitnami/contour/templates/default-backend/service.yaml b/bitnami/contour/templates/default-backend/service.yaml deleted file mode 100644 index 7ff7662..0000000 --- a/bitnami/contour/templates/default-backend/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.defaultBackend.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-default-backend - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: default-backend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if or .Values.defaultBackend.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.defaultBackend.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.defaultBackend.service.type }} - ports: - - name: http - port: {{ .Values.defaultBackend.service.port }} - protocol: TCP - targetPort: http - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: default-backend -{{- end }} diff --git a/bitnami/contour/templates/envoy/daemonset.yaml b/bitnami/contour/templates/envoy/daemonset.yaml deleted file mode 100644 index 100be71..0000000 --- a/bitnami/contour/templates/envoy/daemonset.yaml +++ /dev/null @@ -1,268 +0,0 @@ -{{- if and .Values.envoy.enabled (eq .Values.envoy.kind "daemonset") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "common.names.fullname" . }}-envoy - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: envoy -spec: - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 10% - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: envoy - template: - metadata: - {{- if .Values.envoy.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: envoy - spec: - {{- include "common.images.pullSecrets" ( dict "images" (list .Values.contour.image .Values.envoy.image) "global" .Values.global) | nindent 6 }} - {{- if .Values.envoy.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.envoy.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.envoy.podAffinityPreset "component" "envoy" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.envoy.podAntiAffinityPreset "component" "envoy" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.envoy.nodeAffinityPreset.type "key" .Values.envoy.nodeAffinityPreset.key "values" .Values.envoy.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.envoy.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.envoy.tolerations}} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.tolerations "context" $) | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.envoy.terminationGracePeriodSeconds }} - hostNetwork: {{ .Values.envoy.hostNetwork }} - dnsPolicy: {{ .Values.envoy.dnsPolicy }} - {{- if .Values.envoy.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.envoy.podSecurityContext.fsGroup }} - {{- if .Values.envoy.podSecurityContext.sysctls }} - sysctls: - {{- toYaml .Values.envoy.podSecurityContext.sysctls | nindent 8 }} - {{- end }} - {{- end }} - containers: - - command: - - contour - args: - - envoy - - shutdown-manager - image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.contour.image.pullPolicy }} - {{- if .Values.contour.extraEnvVars }} - env: - {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.contour.extraEnvVarsConfigMap .Values.contour.extraEnvVarsSecret }} - envFrom: - {{- if .Values.contour.extraEnvVarsConfigMap }} - - configMapRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsConfigMap "context" $ ) }} - {{- end }} - {{- if .Values.contour.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} - {{- end }} - {{- end }} - lifecycle: - preStop: - exec: - command: - - contour - - envoy - - shutdown - {{- if .Values.contour.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /healthz - port: 8090 - initialDelaySeconds: {{ .Values.contour.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.contour.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.contour.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.contour.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.contour.livenessProbe.failureThreshold }} - {{- end }} - name: shutdown-manager - resources: {{- toYaml .Values.envoy.shutdownManager.resources | nindent 12 }} - {{- if .Values.envoy.extraVolumeMounts }} - volumeMounts: - {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - - command: - - envoy - args: - - -c - - /config/envoy.json - - --service-cluster $(CONTOUR_NAMESPACE) - - --service-node $(ENVOY_POD_NAME) - - --log-level {{ .Values.envoy.logLevel }} - {{- if .Values.envoy.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.envoy.extraArgs "context" $) | nindent 12 }} - {{- end }} - image: {{ include "common.images.image" ( dict "imageRoot" .Values.envoy.image "global" .Values.global ) }} - imagePullPolicy: {{ .Values.envoy.image.pullPolicy }} - name: envoy - {{- if .Values.envoy.containerSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.envoy.containerSecurityContext.runAsUser }} - {{- end }} - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: ENVOY_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - {{- if .Values.envoy.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.envoy.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.envoy.extraEnvVarsConfigMap .Values.envoy.extraEnvVarsSecret }} - envFrom: - {{- if .Values.envoy.extraEnvVarsConfigMap }} - - configMapRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.envoy.extraEnvVarsConfigMap "context" $ ) }} - {{- end }} - {{- if .Values.envoy.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.envoy.extraEnvVarsSecret "context" $ ) }} - {{- end }} - {{- end }} - ports: - - containerPort: {{ .Values.envoy.containerPorts.http }} - {{- if .Values.envoy.useHostPort }} - hostPort: {{ .Values.envoy.hostPorts.http }} - {{- end }} - {{- if .Values.envoy.useHostIP }} - hostIP: {{ .Values.envoy.hostIPs.http }} - {{- end }} - name: http - protocol: TCP - - containerPort: {{ .Values.envoy.containerPorts.https }} - {{- if .Values.envoy.useHostPort }} - hostPort: {{ .Values.envoy.hostPorts.https }} - {{- end }} - {{- if .Values.envoy.useHostIP }} - hostIP: {{ .Values.envoy.hostIPs.https }} - {{- end }} - name: https - protocol: TCP - - containerPort: 8002 - name: metrics - protocol: TCP - {{- if .Values.envoy.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /ready - port: 8002 - initialDelaySeconds: {{ .Values.envoy.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.envoy.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.envoy.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.envoy.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.envoy.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.envoy.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /ready - port: 8002 - initialDelaySeconds: {{ .Values.envoy.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.envoy.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.envoy.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.envoy.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.envoy.livenessProbe.failureThreshold }} - {{- end }} - resources: {{ toYaml .Values.envoy.resources | nindent 12 }} - volumeMounts: - - name: envoy-config - mountPath: /config - - name: envoycert - mountPath: /certs - - name: envoy-admin - mountPath: /admin - {{- if .Values.envoy.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - lifecycle: - preStop: - httpGet: - path: /shutdown - port: 8090 - scheme: HTTP - initContainers: - - command: - - contour - args: - - bootstrap - - /config/envoy.json - - --xds-address={{ template "common.names.fullname" . }} - - --xds-port=8001 - - --resources-dir=/config/resources - - --envoy-cafile=/certs/ca.crt - - --envoy-cert-file=/certs/tls.crt - - --envoy-key-file=/certs/tls.key - image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.contour.image.pullPolicy }} - name: envoy-initconfig - resources: {{ toYaml .Values.contour.resources | nindent 12 }} - volumeMounts: - - name: envoy-config - mountPath: /config - - name: envoycert - mountPath: /certs - readOnly: true - - name: envoy-admin - mountPath: /admin - {{- if .Values.envoy.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.contour.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.contour.extraEnvVarsConfigMap .Values.contour.extraEnvVarsSecret }} - envFrom: - {{- if .Values.contour.extraEnvVarsConfigMap }} - - configMapRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsConfigMap "context" $ ) }} - {{- end }} - {{- if .Values.contour.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} - {{- end }} - {{- end }} - {{- if .Values.envoy.initContainers }} - {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.initContainers "context" $ ) | nindent 8 }} - {{- end }} - automountServiceAccountToken: {{ .Values.envoy.serviceAccount.automountServiceAccountToken }} - serviceAccountName: {{ include "envoy.envoyServiceAccountName" . }} - volumes: - - name: envoy-admin - emptyDir: {} - - name: envoy-config - emptyDir: {} - - name: envoycert - secret: - secretName: {{ include "contour.envoy.certs-secret.name" . }} - {{- if .Values.envoy.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - restartPolicy: Always -{{- end }} diff --git a/bitnami/contour/templates/envoy/deployment.yaml b/bitnami/contour/templates/envoy/deployment.yaml deleted file mode 100644 index f408814..0000000 --- a/bitnami/contour/templates/envoy/deployment.yaml +++ /dev/null @@ -1,277 +0,0 @@ -{{- if and .Values.envoy.enabled (eq .Values.envoy.kind "deployment") }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ printf "%s-envoy" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: envoy - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if not .Values.envoy.autoscaling.enabled }} - replicas: {{ .Values.envoy.replicaCount }} - {{- end }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - {{- if .Values.envoy.updateStrategy }} - strategy: {{- toYaml .Values.envoy.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: envoy - template: - metadata: - {{- if .Values.envoy.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: envoy - spec: - {{- include "common.images.pullSecrets" ( dict "images" (list .Values.contour.image .Values.envoy.image) "global" .Values.global) | nindent 6 }} - {{- if .Values.envoy.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.envoy.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.envoy.podAffinityPreset "component" "envoy" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.envoy.podAntiAffinityPreset "component" "envoy" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.envoy.nodeAffinityPreset.type "key" .Values.envoy.nodeAffinityPreset.key "values" .Values.envoy.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.envoy.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.envoy.tolerations}} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.envoy.tolerations "context" $) | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.envoy.terminationGracePeriodSeconds }} - hostNetwork: {{ .Values.envoy.hostNetwork }} - dnsPolicy: {{ .Values.envoy.dnsPolicy }} - {{- if .Values.envoy.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.envoy.podSecurityContext.fsGroup }} - {{- if .Values.envoy.podSecurityContext.sysctls }} - sysctls: - {{- toYaml .Values.envoy.podSecurityContext.sysctls | nindent 8 }} - {{- end }} - {{- end }} - containers: - - command: - - contour - args: - - envoy - - shutdown-manager - image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.contour.image.pullPolicy }} - {{- if .Values.contour.extraEnvVars }} - env: - {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.contour.extraEnvVarsConfigMap .Values.contour.extraEnvVarsSecret }} - envFrom: - {{- if .Values.contour.extraEnvVarsConfigMap }} - - configMapRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsConfigMap "context" $ ) }} - {{- end }} - {{- if .Values.contour.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} - {{- end }} - {{- end }} - lifecycle: - preStop: - exec: - command: - - contour - - envoy - - shutdown - {{- if .Values.contour.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /healthz - port: 8090 - initialDelaySeconds: {{ .Values.contour.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.contour.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.contour.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.contour.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.contour.livenessProbe.failureThreshold }} - {{- end }} - name: shutdown-manager - resources: {{- toYaml .Values.envoy.shutdownManager.resources | nindent 12 }} - {{- if .Values.envoy.extraVolumeMounts }} - volumeMounts: - {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - - command: - - envoy - args: - - -c - - /config/envoy.json - - --service-cluster $(CONTOUR_NAMESPACE) - - --service-node $(ENVOY_POD_NAME) - - --log-level {{ .Values.envoy.logLevel }} - {{- if .Values.envoy.extraArgs }} - {{- include "common.tplvalues.render" (dict "value" .Values.envoy.extraArgs "context" $) | nindent 12 }} - {{- end }} - image: {{ include "common.images.image" ( dict "imageRoot" .Values.envoy.image "global" .Values.global ) }} - imagePullPolicy: {{ .Values.envoy.image.pullPolicy }} - name: envoy - {{- if .Values.envoy.containerSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.envoy.containerSecurityContext.runAsUser }} - {{- end }} - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: ENVOY_POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - {{- if .Values.envoy.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.envoy.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.envoy.extraEnvVarsConfigMap .Values.envoy.extraEnvVarsSecret }} - envFrom: - {{- if .Values.envoy.extraEnvVarsConfigMap }} - - configMapRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.envoy.extraEnvVarsConfigMap "context" $ ) }} - {{- end }} - {{- if .Values.envoy.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.envoy.extraEnvVarsSecret "context" $ ) }} - {{- end }} - {{- end }} - ports: - - containerPort: {{ .Values.envoy.containerPorts.http }} - {{- if .Values.envoy.useHostPort }} - hostPort: {{ .Values.envoy.hostPorts.http }} - {{- end }} - {{- if .Values.envoy.useHostIP }} - hostIP: {{ .Values.envoy.hostIPs.http }} - {{- end }} - name: http - protocol: TCP - - containerPort: {{ .Values.envoy.containerPorts.https }} - {{- if .Values.envoy.useHostPort }} - hostPort: {{ .Values.envoy.hostPorts.https }} - {{- end }} - {{- if .Values.envoy.useHostIP }} - hostIP: {{ .Values.envoy.hostIPs.https }} - {{- end }} - name: https - protocol: TCP - - containerPort: 8002 - name: metrics - protocol: TCP - {{- if .Values.envoy.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /ready - port: 8002 - initialDelaySeconds: {{ .Values.envoy.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.envoy.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.envoy.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.envoy.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.envoy.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.envoy.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /ready - port: 8002 - initialDelaySeconds: {{ .Values.envoy.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.envoy.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.envoy.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.envoy.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.envoy.livenessProbe.failureThreshold }} - {{- end }} - resources: {{- toYaml .Values.envoy.resources | nindent 12 }} - volumeMounts: - - name: envoy-config - mountPath: /config - - name: envoycert - mountPath: /certs - - name: envoy-admin - mountPath: /admin - {{- if .Values.envoy.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - lifecycle: - preStop: - httpGet: - path: /shutdown - port: 8090 - scheme: HTTP - initContainers: - - command: - - contour - args: - - bootstrap - - /config/envoy.json - - --xds-address={{ template "common.names.fullname" . }} - - --xds-port=8001 - - --resources-dir=/config/resources - - --envoy-cafile=/certs/ca.crt - - --envoy-cert-file=/certs/tls.crt - - --envoy-key-file=/certs/tls.key - image: {{ include "common.images.image" ( dict "imageRoot" .Values.contour.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.contour.image.pullPolicy }} - name: envoy-initconfig - resources: {{ toYaml .Values.contour.resources | nindent 12 }} - volumeMounts: - - name: envoy-config - mountPath: /config - - name: envoycert - mountPath: /certs - readOnly: true - - name: envoy-admin - mountPath: /admin - {{- if .Values.envoy.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - env: - - name: CONTOUR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.contour.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.contour.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.contour.extraEnvVarsConfigMap .Values.contour.extraEnvVarsSecret }} - envFrom: - {{- if .Values.contour.extraEnvVarsConfigMap }} - - configMapRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsConfigMap "context" $ ) }} - {{- end }} - {{- if .Values.contour.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.contour.extraEnvVarsSecret "context" $ ) }} - {{- end }} - {{- end }} - {{- if .Values.envoy.initContainers }} - {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.initContainers "context" $ ) | nindent 8 }} - {{- end }} - automountServiceAccountToken: {{ .Values.envoy.serviceAccount.automountServiceAccountToken }} - serviceAccountName: {{ include "envoy.envoyServiceAccountName" . }} - volumes: - - name: envoy-admin - emptyDir: {} - - name: envoy-config - emptyDir: {} - - name: envoycert - secret: - secretName: {{ include "contour.envoy.certs-secret.name" . }} - {{- if .Values.envoy.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.envoy.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - restartPolicy: Always -{{- end }} diff --git a/bitnami/contour/templates/envoy/hpa.yaml b/bitnami/contour/templates/envoy/hpa.yaml deleted file mode 100644 index 592c918..0000000 --- a/bitnami/contour/templates/envoy/hpa.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.envoy.enabled .Values.envoy.autoscaling.enabled (eq .Values.envoy.kind "deployment") }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "common.names.fullname" . }}-envoy - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: envoy - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ include "common.names.fullname" . }}-envoy - minReplicas: {{ .Values.envoy.autoscaling.minReplicas }} - maxReplicas: {{ .Values.envoy.autoscaling.maxReplicas }} - metrics: - {{- if .Values.envoy.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.envoy.autoscaling.targetCPU }} - {{- end }} - {{- if .Values.envoy.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.envoy.autoscaling.targetMemory }} - {{- end }} -{{- end }} diff --git a/bitnami/contour/templates/envoy/service.yaml b/bitnami/contour/templates/envoy/service.yaml deleted file mode 100644 index df7f9d4..0000000 --- a/bitnami/contour/templates/envoy/service.yaml +++ /dev/null @@ -1,87 +0,0 @@ -{{- if .Values.envoy.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-envoy - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: envoy - {{- if .Values.envoy.service.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.envoy.service.labels "context" $) | nindent 4 }} - {{- end }} - annotations: - {{- if (ne (index .Values.envoy.service.annotations "service.beta.kubernetes.io/aws-load-balancer-type" | toString ) "nlb") }} - # This annotation puts the AWS ELB into "TCP" mode so that it does not - # do HTTP negotiation for HTTPS connections at the ELB edge. - # The downside of this is the remote IP address of all connections will - # appear to be the internal address of the ELB. See docs/proxy-proto.md - # for information about enabling the PROXY protocol on the ELB to recover - # the original remote IP address. - # We don't set this for nlb, per the contour docs. - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - {{- end }} - {{- if .Values.envoy.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.envoy.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.envoy.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.envoy.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if not (empty .Values.envoy.service.clusterIP) }} - clusterIP: {{ .Values.envoy.service.clusterIP | quote }} - {{- end }} - {{- if .Values.envoy.service.externalIPs }} - externalIPs: {{- toYaml .Values.envoy.service.externalIPs | nindent 4 }} - {{- end }} - {{- if .Values.envoy.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.envoy.service.loadBalancerIP | quote }} - {{- end }} - {{- if .Values.envoy.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.envoy.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: http - port: {{ .Values.envoy.service.ports.http }} - protocol: TCP - targetPort: {{ .Values.envoy.containerPorts.http }} - {{- if and (or (eq .Values.envoy.service.type "NodePort") (eq .Values.envoy.service.type "LoadBalancer")) (not (empty .Values.envoy.service.nodePorts.http)) }} - nodePort: {{ .Values.envoy.service.nodePorts.http }} - {{- else if eq .Values.envoy.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.envoy.service.ports.https }} - protocol: TCP - targetPort: {{ .Values.envoy.containerPorts.https }} - {{- if and (or (eq .Values.envoy.service.type "NodePort") (eq .Values.envoy.service.type "LoadBalancer")) (not (empty .Values.envoy.service.nodePorts.https)) }} - nodePort: {{ .Values.envoy.service.nodePorts.https }} - {{- else if eq .Values.envoy.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.envoy.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.envoy.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: envoy - type: {{ .Values.envoy.service.type }} -{{- if .Values.prometheus.serviceMonitor.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-envoy-metrics - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: envoy -spec: - type: ClusterIP - clusterIP: None - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: envoy - ports: - - name: metrics - port: 8002 - protocol: TCP - targetPort: 8002 -{{- end }} -{{- end }} diff --git a/bitnami/contour/templates/envoy/serviceaccount.yaml b/bitnami/contour/templates/envoy/serviceaccount.yaml deleted file mode 100644 index f8bf782..0000000 --- a/bitnami/contour/templates/envoy/serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if and .Values.envoy.serviceAccount.create .Values.envoy.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "envoy.envoyServiceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: envoy -{{- end }} diff --git a/bitnami/contour/templates/envoy/servicemonitor.yaml b/bitnami/contour/templates/envoy/servicemonitor.yaml deleted file mode 100644 index b548c40..0000000 --- a/bitnami/contour/templates/envoy/servicemonitor.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if and .Values.prometheus.serviceMonitor.enabled .Values.envoy.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-envoy - {{- if .Values.prometheus.serviceMonitor.namespace }} - namespace: {{ .Values.prometheus.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4}} - app.kubernetes.io/component: envoy -spec: - jobLabel: {{ .Values.prometheus.serviceMonitor.jobLabel | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: envoy - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: metrics - path: /stats/prometheus - {{- if .Values.prometheus.serviceMonitor.interval }} - interval: {{ .Values.prometheus.serviceMonitor.interval }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: {{ toYaml .Values.prometheus.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.relabelings }} - relabelings: {{ toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 6 }} - {{- end }} -{{- end }} diff --git a/bitnami/contour/values.yaml b/bitnami/contour/values.yaml deleted file mode 100644 index 3f70aa2..0000000 --- a/bitnami/contour/values.yaml +++ /dev/null @@ -1,809 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets [array] Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param nameOverride String to partially override contour.fullname include (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override contour.fullname template -## -fullnameOverride: "" -## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) -## -ingress: - apiVersion: "" -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param extraDeploy [array] Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section Contour parameters - -## @param replicaCount Number of Contour Pod replicas -## -replicaCount: 2 -## To configure Contour, you must specify ONE of the following two options. -## @param existingConfigMap Specifies the name of an externally-defined ConfigMap to use as the configuration (this is mutually exclusive with `configInline`) -## Helm will not manage the contents of this ConfigMap, it is your responsibility to create it. -## e.g: -## existingConfigMap: contour -## -existingConfigMap: "" -## @param configInline [object] Specifies Contour's configuration directly in YAML format -## When configInline is used, Helm manages Contour's configuration ConfigMap as -## part of the release, and existingConfigMap is ignored. -## Refer to https://projectcontour.io/docs/latest/configuration for available options. -## -configInline: - disablePermitInsecure: false - tls: - fallback-certificate: {} - leaderelection: - configmap-namespace: "{{ .Release.Namespace }}" - envoy-service-name: '{{ include "common.names.fullname" . }}-envoy' - accesslog-format: envoy - -contour: - ## @param contour.enabled Contour Deployment creation. - ## - enabled: true - ## @param contour.image.registry Contour image registry - ## @param contour.image.repository Contour image name - ## @param contour.image.tag Contour image tag - ## @param contour.image.pullPolicy Contour Image pull policy - ## @param contour.image.pullSecrets [array] Contour Image pull secrets - ## - image: - registry: docker.io - repository: bitnami/contour - tag: 1.18.1-debian-10-r20 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param contour.hostAliases [array] Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param contour.extraArgs [array] Extra arguments passed to Contour container - ## - extraArgs: [] - ## Contour container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## ref: https://projectcontour.io/guides/resource-limits/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param contour.resources.limits [object] Specify resource limits which the container is not allowed to succeed. - ## @param contour.resources.requests [object] Specify resource requests which the container needs to spawn. - ## - resources: - ## Example: - ## limits: - ## cpu: 400m - ## memory: 258Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 25Mi - requests: {} - ## @param contour.manageCRDs Manage the creation, upgrade and deletion of Contour CRDs. - ## - manageCRDs: true - ## @param contour.podAffinityPreset Contour Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param contour.podAntiAffinityPreset Contour Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## @param contour.nodeAffinityPreset.type Contour Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## @param contour.nodeAffinityPreset.key Contour Node label key to match Ignored if `affinity` is set. - ## @param contour.nodeAffinityPreset.values [array] Contour Node label values to match. Ignored if `affinity` is set. - ## - nodeAffinityPreset: - type: "" - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param contour.affinity [object] Affinity for Contour pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param contour.nodeSelector [object] Node labels for Contour pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param contour.tolerations [array] Tolerations for Contour pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param contour.podAnnotations [object] Contour Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param contour.serviceAccount.create Create a serviceAccount for the Contour pod - ## @param contour.serviceAccount.name Use the serviceAccount with the specified name, a name is generated using the fullname template - ## - serviceAccount: - create: true - name: "" - ## @param contour.livenessProbe.enabled Enable/disable the Liveness probe - ## @param contour.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated - ## @param contour.livenessProbe.periodSeconds How often to perform the probe - ## @param contour.livenessProbe.timeoutSeconds When the probe times out - ## @param contour.livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. - ## @param contour.livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 20 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param contour.readinessProbe.enabled Enable/disable the readiness probe - ## @param contour.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated - ## @param contour.readinessProbe.periodSeconds How often to perform the probe - ## @param contour.readinessProbe.timeoutSeconds When the probe times out - ## @param contour.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. - ## @param contour.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. - ## - readinessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - ## @param contour.securityContext.enabled If the pod should run in a securityContext. - ## @param contour.securityContext.runAsNonRoot If the pod should run as a non root container. - ## @param contour.securityContext.runAsUser define the uid with which the pod will run - ## @param contour.securityContext.runAsGroup define the gid with which the pod will run - ## - securityContext: - enabled: true - runAsNonRoot: true - runAsUser: 1001 - runAsGroup: 1001 - ## @param contour.certgen.serviceAccount.create Create a serviceAccount for the Contour pod - ## @param contour.certgen.serviceAccount.name Use the serviceAccount with the specified name, a name is generated using the fullname template - ## - certgen: - serviceAccount: - create: true - name: "" - ## @param contour.tlsExistingSecret Name of the existingSecret to be use in Contour deployment. If it is not nil `contour.certgen` will be disabled. - ## It will override `tlsExistingSecret` - ## - tlsExistingSecret: "" - ## Contour Service properties - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services - ## @param contour.service.extraPorts [array] Extra ports to expose (normally used with the `sidecar` value) - ## - service: - extraPorts: [] - ## @param contour.initContainers [array] Attach additional init containers to Contour pods - ## For example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## - initContainers: [] - ## @param contour.sidecars [array] Add additional sidecar containers to the Contour pods - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param contour.extraVolumes [array] Array to add extra volumes - ## - extraVolumes: [] - ## @param contour.extraVolumeMounts [array] Array to add extra mounts (normally used with extraVolumes) - ## - extraVolumeMounts: [] - ## @param contour.extraEnvVars [array] Array containing extra env vars to be added to all Contour containers - ## For example: - ## extraEnvVars: - ## - name: MY_ENV_VAR - ## value: env_var_value - ## - extraEnvVars: [] - ## @param contour.extraEnvVarsConfigMap ConfigMap containing extra env vars to be added to all Contour containers - ## - extraEnvVarsConfigMap: "" - ## @param contour.extraEnvVarsSecret Secret containing extra env vars to be added to all Contour containers - ## - extraEnvVarsSecret: "" - ## @param contour.ingressClass Name of the ingress class to route through this controller - ## - ingressClass: contour - -## @section Envoy parameters - -envoy: - ## @param envoy.enabled Envoy Proxy creation - ## - enabled: true - ## Bitnami Envoy image - ## ref: https://hub.docker.com/r/bitnami/envoy/tags/ - ## @param envoy.image.registry Envoy Proxy image registry - ## @param envoy.image.repository Envoy Proxy image repository - ## @param envoy.image.tag Envoy Proxy image tag (immutable tags are recommended) - ## @param envoy.image.pullPolicy Envoy image pull policy - ## @param envoy.image.pullSecrets [array] Envoy image pull secrets - ## - image: - registry: docker.io - repository: bitnami/envoy - tag: 1.19.1-debian-10-r26 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param envoy.extraArgs [array] Extra arguments passed to Envoy container - ## - extraArgs: [] - ## @param envoy.hostAliases [array] Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## Envoy container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## ref: https://projectcontour.io/guides/resource-limits/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param envoy.resources.limits [object] Specify resource limits which the container is not allowed to succeed. - ## @param envoy.resources.requests [object] Specify resource requests which the container needs to spawn. - resources: - ## Example: - ## limits: - ## cpu: 400m - ## memory: 250Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 25Mi - requests: {} - ## @param envoy.shutdownManager.resources.limits [object] Specify resource limits which the container is not allowed to succeed. - ## @param envoy.shutdownManager.resources.requests [object] Specify resource requests which the container needs to spawn. - shutdownManager: - resources: - ## Example: - ## limits: - ## cpu: 50m - ## memory: 32Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 10m - ## memory: 16Mi - requests: {} - ## @param envoy.kind Install as deployment or daemonset - ## - kind: daemonset - ## @param envoy.replicaCount Desired number of Controller pods - ## - replicaCount: 1 - ## @param envoy.updateStrategy [object] Strategy to use to update Pods - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: {} - ## @param envoy.revisionHistoryLimit The number of old history to retain to allow rollback - ## - revisionHistoryLimit: 10 - ## Controller Autoscaling configuration - ## @param envoy.autoscaling.enabled Enable autoscaling for Controller - ## @param envoy.autoscaling.minReplicas Minimum number of Controller replicas - ## @param envoy.autoscaling.maxReplicas Maximum number of Controller replicas - ## @param envoy.autoscaling.targetCPU Target CPU utilization percentage - ## @param envoy.autoscaling.targetMemory Target Memory utilization percentage - ## - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 11 - targetCPU: "" - targetMemory: "" - ## @param envoy.podAffinityPreset Envoy Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAffinityPreset: "" - ## @param envoy.podAntiAffinityPreset Envoy Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAntiAffinityPreset: "" - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## @param envoy.nodeAffinityPreset.type Envoy Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## @param envoy.nodeAffinityPreset.key Envoy Node label key to match Ignored if `affinity` is set. - ## @param envoy.nodeAffinityPreset.values [array] Envoy Node label values to match. Ignored if `affinity` is set. - ## - nodeAffinityPreset: - type: "" - key: "" - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param envoy.affinity [object] Affinity for Envoy pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param envoy.nodeSelector [object] Node labels for Envoy pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param envoy.tolerations [array] Tolerations for Envoy pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param envoy.podAnnotations [object] Envoy Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## Pod security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param envoy.podSecurityContext.enabled Envoy Pod securityContext - ## - podSecurityContext: - enabled: false - ## Envoy container security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param envoy.containerSecurityContext.enabled Envoy Container securityContext - ## @param envoy.containerSecurityContext.runAsUser User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) - ## - containerSecurityContext: - enabled: true - runAsUser: 0 - ## @param envoy.hostNetwork Envoy Pod host network access - ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#host-namespaces - ## - hostNetwork: false - ## @param envoy.dnsPolicy Envoy Pod Dns Policy's DNS Policy - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy - ## - dnsPolicy: ClusterFirst - ## @param envoy.tlsExistingSecret Name of the existingSecret to be use in Envoy deployment - ## - tlsExistingSecret: "" - ## @param envoy.serviceAccount.create Specifies whether a ServiceAccount should be created - ## @param envoy.serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template - ## @param envoy.serviceAccount.automountServiceAccountToken Whether to auto mount API credentials for a service account - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server - ## - serviceAccount: - create: true - name: "" - automountServiceAccountToken: false - ## @param envoy.livenessProbe.enabled Enable livenessProbe - ## @param envoy.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param envoy.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param envoy.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param envoy.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param envoy.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 20 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param envoy.readinessProbe.enabled Enable/disable the readiness probe - ## @param envoy.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated - ## @param envoy.readinessProbe.periodSeconds How often to perform the probe - ## @param envoy.readinessProbe.timeoutSeconds When the probe times out - ## @param envoy.readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. - ## @param envoy.readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. - ## - readinessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 3 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## @param envoy.terminationGracePeriodSeconds Envoy termination grace period in seconds - ## - terminationGracePeriodSeconds: 300 - ## @param envoy.logLevel Envoy log level - ## - logLevel: info - ## Envoy Service properties - ## - service: - ## @param envoy.service.type Type of Envoy service to create - ## - type: LoadBalancer - ## @param envoy.service.externalTrafficPolicy Envoy Service external cluster policy. If `envoy.service.type` is NodePort or LoadBalancer - ## - externalTrafficPolicy: Local - ## @param envoy.service.clusterIP Internal envoy cluster service IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param envoy.service.externalIPs [array] Envoy service external IP addresses - ## - externalIPs: [] - ## @param envoy.service.loadBalancerIP IP address to assign to load balancer (if supported) - ## - loadBalancerIP: "" - ## @param envoy.service.loadBalancerSourceRanges [array] List of IP CIDRs allowed access to load balancer (if supported) - ## - loadBalancerSourceRanges: [] - ## @param envoy.service.annotations [object] Annotations for Envoy service - ## - annotations: {} - ports: - ## @param envoy.service.ports.http Sets service http port - ## - http: 80 - ## @param envoy.service.ports.https Sets service https port - ## - https: 443 - ## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## @param envoy.service.nodePorts.http HTTP Port. If `envoy.service.type` is NodePort and this is non-empty - ## @param envoy.service.nodePorts.https HTTPS Port. If `envoy.service.type` is NodePort and this is non-empty - ## - nodePorts: - http: "" - https: "" - ## @param envoy.service.extraPorts [array] Extra ports to expose (normally used with the `sidecar` value) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services - ## - extraPorts: [] - ## @param envoy.useHostPort Enable/disable `hostPort` for TCP/80 and TCP/443 - ## - useHostPort: true - ## @param envoy.useHostIP Enable/disable `hostIP` - ## - useHostIP: false - ## @param envoy.hostPorts.http Sets `hostPort` http port - ## @param envoy.hostPorts.https Sets `hostPort` https port - ## - hostPorts: - http: 80 - https: 443 - ## @param envoy.hostIPs.http Sets `hostIP` http IP - ## @param envoy.hostIPs.https Sets `hostIP` https IP - ## - hostIPs: - http: 127.0.0.1 - https: 127.0.0.1 - ## Configures the ports the Envoy proxy listens on - ## @param envoy.containerPorts.http Sets http port inside Envoy pod (change this to >1024 to run envoy as a non-root user) - ## @param envoy.containerPorts.https Sets https port inside Envoy pod (change this to >1024 to run envoy as a non-root user) - ## - containerPorts: - http: 80 - https: 443 - ## @param envoy.initContainers [array] Attach additional init containers to Envoy pods - ## For example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## - initContainers: [] - ## @param envoy.extraVolumes [array] Array to add extra volumes - ## - extraVolumes: [] - ## @param envoy.extraVolumeMounts [array] Array to add extra mounts (normally used with extraVolumes) - ## - extraVolumeMounts: [] - ## @param envoy.extraEnvVars [array] Array containing extra env vars to be added to all Envoy containers - ## For example: - ## extraEnvVars: - ## - name: MY_ENV_VAR - ## value: env_var_value - ## - extraEnvVars: [] - ## @param envoy.extraEnvVarsConfigMap ConfigMap containing extra env vars to be added to all Envoy containers - ## - extraEnvVarsConfigMap: "" - ## @param envoy.extraEnvVarsSecret Secret containing extra env vars to be added to all Envoy containers - ## - extraEnvVarsSecret: "" - -## @section Default backend parameters - -## Default 404 backend -## -defaultBackend: - ## @param defaultBackend.enabled Enable a default backend based on NGINX - ## - enabled: false - ## Bitnami NGINX image - ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ - ## @param defaultBackend.image.registry Default backend image registry - ## @param defaultBackend.image.repository Default backend image name - ## @param defaultBackend.image.tag Default backend image tag - ## @param defaultBackend.image.pullPolicy Image pull policy - ## @param defaultBackend.image.pullSecrets [array] Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/nginx - tag: 1.21.3-debian-10-r12 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param defaultBackend.extraArgs [object] Additional command line arguments to pass to NGINX container - ## - extraArgs: {} - ## @param defaultBackend.containerPort HTTP container port number - ## - containerPort: 8080 - ## @param defaultBackend.hostAliases [array] Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param defaultBackend.replicaCount Desired number of default backend pods - ## - replicaCount: 1 - ## Default backend pods' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param defaultBackend.podSecurityContext.enabled Default backend Pod securityContext - ## @param defaultBackend.podSecurityContext.fsGroup Set Default backend Pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Default backend containers' Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param defaultBackend.containerSecurityContext.enabled Default backend container securityContext - ## @param defaultBackend.containerSecurityContext.runAsUser User ID for the Envoy container (to change this, http and https containerPorts must be set to >1024) - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## Default backend containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. - ## @param defaultBackend.resources.limits [object] The resources limits for the Default backend container - ## @param defaultBackend.resources.requests [object] The requested resources for the Default backend container - ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## Default backend containers' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param defaultBackend.livenessProbe.enabled Enable livenessProbe - ## @param defaultBackend.livenessProbe.httpGet [object] Path, port and scheme for the livenessProbe - ## @param defaultBackend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param defaultBackend.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param defaultBackend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param defaultBackend.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param defaultBackend.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - httpGet: - path: / - port: http - scheme: HTTP - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - ## Default backend containers' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param defaultBackend.readinessProbe.enabled Enable readinessProbe - ## @param defaultBackend.readinessProbe.httpGet [object] Path, port and scheme for the readinessProbe - ## @param defaultBackend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param defaultBackend.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param defaultBackend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param defaultBackend.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param defaultBackend.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - httpGet: - path: / - port: http - scheme: HTTP - failureThreshold: 6 - initialDelaySeconds: 0 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - ## @param defaultBackend.customLivenessProbe [object] Override default liveness probe, it overrides the default one (evaluated as a template) - ## - customLivenessProbe: {} - ## @param defaultBackend.customReadinessProbe [object] Override default readiness probe, it overrides the default one (evaluated as a template) - ## - customReadinessProbe: {} - ## @param defaultBackend.podLabels [object] Extra labels for Controller pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param defaultBackend.podAnnotations [object] Annotations for Controller pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param defaultBackend.priorityClassName Priority class assigned to the pods - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - ## - priorityClassName: "" - ## @param defaultBackend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAffinityPreset: "" - ## @param defaultBackend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## @param defaultBackend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## @param defaultBackend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## @param defaultBackend.nodeAffinityPreset.values [array] Node label values to match. Ignored if `affinity` is set. - ## - nodeAffinityPreset: - type: "" - key: "" - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param defaultBackend.affinity [object] Affinity for pod assignment. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: defaultBackend.podAffinityPreset, defaultBackend.podAntiAffinityPreset, and defaultBackend.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param defaultBackend.nodeSelector [object] Node labels for pod assignment. Evaluated as a template. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param defaultBackend.tolerations [array] Tolerations for pod assignment. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## Default backend Service parameters - ## @param defaultBackend.service.type Service type - ## @param defaultBackend.service.port Service port - ## - service: - type: ClusterIP - port: 80 - ## PodDisruptionBudget for default backend - ## Default backend Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## @param defaultBackend.pdb.create Enable Pod Disruption Budget configuration - ## @param defaultBackend.pdb.minAvailable Minimum number/percentage of Default backend pods that should remain scheduled - ## @param defaultBackend.pdb.maxUnavailable Maximum number/percentage of Default backend pods that should remain scheduled - ## - pdb: - create: false - minAvailable: 1 - maxUnavailable: "" - -## @section Metrics parameters - -## Prometheus Operator service monitors -## @param prometheus.serviceMonitor.namespace Specify if the servicemonitors will be deployed into a different namespace (blank deploys into same namespace as chart) -## @param prometheus.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator. -## @param prometheus.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator -## @param prometheus.serviceMonitor.interval Specify the scrape interval if not specified use default prometheus scrapeIntervall, the Prometheus default scrape interval is used. -## @param prometheus.serviceMonitor.metricRelabelings [array] Specify additional relabeling of metrics. -## @param prometheus.serviceMonitor.relabelings [array] Specify general relabeling. -## -prometheus: - serviceMonitor: - namespace: "" - enabled: false - jobLabel: "app.kubernetes.io/name" - interval: "" - metricRelabelings: [] - relabelings: [] - -## @section Other parameters - -## @param rbac.create Create the RBAC roles for API accessibility -## -rbac: - create: true - ## @param rbac.rules [array] Custom RBAC rules to set - ## e.g: - ## rules: - ## - apiGroups: - ## - "" - ## resources: - ## - pods - ## verbs: - ## - get - ## - list - ## - rules: [] -## @param tlsExistingSecret Name of the existingSecret to be use in both contour and envoy. If it is not nil `contour.certgen` will be disabled. -## -tlsExistingSecret: "" diff --git a/bitnami/dataplatform-bp1/Chart.lock b/bitnami/dataplatform-bp1/Chart.lock deleted file mode 100644 index aa9f52a..0000000 --- a/bitnami/dataplatform-bp1/Chart.lock +++ /dev/null @@ -1,21 +0,0 @@ -dependencies: -- name: kafka - repository: https://charts.bitnami.com/bitnami - version: 14.1.1 -- name: spark - repository: https://charts.bitnami.com/bitnami - version: 5.7.2 -- name: solr - repository: https://charts.bitnami.com/bitnami - version: 2.0.5 -- name: zookeeper - repository: https://charts.bitnami.com/bitnami - version: 7.4.3 -- name: wavefront - repository: https://charts.bitnami.com/bitnami - version: 3.1.12 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:45a08d22391bd8ce79b3ea067490b095d4469a110446d45007ce3a81d14c9878 -generated: "2021-09-23T07:41:30.671578389Z" diff --git a/bitnami/dataplatform-bp1/Chart.yaml b/bitnami/dataplatform-bp1/Chart.yaml deleted file mode 100644 index f7e89d4..0000000 --- a/bitnami/dataplatform-bp1/Chart.yaml +++ /dev/null @@ -1,62 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 0.0.11 -dependencies: - - condition: kafka.enabled - name: kafka - repository: https://charts.bitnami.com/bitnami - version: 14.x.x - - condition: spark.enabled - name: spark - repository: https://charts.bitnami.com/bitnami - version: 5.x.x - - condition: solr.enabled - name: solr - repository: https://charts.bitnami.com/bitnami - version: 2.x.x - - condition: zookeeper.enabled - name: zookeeper - repository: https://charts.bitnami.com/bitnami - version: 7.x.x - - condition: wavefront.enabled - name: wavefront - repository: https://charts.bitnami.com/bitnami - version: 3.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: OCTO Data platform Kafka-Spark-Solr Helm Chart -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/dataplatform-bp1 -icon: https://bitnami.com/assets/stacks/dataplatform-bp1/img/dataplatform-bp1-stack-220x234.png -keywords: - - dataplatform - - kafka - - spark - - solr - - zookeeper - - wavefront - - observability - - apache - - tanzuobservability -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: dataplatform-bp1 -sources: - - https://github.com/bitnami/bitnami-docker-kafka - - https://kafka.apache.org/ - - https://github.com/bitnami/bitnami-docker-spark - - https://spark.apache.org/ - - https://lucene.apache.org/solr/ - - https://github.com/bitnami/bitnami-docker-solr - - https://zookeeper.apache.org/ - - https://github.com/bitnami/bitnami-docker-zookeeper - - https://github.com/bitnami/bitnami-docker-wavefront-kubernetes-collector - - https://github.com/bitnami/bitnami-docker-wavefront-proxy - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy -version: 8.0.0 diff --git a/bitnami/dataplatform-bp1/README.md b/bitnami/dataplatform-bp1/README.md deleted file mode 100644 index cb791b6..0000000 --- a/bitnami/dataplatform-bp1/README.md +++ /dev/null @@ -1,493 +0,0 @@ -# Data Platform Blueprint 1 with Kafka-Spark-Solr - -Enterprise applications increasingly rely on large amounts of data, that needs be distributed, processed, and stored. -Open source and commercial supported software stacks are available to implement a data platform, that can offer -common data management services, accelerating the development and deployment of data hungry business applications. - -This Helm chart enables the fully automated Kubernetes deployment of such multi-stack data platform, covering the following software components: - -- Apache Kafka – Data distribution bus with buffering capabilities -- Apache Spark – In-memory data analytics -- Solr – Data persistence and search -- Data Platform Prometheus Exporter - Prometheus exporter that emits the health metrics of the data platform - -These containerized stateful software stacks are deployed in multi-node cluster configurations, which is defined by the -Helm chart blueprint for this data platform deployment, covering: - -- Pod placement rules – Affinity rules to ensure placement diversity to prevent single point of failures and optimize load distribution -- Pod resource sizing rules – Optimized Pod and JVM sizing settings for optimal performance and efficient resource usage -- Default settings to ensure Pod access security -- Optional [Tanzu Observability](https://docs.wavefront.com/kubernetes.html) framework configuration - -In addition to the Pod resource optimizations, this blueprint is validated and tested to provide Kubernetes node count and sizing recommendations [(see Kubernetes Cluster Requirements)](#kubernetes-cluster-requirements) to facilitate cloud platform capacity planning. The goal is optimize the number of required Kubernetes nodes in order to optimize server resource usage and, at the same time, ensuring runtime and resource diversity. - -The first release of this blueprint defines a small size data platform deployment, deployed on 3 Kubernetes application nodes with physical diverse underlying server infrastructure. - -Use cases for this small size data platform setup include: data and application evaluation, development, and functional testing. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/dataplatform-bp1 -``` - -## Introduction - -This chart bootstraps Data Platform Blueprint-1 deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -The "Small" size data platform in default configuration deploys the following: -1. Zookeeper with 3 nodes to be used for both Kafka and Solr -2. Kafka with 3 nodes using the zookeeper deployed above -3. Solr with 2 nodes using the zookeeper deployed above -4. Spark with 1 Master and 2 worker nodes -5. Data Platform Metrics emitter and Prometheus exporter - -The data platform can be optionally deployed with the Tanzu observability framework. In that case, the wavefront collectors will be set up as a DaemonSet to collect the Kubernetes cluster metrics to enable runtime feed into the Tanzu Observability service. It will also be pre-configured to scrape the metrics from the Prometheus endpoint that each application (Kafka/Spark/Solr) emits the metrics to. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure - -## Kubernetes Cluster requirements - -Below are the minimum Kubernetes Cluster requirements for "Small" size data platform: - -| Data Platform Size | Kubernetes Cluster Size | Usage | -|:-------------------|:-----------------------------------------------------------------------------|:----------------------------------------------------------------------------| -| Small | 1 Master Node (2 CPU, 4Gi Memory)
3 Worker Nodes (4 CPU, 32Gi Memory) | Data and application evaluation, development, and functional testing
| - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/dataplatform-bp1 -``` - -These commands deploy Data Platform on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists recommended configurations of the parameters to bring up an optimal and resilient data platform. Please refer the individual charts for the remaining set of configurable parameters. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------ | ----- | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | - - -### Data Platform Chart parameters - -| Name | Description | Value | -| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ------------------------------- | -| `dataplatform.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `dataplatform.serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `dataplatform.serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | -| `dataplatform.rbac.create` | Whether to create & use RBAC resources or not | `true` | -| `dataplatform.exporter.enabled` | Start a prometheus exporter | `true` | -| `dataplatform.exporter.image.registry` | dataplatform exporter image registry | `docker.io` | -| `dataplatform.exporter.image.repository` | dataplatform exporter image repository | `bitnami/dataplatform-exporter` | -| `dataplatform.exporter.image.tag` | dataplatform exporter image tag (immutable tags are recommended) | `0.0.11-scratch-r2` | -| `dataplatform.exporter.image.pullPolicy` | dataplatform exporter image pull policy | `IfNotPresent` | -| `dataplatform.exporter.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `dataplatform.exporter.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `dataplatform.exporter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `dataplatform.exporter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `dataplatform.exporter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `15` | -| `dataplatform.exporter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `15` | -| `dataplatform.exporter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `dataplatform.exporter.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `dataplatform.exporter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `dataplatform.exporter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `dataplatform.exporter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `15` | -| `dataplatform.exporter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | -| `dataplatform.exporter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `15` | -| `dataplatform.exporter.startupProbe.enabled` | Enable startupProbe | `false` | -| `dataplatform.exporter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `dataplatform.exporter.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | -| `dataplatform.exporter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `15` | -| `dataplatform.exporter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `dataplatform.exporter.startupProbe.successThreshold` | Success threshold for startupProbe | `15` | -| `dataplatform.exporter.containerPorts.http` | Data Platform Prometheus exporter port | `9090` | -| `dataplatform.exporter.priorityClassName` | exporter priorityClassName | `""` | -| `dataplatform.exporter.command` | Override Data Platform Exporter entrypoint string. | `[]` | -| `dataplatform.exporter.args` | Arguments for the provided command if needed | `[]` | -| `dataplatform.exporter.resources.limits` | The resources limits for the container | `{}` | -| `dataplatform.exporter.resources.requests` | The requested resources for the container | `{}` | -| `dataplatform.exporter.containerSecurityContext.enabled` | Enable Data Platform exporter containers' Security Context | `true` | -| `dataplatform.exporter.containerSecurityContext.runAsUser` | User ID for the containers. | `1001` | -| `dataplatform.exporter.containerSecurityContext.runAsNonRoot` | Enable Data Platform exporter containers' Security Context runAsNonRoot | `true` | -| `dataplatform.exporter.podSecurityContext.enabled` | Enable Data Platform exporter pods' Security Context | `true` | -| `dataplatform.exporter.podSecurityContext.fsGroup` | Group ID for the pods. | `1001` | -| `dataplatform.exporter.podAffinityPreset` | Data Platform exporter pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dataplatform.exporter.podAntiAffinityPreset` | Data Platform exporter pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `dataplatform.exporter.nodeAffinityPreset.type` | Data Platform exporter node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dataplatform.exporter.nodeAffinityPreset.key` | Data Platform exporter node label key to match Ignored if `affinity` is set. | `""` | -| `dataplatform.exporter.nodeAffinityPreset.values` | Data Platform exporter node label values to match. Ignored if `affinity` is set. | `[]` | -| `dataplatform.exporter.affinity` | Affinity settings for exporter pod assignment. Evaluated as a template | `{}` | -| `dataplatform.exporter.nodeSelector` | Node labels for exporter pods assignment. Evaluated as a template | `{}` | -| `dataplatform.exporter.tolerations` | Tolerations for exporter pods assignment. Evaluated as a template | `[]` | -| `dataplatform.exporter.podLabels` | Additional labels for Metrics exporter pod | `{}` | -| `dataplatform.exporter.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` | -| `dataplatform.exporter.customLivenessProbe` | Override default liveness probe | `{}` | -| `dataplatform.exporter.customReadinessProbe` | Override default readiness probe | `{}` | -| `dataplatform.exporter.customStartupProbe` | Override default startup probe | `{}` | -| `dataplatform.exporter.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `dataplatform.exporter.updateStrategy.rollingUpdate` | Deployment rolling update configuration parameters | `{}` | -| `dataplatform.exporter.extraEnvVars` | Additional environment variables to set | `[]` | -| `dataplatform.exporter.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `dataplatform.exporter.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `dataplatform.exporter.extraVolumes` | Extra volumes to add to the deployment | `[]` | -| `dataplatform.exporter.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | -| `dataplatform.exporter.initContainers` | Add init containers to the %%MAIN_CONTAINER_NAME%% pods | `[]` | -| `dataplatform.exporter.sidecars` | Add sidecars to the %%MAIN_CONTAINER_NAME%% pods | `[]` | -| `dataplatform.exporter.service.type` | Service type for default Data Platform Prometheus exporter service | `ClusterIP` | -| `dataplatform.exporter.service.annotations` | Metrics exporter service annotations | `{}` | -| `dataplatform.exporter.service.labels` | Additional labels for Data Platform exporter service | `{}` | -| `dataplatform.exporter.service.ports.http` | Kubernetes Service port | `9090` | -| `dataplatform.exporter.service.loadBalancerIP` | Load balancer IP for the Data Platform Exporter Service (optional, cloud specific) | `""` | -| `dataplatform.exporter.service.nodePorts.http` | Node ports for the HTTP exporter service | `""` | -| `dataplatform.exporter.service.loadBalancerSourceRanges` | Exporter Load Balancer Source ranges | `[]` | -| `dataplatform.exporter.hostAliases` | Deployment pod host aliases | `[]` | -| `dataplatform.emitter.enabled` | Start Data Platform metrics emitter | `true` | -| `dataplatform.emitter.image.registry` | Data Platform emitter image registry | `docker.io` | -| `dataplatform.emitter.image.repository` | Data Platform emitter image repository | `bitnami/dataplatform-emitter` | -| `dataplatform.emitter.image.tag` | Data Platform emitter image tag (immutable tags are recommended) | `0.0.10-scratch-r1` | -| `dataplatform.emitter.image.pullPolicy` | Data Platform emitter image pull policy | `IfNotPresent` | -| `dataplatform.emitter.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `dataplatform.emitter.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `dataplatform.emitter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `dataplatform.emitter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `dataplatform.emitter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `15` | -| `dataplatform.emitter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `15` | -| `dataplatform.emitter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `dataplatform.emitter.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `dataplatform.emitter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `dataplatform.emitter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `dataplatform.emitter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `15` | -| `dataplatform.emitter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | -| `dataplatform.emitter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `15` | -| `dataplatform.emitter.startupProbe.enabled` | Enable startupProbe | `false` | -| `dataplatform.emitter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `dataplatform.emitter.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | -| `dataplatform.emitter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `15` | -| `dataplatform.emitter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `dataplatform.emitter.startupProbe.successThreshold` | Success threshold for startupProbe | `15` | -| `dataplatform.emitter.containerPorts.http` | Data Platform emitter port | `8091` | -| `dataplatform.emitter.priorityClassName` | exporter priorityClassName | `""` | -| `dataplatform.emitter.command` | Override Data Platform entrypoint string. | `[]` | -| `dataplatform.emitter.args` | Arguments for the provided command if needed | `[]` | -| `dataplatform.emitter.resources.limits` | The resources limits for the container | `{}` | -| `dataplatform.emitter.resources.requests` | The requested resources for the container | `{}` | -| `dataplatform.emitter.containerSecurityContext.enabled` | Enable Data Platform emitter containers' Security Context | `true` | -| `dataplatform.emitter.containerSecurityContext.runAsUser` | User ID for the containers. | `1001` | -| `dataplatform.emitter.containerSecurityContext.runAsNonRoot` | Enable Data Platform emitter containers' Security Context runAsNonRoot | `true` | -| `dataplatform.emitter.podSecurityContext.enabled` | Enable Data Platform emitter pods' Security Context | `true` | -| `dataplatform.emitter.podSecurityContext.fsGroup` | Group ID for the pods. | `1001` | -| `dataplatform.emitter.podAffinityPreset` | Data Platform emitter pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dataplatform.emitter.podAntiAffinityPreset` | Data Platform emitter pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `dataplatform.emitter.nodeAffinityPreset.type` | Data Platform emitter node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dataplatform.emitter.nodeAffinityPreset.key` | Data Platform emitter node label key to match Ignored if `affinity` is set. | `""` | -| `dataplatform.emitter.nodeAffinityPreset.values` | Data Platform emitter node label values to match. Ignored if `affinity` is set. | `[]` | -| `dataplatform.emitter.affinity` | Affinity settings for emitter pod assignment. Evaluated as a template | `{}` | -| `dataplatform.emitter.nodeSelector` | Node labels for emitter pods assignment. Evaluated as a template | `{}` | -| `dataplatform.emitter.tolerations` | Tolerations for emitter pods assignment. Evaluated as a template | `[]` | -| `dataplatform.emitter.podLabels` | Additional labels for Metrics emitter pod | `{}` | -| `dataplatform.emitter.podAnnotations` | Additional annotations for Metrics emitter pod | `{}` | -| `dataplatform.emitter.customLivenessProbe` | Override default liveness probe%%MAIN_CONTAINER_NAME%% | `{}` | -| `dataplatform.emitter.customReadinessProbe` | Override default readiness probe%%MAIN_CONTAINER_NAME%% | `{}` | -| `dataplatform.emitter.customStartupProbe` | Override default startup probe | `{}` | -| `dataplatform.emitter.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `dataplatform.emitter.updateStrategy.rollingUpdate` | Deployment rolling update configuration parameters | `{}` | -| `dataplatform.emitter.extraEnvVars` | Additional environment variables to set | `[]` | -| `dataplatform.emitter.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `dataplatform.emitter.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `dataplatform.emitter.extraVolumes` | Extra volumes to add to the deployment | `[]` | -| `dataplatform.emitter.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | -| `dataplatform.emitter.initContainers` | Add init containers to the %%MAIN_CONTAINER_NAME%% pods | `[]` | -| `dataplatform.emitter.sidecars` | Add sidecars to the %%MAIN_CONTAINER_NAME%% pods | `[]` | -| `dataplatform.emitter.service.type` | Service type for default Data Platform metrics emitter service | `ClusterIP` | -| `dataplatform.emitter.service.annotations` | annotations for Data Platform emitter service | `{}` | -| `dataplatform.emitter.service.labels` | Additional labels for Data Platform emitter service | `{}` | -| `dataplatform.emitter.service.ports.http` | Kubernetes Service port | `8091` | -| `dataplatform.emitter.service.loadBalancerIP` | Load balancer IP for the dataplatform emitter Service (optional, cloud specific) | `""` | -| `dataplatform.emitter.service.nodePorts.http` | Node ports for the HTTP emitter service | `""` | -| `dataplatform.emitter.service.loadBalancerSourceRanges` | Data Platform Emitter Load Balancer Source ranges | `[]` | -| `dataplatform.emitter.hostAliases` | Deployment pod host aliases | `[]` | - - -### Zookeeper chart parameters - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------------------------------------------------------- | ------ | -| `zookeeper.enabled` | Switch to enable or disable the Zookeeper helm chart | `true` | -| `zookeeper.replicaCount` | Number of Zookeeper replicas | `3` | -| `zookeeper.heapSize` | Size in MB for the Java Heap options (Xmx and XMs). | `4096` | -| `zookeeper.resources.limits` | The resources limits for Zookeeper containers | `{}` | -| `zookeeper.resources.requests` | The requested resources for Zookeeper containers | `{}` | -| `zookeeper.affinity.podAntiAffinity` | Zookeeper pods Anti Affinity rules for best possible resiliency (evaluated as a template) | `{}` | - - -### Kafka chart parameters - -| Name | Description | Value | -| ---------------------------------------- | ----------------------------------------------------------------------------------------- | ----------------------------------- | -| `kafka.enabled` | Switch to enable or disable the Kafka helm chart | `true` | -| `kafka.replicaCount` | Number of Kafka replicas | `3` | -| `kafka.heapOpts` | Kafka's Java Heap size | `-Xmx4096m -Xms4096m` | -| `kafka.resources.limits` | The resources limits for Kafka containers | `{}` | -| `kafka.resources.requests` | The requested resources for Kafka containers | `{}` | -| `kafka.affinity.podAntiAffinity` | Zookeeper pods Anti Affinity rules for best possible resiliency (evaluated as a template) | `{}` | -| `kafka.affinity.podAffinity` | Zookeeper pods Affinity rules for best possible resiliency (evaluated as a template) | `{}` | -| `kafka.metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` | -| `kafka.metrics.kafka.resources.limits` | The resources limits for the container | `{}` | -| `kafka.metrics.kafka.resources.requests` | Kafka Exporter container resource requests | `{}` | -| `kafka.metrics.kafka.service.port` | Kafka Exporter Prometheus port to be used in Wavefront configuration | `9308` | -| `kafka.metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | -| `kafka.metrics.jmx.resources.limits` | The resources limits for the container | `{}` | -| `kafka.metrics.jmx.resources.requests` | JMX Exporter container resource requests | `{}` | -| `kafka.metrics.jmx.service.port` | JMX Exporter Prometheus port | `5556` | -| `kafka.zookeeper.enabled` | Switch to enable or disable the Zookeeper helm chart | `false` | -| `kafka.externalZookeeper.servers` | Server or list of external Zookeeper servers to use | `["{{ .Release.Name }}-zookeeper"]` | - - -### Solr chart parameters - -| Name | Description | Value | -| ------------------------------------ | ---------------------------------------------------------------------------------------------- | ----------------------------------- | -| `solr.enabled` | Switch to enable or disable the Solr helm chart | `true` | -| `solr.replicaCount` | Number of Solr replicas | `2` | -| `solr.authentication.enabled` | Enable Solr authentication. BUG: Exporter deployment does not work with authentication enabled | `false` | -| `solr.javaMem` | Java recommended memory options to pass to the Solr container | `-Xmx4096m -Xms4096m` | -| `solr.affinity.podAntiAffinity` | Zookeeper pods Anti Affinity rules for best possible resiliency (evaluated as a template) | `{}` | -| `solr.resources.limits` | The resources limits for Solr containers | `{}` | -| `solr.resources.requests` | The requested resources for Solr containers | `{}` | -| `solr.exporter.enabled` | Start a prometheus exporter | `false` | -| `solr.exporter.port` | Solr exporter port | `9983` | -| `solr.exporter.affinity.podAffinity` | Zookeeper pods Affinity rules for best possible resiliency (evaluated as a template) | `{}` | -| `solr.exporter.resources.limits` | The resources limits for the container | `{}` | -| `solr.exporter.resources.requests` | The requested resources for the container | `{}` | -| `solr.zookeeper.enabled` | Enable Zookeeper deployment. Needed for Solr cloud. | `false` | -| `solr.externalZookeeper.servers` | Servers for an already existing Zookeeper. | `["{{ .Release.Name }}-zookeeper"]` | - - -### Spark chart parameters - -| Name | Description | Value | -| --------------------------------------- | ----------------------------------------------------------------------------------------- | ------- | -| `spark.enabled` | Switch to enable or disable the Spark helm chart | `true` | -| `spark.master.webPort` | Specify the port where the web interface will listen on the master | `8080` | -| `spark.master.resources.limits` | The resources limits for the container | `{}` | -| `spark.master.resources.requests` | The resources limits for the container | `{}` | -| `spark.master.affinity.podAntiAffinity` | Zookeeper pods Anti Affinity rules for best possible resiliency (evaluated as a template) | `{}` | -| `spark.worker.replicaCount` | Set the number of workers | `2` | -| `spark.worker.webPort` | Specify the port where the web interface will listen on the worker | `8081` | -| `spark.worker.affinity.podAntiAffinity` | Zookeeper pods Anti Affinity rules for best possible resiliency (evaluated as a template) | `{}` | -| `spark.worker.resources.limits` | The resources limits for the container | `{}` | -| `spark.worker.resources.requests` | The resources limits for the container | `{}` | -| `spark.metrics.enabled` | Start a side-car Prometheus exporter | `false` | -| `spark.metrics.masterAnnotations` | Annotations for enabling prometheus to access the metrics endpoint of the master nodes | `{}` | -| `spark.metrics.workerAnnotations` | Annotations for enabling prometheus to access the metrics endpoint of the worker nodes | `{}` | - - -### Tanzu Observability (Wavefront) chart parameters - -| Name | Description | Value | -| ---------------------------------------------------- | ---------------------------------------------------- | ------------------------------------ | -| `wavefront.enabled` | Switch to enable or disable the Wavefront helm chart | `false` | -| `wavefront.clusterName` | Unique name for the Kubernetes cluster (required) | `KUBERNETES_CLUSTER_NAME` | -| `wavefront.wavefront.url` | Wavefront URL for your cluster (required) | `https://YOUR_CLUSTER.wavefront.com` | -| `wavefront.wavefront.token` | Wavefront API Token (required) | `YOUR_API_TOKEN` | -| `wavefront.wavefront.existingSecret` | Name of an existing secret containing the token | `""` | -| `wavefront.collector.resources.limits` | The resources limits for the collector container | `{}` | -| `wavefront.collector.resources.requests` | The requested resources for the collector container | `{}` | -| `wavefront.collector.discovery.enabled` | Rules based and Prometheus endpoints auto-discovery | `true` | -| `wavefront.collector.discovery.enableRuntimeConfigs` | Enable runtime discovery rules | `true` | -| `wavefront.collector.discovery.config` | Configuration for rules based auto-discovery | `[]` | -| `wavefront.proxy.resources.limits` | The resources limits for the proxy container | `{}` | -| `wavefront.proxy.resources.requests` | The requested resources for the proxy container | `{}` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set kafka.replicaCount=3 \ - bitnami/dataplatform-bp1 -``` - -The above command deploys the data platform with Kafka with 3 nodes (replicas). - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/dataplatform-bp1 -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -### Data Platform Deployment with Observability Framework - -In the default deployment, the helm chart deploys the data platform with [Metrics Emitter](https://hub.docker.com/r/bitnami/dataplatform-emitter) and [Prometheus Exporter](https://hub.docker.com/r/bitnami/dataplatform-exporter) which emit the health metrics of the data platform which can be integrated with your observability solution. - -In case you need to deploy the data platform with [Tanzu Observability](https://docs.wavefront.com/kubernetes.html) Framework for all the applications (Kafka/Spark/Solr) in the data platform, you can specify the 'enabled' parameter using the `--set .metrics.enabled=true` argument to `helm install`. For Solr, the parameter is `solr.exporter.enabled=true` For Example, - -```console -$ helm install my-release bitnami/dataplatform-bp1 \ - --set kafka.metrics.kafka.enabled=true \ - --set kafka.metrics.jmx.enabled=true \ - --set spark.metrics.enabled=true \ - --set solr.exporter.enabled=true \ - --set wavefront.enabled=true \ - --set wavefront.clusterName= \ - --set wavefront.wavefront.url=https://.wavefront.com \ - --set wavefront.wavefront.token= -``` - -If you want to use an existing Wavefront deployment, edit the Wavefront Collector ConfigMap and add the following snippet under discovery plugins. Once done, restart the wavefront collectors DaemonSet. - -```console -$ kubectl edit configmap wavefront-collector-config -n wavefront -``` - -Add the below config: - -```yaml - discovery: - enable_runtime_plugins: true - plugins: - ## auto-discover kafka-exporter - - name: kafka-discovery - type: prometheus - selectors: - images: - - '*bitnami/kafka-exporter*' - port: 9308 - path: /metrics - scheme: http - prefix: kafka. - - ## auto-discover jmx exporter - - name: kafka-jmx-discovery - type: prometheus - selectors: - images: - - '*bitnami/jmx-exporter*' - port: 5556 - path: /metrics - scheme: http - prefix: kafkajmx. - - ## auto-discover solr - - name: solr-discovery - type: prometheus - selectors: - images: - - '*bitnami/solr*' - port: 9983 - path: /metrics - scheme: http - - ## auto-discover spark - - name: spark-worker-discovery - type: prometheus - selectors: - images: - - '*bitnami/spark*' - port: 8081 - path: /metrics/ - scheme: http - prefix: spark. - - ## auto-discover spark - - name: spark-master-discovery - type: prometheus - selectors: - images: - - '*bitnami/spark*' - port: 8080 - path: /metrics/ - scheme: http - prefix: spark. -``` - -Below is the command to restart the DaemonSets - -```console -$ kubectl rollout restart daemonsets wavefront-collector -n wavefront -``` - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -In order to render complete information about the deployment including all the sub-charts, please use --render-subchart-notes flag while installing the chart. - -## Upgrading - -### To 8.0.0 - -This major adds the data platform metrics emitter and Prometheus exporters to the chart which emit health metrics of the data platform. - -### To 7.0.0 - -This major updates the Kafka subchart and the Solr subchart to their newest major, 14.0.0 and 2.0.0 respectively. [Here](https://github.com/bitnami/charts/pull/7114) you can find more information about the changes introduced in those versions. - -### To 6.0.0 - -This major updates the Kafka subchart and the Solr subchart to their newest major, 13.0.0 and 1.0.0 respectively. - -### To 5.0.0 - -This major updates the Zookeeper subchart to it newest major, 7.0.0, which renames all TLS-related settings. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/zookeeper#to-700). - -### To 4.0.0 - -This major version updates the prefixes of individual applications metrics in Wavefront Collectors which are fed to Tanzu observability in order to light up the individual dashboards of Kafka, Spark and Solr on Tanzu Observability platform. - -### To 3.0.0 - -This major updates the wavefront subchart to it newest major, 3.0.0, which contains a new major for kube-state-metrics. For more information on this subchart's major, please refer to [wavefront upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/wavefront#to-300). - -### To 2.0.0 - -The affinity rules have been updated to allow deploying this chart and the `dataplatform-bp2` chart in the same cluster. - -### To 1.0.0 - -This version updates the wavefront dependency to `2.x.x` where wavefront started to use a scratch image instead of debian. This can affect a current deployment if wavefront commands were provided. From now on, the only command that you will be able to execute inside the wavefront pod will be `/wavefront-collector`. diff --git a/bitnami/dataplatform-bp1/templates/NOTES.txt b/bitnami/dataplatform-bp1/templates/NOTES.txt deleted file mode 100644 index 0dede26..0000000 --- a/bitnami/dataplatform-bp1/templates/NOTES.txt +++ /dev/null @@ -1,51 +0,0 @@ -** Data Platform Blueprint 1 is being deployed, it could take some time to be ready ** - -The following components are being deployed to your cluster: - -{{- if .Values.kafka.enabled }} - -*********** -** Kafka ** -*********** - -To access the Kafka service from your local machine execute the following: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "subcomponent.service.name" ( dict "componentName" "kafka" "context" $ ) }} 9092:9092 & - echo "Kafka service available at : http://127.0.0.1:9092" -{{- end -}} - -{{- if .Values.solr.enabled }} - -********** -** Solr ** -********** - -To access the Solr service from your local machine execute the following: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "subcomponent.service.name" ( dict "componentName" "solr" "context" $ ) }} 8983:8983 & - echo "Solr service available at : http://127.0.0.1:8983" -{{- end -}} - -{{- if .Values.spark.enabled }} - -*********** -** Spark ** -*********** - -To access the Spark service from your local machine execute the following: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "subcomponent.service.name" ( dict "componentName" "spark" "context" $ ) }} 8080:80 & - echo "Spark service available at : http://127.0.0.1:8080" -{{- end -}} - -{{- if .Values.zookeeper.enabled }} - -*************** -** Zookeeper ** -*************** - -To access the Zookeeper service from your local machine execute the following: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "subcomponent.service.name" ( dict "componentName" "zookeeper" "context" $ ) }} 2181:2181 & - echo "Zookeeper service available at : http://127.0.0.1:2181" -{{- end -}} diff --git a/bitnami/dataplatform-bp1/templates/_helpers.tpl b/bitnami/dataplatform-bp1/templates/_helpers.tpl deleted file mode 100644 index abe45cb..0000000 --- a/bitnami/dataplatform-bp1/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* -Return the proper service name for a subcomponent -Usage: -{{ include "subcomponent.service.name" ( dict "componentName" "name" "context" $ ) }} -*/}} -{{- define "subcomponent.service.name" -}} -{{- printf "%s-%s" .context.Release.Name .componentName -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "dataplatform.fullname" -}} -{{- include "common.names.fullname" . -}} -{{- end -}} - -{{/* -Define the name of the dataplatform exporter -*/}} -{{- define "dataplatform.exporter-name" -}} -{{- printf "%s-%s" (include "dataplatform.fullname" .) "exporter" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Define the name of the dataplatform emitter -*/}} -{{- define "dataplatform.emitter-name" -}} -{{- printf "%s-%s" (include "dataplatform.fullname" .) "emitter" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* - Create the name of the service account to use - */}} -{{- define "dataplatform.serviceAccountName" -}} -{{- if .Values.dataplatform.serviceAccount.create -}} - {{- default (include "dataplatform.fullname" .) .Values.dataplatform.serviceAccount.name -}} -{{- else -}} - {{- default "default" .Values.dataplatform.serviceAccount.name -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper dataplatform-exporter image name -*/}} -{{- define "dataplatform.exporter.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.dataplatform.exporter.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "dataplatform.exporter.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.dataplatform.exporter.image ) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper dataplatform-emitter image name -*/}} -{{- define "dataplatform.emitter.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.dataplatform.emitter.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "dataplatform.emitter.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.dataplatform.emitter.image ) "global" .Values.global) -}} -{{- end -}} \ No newline at end of file diff --git a/bitnami/dataplatform-bp1/templates/emitter-deployment.yaml b/bitnami/dataplatform-bp1/templates/emitter-deployment.yaml deleted file mode 100644 index 0719251..0000000 --- a/bitnami/dataplatform-bp1/templates/emitter-deployment.yaml +++ /dev/null @@ -1,154 +0,0 @@ -{{- if .Values.dataplatform.emitter.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-emitter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "dataplatform.emitter-name" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace | quote }} -spec: - replicas: 1 - {{- if .Values.dataplatform.emitter.updateStrategy }} - strategy: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.updateStrategy "context" $) | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: dataplatform-emitter - template: - metadata: - annotations: - {{- if .Values.dataplatform.emitter.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: dataplatform-emitter - {{- if .Values.dataplatform.emitter.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ include "dataplatform.serviceAccountName" . }} - {{- include "dataplatform.emitter.imagePullSecrets" . | nindent 6 }} - {{- if .Values.dataplatform.emitter.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.emitter.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.emitter.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dataplatform.emitter.podAffinityPreset "component" "dataplatform-emitter" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dataplatform.emitter.podAntiAffinityPreset "component" "dataplatform-emitter" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.dataplatform.emitter.nodeAffinityPreset.type "key" .Values.dataplatform.emitter.nodeAffinityPreset.key "values" .Values.dataplatform.emitter.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.dataplatform.emitter.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.emitter.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.emitter.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.emitter.priorityClassName }} - priorityClassName: {{ .Values.dataplatform.emitter.priorityClassName | quote }} - {{- end }} - {{- if .Values.dataplatform.emitter.podSecurityContext.enabled }} - securityContext: {{- omit .Values.dataplatform.emitter.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.dataplatform.emitter.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: dataplatform-emitter - image: {{ include "dataplatform.emitter.image" . }} - imagePullPolicy: {{ .Values.dataplatform.emitter.image.pullPolicy | quote }} - {{- if .Values.dataplatform.emitter.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.dataplatform.emitter.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BP_NAME - value: {{ include "dataplatform.fullname" . }} - - name: BP_RELEASE_NAME - value: {{ .Release.Name }} - - name: BP_NAMESPACE - value: {{ .Release.Namespace }} - {{- if or .Values.dataplatform.emitter.extraEnvVarsCM .Values.dataplatform.exporter.extraEnvVarsSecret }} - envFrom: - {{- if .Values.dataplatform.emitter.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.dataplatform.emitter.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: emitter-port - containerPort: {{ .Values.dataplatform.emitter.containerPorts.http }} - {{- if .Values.dataplatform.emitter.resources }} - resources: {{- toYaml .Values.dataplatform.emitter.resources | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: "/v1/health" - port: {{ .Values.dataplatform.emitter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.emitter.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.emitter.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.emitter.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.emitter.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.emitter.livenessProbe.successThreshold }} - {{- else if .Values.dataplatform.emitter.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: "/v1/health" - port: {{ .Values.dataplatform.emitter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.emitter.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.emitter.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.emitter.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.emitter.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.emitter.readinessProbe.successThreshold }} - {{- else if .Values.dataplatform.emitter.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.startupProbe.enabled }} - startupProbe: - httpGet: - path: "/v1/health" - port: {{ .Values.dataplatform.emitter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.emitter.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.emitter.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.emitter.startupProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.emitter.startupProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.emitter.startupProbe.successThreshold }} - {{- else if .Values.dataplatform.emitter.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.dataplatform.emitter.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.emitter.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.dataplatform.emitter.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{ end }} diff --git a/bitnami/dataplatform-bp1/templates/emitter-svc.yaml b/bitnami/dataplatform-bp1/templates/emitter-svc.yaml deleted file mode 100644 index bf230a5..0000000 --- a/bitnami/dataplatform-bp1/templates/emitter-svc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.dataplatform.emitter.enabled }} -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-emitter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.dataplatform.emitter.service.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.emitter.service.labels "context" $ ) | nindent 4 }} - {{- end }} - name: "{{ include "dataplatform.emitter-name" . }}" - {{- if or .Values.dataplatform.emitter.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.dataplatform.emitter.service.annotations }} - {{ include "common.tplvalues.render" ( dict "value" .Values.dataplatform.emitter.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - namespace: {{ .Release.Namespace | quote }} -spec: - type: {{ .Values.dataplatform.emitter.service.type }} - {{ if eq .Values.dataplatform.emitter.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.dataplatform.emitter.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.dataplatform.emitter.service.type "LoadBalancer") (not (empty .Values.dataplatform.emitter.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.dataplatform.emitter.service.loadBalancerIP }} - {{- end }} - ports: - - name: tcp-client - port: {{ .Values.dataplatform.emitter.service.ports.http }} - protocol: TCP - targetPort: emitter-port - {{- if and (or (eq .Values.dataplatform.emitter.service.type "NodePort") (eq .Values.dataplatform.emitter.service.type "LoadBalancer")) (not (empty .Values.dataplatform.emitter.service.nodePorts.http)) }} - nodePort: {{ .Values.dataplatform.emitter.service.nodePorts.http }} - {{- else if eq .Values.dataplatform.emitter.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-emitter -{{ end }} diff --git a/bitnami/dataplatform-bp1/templates/exporter-deployment.yaml b/bitnami/dataplatform-bp1/templates/exporter-deployment.yaml deleted file mode 100644 index abb391a..0000000 --- a/bitnami/dataplatform-bp1/templates/exporter-deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if .Values.dataplatform.exporter.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-exporter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "dataplatform.exporter-name" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace | quote }} -spec: - replicas: 1 - {{- if .Values.dataplatform.exporter.updateStrategy }} - strategy: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.updateStrategy "context" $) | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: dataplatform-exporter - template: - metadata: - annotations: - {{- if .Values.dataplatform.exporter.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: dataplatform-exporter - {{- if .Values.dataplatform.exporter.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ include "dataplatform.serviceAccountName" . }} - {{- include "dataplatform.exporter.imagePullSecrets" . | nindent 6 }} - {{- if .Values.dataplatform.exporter.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.exporter.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.exporter.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dataplatform.exporter.podAffinityPreset "component" "dataplatform-exporter" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dataplatform.exporter.podAntiAffinityPreset "component" "dataplatform-exporter" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.dataplatform.exporter.nodeAffinityPreset.type "key" .Values.dataplatform.exporter.nodeAffinityPreset.key "values" .Values.dataplatform.exporter.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.dataplatform.exporter.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.exporter.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.exporter.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.exporter.priorityClassName }} - priorityClassName: {{ .Values.dataplatform.exporter.priorityClassName | quote }} - {{- end }} - {{- if .Values.dataplatform.exporter.podSecurityContext.enabled }} - securityContext: {{- omit .Values.dataplatform.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.dataplatform.exporter.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: dataplatform-exporter - image: {{ include "dataplatform.exporter.image" . }} - imagePullPolicy: {{ .Values.dataplatform.exporter.image.pullPolicy | quote }} - {{- if .Values.dataplatform.exporter.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.dataplatform.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BP_NAME - value: {{ include "dataplatform.fullname" . }} - - name: DP_URI - value: http://{{ include "dataplatform.emitter-name" . }}:{{ .Values.dataplatform.emitter.service.ports.http }} - {{- if or .Values.dataplatform.exporter.extraEnvVarsCM .Values.dataplatform.exporter.extraEnvVarsSecret }} - envFrom: - {{- if .Values.dataplatform.exporter.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.dataplatform.exporter.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: exporter-port - containerPort: {{ .Values.dataplatform.exporter.containerPorts.http }} - {{- if .Values.dataplatform.exporter.resources }} - resources: {{- toYaml .Values.dataplatform.exporter.resources | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: "/metrics" - port: {{ .Values.dataplatform.exporter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.exporter.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.exporter.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.exporter.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.exporter.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.exporter.livenessProbe.successThreshold }} - {{- else if .Values.dataplatform.exporter.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: "/metrics" - port: {{ .Values.dataplatform.exporter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.exporter.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.exporter.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.exporter.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.exporter.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.exporter.readinessProbe.successThreshold }} - {{- else if .Values.dataplatform.exporter.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.startupProbe.enabled }} - startupProbe: - httpGet: - path: "/v1/health" - port: {{ .Values.dataplatform.exporter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.exporter.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.exporter.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.exporter.startupProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.exporter.startupProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.exporter.startupProbe.successThreshold }} - {{- else if .Values.dataplatform.exporter.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.dataplatform.exporter.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.exporter.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.dataplatform.exporter.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{ end }} diff --git a/bitnami/dataplatform-bp1/templates/exporter-svc.yaml b/bitnami/dataplatform-bp1/templates/exporter-svc.yaml deleted file mode 100644 index 9830292..0000000 --- a/bitnami/dataplatform-bp1/templates/exporter-svc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.dataplatform.exporter.enabled }} -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-exporter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.dataplatform.exporter.service.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.exporter.service.labels "context" $ ) | nindent 4 }} - {{- end }} - name: "{{ include "dataplatform.exporter-name" . }}" - {{- if or .Values.dataplatform.exporter.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.dataplatform.exporter.service.annotations }} - {{ include "common.tplvalues.render" ( dict "value" .Values.dataplatform.exporter.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - namespace: {{ .Release.Namespace | quote }} -spec: - type: {{ .Values.dataplatform.exporter.service.type }} - {{ if eq .Values.dataplatform.exporter.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.dataplatform.exporter.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.dataplatform.exporter.service.type "LoadBalancer") (not (empty .Values.dataplatform.exporter.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.dataplatform.exporter.service.loadBalancerIP }} - {{- end }} - ports: - - name: tcp-client - port: {{ .Values.dataplatform.exporter.service.ports.http }} - protocol: TCP - targetPort: exporter-port - {{- if and (or (eq .Values.dataplatform.exporter.service.type "NodePort") (eq .Values.dataplatform.exporter.service.type "LoadBalancer")) (not (empty .Values.dataplatform.exporter.service.nodePorts.http)) }} - nodePort: {{ .Values.dataplatform.exporter.service.nodePorts.http }} - {{- else if eq .Values.dataplatform.exporter.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-exporter -{{ end }} diff --git a/bitnami/dataplatform-bp1/templates/role.yaml b/bitnami/dataplatform-bp1/templates/role.yaml deleted file mode 100644 index b76c230..0000000 --- a/bitnami/dataplatform-bp1/templates/role.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if .Values.dataplatform.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "dataplatform.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - statefulsets - - pods - - services - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - - namespaces/status - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - controllerrevisions - - daemonsets - - daemonsets/status - - deployments - - deployments/scale - - deployments/status - - replicasets - - replicasets/scale - - replicasets/status - - statefulsets - - statefulsets/scale - - statefulsets/status - verbs: - - get - - list - - watch -{{- end -}} diff --git a/bitnami/dataplatform-bp1/templates/rolebinding.yaml b/bitnami/dataplatform-bp1/templates/rolebinding.yaml deleted file mode 100644 index bcd5c33..0000000 --- a/bitnami/dataplatform-bp1/templates/rolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.dataplatform.serviceAccount.create .Values.dataplatform.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "dataplatform.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: Role - name: {{ template "dataplatform.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "dataplatform.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/dataplatform-bp1/templates/serviceaccount.yaml b/bitnami/dataplatform-bp1/templates/serviceaccount.yaml deleted file mode 100644 index bb2b2a2..0000000 --- a/bitnami/dataplatform-bp1/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.dataplatform.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "dataplatform.serviceAccountName" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.dataplatform.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/bitnami/dataplatform-bp1/values.schema.json b/bitnami/dataplatform-bp1/values.schema.json deleted file mode 100644 index d0f1ad2..0000000 --- a/bitnami/dataplatform-bp1/values.schema.json +++ /dev/null @@ -1,124 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "kafka": { - "type": "object", - "title": "Kafka Metrics Details", - "form": true, - "properties": { - "metrics": { - "type": "object", - "properties": { - "kafka": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable metrics for Kafka", - "description": "Whether to enable metrics for Kafka. Switch this off in case Kafka metrics are not needed" - } - } - }, - "jmx": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable JMX metrics for Kafka", - "description": "Whether to enable JMX metrics for Kafka. Switch this off in case Kafka JMX metrics are not needed" - } - } - } - } - } - } - }, - "spark": { - "type": "object", - "title": "Spark Metrics Details", - "form": true, - "properties": { - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable metrics for Spark", - "description": "Whether to enable metrics for Spark. Switch this off in case Spark metrics are not needed" - } - } - } - } - }, - "solr": { - "type": "object", - "title": "Solr Metrics Details", - "form": true, - "properties": { - "exporter": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable metrics for Solr", - "description": "Whether to enable metrics for Solr. Switch this off in case Solr metrics are not needed" - } - } - } - } - }, - "wavefront": { - "type": "object", - "title": "Tanzu Observability Details", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Deploy Tanzu observability for the data platform cluster including configuration for metrics exporters for all the components. Check https://docs.wavefront.com/kubernetes.html for more details", - "form": true, - "description": "Whether to deploy a Tanzu observability as part of data platform. Switch this off in case Tanzu Observability is not needed. Check https://docs.wavefront.com/kubernetes.html for more details." - }, - "clusterName": { - "type": "string", - "title": "Provide the kubernetes cluster name to be configured in Tanzu Observability", - "form": true, - "hidden": { - "value": false, - "path": "wavefront/enabled" - }, - "description": "Kubernetes cluster name to be configured in Tanzu Observability, if not provided it will be defaulted to KUBERNETES_CLUSTER_NAME" - }, - "wavefront": { - "type": "object", - "properties": { - "url": { - "type": "string", - "title": "Provide the Tanzu Observability cluster url to be configured", - "form": true, - "hidden": { - "value": false, - "path": "wavefront/enabled" - }, - "description": "Tanzu Observability cluster url to be configured to export the metrics to" - }, - "token": { - "type": "string", - "title": "Provide the Tanzu Observability user API token to be used for the cluster url provided above", - "form": true, - "hidden": { - "value": false, - "path": "wavefront/enabled" - }, - "description": "Tanzu Observability user API token to be used for the cluster url provided above" - } - } - } - } - } - } -} diff --git a/bitnami/dataplatform-bp1/values.yaml b/bitnami/dataplatform-bp1/values.yaml deleted file mode 100644 index f302573..0000000 --- a/bitnami/dataplatform-bp1/values.yaml +++ /dev/null @@ -1,1070 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} - -## @section Data Platform Chart parameters -## Configuration for the dataplatform prometheus exporter -## -dataplatform: - serviceAccount: - ## @param dataplatform.serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param dataplatform.serviceAccount.name The name of the ServiceAccount to create - ## If not set and create is true, a name is generated using the fullname template - ## - name: "" - ## @param dataplatform.serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created - ## Can be set to false if pods using this serviceAccount do not need to use K8s API - ## - automountServiceAccountToken: true - ## Role Based Access - ## ref: https://kubernetes.io/docs/admin/authorization/rbac/ - ## - rbac: - ## @param dataplatform.rbac.create Whether to create & use RBAC resources or not - ## binding dataplatform ServiceAccount to a role - ## that allows dataplatform pods querying the K8s API - ## - create: true - exporter: - ## @param dataplatform.exporter.enabled Start a prometheus exporter - ## - enabled: true - ## Data Platform BP1 exporter image - ## ref: https://hub.docker.com/r/bitnami/dataplatform-exporter/tags/ - ## @param dataplatform.exporter.image.registry dataplatform exporter image registry - ## @param dataplatform.exporter.image.repository dataplatform exporter image repository - ## @param dataplatform.exporter.image.tag dataplatform exporter image tag (immutable tags are recommended) - ## @param dataplatform.exporter.image.pullPolicy dataplatform exporter image pull policy - ## @param dataplatform.exporter.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/dataplatform-exporter - tag: 0.0.11-scratch-r2 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param dataplatform.exporter.livenessProbe.enabled Enable livenessProbe - ## @param dataplatform.exporter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param dataplatform.exporter.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param dataplatform.exporter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param dataplatform.exporter.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param dataplatform.exporter.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param dataplatform.exporter.readinessProbe.enabled Enable readinessProbe - ## @param dataplatform.exporter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param dataplatform.exporter.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param dataplatform.exporter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param dataplatform.exporter.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param dataplatform.exporter.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 15 - ## Configure extra options for startup probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-startup-probes/#configure-probes - ## @param dataplatform.exporter.startupProbe.enabled Enable startupProbe - ## @param dataplatform.exporter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param dataplatform.exporter.startupProbe.periodSeconds Period seconds for startupProbe - ## @param dataplatform.exporter.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param dataplatform.exporter.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param dataplatform.exporter.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 15 - ## @param dataplatform.exporter.containerPorts.http Data Platform Prometheus exporter port - ## - containerPorts: - http: 9090 - ## @param dataplatform.exporter.priorityClassName exporter priorityClassName - ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param dataplatform.exporter.command Override Data Platform Exporter entrypoint string. - ## - command: [] - ## @param dataplatform.exporter.args Arguments for the provided command if needed - ## - args: [] - ## Exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param dataplatform.exporter.resources.limits The resources limits for the container - ## @param dataplatform.exporter.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 200m - ## memory: 256Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 200m - ## memory: 10Mi - ## - requests: {} - ## dataplatform exporter containers' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param dataplatform.exporter.containerSecurityContext.enabled Enable Data Platform exporter containers' Security Context - ## @param dataplatform.exporter.containerSecurityContext.runAsUser User ID for the containers. - ## @param dataplatform.exporter.containerSecurityContext.runAsNonRoot Enable Data Platform exporter containers' Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## dataplatform exporter pods' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param dataplatform.exporter.podSecurityContext.enabled Enable Data Platform exporter pods' Security Context - ## @param dataplatform.exporter.podSecurityContext.fsGroup Group ID for the pods. - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## @param dataplatform.exporter.podAffinityPreset Data Platform exporter pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param dataplatform.exporter.podAntiAffinityPreset Data Platform exporter pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param dataplatform.exporter.nodeAffinityPreset.type Data Platform exporter node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param dataplatform.exporter.nodeAffinityPreset.key Data Platform exporter node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param dataplatform.exporter.nodeAffinityPreset.values Data Platform exporter node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param dataplatform.exporter.affinity Affinity settings for exporter pod assignment. Evaluated as a template - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## @param dataplatform.exporter.nodeSelector Node labels for exporter pods assignment. Evaluated as a template - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param dataplatform.exporter.tolerations Tolerations for exporter pods assignment. Evaluated as a template - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param dataplatform.exporter.podLabels Additional labels for Metrics exporter pod - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param dataplatform.exporter.podAnnotations Additional annotations for Metrics exporter pod - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param dataplatform.exporter.customLivenessProbe Override default liveness probe - ## - customLivenessProbe: {} - ## @param dataplatform.exporter.customReadinessProbe Override default readiness probe - ## - customReadinessProbe: {} - ## @param dataplatform.exporter.customStartupProbe Override default startup probe - ## - customStartupProbe: {} - ## Update strategy - ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the - ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will - ## terminate the single previous pod, so that the new, incoming pod can attach to the PV - ## @param dataplatform.exporter.updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached - ## @param dataplatform.exporter.updateStrategy.rollingUpdate Deployment rolling update configuration parameters - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: {} - ## @param dataplatform.exporter.extraEnvVars Additional environment variables to set - ## Example: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param dataplatform.exporter.extraEnvVarsCM ConfigMap with extra environment variables - ## - extraEnvVarsCM: "" - ## @param dataplatform.exporter.extraEnvVarsSecret Secret with extra environment variables - ## - extraEnvVarsSecret: "" - ## @param dataplatform.exporter.extraVolumes Extra volumes to add to the deployment - ## - extraVolumes: [] - ## @param dataplatform.exporter.extraVolumeMounts Extra volume mounts to add to the container - ## - extraVolumeMounts: [] - ## @param dataplatform.exporter.initContainers Add init containers to the %%MAIN_CONTAINER_NAME%% pods - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param dataplatform.exporter.sidecars Add sidecars to the %%MAIN_CONTAINER_NAME%% pods - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## Service for the Data Platform exporter deployment - ## - service: - ## @param dataplatform.exporter.service.type Service type for default Data Platform Prometheus exporter service - ## - type: ClusterIP - ## @param dataplatform.exporter.service.annotations [object] Metrics exporter service annotations - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - prometheus.io/path: "/metrics" - ## @param dataplatform.exporter.service.labels Additional labels for Data Platform exporter service - ## - labels: {} - ## @param dataplatform.exporter.service.ports.http Kubernetes Service port - ## - ports: - http: 9090 - ## @param dataplatform.exporter.service.loadBalancerIP Load balancer IP for the Data Platform Exporter Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param dataplatform.exporter.service.nodePorts.http Node ports for the HTTP exporter service - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - ## @param dataplatform.exporter.service.loadBalancerSourceRanges Exporter Load Balancer Source ranges - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param dataplatform.exporter.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - - emitter: - ## @param dataplatform.emitter.enabled Start Data Platform metrics emitter - ## - enabled: true - ## Data Platform BP1 emitter image - ## ref: https://hub.docker.com/r/bitnami/dataplatform-emitter/tags/ - ## @param dataplatform.emitter.image.registry Data Platform emitter image registry - ## @param dataplatform.emitter.image.repository Data Platform emitter image repository - ## @param dataplatform.emitter.image.tag Data Platform emitter image tag (immutable tags are recommended) - ## @param dataplatform.emitter.image.pullPolicy Data Platform emitter image pull policy - ## @param dataplatform.emitter.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/dataplatform-emitter - tag: 0.0.10-scratch-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param dataplatform.emitter.livenessProbe.enabled Enable livenessProbe - ## @param dataplatform.emitter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param dataplatform.emitter.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param dataplatform.emitter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param dataplatform.emitter.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param dataplatform.emitter.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param dataplatform.emitter.readinessProbe.enabled Enable readinessProbe - ## @param dataplatform.emitter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param dataplatform.emitter.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param dataplatform.emitter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param dataplatform.emitter.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param dataplatform.emitter.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 15 - ## Configure extra options for startup probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-startup-probes/#configure-probes - ## @param dataplatform.emitter.startupProbe.enabled Enable startupProbe - ## @param dataplatform.emitter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param dataplatform.emitter.startupProbe.periodSeconds Period seconds for startupProbe - ## @param dataplatform.emitter.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param dataplatform.emitter.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param dataplatform.emitter.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 15 - ## @param dataplatform.emitter.containerPorts.http Data Platform emitter port - ## - containerPorts: - http: 8091 - ## @param dataplatform.emitter.priorityClassName exporter priorityClassName - ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param dataplatform.emitter.command Override Data Platform entrypoint string. - ## - command: [] - ## @param dataplatform.emitter.args Arguments for the provided command if needed - ## - args: [] - ## Data Platform metrics emitter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param dataplatform.emitter.resources.limits The resources limits for the container - ## @param dataplatform.emitter.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 200m - ## memory: 256Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 200m - ## memory: 10Mi - ## - requests: {} - ## Data Platform emitter containers' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param dataplatform.emitter.containerSecurityContext.enabled Enable Data Platform emitter containers' Security Context - ## @param dataplatform.emitter.containerSecurityContext.runAsUser User ID for the containers. - ## @param dataplatform.emitter.containerSecurityContext.runAsNonRoot Enable Data Platform emitter containers' Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## Data Platform emitter pods' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param dataplatform.emitter.podSecurityContext.enabled Enable Data Platform emitter pods' Security Context - ## @param dataplatform.emitter.podSecurityContext.fsGroup Group ID for the pods. - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## @param dataplatform.emitter.podAffinityPreset Data Platform emitter pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param dataplatform.emitter.podAntiAffinityPreset Data Platform emitter pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param dataplatform.emitter.nodeAffinityPreset.type Data Platform emitter node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param dataplatform.emitter.nodeAffinityPreset.key Data Platform emitter node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param dataplatform.emitter.nodeAffinityPreset.values Data Platform emitter node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param dataplatform.emitter.affinity Affinity settings for emitter pod assignment. Evaluated as a template - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## @param dataplatform.emitter.nodeSelector Node labels for emitter pods assignment. Evaluated as a template - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param dataplatform.emitter.tolerations Tolerations for emitter pods assignment. Evaluated as a template - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param dataplatform.emitter.podLabels Additional labels for Metrics emitter pod - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param dataplatform.emitter.podAnnotations Additional annotations for Metrics emitter pod - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param dataplatform.emitter.customLivenessProbe Override default liveness probe%%MAIN_CONTAINER_NAME%% - ## - customLivenessProbe: {} - ## @param dataplatform.emitter.customReadinessProbe Override default readiness probe%%MAIN_CONTAINER_NAME%% - ## - customReadinessProbe: {} - ## @param dataplatform.emitter.customStartupProbe Override default startup probe - ## - customStartupProbe: {} - ## Update strategy - ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the - ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will - ## terminate the single previous pod, so that the new, incoming pod can attach to the PV - ## @param dataplatform.emitter.updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached - ## @param dataplatform.emitter.updateStrategy.rollingUpdate Deployment rolling update configuration parameters - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: {} - ## @param dataplatform.emitter.extraEnvVars Additional environment variables to set - ## Example: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param dataplatform.emitter.extraEnvVarsCM ConfigMap with extra environment variables - ## - extraEnvVarsCM: "" - ## @param dataplatform.emitter.extraEnvVarsSecret Secret with extra environment variables - ## - extraEnvVarsSecret: "" - ## @param dataplatform.emitter.extraVolumes Extra volumes to add to the deployment - ## - extraVolumes: [] - ## @param dataplatform.emitter.extraVolumeMounts Extra volume mounts to add to the container - ## - extraVolumeMounts: [] - ## @param dataplatform.emitter.initContainers Add init containers to the %%MAIN_CONTAINER_NAME%% pods - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param dataplatform.emitter.sidecars Add sidecars to the %%MAIN_CONTAINER_NAME%% pods - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## Service for the Data Platform emitter deployment - ## - service: - ## @param dataplatform.emitter.service.type Service type for default Data Platform metrics emitter service - ## - type: ClusterIP - ## @param dataplatform.emitter.service.annotations annotations for Data Platform emitter service - ## - annotations: {} - ## @param dataplatform.emitter.service.labels Additional labels for Data Platform emitter service - ## - labels: {} - ## @param dataplatform.emitter.service.ports.http Kubernetes Service port - ## - ports: - http: 8091 - ## @param dataplatform.emitter.service.loadBalancerIP Load balancer IP for the dataplatform emitter Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param dataplatform.emitter.service.nodePorts.http Node ports for the HTTP emitter service - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - ## @param dataplatform.emitter.service.loadBalancerSourceRanges Data Platform Emitter Load Balancer Source ranges - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param dataplatform.emitter.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - -## @section Zookeeper chart parameters -## - -zookeeper: - ## @param zookeeper.enabled Switch to enable or disable the Zookeeper helm chart - ## - enabled: true - ## @param zookeeper.replicaCount Number of Zookeeper replicas - ## - replicaCount: 3 - ## @param zookeeper.heapSize Size in MB for the Java Heap options (Xmx and XMs). - ## This env var is ignored if Xmx an Xms are configured via JVMFLAGS - ## - heapSize: 4096 - ## Recommended values for cpu and memory requests - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param zookeeper.resources.limits The resources limits for Zookeeper containers - ## @param zookeeper.resources.requests [object] The requested resources for Zookeeper containers - ## - resources: - limits: {} - requests: - cpu: 250m - memory: 5120Mi - ## Anti Affinity rules set for resiliency - ## @param zookeeper.affinity.podAntiAffinity [object] Zookeeper pods Anti Affinity rules for best possible resiliency (evaluated as a template) - ## @skip zookeeper.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - zookeeper - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - -## @section Kafka chart parameters -## - -## Kafka Subchart parameters -## -kafka: - ## @param kafka.enabled Switch to enable or disable the Kafka helm chart - ## - enabled: true - ## @param kafka.replicaCount Number of Kafka replicas - ## - replicaCount: 3 - ## @param kafka.heapOpts Kafka's Java Heap size - ## - heapOpts: -Xmx4096m -Xms4096m - ## Recommended values for cpu and memory requests - ## @param kafka.resources.limits The resources limits for Kafka containers - ## @param kafka.resources.requests [object] The requested resources for Kafka containers - ## - resources: - limits: {} - requests: - cpu: 250m - memory: 5120Mi - ## Anti Affinity rules set for resiliency and Affinity rules set for optimal performance - ## @param kafka.affinity.podAntiAffinity [object] Zookeeper pods Anti Affinity rules for best possible resiliency (evaluated as a template) - ## @skip kafka.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## @param kafka.affinity.podAffinity [object] Zookeeper pods Affinity rules for best possible resiliency (evaluated as a template) - ## @skip kafka.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution - ## - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - kafka - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - zookeeper - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - ## Prometheus Exporters / Metrics - ## - metrics: - ## Prometheus Kafka Exporter: exposes complimentary metrics to JMX Exporter - ## - kafka: - ## @param kafka.metrics.kafka.enabled Whether or not to create a standalone Kafka exporter to expose Kafka metrics - ## - enabled: false - ## Prometheus Kafka Exporter' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param kafka.metrics.kafka.resources.limits The resources limits for the container - ## @param kafka.metrics.kafka.resources.requests [object] Kafka Exporter container resource requests - ## - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - ## Service configuration - ## - service: - ## @param kafka.metrics.kafka.service.port Kafka Exporter Prometheus port to be used in Wavefront configuration - ## - port: 9308 - ## Prometheus JMX Exporter: exposes the majority of Kafka's metrics - ## - jmx: - ## @param kafka.metrics.jmx.enabled Whether or not to expose JMX metrics to Prometheus - ## - enabled: false - ## Prometheus JMX Exporter' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param kafka.metrics.jmx.resources.limits The resources limits for the container - ## @param kafka.metrics.jmx.resources.requests [object] JMX Exporter container resource requests - ## - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - ## Service configuration - ## - service: - ## @param kafka.metrics.jmx.service.port JMX Exporter Prometheus port - ## - port: 5556 - ## @param kafka.zookeeper.enabled Switch to enable or disable the Zookeeper helm chart - ## - zookeeper: - enabled: false - ## External Zookeeper. This value is only used when zookeeper.enabled is set to false. - ## @param kafka.externalZookeeper.servers Server or list of external Zookeeper servers to use - ## - externalZookeeper: - ## This is set to the zookeeper deployed as part of this chart - ## - servers: - - "{{ .Release.Name }}-zookeeper" - -## @section Solr chart parameters -## - -## Solr Subchart parameters -## -solr: - ## @param solr.enabled Switch to enable or disable the Solr helm chart - ## - enabled: true - ## @param solr.replicaCount Number of Solr replicas - ## - replicaCount: 2 - ## @param solr.authentication.enabled Enable Solr authentication. BUG: Exporter deployment does not work with authentication enabled - ## - authentication: - enabled: false - ## @param solr.javaMem Java recommended memory options to pass to the Solr container - ## - javaMem: -Xmx4096m -Xms4096m - ## Anti affinity rules set for resiliency - ## @param solr.affinity.podAntiAffinity [object] Zookeeper pods Anti Affinity rules for best possible resiliency (evaluated as a template) - ## @skip solr.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - solr - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - resources: - ## Recommended values for cpu and memory requests - ## @param solr.resources.limits The resources limits for Solr containers - ## @param solr.resources.requests [object] The requested resources for Solr containers - ## - limits: {} - requests: - cpu: 250m - memory: 5120Mi - ## Configuration for the solr prometheus exporter - ## - exporter: - ## @param solr.exporter.enabled Start a prometheus exporter - ## - enabled: false - ## @param solr.exporter.port Solr exporter port - ## - port: 9983 - ## @param solr.exporter.affinity.podAffinity [object] Zookeeper pods Affinity rules for best possible resiliency (evaluated as a template) - ## @skip solr.exporter.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution - ## - affinity: - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - solr - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - ## Solr Prometheus exporter container resource requests and limits - ## @param solr.exporter.resources.limits The resources limits for the container - ## @param solr.exporter.resources.requests [object] The requested resources for the container - ## - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - ## @param solr.zookeeper.enabled Enable Zookeeper deployment. Needed for Solr cloud. - ## - zookeeper: - enabled: false - ## External Zookeeper. This value is only used when zookeeper.enabled is set to false. - ## @param solr.externalZookeeper.servers Servers for an already existing Zookeeper. - ## - externalZookeeper: - ## In this case, it is set to the zookeeper deployed as part of this chart. - ## - servers: - - "{{ .Release.Name }}-zookeeper" - -## @section Spark chart parameters -## - -## Spark Subchart parameters -## -spark: - ## @param spark.enabled Switch to enable or disable the Spark helm chart - ## - enabled: true - ## Spark master specific configuration - ## - master: - ## @param spark.master.webPort Specify the port where the web interface will listen on the master - ## - webPort: 8080 - ## @param spark.master.resources.limits The resources limits for the container - ## @param spark.master.resources.requests [object] The resources limits for the container - ## - resources: - ## Recommended values for cpu and memory requests - ## - limits: {} - requests: - cpu: 250m - memory: 5120Mi - ## Anti affinity rules set for resiliency - ## @param spark.master.affinity.podAntiAffinity [object] Zookeeper pods Anti Affinity rules for best possible resiliency (evaluated as a template) - ## @skip spark.master.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - worker - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - ## Spark worker specific configuration - ## - worker: - ## @param spark.worker.replicaCount Set the number of workers - ## - replicaCount: 2 - ## @param spark.worker.webPort Specify the port where the web interface will listen on the worker - ## - webPort: 8081 - ## Anti affinity rules set for resiliency - ## @param spark.worker.affinity.podAntiAffinity [object] Zookeeper pods Anti Affinity rules for best possible resiliency (evaluated as a template) - ## @skip spark.worker.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - worker - - master - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - ## @param spark.worker.resources.limits The resources limits for the container - ## @param spark.worker.resources.requests [object] The resources limits for the container - ## - resources: - limits: {} - requests: - cpu: 250m - memory: 5120Mi - ## Metrics configuration - ## - metrics: - ## @param spark.metrics.enabled Start a side-car Prometheus exporter - ## - enabled: false - ## @param spark.metrics.masterAnnotations [object] Annotations for enabling prometheus to access the metrics endpoint of the master nodes - ## - masterAnnotations: - prometheus.io/scrape: "true" - prometheus.io/path: "/metrics/" - prometheus.io/port: "8080" - ## @param spark.metrics.workerAnnotations [object] Annotations for enabling prometheus to access the metrics endpoint of the worker nodes - ## - workerAnnotations: - prometheus.io/scrape: "true" - prometheus.io/path: "/metrics/" - prometheus.io/port: "8081" - -## @section Tanzu Observability (Wavefront) chart parameters -## - -## Wavefront Subchart parameters -## -wavefront: - ## @param wavefront.enabled Switch to enable or disable the Wavefront helm chart - ## - enabled: false - ## @param wavefront.clusterName Unique name for the Kubernetes cluster (required) - ## All metrics will receive a `cluster` tag with this value - ## - clusterName: KUBERNETES_CLUSTER_NAME - ## @param wavefront.wavefront.url Wavefront URL for your cluster (required) - ## @param wavefront.wavefront.token Wavefront API Token (required) - ## @param wavefront.wavefront.existingSecret Name of an existing secret containing the token - ## - wavefront: - url: https://YOUR_CLUSTER.wavefront.com - token: YOUR_API_TOKEN - existingSecret: "" - ## Wavefront Collector is responsible to get all Kubernetes metrics from your cluster. - ## It will capture Kubernetes resources metrics available from the kubelets, as well as auto-discovery capabilities. - ## - collector: - ## Rules based discovery configuration - ## Ref: https://github.com/wavefrontHQ/wavefront-kubernetes-collector/blob/master/docs/discovery.md - ## @param wavefront.collector.resources.limits The resources limits for the collector container - ## @param wavefront.collector.resources.requests [object] The requested resources for the collector container - ## - resources: - limits: {} - requests: - cpu: 200m - memory: 10Mi - discovery: - ## @param wavefront.collector.discovery.enabled Rules based and Prometheus endpoints auto-discovery - ## - enabled: true - ## @param wavefront.collector.discovery.enableRuntimeConfigs Enable runtime discovery rules - ## Ref: https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes/blob/master/docs/discovery.md#runtime-configurations - ## - enableRuntimeConfigs: true - ## @param wavefront.collector.discovery.config [array] Configuration for rules based auto-discovery - ## - config: - ## auto-discover kafka-exporter - ## - - name: kafka-discovery - type: prometheus - selectors: - images: - - "*bitnami/kafka-exporter*" - port: 9308 - path: /metrics - scheme: http - prefix: kafka. - ## auto-discover jmx exporter - ## - - name: kafka-jmx-discovery - type: prometheus - selectors: - images: - - "*bitnami/jmx-exporter*" - port: 5556 - path: /metrics - scheme: http - prefix: kafkajmx. - ## auto-discover solr - ## - - name: solr-discovery - type: prometheus - selectors: - images: - - "*bitnami/solr*" - port: 9983 - path: /metrics - scheme: http - ## auto-discover spark - ## - - name: spark-worker-discovery - type: prometheus - selectors: - images: - - "*bitnami/spark*" - port: 8081 - path: /metrics/ - scheme: http - prefix: spark. - ## auto-discover spark - ## - - name: spark-master-discovery - type: prometheus - selectors: - images: - - "*bitnami/spark*" - port: 8080 - path: /metrics/ - scheme: http - prefix: spark. - proxy: - ## Wavefront Proxy resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param wavefront.proxy.resources.limits The resources limits for the proxy container - ## @param wavefront.proxy.resources.requests [object] The requested resources for the proxy container - ## - resources: - limits: {} - requests: - cpu: 100m - memory: 5Gi diff --git a/bitnami/dataplatform-bp2/Chart.lock b/bitnami/dataplatform-bp2/Chart.lock deleted file mode 100644 index 45e6a7f..0000000 --- a/bitnami/dataplatform-bp2/Chart.lock +++ /dev/null @@ -1,21 +0,0 @@ -dependencies: -- name: kafka - repository: https://charts.bitnami.com/bitnami - version: 14.1.1 -- name: spark - repository: https://charts.bitnami.com/bitnami - version: 5.7.2 -- name: elasticsearch - repository: https://charts.bitnami.com/bitnami - version: 17.0.3 -- name: logstash - repository: https://charts.bitnami.com/bitnami - version: 3.6.7 -- name: wavefront - repository: https://charts.bitnami.com/bitnami - version: 3.1.12 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:7c415f9c997d39e32e33fc5b529c554a8f98b288f7e1227d16913950596cffc2 -generated: "2021-09-23T07:44:29.936487547Z" diff --git a/bitnami/dataplatform-bp2/Chart.yaml b/bitnami/dataplatform-bp2/Chart.yaml deleted file mode 100644 index fdfd306..0000000 --- a/bitnami/dataplatform-bp2/Chart.yaml +++ /dev/null @@ -1,61 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 0.0.10 -dependencies: - - condition: kafka.enabled - name: kafka - repository: https://charts.bitnami.com/bitnami - version: 14.x.x - - condition: spark.enabled - name: spark - repository: https://charts.bitnami.com/bitnami - version: 5.x.x - - condition: elasticsearch.enabled - name: elasticsearch - repository: https://charts.bitnami.com/bitnami - version: 17.x.x - - condition: logstash.enabled - name: logstash - repository: https://charts.bitnami.com/bitnami - version: 3.x.x - - condition: wavefront.enabled - name: wavefront - repository: https://charts.bitnami.com/bitnami - version: 3.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: OCTO Data platform Kafka-Spark-Elasticsearch Helm Chart -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/dataplatform-bp2 -icon: https://bitnami.com/assets/stacks/dataplatform-bp1/img/dataplatform-bp1-stack-220x234.png -keywords: - - dataplatform - - kafka - - spark - - elasticsearch - - logstash - - kibana - - zookeeper - - apache - - tanzuobservability - - wavefront -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: dataplatform-bp2 -sources: - - https://github.com/bitnami/bitnami-docker-kafka - - https://kafka.apache.org/ - - https://github.com/bitnami/bitnami-docker-spark - - https://spark.apache.org/ - - https://github.com/bitnami/bitnami-docker-elasticsearch - - https://www.elastic.co/products/elasticsearch - - https://github.com/bitnami/bitnami-docker-logstash - - https://www.elastic.co/products/logstash - - https://zookeeper.apache.org/ - - https://github.com/bitnami/bitnami-docker-zookeeper -version: 8.0.1 diff --git a/bitnami/dataplatform-bp2/README.md b/bitnami/dataplatform-bp2/README.md deleted file mode 100644 index b9f6bb0..0000000 --- a/bitnami/dataplatform-bp2/README.md +++ /dev/null @@ -1,546 +0,0 @@ -# Data Platform Blueprint 2 with Kafka-Spark-Elasticsearch - -Enterprise applications increasingly rely on large amounts of data, that needs be distributed, processed, and stored. -Open source and commercial supported software stacks are available to implement a data platform, that can offer common data management services, accelerating the development and deployment of data hungry business applications. - -This Helm chart enables the fully automated Kubernetes deployment of such multi-stack data platform, covering the following software components: - -- Apache Kafka – Data distribution bus with buffering capabilities -- Apache Spark – In-memory data analytics -- Elasticsearch with Kibana – Data persistence and search -- Logstash - Data Processing Pipeline -- Data Platform Prometheus Exporter - Prometheus exporter that emits the health metrics of the data platform - -These containerized stateful software stacks are deployed in multi-node cluster configurations, which is defined by the Helm Chart blueprint for this data platform deployment, covering: - -- Pod placement rules – Affinity rules to ensure placement diversity to prevent single point of failures and optimize load distribution -- Pod resource sizing rules – Optimized Pod and JVM sizing settings for optimal performance and efficient resource usage -- Default settings to ensure Pod access security -- Optional Tanzu Observability framework configuration - -In addition to the Pod resource optimizations, this blueprint is validated and tested to provide Kubernetes node count and sizing recommendations [(see Kubernetes Cluster Requirements)](#kubernetes-cluster-requirements) to facilitate cloud platform capacity planning. The goal is optimize the number of required Kubernetes nodes in order to optimize server resource usage and, at the same time, ensuring runtime and resource diversity. - -The first release of this blueprint defines a small size data platform deployment, deployed on 3 Kubernetes application nodes with physical diverse underlying server infrastructure. - -Use cases for this small size data platform setup include: data and application evaluation, development, and functional testing. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/dataplatform-bp2 -``` - -## Introduction - -This chart bootstraps Data Platform Blueprint-2 deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -The "Small" size data platform in default configuration deploys the following: - -1. Zookeeper with 3 nodes to be used for both Kafka -2. Kafka with 3 nodes using the zookeeper deployed above -3. Elasticsearch with 3 master nodes, 2 data nodes, 2 coordinating nodes and 1 kibana node -4. Logstash with 2 nodes -5. Spark with 1 Master and 2 worker nodes -6. Data Platform Metrics emitter and Prometheus exporter - -The data platform can be optionally deployed with the Tanzu observability framework. In that case, the wavefront collectors will be set up as a DaemonSet to collect the Kubernetes cluster metrics to enable runtime feed into the Tanzu Observability service. It will also be pre-configured to scrape the metrics from the Prometheus endpoint that each application (Kafka/Spark/Elasticsearch/Logstash) emits the metrics to. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure - -## Kubernetes Cluster requirements - -Below are the minimum Kubernetes Cluster requirements for "Small" size data platform: - -| Data Platform Size | Kubernetes Cluster Size | Usage | -|:-------------------|:-----------------------------------------------------------------------------|:----------------------------------------------------------------------------| -| Small | 1 Master Node (2 CPU, 4Gi Memory)
3 Worker Nodes (4 CPU, 32Gi Memory) | Data and application evaluation, development, and functional testing
| - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/dataplatform-bp2 -``` - -These commands deploy Data Platform on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists recommended configurations of the parameters to bring up an optimal and resilient data platform. Please refer the individual charts for the remaining set of configurable parameters. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------ | ----- | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | - - -### Data Platform Chart parameters - -| Name | Description | Value | -| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ------------------------------- | -| `dataplatform.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `dataplatform.serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `dataplatform.serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | -| `dataplatform.rbac.create` | Whether to create & use RBAC resources or not | `true` | -| `dataplatform.exporter.enabled` | Start a prometheus exporter | `true` | -| `dataplatform.exporter.image.registry` | dataplatform exporter image registry | `docker.io` | -| `dataplatform.exporter.image.repository` | dataplatform exporter image repository | `bitnami/dataplatform-exporter` | -| `dataplatform.exporter.image.tag` | dataplatform exporter image tag (immutable tags are recommended) | `0.0.11-scratch-r1` | -| `dataplatform.exporter.image.pullPolicy` | dataplatform exporter image pull policy | `IfNotPresent` | -| `dataplatform.exporter.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `dataplatform.exporter.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `dataplatform.exporter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `dataplatform.exporter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `dataplatform.exporter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `15` | -| `dataplatform.exporter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `15` | -| `dataplatform.exporter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `dataplatform.exporter.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `dataplatform.exporter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `dataplatform.exporter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `dataplatform.exporter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `15` | -| `dataplatform.exporter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | -| `dataplatform.exporter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `15` | -| `dataplatform.exporter.startupProbe.enabled` | Enable startupProbe | `false` | -| `dataplatform.exporter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `dataplatform.exporter.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | -| `dataplatform.exporter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `15` | -| `dataplatform.exporter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `dataplatform.exporter.startupProbe.successThreshold` | Success threshold for startupProbe | `15` | -| `dataplatform.exporter.containerPorts.http` | Data Platform Prometheus exporter port | `9090` | -| `dataplatform.exporter.priorityClassName` | exporter priorityClassName | `""` | -| `dataplatform.exporter.command` | Override Data Platform Exporter entrypoint string. | `[]` | -| `dataplatform.exporter.args` | Arguments for the provided command if needed | `[]` | -| `dataplatform.exporter.resources.limits` | The resources limits for the container | `{}` | -| `dataplatform.exporter.resources.requests` | The requested resources for the container | `{}` | -| `dataplatform.exporter.containerSecurityContext.enabled` | Enable Data Platform exporter containers' Security Context | `true` | -| `dataplatform.exporter.containerSecurityContext.runAsUser` | User ID for the containers. | `1001` | -| `dataplatform.exporter.containerSecurityContext.runAsNonRoot` | Enable Data Platform exporter containers' Security Context runAsNonRoot | `true` | -| `dataplatform.exporter.podSecurityContext.enabled` | Enable Data Platform exporter pods' Security Context | `true` | -| `dataplatform.exporter.podSecurityContext.fsGroup` | Group ID for the pods. | `1001` | -| `dataplatform.exporter.podAffinityPreset` | Data Platform exporter pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dataplatform.exporter.podAntiAffinityPreset` | Data Platform exporter pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `dataplatform.exporter.nodeAffinityPreset.type` | Data Platform exporter node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dataplatform.exporter.nodeAffinityPreset.key` | Data Platform exporter node label key to match Ignored if `affinity` is set. | `""` | -| `dataplatform.exporter.nodeAffinityPreset.values` | Data Platform exporter node label values to match. Ignored if `affinity` is set. | `[]` | -| `dataplatform.exporter.affinity` | Affinity settings for exporter pod assignment. Evaluated as a template | `{}` | -| `dataplatform.exporter.nodeSelector` | Node labels for exporter pods assignment. Evaluated as a template | `{}` | -| `dataplatform.exporter.tolerations` | Tolerations for exporter pods assignment. Evaluated as a template | `[]` | -| `dataplatform.exporter.podLabels` | Additional labels for Metrics exporter pod | `{}` | -| `dataplatform.exporter.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` | -| `dataplatform.exporter.customLivenessProbe` | Override default liveness probe | `{}` | -| `dataplatform.exporter.customReadinessProbe` | Override default readiness probe | `{}` | -| `dataplatform.exporter.customStartupProbe` | Override default startup probe | `{}` | -| `dataplatform.exporter.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `dataplatform.exporter.updateStrategy.rollingUpdate` | Deployment rolling update configuration parameters | `{}` | -| `dataplatform.exporter.extraEnvVars` | Additional environment variables to set | `[]` | -| `dataplatform.exporter.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `dataplatform.exporter.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `dataplatform.exporter.extraVolumes` | Extra volumes to add to the deployment | `[]` | -| `dataplatform.exporter.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | -| `dataplatform.exporter.initContainers` | Add init containers to the %%MAIN_CONTAINER_NAME%% pods | `[]` | -| `dataplatform.exporter.sidecars` | Add sidecars to the %%MAIN_CONTAINER_NAME%% pods | `[]` | -| `dataplatform.exporter.service.type` | Service type for default Data Platform Prometheus exporter service | `ClusterIP` | -| `dataplatform.exporter.service.annotations` | Exporter service annotations | `{}` | -| `dataplatform.exporter.service.labels` | Additional labels for Data Platform exporter service | `{}` | -| `dataplatform.exporter.service.ports.http` | Kubernetes Service port | `9090` | -| `dataplatform.exporter.service.loadBalancerIP` | Load balancer IP for the Data Platform Exporter Service (optional, cloud specific) | `""` | -| `dataplatform.exporter.service.nodePorts.http` | Node ports for the HTTP exporter service | `""` | -| `dataplatform.exporter.service.loadBalancerSourceRanges` | Exporter Load Balancer Source ranges | `[]` | -| `dataplatform.exporter.hostAliases` | Deployment pod host aliases | `[]` | -| `dataplatform.emitter.enabled` | Start Data Platform metrics emitter | `true` | -| `dataplatform.emitter.image.registry` | Data Platform emitter image registry | `docker.io` | -| `dataplatform.emitter.image.repository` | Data Platform emitter image repository | `bitnami/dataplatform-emitter` | -| `dataplatform.emitter.image.tag` | Data Platform emitter image tag (immutable tags are recommended) | `0.0.10-scratch-r2` | -| `dataplatform.emitter.image.pullPolicy` | Data Platform emitter image pull policy | `IfNotPresent` | -| `dataplatform.emitter.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `dataplatform.emitter.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `dataplatform.emitter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `dataplatform.emitter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `dataplatform.emitter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `15` | -| `dataplatform.emitter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `15` | -| `dataplatform.emitter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `dataplatform.emitter.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `dataplatform.emitter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `dataplatform.emitter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `dataplatform.emitter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `15` | -| `dataplatform.emitter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | -| `dataplatform.emitter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `15` | -| `dataplatform.emitter.startupProbe.enabled` | Enable startupProbe | `false` | -| `dataplatform.emitter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `dataplatform.emitter.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | -| `dataplatform.emitter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `15` | -| `dataplatform.emitter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `dataplatform.emitter.startupProbe.successThreshold` | Success threshold for startupProbe | `15` | -| `dataplatform.emitter.containerPorts.http` | Data Platform emitter port | `8091` | -| `dataplatform.emitter.priorityClassName` | exporter priorityClassName | `""` | -| `dataplatform.emitter.command` | Override Data Platform entrypoint string. | `[]` | -| `dataplatform.emitter.args` | Arguments for the provided command if needed | `[]` | -| `dataplatform.emitter.resources.limits` | The resources limits for the container | `{}` | -| `dataplatform.emitter.resources.requests` | The requested resources for the container | `{}` | -| `dataplatform.emitter.containerSecurityContext.enabled` | Enable Data Platform emitter containers' Security Context | `true` | -| `dataplatform.emitter.containerSecurityContext.runAsUser` | User ID for the containers. | `1001` | -| `dataplatform.emitter.containerSecurityContext.runAsNonRoot` | Enable Data Platform emitter containers' Security Context runAsNonRoot | `true` | -| `dataplatform.emitter.podSecurityContext.enabled` | Enable Data Platform emitter pods' Security Context | `true` | -| `dataplatform.emitter.podSecurityContext.fsGroup` | Group ID for the pods. | `1001` | -| `dataplatform.emitter.podAffinityPreset` | Data Platform emitter pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dataplatform.emitter.podAntiAffinityPreset` | Data Platform emitter pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `dataplatform.emitter.nodeAffinityPreset.type` | Data Platform emitter node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dataplatform.emitter.nodeAffinityPreset.key` | Data Platform emitter node label key to match Ignored if `affinity` is set. | `""` | -| `dataplatform.emitter.nodeAffinityPreset.values` | Data Platform emitter node label values to match. Ignored if `affinity` is set. | `[]` | -| `dataplatform.emitter.affinity` | Affinity settings for emitter pod assignment. Evaluated as a template | `{}` | -| `dataplatform.emitter.nodeSelector` | Node labels for emitter pods assignment. Evaluated as a template | `{}` | -| `dataplatform.emitter.tolerations` | Tolerations for emitter pods assignment. Evaluated as a template | `[]` | -| `dataplatform.emitter.podLabels` | Additional labels for Metrics emitter pod | `{}` | -| `dataplatform.emitter.podAnnotations` | Additional annotations for Metrics emitter pod | `{}` | -| `dataplatform.emitter.customLivenessProbe` | Override default liveness probe%%MAIN_CONTAINER_NAME%% | `{}` | -| `dataplatform.emitter.customReadinessProbe` | Override default readiness probe%%MAIN_CONTAINER_NAME%% | `{}` | -| `dataplatform.emitter.customStartupProbe` | Override default startup probe | `{}` | -| `dataplatform.emitter.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `dataplatform.emitter.updateStrategy.rollingUpdate` | Deployment rolling update configuration parameters | `{}` | -| `dataplatform.emitter.extraEnvVars` | Additional environment variables to set | `[]` | -| `dataplatform.emitter.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `dataplatform.emitter.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `dataplatform.emitter.extraVolumes` | Extra volumes to add to the deployment | `[]` | -| `dataplatform.emitter.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | -| `dataplatform.emitter.initContainers` | Add init containers to the %%MAIN_CONTAINER_NAME%% pods | `[]` | -| `dataplatform.emitter.sidecars` | Add sidecars to the %%MAIN_CONTAINER_NAME%% pods | `[]` | -| `dataplatform.emitter.service.type` | Service type for default Data Platform metrics emitter service | `ClusterIP` | -| `dataplatform.emitter.service.annotations` | annotations for Data Platform emitter service | `{}` | -| `dataplatform.emitter.service.labels` | Additional labels for Data Platform emitter service | `{}` | -| `dataplatform.emitter.service.ports.http` | Kubernetes Service port | `8091` | -| `dataplatform.emitter.service.loadBalancerIP` | Load balancer IP for the dataplatform emitter Service (optional, cloud specific) | `""` | -| `dataplatform.emitter.service.nodePorts.http` | Node ports for the HTTP emitter service | `""` | -| `dataplatform.emitter.service.loadBalancerSourceRanges` | Data Platform Emitter Load Balancer Source ranges | `[]` | -| `dataplatform.emitter.hostAliases` | Deployment pod host aliases | `[]` | - - -### Kafka parameters - -| Name | Description | Value | -| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `kafka.enabled` | Enable Kafka subchart | `true` | -| `kafka.replicaCount` | Number of Kafka brokers | `3` | -| `kafka.heapOpts` | Kafka Java Heap size | `-Xmx4096m -Xms4096m` | -| `kafka.resources.limits` | Resource limits for Kafka | `{}` | -| `kafka.resources.requests.cpu` | CPU capacity request for Kafka nodes | `250m` | -| `kafka.resources.requests.memory` | Memory capacity request for Kafka nodes | `5120Mi` | -| `kafka.affinity.podAntiAffinity` | Kafka anti affinity rules | `{}` | -| `kafka.affinity.podAffinity` | Kafka affinity rules | `{}` | -| `kafka.metrics.kafka.enabled` | Enable prometheus exporter for Kafka | `false` | -| `kafka.metrics.kafka.resources.limits` | Resource limits for kafka prometheus exporter | `{}` | -| `kafka.metrics.kafka.resources.requests.cpu` | CPU capacity request for Kafka prometheus nodes | `100m` | -| `kafka.metrics.kafka.resources.requests.memory` | Memory capacity request for Kafka prometheus nodes | `128Mi` | -| `kafka.metrics.kafka.service.port` | Kafka Exporter Prometheus port to be used in wavefront configuration | `9308` | -| `kafka.metrics.jmx.enabled` | Enable JMX exporter for Kafka | `false` | -| `kafka.metrics.jmx.resources.limits` | Resource limits for kafka prometheus exporter | `{}` | -| `kafka.metrics.jmx.resources.requests.cpu` | CPU capacity request for Kafka prometheus nodes | `100m` | -| `kafka.metrics.jmx.resources.requests.memory` | Memory capacity request for Kafka prometheus nodes | `128Mi` | -| `kafka.metrics.jmx.service.port` | JMX Prometheus exporter service port | `5556` | -| `kafka.zookeeper.enabled` | Enable the Kafka subchart's Zookeeper | `true` | -| `kafka.zookeeper.replicaCount` | Number of Zookeeper nodes | `3` | -| `kafka.zookeeper.heapSize` | Size in MB for the Java Heap options (Xmx and XMs) in Zookeeper. This env var is ignored if Xmx an Xms are configured via JVMFLAGS | `4096` | -| `kafka.zookeeper.resources.limits` | Resource limits for zookeeper | `{}` | -| `kafka.zookeeper.resources.requests.cpu` | CPU capacity request for zookeeper | `250m` | -| `kafka.zookeeper.resources.requests.memory` | Memory capacity request for zookeeper | `5Gi` | -| `kafka.zookeeper.affinity.podAntiAffinity` | Zookeeper pod anti affinity rules | `{}` | -| `kafka.externalZookeeper.servers` | Array of external Zookeeper servers | `[]` | - - -### Spark parameters - -| Name | Description | Value | -| ---------------------------------------- | -------------------------------------- | ------- | -| `spark.enabled` | Enable Spark subchart | `true` | -| `spark.master.webPort` | Web port for spark master | `8080` | -| `spark.master.resources.limits` | Spark master resource limits | `{}` | -| `spark.master.resources.requests.cpu` | Spark master CPUs | `250m` | -| `spark.master.resources.requests.memory` | Spark master requested memory | `5Gi` | -| `spark.master.affinity.podAntiAffinity` | Anti affinity rules set for resiliency | `{}` | -| `spark.worker.replicaCount` | Number of spark workers | `2` | -| `spark.worker.webPort` | Web port for spark master | `8081` | -| `spark.worker.resources.limits` | Spark master resource limits | `{}` | -| `spark.worker.resources.requests.cpu` | Spark master CPUs | `250m` | -| `spark.worker.resources.requests.memory` | Spark master requested memory | `5Gi` | -| `spark.worker.affinity.podAntiAffinity` | Anti affinity rules set for resiliency | `{}` | -| `spark.metrics.enabled` | Enable Prometheus exporter for Spark | `false` | -| `spark.metrics.masterAnnotations` | Annotations for Spark master exporter | `{}` | -| `spark.metrics.workerAnnotations` | Annotations for Spark worker exporter | `{}` | - - -### Elasticsearch parameters - -| Name | Description | Value | -| ------------------------------------------------------ | -------------------------------------------- | ------- | -| `elasticsearch.enabled` | Enable Elasticsearch | `true` | -| `elasticsearch.global.kibanaEnabled` | Enable Kibana | `true` | -| `elasticsearch.master.replicas` | Number of Elasticsearch replicas | `3` | -| `elasticsearch.master.heapSize` | Heap Size for Elasticsearch master | `768m` | -| `elasticsearch.master.affinity.podAntiAffinity` | Elasticsearch pod anti affinity | `{}` | -| `elasticsearch.master.resources.limits` | Elasticsearch master resource limits | `{}` | -| `elasticsearch.master.resources.requests.cpu` | Elasticsearch master CPUs | `250m` | -| `elasticsearch.master.resources.requests.memory` | Elasticsearch master requested memory | `1Gi` | -| `elasticsearch.master.affinity.podAntiAffinity` | Anti affinity rules set for resiliency | `{}` | -| `elasticsearch.data.name` | Elasticsearch data node name | `data` | -| `elasticsearch.data.replicas` | Number of Elasticsearch replicas | `2` | -| `elasticsearch.data.heapSize` | Heap Size for Elasticsearch data node | `4096m` | -| `elasticsearch.data.affinity.podAntiAffinity` | Anti affinity rules set for resiliency | `{}` | -| `elasticsearch.data.resources.limits` | Elasticsearch data node resource limits | `{}` | -| `elasticsearch.data.resources.requests.cpu` | Elasticsearch data node CPUs | `250m` | -| `elasticsearch.data.resources.requests.memory` | Elasticsearch data node requested memory | `5Gi` | -| `elasticsearch.coordinating.replicas` | Number of Elasticsearch replicas | `2` | -| `elasticsearch.coordinating.heapSize` | Heap Size for Elasticsearch coordinating | `768m` | -| `elasticsearch.coordinating.affinity.podAntiAffinity` | Anti affinity rules set for resiliency | `{}` | -| `elasticsearch.coordinating.resources.limits` | Elasticsearch coordinating resource limits | `{}` | -| `elasticsearch.coordinating.resources.requests.cpu` | Elasticsearch coordinating CPUs | `250m` | -| `elasticsearch.coordinating.resources.requests.memory` | Elasticsearch coordinating requested memory | `1Gi` | -| `elasticsearch.metrics.enabled` | Enable Prometheus exporter for Elasticsearch | `false` | -| `elasticsearch.metrics.resources.limits` | Elasticsearch metrics resource limits | `{}` | -| `elasticsearch.metrics.resources.requests.cpu` | Elasticsearch metrics CPUs | `100m` | -| `elasticsearch.metrics.resources.requests.memory` | Elasticsearch metrics requested memory | `128Mi` | -| `elasticsearch.metrics.service.annotations` | Elasticsearch metrics service annotations | `{}` | - - -### Logstash parameters - -| Name | Description | Value | -| -------------------------------------------- | ----------------------------------------------------- | -------- | -| `logstash.enabled` | Enable Logstash | `true` | -| `logstash.replicaCount` | Number of Logstash replicas | `2` | -| `logstash.affinity.podAntiAffinity` | Logstash pod anti affinity | `{}` | -| `logstash.extraEnvVars` | Array containing extra env vars to configure Logstash | `[]` | -| `logstash.resources.limits` | Elasticsearch metrics resource limits | `{}` | -| `logstash.resources.requests.cpu` | Elasticsearch metrics CPUs | `250m` | -| `logstash.resources.requests.memory` | Elasticsearch metrics requested memory | `1500Mi` | -| `logstash.metrics.enabled` | Enable metrics for logstash | `false` | -| `logstash.metrics.resources.limits` | Elasticsearch metrics resource limits | `{}` | -| `logstash.metrics.resources.requests.cpu` | Elasticsearch metrics CPUs | `100m` | -| `logstash.metrics.resources.requests.memory` | Elasticsearch metrics requested memory | `128Mi` | -| `logstash.metrics.service.port` | Logstash Prometheus port | `9198` | -| `logstash.metrics.service.annotations` | Annotations for the Prometheus metrics service | `{}` | - - -### Tanzu Observability (Wavefront) parameters - -| Name | Description | Value | -| ---------------------------------------------------- | ---------------------------------------------- | ------------------------------------ | -| `wavefront.enabled` | Enable Tanzu Observability Framework | `false` | -| `wavefront.clusterName` | Cluster name | `KUBERNETES_CLUSTER_NAME` | -| `wavefront.wavefront.url` | Tanzu Observability cluster URL | `https://YOUR_CLUSTER.wavefront.com` | -| `wavefront.wavefront.token` | Tanzu Observability access token | `YOUR_API_TOKEN` | -| `wavefront.wavefront.existingSecret` | Tanzu Observability existing secret | `""` | -| `wavefront.collector.resources.limits` | Wavefront collector metrics resource limits | `{}` | -| `wavefront.collector.resources.requests.cpu` | Wavefront collector metrics CPUs | `200m` | -| `wavefront.collector.resources.requests.memory` | Wavefront collector metrics requested memory | `10Mi` | -| `wavefront.collector.discovery.enabled` | Enable wavefront discovery | `true` | -| `wavefront.collector.discovery.enableRuntimeConfigs` | Enable runtime configs for wavefront discovery | `true` | -| `wavefront.collector.discovery.config` | Wavefront discovery config | `[]` | -| `wavefront.proxy.resources.limits` | Wavefront Proxy metrics resource limits | `{}` | -| `wavefront.proxy.resources.requests.cpu` | Wavefront Proxy metrics CPUs | `100m` | -| `wavefront.proxy.resources.requests.memory` | Wavefront Proxy metrics requested memory | `5Gi` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set kafka.replicaCount=3 \ - bitnami/dataplatform-bp2 -``` - -The above command deploys the data platform with Kafka with 3 nodes (replicas). - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example - -```console -$ helm install my-release -f values.yaml bitnami/dataplatform-bp2 -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -### Data Platform Deployment with Observability Framework - -In the default deployment, the helm chart deploys the data platform with [Metrics Emitter](https://hub.docker.com/r/bitnami/dataplatform-emitter) and [Prometheus Exporter](https://hub.docker.com/r/bitnami/dataplatform-exporter) which emit the health metrics of the data platform which can be integrated with your observability solution. - -In case you need to deploy the data platform with Tanzu Observability Framework for all the applications (Kafka/Spark/Elasticsearch/Logstash) in the data platform, you can specify the 'enabled' parameter using the `--set .metrics.enabled=true` argument to `helm install`. For Example, - -```console -$ helm install my-release bitnami/dataplatform-bp2 \ - --set kafka.metrics.kafka.enabled=true \ - --set kafka.metrics.jmx.enabled=true \ - --set spark.metrics.enabled=true \ - --set elasticsearch.metrics.enabled=true \ - --set logstash.metrics.enabled=true \ - --set wavefront.enabled=true \ - --set wavefront.clusterName= \ - --set wavefront.wavefront.url=https://.wavefront.com \ - --set wavefront.wavefront.token= -``` - -If you want to use an existing Wavefront deployment, edit the Wavefront Collector ConfigMap and add the following snippet under discovery plugins. Once done, restart the wavefront collectors DaemonSet. - -```console -$ kubectl edit configmap wavefront-collector-config -n wavefront -``` - -Add the below config: - -```yaml - discovery: - enable_runtime_plugins: true - plugins: - ## auto-discover kafka-exporter - - name: kafka-discovery - type: prometheus - selectors: - images: - - '*bitnami/kafka-exporter*' - port: 9308 - path: /metrics - scheme: http - prefix: kafka. - - ## auto-discover jmx exporter - - name: kafka-jmx-discovery - type: prometheus - selectors: - images: - - '*bitnami/jmx-exporter*' - port: 5556 - path: /metrics - scheme: http - prefix: kafkajmx. - - ## auto-discover elasticsearch - - name: elasticsearch-discovery - type: prometheus - selectors: - images: - - '*bitnami/elasticsearch-exporter*' - port: 9114 - path: /metrics - scheme: http - - ## auto-discover logstash - - name: logstash-discovery - type: prometheus - selectors: - images: - - '*bitnami/logstash-exporter*' - port: 9198 - path: /metrics - scheme: http - - ## auto-discover spark - - name: spark-worker-discovery - type: prometheus - selectors: - images: - - '*bitnami/spark*' - port: 8081 - path: /metrics/ - scheme: http - prefix: spark. - - ## auto-discover spark - - name: spark-master-discovery - type: prometheus - selectors: - images: - - '*bitnami/spark*' - port: 8080 - path: /metrics/ - scheme: http - prefix: spark. -``` - -Below is the command to restart the DaemonSets - -```console -$ kubectl rollout restart daemonsets wavefront-collector -n wavefront -``` - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -In order to render complete information about the deployment including all the sub-charts, please use --render-subchart-notes flag while installing the chart. - -## Notable changes - -### 0.3.0 - -Elasticsearch dependency version was bumped to a new major version changing the license of some of its components to the [Elastic License](https://www.elastic.co/licensing/elastic-license) that is not currently accepted as an Open Source license by the Open Source Initiative (OSI). Check [Elasticsearch Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#to-1500) for more information. - -Regular upgrade is compatible from previous versions. - -## Upgrading - -### To 8.0.0 - -This major adds the data platform metrics emitter and Prometheus exporters to the chart which emit health metrics of the data platform. - -### To 7.0.0 - -This major updates the Elasticsearch subchart to its newest major, 17.0.0, which adds support for X-pack security features such as SSL/TLS encryption and password protection. Check [Elasticsearch Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#to-1700) for more information. - -### To 6.0.0 - -This major version updates resources for elasticsearch and logstash values. Also updates the README file with instructions on how to enable existing Wavefront deployment for the data platform blueprint. - -### To 5.0.0 - -This major updates the Kafka subchart its newest major, 14.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/kafka#to-1400) you can find more information about the changes introduced in this version. - -### To 4.0.0 - -This major updates the Kafka subchart to its newest major 13.0.0. For more information on this subchart's major, please refer to [kafka upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/kafka#to-1300). - -### To 3.0.0 - -This major version updates the prefixes of individual applications metrics in Wavefront Collectors which are fed to Tanzu observability in order to light up the individual dashboards of Kafka, Spark ElasticSearch and Logstash on Tanzu Observability platform. - -### To 2.0.0 - -This major updates the wavefront subchart to it newest major, 3.0.0, which contains a new major for kube-state-metrics. For more information on this subchart's major, please refer to [wavefront upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/wavefront#to-300). - -### To 1.0.0 - -The affinity rules have been updated to allow deploying this chart and the `dataplatform-bp1` chart in the same cluster. diff --git a/bitnami/dataplatform-bp2/templates/NOTES.txt b/bitnami/dataplatform-bp2/templates/NOTES.txt deleted file mode 100644 index 354bb83..0000000 --- a/bitnami/dataplatform-bp2/templates/NOTES.txt +++ /dev/null @@ -1,66 +0,0 @@ -** Data Platform Blueprint 2 is being deployed, it could take some time to be ready ** - -The following components are being deployed to your cluster: - -{{- if .Values.kafka.enabled }} - -*********** -** Kafka ** -*********** - -To access the Kafka service from your local machine execute the following: - -{{- if eq .Values.kafka.service.type "LoadBalancer" }} - - export SERVICE_IP=$(kubectl get --namespace {{ .Release.Namespace }} svc {{ include "subcomponent.service.name" ( dict "componentName" "kafka" "context" $ ) }} -o jsonpath="{.status.loadBalancer.ingress[0]['ip', 'hostname'] }") - echo http://$SERVICE_IP:9092 - -{{- else -}} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "subcomponent.service.name" ( dict "componentName" "kafka" "context" $ ) }} 9092:9092 & - echo "Kafka service available at : http://127.0.0.1:9092" - -{{- end -}} -{{- end -}} - -{{- if .Values.elasticsearch.enabled }} - -********** -** Elasticsearch ** -********** - -To access the Elasticsearch service from your local machine execute the following: - -{{- if eq .Values.elasticsearch.master.service.type "LoadBalancer" }} - - export SERVICE_IP=$(kubectl get --namespace {{ .Release.Namespace }} svc {{ include "subcomponent.service.name" ( dict "componentName" "coordinating-only" "context" $ ) }} -o jsonpath="{.status.loadBalancer.ingress[0]['ip', 'hostname'] }") - echo http://$SERVICE_IP:9200 - -{{- else -}} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "subcomponent.service.name" ( dict "componentName" "coordinating-only" "context" $ ) }} 9200:9200 & - echo "Elasticsearch service available at : http://127.0.0.1:9200" - -{{- end -}} -{{- end -}} - -{{- if .Values.spark.enabled }} - -*********** -** Spark ** -*********** - -To access the Spark service from your local machine execute the following: - -{{- if eq .Values.spark.service.type "LoadBalancer" }} - - export SERVICE_IP=$(kubectl get --namespace {{ .Release.Namespace }} svc {{ include "subcomponent.service.name" ( dict "componentName" "spark" "context" $ ) }} -o jsonpath="{.status.loadBalancer.ingress[0]['ip', 'hostname'] }") - echo http://$SERVICE_IP:80 - -{{- else -}} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "subcomponent.service.name" ( dict "componentName" "spark" "context" $ ) }} 8080:80 & - echo "Spark service available at : http://127.0.0.1:8080" - -{{- end -}} -{{- end -}} diff --git a/bitnami/dataplatform-bp2/templates/_helpers.tpl b/bitnami/dataplatform-bp2/templates/_helpers.tpl deleted file mode 100644 index 803833f..0000000 --- a/bitnami/dataplatform-bp2/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* -Return the proper service name for a subcomponent -Usage: -{{ include "subcomponent.service.name" ( dict "componentName" "name" "context" $ ) }} -*/}} -{{- define "subcomponent.service.name" -}} -{{- printf "%s-%s" .context.Release.Name .componentName | trunc 63 -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "dataplatform.fullname" -}} -{{- include "common.names.fullname" . -}} -{{- end -}} - -{{/* -Define the name of the dataplatform exporter -*/}} -{{- define "dataplatform.exporter-name" -}} -{{- printf "%s-%s" (include "dataplatform.fullname" .) "exporter" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Define the name of the dataplatform emitter -*/}} -{{- define "dataplatform.emitter-name" -}} -{{- printf "%s-%s" (include "dataplatform.fullname" .) "emitter" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* - Create the name of the service account to use - */}} -{{- define "dataplatform.serviceAccountName" -}} -{{- if .Values.dataplatform.serviceAccount.create -}} - {{- default (include "dataplatform.fullname" .) .Values.dataplatform.serviceAccount.name -}} -{{- else -}} - {{- default "default" .Values.dataplatform.serviceAccount.name -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper dataplatform-exporter image name -*/}} -{{- define "dataplatform.exporter.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.dataplatform.exporter.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "dataplatform.exporter.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.dataplatform.exporter.image ) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper dataplatform-emitter image name -*/}} -{{- define "dataplatform.emitter.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.dataplatform.emitter.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "dataplatform.emitter.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.dataplatform.emitter.image ) "global" .Values.global) -}} -{{- end -}} \ No newline at end of file diff --git a/bitnami/dataplatform-bp2/templates/emitter-deployment.yaml b/bitnami/dataplatform-bp2/templates/emitter-deployment.yaml deleted file mode 100644 index 0719251..0000000 --- a/bitnami/dataplatform-bp2/templates/emitter-deployment.yaml +++ /dev/null @@ -1,154 +0,0 @@ -{{- if .Values.dataplatform.emitter.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-emitter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "dataplatform.emitter-name" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace | quote }} -spec: - replicas: 1 - {{- if .Values.dataplatform.emitter.updateStrategy }} - strategy: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.updateStrategy "context" $) | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: dataplatform-emitter - template: - metadata: - annotations: - {{- if .Values.dataplatform.emitter.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: dataplatform-emitter - {{- if .Values.dataplatform.emitter.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ include "dataplatform.serviceAccountName" . }} - {{- include "dataplatform.emitter.imagePullSecrets" . | nindent 6 }} - {{- if .Values.dataplatform.emitter.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.emitter.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.emitter.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dataplatform.emitter.podAffinityPreset "component" "dataplatform-emitter" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dataplatform.emitter.podAntiAffinityPreset "component" "dataplatform-emitter" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.dataplatform.emitter.nodeAffinityPreset.type "key" .Values.dataplatform.emitter.nodeAffinityPreset.key "values" .Values.dataplatform.emitter.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.dataplatform.emitter.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.emitter.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.emitter.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.emitter.priorityClassName }} - priorityClassName: {{ .Values.dataplatform.emitter.priorityClassName | quote }} - {{- end }} - {{- if .Values.dataplatform.emitter.podSecurityContext.enabled }} - securityContext: {{- omit .Values.dataplatform.emitter.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.dataplatform.emitter.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: dataplatform-emitter - image: {{ include "dataplatform.emitter.image" . }} - imagePullPolicy: {{ .Values.dataplatform.emitter.image.pullPolicy | quote }} - {{- if .Values.dataplatform.emitter.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.dataplatform.emitter.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BP_NAME - value: {{ include "dataplatform.fullname" . }} - - name: BP_RELEASE_NAME - value: {{ .Release.Name }} - - name: BP_NAMESPACE - value: {{ .Release.Namespace }} - {{- if or .Values.dataplatform.emitter.extraEnvVarsCM .Values.dataplatform.exporter.extraEnvVarsSecret }} - envFrom: - {{- if .Values.dataplatform.emitter.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.dataplatform.emitter.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: emitter-port - containerPort: {{ .Values.dataplatform.emitter.containerPorts.http }} - {{- if .Values.dataplatform.emitter.resources }} - resources: {{- toYaml .Values.dataplatform.emitter.resources | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: "/v1/health" - port: {{ .Values.dataplatform.emitter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.emitter.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.emitter.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.emitter.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.emitter.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.emitter.livenessProbe.successThreshold }} - {{- else if .Values.dataplatform.emitter.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: "/v1/health" - port: {{ .Values.dataplatform.emitter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.emitter.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.emitter.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.emitter.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.emitter.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.emitter.readinessProbe.successThreshold }} - {{- else if .Values.dataplatform.emitter.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.startupProbe.enabled }} - startupProbe: - httpGet: - path: "/v1/health" - port: {{ .Values.dataplatform.emitter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.emitter.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.emitter.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.emitter.startupProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.emitter.startupProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.emitter.startupProbe.successThreshold }} - {{- else if .Values.dataplatform.emitter.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.dataplatform.emitter.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.emitter.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.emitter.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.dataplatform.emitter.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.emitter.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{ end }} diff --git a/bitnami/dataplatform-bp2/templates/emitter-svc.yaml b/bitnami/dataplatform-bp2/templates/emitter-svc.yaml deleted file mode 100644 index bf230a5..0000000 --- a/bitnami/dataplatform-bp2/templates/emitter-svc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.dataplatform.emitter.enabled }} -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-emitter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.dataplatform.emitter.service.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.emitter.service.labels "context" $ ) | nindent 4 }} - {{- end }} - name: "{{ include "dataplatform.emitter-name" . }}" - {{- if or .Values.dataplatform.emitter.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.dataplatform.emitter.service.annotations }} - {{ include "common.tplvalues.render" ( dict "value" .Values.dataplatform.emitter.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - namespace: {{ .Release.Namespace | quote }} -spec: - type: {{ .Values.dataplatform.emitter.service.type }} - {{ if eq .Values.dataplatform.emitter.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.dataplatform.emitter.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.dataplatform.emitter.service.type "LoadBalancer") (not (empty .Values.dataplatform.emitter.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.dataplatform.emitter.service.loadBalancerIP }} - {{- end }} - ports: - - name: tcp-client - port: {{ .Values.dataplatform.emitter.service.ports.http }} - protocol: TCP - targetPort: emitter-port - {{- if and (or (eq .Values.dataplatform.emitter.service.type "NodePort") (eq .Values.dataplatform.emitter.service.type "LoadBalancer")) (not (empty .Values.dataplatform.emitter.service.nodePorts.http)) }} - nodePort: {{ .Values.dataplatform.emitter.service.nodePorts.http }} - {{- else if eq .Values.dataplatform.emitter.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-emitter -{{ end }} diff --git a/bitnami/dataplatform-bp2/templates/exporter-deployment.yaml b/bitnami/dataplatform-bp2/templates/exporter-deployment.yaml deleted file mode 100644 index abb391a..0000000 --- a/bitnami/dataplatform-bp2/templates/exporter-deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{- if .Values.dataplatform.exporter.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-exporter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "dataplatform.exporter-name" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace | quote }} -spec: - replicas: 1 - {{- if .Values.dataplatform.exporter.updateStrategy }} - strategy: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.updateStrategy "context" $) | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: dataplatform-exporter - template: - metadata: - annotations: - {{- if .Values.dataplatform.exporter.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: dataplatform-exporter - {{- if .Values.dataplatform.exporter.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ include "dataplatform.serviceAccountName" . }} - {{- include "dataplatform.exporter.imagePullSecrets" . | nindent 6 }} - {{- if .Values.dataplatform.exporter.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.exporter.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.exporter.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dataplatform.exporter.podAffinityPreset "component" "dataplatform-exporter" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dataplatform.exporter.podAntiAffinityPreset "component" "dataplatform-exporter" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.dataplatform.exporter.nodeAffinityPreset.type "key" .Values.dataplatform.exporter.nodeAffinityPreset.key "values" .Values.dataplatform.exporter.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.dataplatform.exporter.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.exporter.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.exporter.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.dataplatform.exporter.priorityClassName }} - priorityClassName: {{ .Values.dataplatform.exporter.priorityClassName | quote }} - {{- end }} - {{- if .Values.dataplatform.exporter.podSecurityContext.enabled }} - securityContext: {{- omit .Values.dataplatform.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.dataplatform.exporter.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: dataplatform-exporter - image: {{ include "dataplatform.exporter.image" . }} - imagePullPolicy: {{ .Values.dataplatform.exporter.image.pullPolicy | quote }} - {{- if .Values.dataplatform.exporter.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.dataplatform.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BP_NAME - value: {{ include "dataplatform.fullname" . }} - - name: DP_URI - value: http://{{ include "dataplatform.emitter-name" . }}:{{ .Values.dataplatform.emitter.service.ports.http }} - {{- if or .Values.dataplatform.exporter.extraEnvVarsCM .Values.dataplatform.exporter.extraEnvVarsSecret }} - envFrom: - {{- if .Values.dataplatform.exporter.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.dataplatform.exporter.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: exporter-port - containerPort: {{ .Values.dataplatform.exporter.containerPorts.http }} - {{- if .Values.dataplatform.exporter.resources }} - resources: {{- toYaml .Values.dataplatform.exporter.resources | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: "/metrics" - port: {{ .Values.dataplatform.exporter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.exporter.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.exporter.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.exporter.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.exporter.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.exporter.livenessProbe.successThreshold }} - {{- else if .Values.dataplatform.exporter.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: "/metrics" - port: {{ .Values.dataplatform.exporter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.exporter.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.exporter.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.exporter.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.exporter.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.exporter.readinessProbe.successThreshold }} - {{- else if .Values.dataplatform.exporter.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.startupProbe.enabled }} - startupProbe: - httpGet: - path: "/v1/health" - port: {{ .Values.dataplatform.exporter.containerPorts.http }} - initialDelaySeconds: {{ .Values.dataplatform.exporter.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.dataplatform.exporter.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.dataplatform.exporter.startupProbe.timeoutSeconds }} - failureThreshold: {{ .Values.dataplatform.exporter.startupProbe.failureThreshold }} - successThreshold: {{ .Values.dataplatform.exporter.startupProbe.successThreshold }} - {{- else if .Values.dataplatform.exporter.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.dataplatform.exporter.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dataplatform.exporter.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.exporter.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.dataplatform.exporter.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.dataplatform.exporter.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{ end }} diff --git a/bitnami/dataplatform-bp2/templates/exporter-svc.yaml b/bitnami/dataplatform-bp2/templates/exporter-svc.yaml deleted file mode 100644 index 9830292..0000000 --- a/bitnami/dataplatform-bp2/templates/exporter-svc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.dataplatform.exporter.enabled }} -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-exporter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.dataplatform.exporter.service.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.dataplatform.exporter.service.labels "context" $ ) | nindent 4 }} - {{- end }} - name: "{{ include "dataplatform.exporter-name" . }}" - {{- if or .Values.dataplatform.exporter.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.dataplatform.exporter.service.annotations }} - {{ include "common.tplvalues.render" ( dict "value" .Values.dataplatform.exporter.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - namespace: {{ .Release.Namespace | quote }} -spec: - type: {{ .Values.dataplatform.exporter.service.type }} - {{ if eq .Values.dataplatform.exporter.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.dataplatform.exporter.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.dataplatform.exporter.service.type "LoadBalancer") (not (empty .Values.dataplatform.exporter.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.dataplatform.exporter.service.loadBalancerIP }} - {{- end }} - ports: - - name: tcp-client - port: {{ .Values.dataplatform.exporter.service.ports.http }} - protocol: TCP - targetPort: exporter-port - {{- if and (or (eq .Values.dataplatform.exporter.service.type "NodePort") (eq .Values.dataplatform.exporter.service.type "LoadBalancer")) (not (empty .Values.dataplatform.exporter.service.nodePorts.http)) }} - nodePort: {{ .Values.dataplatform.exporter.service.nodePorts.http }} - {{- else if eq .Values.dataplatform.exporter.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: dataplatform-exporter -{{ end }} diff --git a/bitnami/dataplatform-bp2/templates/role.yaml b/bitnami/dataplatform-bp2/templates/role.yaml deleted file mode 100644 index b76c230..0000000 --- a/bitnami/dataplatform-bp2/templates/role.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if .Values.dataplatform.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "dataplatform.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - statefulsets - - pods - - services - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - - namespaces/status - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - controllerrevisions - - daemonsets - - daemonsets/status - - deployments - - deployments/scale - - deployments/status - - replicasets - - replicasets/scale - - replicasets/status - - statefulsets - - statefulsets/scale - - statefulsets/status - verbs: - - get - - list - - watch -{{- end -}} diff --git a/bitnami/dataplatform-bp2/templates/rolebinding.yaml b/bitnami/dataplatform-bp2/templates/rolebinding.yaml deleted file mode 100644 index bcd5c33..0000000 --- a/bitnami/dataplatform-bp2/templates/rolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.dataplatform.serviceAccount.create .Values.dataplatform.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "dataplatform.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: Role - name: {{ template "dataplatform.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ template "dataplatform.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/dataplatform-bp2/templates/serviceaccount.yaml b/bitnami/dataplatform-bp2/templates/serviceaccount.yaml deleted file mode 100644 index bb2b2a2..0000000 --- a/bitnami/dataplatform-bp2/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.dataplatform.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "dataplatform.serviceAccountName" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dataplatform - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.dataplatform.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/bitnami/dataplatform-bp2/values.schema.json b/bitnami/dataplatform-bp2/values.schema.json deleted file mode 100644 index c5e0e3e..0000000 --- a/bitnami/dataplatform-bp2/values.schema.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "kafka": { - "type": "object", - "title": "Kafka Metrics Details", - "form": true, - "properties": { - "metrics": { - "type": "object", - "properties": { - "kafka": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable metrics for Kafka", - "description": "Whether to enable metrics for Kafka. Switch this off in case Kafka metrics are not needed" - } - } - }, - "jmx": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable JMX metrics for Kafka", - "description": "Whether to enable JMX metrics for Kafka. Switch this off in case Kafka JMX metrics are not needed" - } - } - } - } - } - } - }, - "spark": { - "type": "object", - "title": "Spark Metrics Details", - "form": true, - "properties": { - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable metrics for Spark", - "description": "Whether to enable metrics for Spark. Switch this off in case Spark metrics are not needed" - } - } - } - } - }, - "elasticsearch": { - "type": "object", - "title": "Elasticsearch Metrics Details", - "form": true, - "properties": { - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable metrics for Elasticsearch", - "description": "Whether to enable metrics for Elasticsearch. Switch this off in case Elasticsearch metrics are not needed" - } - } - } - } - }, - "logstash": { - "type": "object", - "title": "Logstash Metrics Details", - "form": true, - "properties": { - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable metrics for Logstash", - "description": "Whether to enable metrics for Logstash. Switch this off in case Logstash metrics are not needed" - } - } - } - } - }, - "wavefront": { - "type": "object", - "title": "Tanzu Observability Details", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Deploy Tanzu observability for the data platform cluster including configuration for metrics exporters for all the components. Check https://docs.wavefront.com/kubernetes.html for more details", - "form": true, - "description": "Whether to deploy a Tanzu observability as part of data platform. Switch this off in case Tanzu Observability is not needed. Check https://docs.wavefront.com/kubernetes.html for more details." - }, - "clusterName": { - "type": "string", - "title": "Provide the kubernetes cluster name to be configured in Tanzu Observability", - "form": true, - "hidden": { - "value": false, - "path": "wavefront/enabled" - }, - "description": "Kubernetes cluster name to be configured in Tanzu Observability, if not provided it will be defaulted to KUBERNETES_CLUSTER_NAME" - }, - "wavefront": { - "type": "object", - "properties": { - "url": { - "type": "string", - "title": "Provide the Tanzu Observability cluster url to be configured", - "form": true, - "hidden": { - "value": false, - "path": "wavefront/enabled" - }, - "description": "Tanzu Observability cluster url to be configured to export the metrics to" - }, - "token": { - "type": "string", - "title": "Provide the Tanzu Observability user API token to be used for the cluster url provided above", - "form": true, - "hidden": { - "value": false, - "path": "wavefront/enabled" - }, - "description": "Tanzu Observability user API token to be used for the cluster url provided above" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/bitnami/dataplatform-bp2/values.yaml b/bitnami/dataplatform-bp2/values.yaml deleted file mode 100644 index acca93b..0000000 --- a/bitnami/dataplatform-bp2/values.yaml +++ /dev/null @@ -1,1249 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} - -## @section Data Platform Chart parameters -## Configuration for the dataplatform prometheus exporter -## -dataplatform: - serviceAccount: - ## @param dataplatform.serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param dataplatform.serviceAccount.name The name of the ServiceAccount to create - ## If not set and create is true, a name is generated using the fullname template - ## - name: "" - ## @param dataplatform.serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created - ## Can be set to false if pods using this serviceAccount do not need to use K8s API - ## - automountServiceAccountToken: true - ## Role Based Access - ## ref: https://kubernetes.io/docs/admin/authorization/rbac/ - ## - rbac: - ## @param dataplatform.rbac.create Whether to create & use RBAC resources or not - ## binding dataplatform ServiceAccount to a role - ## that allows dataplatform pods querying the K8s API - ## - create: true - exporter: - ## @param dataplatform.exporter.enabled Start a prometheus exporter - ## - enabled: true - ## Data Platform BP2 exporter image - ## ref: https://hub.docker.com/r/bitnami/dataplatform-exporter/tags/ - ## @param dataplatform.exporter.image.registry dataplatform exporter image registry - ## @param dataplatform.exporter.image.repository dataplatform exporter image repository - ## @param dataplatform.exporter.image.tag dataplatform exporter image tag (immutable tags are recommended) - ## @param dataplatform.exporter.image.pullPolicy dataplatform exporter image pull policy - ## @param dataplatform.exporter.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/dataplatform-exporter - tag: 0.0.11-scratch-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param dataplatform.exporter.livenessProbe.enabled Enable livenessProbe - ## @param dataplatform.exporter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param dataplatform.exporter.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param dataplatform.exporter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param dataplatform.exporter.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param dataplatform.exporter.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param dataplatform.exporter.readinessProbe.enabled Enable readinessProbe - ## @param dataplatform.exporter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param dataplatform.exporter.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param dataplatform.exporter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param dataplatform.exporter.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param dataplatform.exporter.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 15 - ## Configure extra options for startup probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-startup-probes/#configure-probes - ## @param dataplatform.exporter.startupProbe.enabled Enable startupProbe - ## @param dataplatform.exporter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param dataplatform.exporter.startupProbe.periodSeconds Period seconds for startupProbe - ## @param dataplatform.exporter.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param dataplatform.exporter.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param dataplatform.exporter.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 15 - ## @param dataplatform.exporter.containerPorts.http Data Platform Prometheus exporter port - ## - containerPorts: - http: 9090 - ## @param dataplatform.exporter.priorityClassName exporter priorityClassName - ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param dataplatform.exporter.command Override Data Platform Exporter entrypoint string. - ## - command: [] - ## @param dataplatform.exporter.args Arguments for the provided command if needed - ## - args: [] - ## Exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param dataplatform.exporter.resources.limits The resources limits for the container - ## @param dataplatform.exporter.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 200m - ## memory: 256Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 200m - ## memory: 10Mi - ## - requests: {} - ## dataplatform exporter containers' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param dataplatform.exporter.containerSecurityContext.enabled Enable Data Platform exporter containers' Security Context - ## @param dataplatform.exporter.containerSecurityContext.runAsUser User ID for the containers. - ## @param dataplatform.exporter.containerSecurityContext.runAsNonRoot Enable Data Platform exporter containers' Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## dataplatform exporter pods' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param dataplatform.exporter.podSecurityContext.enabled Enable Data Platform exporter pods' Security Context - ## @param dataplatform.exporter.podSecurityContext.fsGroup Group ID for the pods. - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## @param dataplatform.exporter.podAffinityPreset Data Platform exporter pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param dataplatform.exporter.podAntiAffinityPreset Data Platform exporter pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param dataplatform.exporter.nodeAffinityPreset.type Data Platform exporter node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param dataplatform.exporter.nodeAffinityPreset.key Data Platform exporter node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param dataplatform.exporter.nodeAffinityPreset.values Data Platform exporter node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param dataplatform.exporter.affinity Affinity settings for exporter pod assignment. Evaluated as a template - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## @param dataplatform.exporter.nodeSelector Node labels for exporter pods assignment. Evaluated as a template - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param dataplatform.exporter.tolerations Tolerations for exporter pods assignment. Evaluated as a template - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param dataplatform.exporter.podLabels Additional labels for Metrics exporter pod - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param dataplatform.exporter.podAnnotations Additional annotations for Metrics exporter pod - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param dataplatform.exporter.customLivenessProbe Override default liveness probe - ## - customLivenessProbe: {} - ## @param dataplatform.exporter.customReadinessProbe Override default readiness probe - ## - customReadinessProbe: {} - ## @param dataplatform.exporter.customStartupProbe Override default startup probe - ## - customStartupProbe: {} - ## Update strategy - ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the - ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will - ## terminate the single previous pod, so that the new, incoming pod can attach to the PV - ## @param dataplatform.exporter.updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached - ## @param dataplatform.exporter.updateStrategy.rollingUpdate Deployment rolling update configuration parameters - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: {} - ## @param dataplatform.exporter.extraEnvVars Additional environment variables to set - ## Example: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param dataplatform.exporter.extraEnvVarsCM ConfigMap with extra environment variables - ## - extraEnvVarsCM: "" - ## @param dataplatform.exporter.extraEnvVarsSecret Secret with extra environment variables - ## - extraEnvVarsSecret: "" - ## @param dataplatform.exporter.extraVolumes Extra volumes to add to the deployment - ## - extraVolumes: [] - ## @param dataplatform.exporter.extraVolumeMounts Extra volume mounts to add to the container - ## - extraVolumeMounts: [] - ## @param dataplatform.exporter.initContainers Add init containers to the %%MAIN_CONTAINER_NAME%% pods - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param dataplatform.exporter.sidecars Add sidecars to the %%MAIN_CONTAINER_NAME%% pods - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## Service for the Data Platform exporter deployment - ## - service: - ## @param dataplatform.exporter.service.type Service type for default Data Platform Prometheus exporter service - ## - type: ClusterIP - ## @param dataplatform.exporter.service.annotations [object] Exporter service annotations - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9090" - prometheus.io/path: "/metrics" - ## @param dataplatform.exporter.service.labels Additional labels for Data Platform exporter service - ## - labels: {} - ## @param dataplatform.exporter.service.ports.http Kubernetes Service port - ## - ports: - http: 9090 - ## @param dataplatform.exporter.service.loadBalancerIP Load balancer IP for the Data Platform Exporter Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param dataplatform.exporter.service.nodePorts.http Node ports for the HTTP exporter service - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - ## @param dataplatform.exporter.service.loadBalancerSourceRanges Exporter Load Balancer Source ranges - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param dataplatform.exporter.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - - emitter: - ## @param dataplatform.emitter.enabled Start Data Platform metrics emitter - ## - enabled: true - ## Data Platform BP2 emitter image - ## ref: https://hub.docker.com/r/bitnami/dataplatform-emitter/tags/ - ## @param dataplatform.emitter.image.registry Data Platform emitter image registry - ## @param dataplatform.emitter.image.repository Data Platform emitter image repository - ## @param dataplatform.emitter.image.tag Data Platform emitter image tag (immutable tags are recommended) - ## @param dataplatform.emitter.image.pullPolicy Data Platform emitter image pull policy - ## @param dataplatform.emitter.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/dataplatform-emitter - tag: 0.0.10-scratch-r2 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param dataplatform.emitter.livenessProbe.enabled Enable livenessProbe - ## @param dataplatform.emitter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param dataplatform.emitter.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param dataplatform.emitter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param dataplatform.emitter.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param dataplatform.emitter.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param dataplatform.emitter.readinessProbe.enabled Enable readinessProbe - ## @param dataplatform.emitter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param dataplatform.emitter.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param dataplatform.emitter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param dataplatform.emitter.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param dataplatform.emitter.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 15 - ## Configure extra options for startup probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-startup-probes/#configure-probes - ## @param dataplatform.emitter.startupProbe.enabled Enable startupProbe - ## @param dataplatform.emitter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param dataplatform.emitter.startupProbe.periodSeconds Period seconds for startupProbe - ## @param dataplatform.emitter.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param dataplatform.emitter.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param dataplatform.emitter.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 15 - failureThreshold: 15 - successThreshold: 15 - ## @param dataplatform.emitter.containerPorts.http Data Platform emitter port - ## - containerPorts: - http: 8091 - ## @param dataplatform.emitter.priorityClassName exporter priorityClassName - ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param dataplatform.emitter.command Override Data Platform entrypoint string. - ## - command: [] - ## @param dataplatform.emitter.args Arguments for the provided command if needed - ## - args: [] - ## Data Platform metrics emitter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param dataplatform.emitter.resources.limits The resources limits for the container - ## @param dataplatform.emitter.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 200m - ## memory: 256Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 200m - ## memory: 10Mi - ## - requests: {} - ## Data Platform emitter containers' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param dataplatform.emitter.containerSecurityContext.enabled Enable Data Platform emitter containers' Security Context - ## @param dataplatform.emitter.containerSecurityContext.runAsUser User ID for the containers. - ## @param dataplatform.emitter.containerSecurityContext.runAsNonRoot Enable Data Platform emitter containers' Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## Data Platform emitter pods' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param dataplatform.emitter.podSecurityContext.enabled Enable Data Platform emitter pods' Security Context - ## @param dataplatform.emitter.podSecurityContext.fsGroup Group ID for the pods. - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## @param dataplatform.emitter.podAffinityPreset Data Platform emitter pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param dataplatform.emitter.podAntiAffinityPreset Data Platform emitter pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param dataplatform.emitter.nodeAffinityPreset.type Data Platform emitter node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param dataplatform.emitter.nodeAffinityPreset.key Data Platform emitter node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param dataplatform.emitter.nodeAffinityPreset.values Data Platform emitter node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param dataplatform.emitter.affinity Affinity settings for emitter pod assignment. Evaluated as a template - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## @param dataplatform.emitter.nodeSelector Node labels for emitter pods assignment. Evaluated as a template - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param dataplatform.emitter.tolerations Tolerations for emitter pods assignment. Evaluated as a template - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param dataplatform.emitter.podLabels Additional labels for Metrics emitter pod - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param dataplatform.emitter.podAnnotations Additional annotations for Metrics emitter pod - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param dataplatform.emitter.customLivenessProbe Override default liveness probe%%MAIN_CONTAINER_NAME%% - ## - customLivenessProbe: {} - ## @param dataplatform.emitter.customReadinessProbe Override default readiness probe%%MAIN_CONTAINER_NAME%% - ## - customReadinessProbe: {} - ## @param dataplatform.emitter.customStartupProbe Override default startup probe - ## - customStartupProbe: {} - ## Update strategy - ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the - ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will - ## terminate the single previous pod, so that the new, incoming pod can attach to the PV - ## @param dataplatform.emitter.updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached - ## @param dataplatform.emitter.updateStrategy.rollingUpdate Deployment rolling update configuration parameters - ## - updateStrategy: - type: RollingUpdate - rollingUpdate: {} - ## @param dataplatform.emitter.extraEnvVars Additional environment variables to set - ## Example: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param dataplatform.emitter.extraEnvVarsCM ConfigMap with extra environment variables - ## - extraEnvVarsCM: "" - ## @param dataplatform.emitter.extraEnvVarsSecret Secret with extra environment variables - ## - extraEnvVarsSecret: "" - ## @param dataplatform.emitter.extraVolumes Extra volumes to add to the deployment - ## - extraVolumes: [] - ## @param dataplatform.emitter.extraVolumeMounts Extra volume mounts to add to the container - ## - extraVolumeMounts: [] - ## @param dataplatform.emitter.initContainers Add init containers to the %%MAIN_CONTAINER_NAME%% pods - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param dataplatform.emitter.sidecars Add sidecars to the %%MAIN_CONTAINER_NAME%% pods - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## Service for the Data Platform emitter deployment - ## - service: - ## @param dataplatform.emitter.service.type Service type for default Data Platform metrics emitter service - ## - type: ClusterIP - ## @param dataplatform.emitter.service.annotations annotations for Data Platform emitter service - ## - annotations: {} - ## @param dataplatform.emitter.service.labels Additional labels for Data Platform emitter service - ## - labels: {} - ## @param dataplatform.emitter.service.ports.http Kubernetes Service port - ## - ports: - http: 8091 - ## @param dataplatform.emitter.service.loadBalancerIP Load balancer IP for the dataplatform emitter Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param dataplatform.emitter.service.nodePorts.http Node ports for the HTTP emitter service - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - ## @param dataplatform.emitter.service.loadBalancerSourceRanges Data Platform Emitter Load Balancer Source ranges - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param dataplatform.emitter.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - -## @section Kafka parameters -## - -kafka: - ## @param kafka.enabled Enable Kafka subchart - ## - enabled: true - ## @param kafka.replicaCount Number of Kafka brokers - ## - replicaCount: 3 - ## @param kafka.heapOpts Kafka Java Heap size - ## - heapOpts: -Xmx4096m -Xms4096m - ## Recommended values for cpu and memory requests - ## @param kafka.resources.limits Resource limits for Kafka - ## @param kafka.resources.requests.cpu CPU capacity request for Kafka nodes - ## @param kafka.resources.requests.memory Memory capacity request for Kafka nodes - ## - resources: - limits: {} - requests: - cpu: 250m - memory: 5120Mi - ## Anti Affinity rules set for resiliency and Affinity rules set for optimal performance - ## @param kafka.affinity.podAntiAffinity [object] Kafka anti affinity rules - ## @skip kafka.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## @param kafka.affinity.podAffinity [object] Kafka affinity rules - ## @skip kafka.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution - ## - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - kafka - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - podAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - zookeeper - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - ## Prometheus Exporters / Metrics - ## - metrics: - ## Prometheus Kafka Exporter: exposes complimentary metrics to JMX Exporter - ## - kafka: - ## @param kafka.metrics.kafka.enabled Enable prometheus exporter for Kafka - ## - enabled: false - ## Prometheus Kafka Exporter' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param kafka.metrics.kafka.resources.limits Resource limits for kafka prometheus exporter - ## @param kafka.metrics.kafka.resources.requests.cpu CPU capacity request for Kafka prometheus nodes - ## @param kafka.metrics.kafka.resources.requests.memory Memory capacity request for Kafka prometheus nodes - ## - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - ## Service configuration - ## @param kafka.metrics.kafka.service.port Kafka Exporter Prometheus port to be used in wavefront configuration - ## - service: - port: 9308 - ## Prometheus JMX Exporter: exposes the majority of Kafkas metrics - ## - jmx: - ## @param kafka.metrics.jmx.enabled Enable JMX exporter for Kafka - ## - enabled: false - ## Prometheus JMX Exporter' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param kafka.metrics.jmx.resources.limits Resource limits for kafka prometheus exporter - ## @param kafka.metrics.jmx.resources.requests.cpu CPU capacity request for Kafka prometheus nodes - ## @param kafka.metrics.jmx.resources.requests.memory Memory capacity request for Kafka prometheus nodes - ## - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - ## Service configuration - ## @param kafka.metrics.jmx.service.port JMX Prometheus exporter service port - ## - service: - port: 5556 - ## Zookeeper parameters - ## - zookeeper: - ## @param kafka.zookeeper.enabled Enable the Kafka subchart's Zookeeper - ## - enabled: true - ## @param kafka.zookeeper.replicaCount Number of Zookeeper nodes - ## - replicaCount: 3 - ## @param kafka.zookeeper.heapSize Size in MB for the Java Heap options (Xmx and XMs) in Zookeeper. This env var is ignored if Xmx an Xms are configured via JVMFLAGS - ## - heapSize: 4096 - ## Recommended values for cpu and memory requests - ## @param kafka.zookeeper.resources.limits Resource limits for zookeeper - ## @param kafka.zookeeper.resources.requests.cpu CPU capacity request for zookeeper - ## @param kafka.zookeeper.resources.requests.memory Memory capacity request for zookeeper - ## - resources: - limits: {} - requests: - cpu: 250m - memory: 5Gi - ## Anti Affinity rules set for resiliency - ## @param kafka.zookeeper.affinity.podAntiAffinity [object] Zookeeper pod anti affinity rules - ## @skip kafka.zookeeper.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - zookeeper - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - ## This value is only used when zookeeper.enabled is set to false. - ## - externalZookeeper: - ## Server or list of external zookeeper servers to use. This is set to the zookeeper deployed as part of this chart - ## @param kafka.externalZookeeper.servers Array of external Zookeeper servers - ## - servers: [] - -## @section Spark parameters -## - -spark: - ## @param spark.enabled Enable Spark subchart - ## - enabled: true - ## Spark master specific configuration - ## @param spark.master.webPort Web port for spark master - ## @param spark.master.resources.limits Spark master resource limits - ## @param spark.master.resources.requests.cpu Spark master CPUs - ## @param spark.master.resources.requests.memory Spark master requested memory - ## @param spark.master.affinity.podAntiAffinity [object] Anti affinity rules set for resiliency - ## @skip spark.master.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## - master: - ## Spark container ports - ## - webPort: 8080 - resources: - ## Recommended values for cpu and memory requests - ## - limits: {} - requests: - cpu: 250m - memory: 5Gi - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - worker - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - ## Spark worker specific configuration - ## @param spark.worker.replicaCount Number of spark workers - ## @param spark.worker.webPort Web port for spark master - ## @param spark.worker.resources.limits Spark master resource limits - ## @param spark.worker.resources.requests.cpu Spark master CPUs - ## @param spark.worker.resources.requests.memory Spark master requested memory - ## @param spark.worker.affinity.podAntiAffinity [object] Anti affinity rules set for resiliency - ## @skip spark.worker.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## - worker: - replicaCount: 2 - ## Spark container ports - ## - webPort: 8081 - resources: - ## Recommended values for cpu and memory requests - ## - limits: {} - requests: - cpu: 250m - memory: 5Gi - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - worker - - master - - key: app.kubernetes.io/name - operator: In - values: - - spark - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - ## Metrics configuration - ## @param spark.metrics.enabled Enable Prometheus exporter for Spark - ## @param spark.metrics.masterAnnotations [object] Annotations for Spark master exporter - ## @param spark.metrics.workerAnnotations [object] Annotations for Spark worker exporter - ## - metrics: - enabled: false - ## Annotations for the Prometheus metrics on master nodes - ## - masterAnnotations: - prometheus.io/scrape: "true" - prometheus.io/path: "/metrics/" - prometheus.io/port: "8080" - ## Annotations for the Prometheus metrics on worker nodes - ## - workerAnnotations: - prometheus.io/scrape: "true" - prometheus.io/path: "/metrics/" - prometheus.io/port: "8081" - -## @section Elasticsearch parameters -## - -elasticsearch: - ## @param elasticsearch.enabled Enable Elasticsearch - ## - enabled: true - ## @param elasticsearch.global.kibanaEnabled Enable Kibana - ## - global: - kibanaEnabled: true - ## Elasticsearch master-eligible node parameters - ## @param elasticsearch.master.replicas Number of Elasticsearch replicas - ## @param elasticsearch.master.heapSize Heap Size for Elasticsearch master - ## @param elasticsearch.master.affinity.podAntiAffinity [object] Elasticsearch pod anti affinity - ## @param elasticsearch.master.resources.limits Elasticsearch master resource limits - ## @param elasticsearch.master.resources.requests.cpu Elasticsearch master CPUs - ## @param elasticsearch.master.resources.requests.memory Elasticsearch master requested memory - ## - master: - ## Number of master-eligible node(s) replicas to deploy - ## - replicas: 3 - heapSize: 768m - ## Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## @param elasticsearch.master.affinity.podAntiAffinity [object] Anti affinity rules set for resiliency - ## @skip elasticsearch.master.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - master - - key: app.kubernetes.io/name - operator: In - values: - - elasticsearch - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - - ## Elasticsearch master-eligible container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. - ## - limits: {} - requests: - cpu: 250m - memory: 1Gi - ## Elasticsearch data node parameters - ## @param elasticsearch.data.name Elasticsearch data node name - ## @param elasticsearch.data.replicas Number of Elasticsearch replicas - ## @param elasticsearch.data.heapSize Heap Size for Elasticsearch data node - ## @param elasticsearch.data.affinity.podAntiAffinity [object] Anti affinity rules set for resiliency - ## @skip elasticsearch.data.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## @param elasticsearch.data.resources.limits Elasticsearch data node resource limits - ## @param elasticsearch.data.resources.requests.cpu Elasticsearch data node CPUs - ## @param elasticsearch.data.resources.requests.memory Elasticsearch data node requested memory - ## - data: - name: data - ## Number of data node(s) replicas to deploy - ## - replicas: 2 - heapSize: 4096m - ## Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - data - - key: app.kubernetes.io/name - operator: In - values: - - elasticsearch - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - - ## Elasticsearch data container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - limits: {} - requests: - cpu: 250m - memory: 5Gi - ## Elasticsearch coordinating-only node parameters - ## @param elasticsearch.coordinating.replicas Number of Elasticsearch replicas - ## @param elasticsearch.coordinating.heapSize Heap Size for Elasticsearch coordinating - ## @param elasticsearch.coordinating.affinity.podAntiAffinity [object] Anti affinity rules set for resiliency - ## @skip elasticsearch.coordinating.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## @param elasticsearch.coordinating.resources.limits Elasticsearch coordinating resource limits - ## @param elasticsearch.coordinating.resources.requests.cpu Elasticsearch coordinating CPUs - ## @param elasticsearch.coordinating.resources.requests.memory Elasticsearch coordinating requested memory - ## - coordinating: - ## Number of coordinating-only node(s) replicas to deploy - ## - replicas: 2 - heapSize: 768m - ## Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/component - operator: In - values: - - coordinating-only - - key: app.kubernetes.io/name - operator: In - values: - - elasticsearch - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - ## Elasticsearch coordinating-only container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. - ## - limits: {} - requests: - cpu: 250m - memory: 1Gi - ## Elasticsearch Prometheus exporter configuration - ## ref: https://hub.docker.com/r/bitnami/elasticsearch-exporter/tags/ - ## - ## @param elasticsearch.metrics.enabled Enable Prometheus exporter for Elasticsearch - ## @param elasticsearch.metrics.resources.limits Elasticsearch metrics resource limits - ## @param elasticsearch.metrics.resources.requests.cpu Elasticsearch metrics CPUs - ## @param elasticsearch.metrics.resources.requests.memory Elasticsearch metrics requested memory - ## @param elasticsearch.metrics.service.annotations [object] Elasticsearch metrics service annotations - ## - metrics: - enabled: false - ## Elasticsearch Prometheus exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - service: - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9114" - -## @section Logstash parameters -## - -logstash: - ## @param logstash.enabled Enable Logstash - ## - enabled: true - ## Number of Logstash replicas to deploy - ## @param logstash.replicaCount Number of Logstash replicas - ## - replicaCount: 2 - ## Affinity for pod assignment. Evaluated as a template. - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## @param logstash.affinity.podAntiAffinity [object] Logstash pod anti affinity - ## @skip logstash.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution - ## - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - logstash - - key: app.kubernetes.io/instance - operator: In - values: - - "{{ .Release.Name }}" - topologyKey: "kubernetes.io/hostname" - ## @param logstash.extraEnvVars Array containing extra env vars to configure Logstash - ## For example: - ## extraEnvVars: - ## - name: ELASTICSEARCH_HOST - ## value: "x.y.z" - ## - extraEnvVars: - - name: LS_JAVA_OPTS - value: "-Xmx1g -Xms1g" - ## Logstash containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param logstash.resources.limits Elasticsearch metrics resource limits - ## @param logstash.resources.requests.cpu Elasticsearch metrics CPUs - ## @param logstash.resources.requests.memory Elasticsearch metrics requested memory - ## - resources: - limits: {} - requests: - cpu: 250m - memory: 1500Mi - ## Prometheus metrics - ## - metrics: - ## @param logstash.metrics.enabled Enable metrics for logstash - ## - enabled: false - ## Logstash Prometheus Exporter containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param logstash.metrics.resources.limits Elasticsearch metrics resource limits - ## @param logstash.metrics.resources.requests.cpu Elasticsearch metrics CPUs - ## @param logstash.metrics.resources.requests.memory Elasticsearch metrics requested memory - ## - resources: - limits: {} - requests: - cpu: 100m - memory: 128Mi - ## @param logstash.metrics.service.port Logstash Prometheus port - ## @param logstash.metrics.service.annotations [object] Annotations for the Prometheus metrics service - ## - service: - port: 9198 - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9198" - prometheus.io/path: "/metrics" - -## @section Tanzu Observability (Wavefront) parameters -## - -wavefront: - ## @param wavefront.enabled Enable Tanzu Observability Framework - ## - enabled: false - ## This is a unique name for the cluster (required) - ## All metrics will receive a `cluster` tag with this value - ## @param wavefront.clusterName Cluster name - ## - clusterName: KUBERNETES_CLUSTER_NAME - ## Wavefront URL (cluster) and API Token (required) - ## @param wavefront.wavefront.url Tanzu Observability cluster URL - ## @param wavefront.wavefront.token Tanzu Observability access token - ## @param wavefront.wavefront.existingSecret Tanzu Observability existing secret - ## - wavefront: - url: https://YOUR_CLUSTER.wavefront.com - token: YOUR_API_TOKEN - ## Name of an existing secret containing the token - ## - existingSecret: "" - ## Wavefront Collector is responsible to get all Kubernetes metrics from your cluster. - ## It will capture Kubernetes resources metrics available from the kubelets, - ## as well as auto-discovery capabilities. - ## @param wavefront.collector.resources.limits Wavefront collector metrics resource limits - ## @param wavefront.collector.resources.requests.cpu Wavefront collector metrics CPUs - ## @param wavefront.collector.resources.requests.memory Wavefront collector metrics requested memory - ## @param wavefront.collector.discovery.enabled Enable wavefront discovery - ## @param wavefront.collector.discovery.enableRuntimeConfigs Enable runtime configs for wavefront discovery - ## @param wavefront.collector.discovery.config [array] Wavefront discovery config - ## - collector: - ## Rules based discovery configuration - ## Ref: https://github.com/wavefrontHQ/wavefront-kubernetes-collector/blob/master/docs/discovery.md - ## - resources: - limits: {} - requests: - cpu: 200m - memory: 10Mi - discovery: - enabled: true - ## Whether to enable runtime discovery configurations - ## Ref: https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes/blob/master/docs/discovery.md#runtime-configurations - ## - enableRuntimeConfigs: true - ## Can be used to add additional discovery rules - ## - config: - ## auto-discover kafka-exporter - ## - - name: kafka-discovery - type: prometheus - selectors: - images: - - "*bitnami/kafka-exporter*" - port: 9308 - path: /metrics - scheme: http - prefix: kafka. - ## auto-discover jmx exporter - ## - - name: kafka-jmx-discovery - type: prometheus - selectors: - images: - - "*bitnami/jmx-exporter*" - port: 5556 - path: /metrics - scheme: http - prefix: kafkajmx. - ## auto-discover elasticsearch - ## - - name: elasticsearch-discovery - type: prometheus - selectors: - images: - - "*bitnami/elasticsearch-exporter*" - port: 9114 - path: /metrics - scheme: http - ## auto-discover logstash - ## - - name: logstash-discovery - type: prometheus - selectors: - images: - - "*bitnami/logstash-exporter*" - port: 9198 - path: /metrics - scheme: http - ## auto-discover spark - ## - - name: spark-worker-discovery - type: prometheus - selectors: - images: - - "*bitnami/spark*" - port: 8081 - path: /metrics/ - scheme: http - prefix: spark. - ## auto-discover spark - ## - - name: spark-master-discovery - type: prometheus - selectors: - images: - - "*bitnami/spark*" - port: 8080 - path: /metrics/ - scheme: http - prefix: spark. - proxy: - ## Wavefront Proxy resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param wavefront.proxy.resources.limits Wavefront Proxy metrics resource limits - ## @param wavefront.proxy.resources.requests.cpu Wavefront Proxy metrics CPUs - ## @param wavefront.proxy.resources.requests.memory Wavefront Proxy metrics requested memory - ## - resources: - limits: {} - requests: - cpu: 100m - memory: 5Gi diff --git a/bitnami/drupal/Chart.lock b/bitnami/drupal/Chart.lock deleted file mode 100644 index c458ba1..0000000 --- a/bitnami/drupal/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.6.0 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:5a71c7f947d927eb5575be42d8d44de25e82b3cd371d4b175b237767ef363e5f -generated: "2021-09-20T07:10:59.676038487Z" diff --git a/bitnami/drupal/Chart.yaml b/bitnami/drupal/Chart.yaml deleted file mode 100644 index bb81a08..0000000 --- a/bitnami/drupal/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -annotations: - category: CMS -apiVersion: v2 -appVersion: 9.2.6 -dependencies: - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: One of the most versatile open source content management systems. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/drupal -icon: https://bitnami.com/assets/stacks/drupal/img/drupal-stack-220x234.png -keywords: - - drupal - - cms - - blog - - http - - web - - application - - php -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: drupal -sources: - - https://github.com/bitnami/bitnami-docker-drupal - - http://www.drupal.org/ -version: 10.3.1 diff --git a/bitnami/drupal/README.md b/bitnami/drupal/README.md deleted file mode 100644 index 735326f..0000000 --- a/bitnami/drupal/README.md +++ /dev/null @@ -1,438 +0,0 @@ -# Drupal - -[Drupal](https://www.drupal.org/) is one of the most versatile open source content management systems on the market. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/drupal -``` - -## Introduction - -This chart bootstraps a [Drupal](https://github.com/bitnami/bitnami-docker-drupal) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment as a database for the Drupal application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/drupal -``` - -The command deploys Drupal on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ---------------------------------------------------------------------------------------------------------- | ----- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override drupal.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override drupal.fullname template | `""` | -| `commonAnnotations` | Common annotations to add to all Drupal resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all Drupal resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `[]` | - - -### Drupal parameters - -| Name | Description | Value | -| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------- | -------------------- | -| `image.registry` | Drupal image registry | `docker.io` | -| `image.repository` | Drupal Image name | `bitnami/drupal` | -| `image.tag` | Drupal Image tag | `9.2.6-debian-10-r5` | -| `image.pullPolicy` | Drupal image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `replicaCount` | Number of Drupal Pods to run (requires ReadWriteMany PVC support) | `1` | -| `drupalProfile` | Drupal installation profile | `standard` | -| `drupalSkipInstall` | Skip Drupal installation wizard. Useful for migrations and restoring from SQL dump | `false` | -| `drupalUsername` | User of the application | `user` | -| `drupalPassword` | Application password | `""` | -| `drupalEmail` | Admin email | `user@example.com` | -| `allowEmptyPassword` | Allow DB blank passwords | `true` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `extraEnvVars` | Extra environment variables | `[]` | -| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | -| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `[]` | -| `initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` | -| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `existingSecret` | Name of a secret with the application password | `""` | -| `smtpHost` | SMTP host | `""` | -| `smtpPort` | SMTP port | `""` | -| `smtpUser` | SMTP user | `""` | -| `smtpPassword` | SMTP password | `""` | -| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `""` | -| `containerPorts` | Container ports | `{}` | -| `sessionAffinity` | Control where client requests go, to the same pod or round-robin. Values: ClientIP or None | `None` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for Drupal volume | `""` | -| `persistence.accessMode` | PVC Access Mode for Drupal volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for Drupal volume | `8Gi` | -| `persistence.existingClaim` | A manually managed Persistent Volume Claim | `""` | -| `persistence.hostPath` | If defined, the drupal-data volume will mount to the specified hostPath. | `""` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `podSecurityContext.enabled` | Enable Drupal pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Drupal pods' group ID | `1001` | -| `containerSecurityContext.enabled` | Enable Drupal containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Drupal containers' Security Context | `1001` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Request path for livenessProbe | `/user/login` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Request path for readinessProbe | `/user/login` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.loadBalancerSourceRanges` | Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) | `[]` | -| `service.loadBalancerIP` | loadBalancerIP for the Drupal Service (optional, cloud specific) | `""` | -| `service.nodePorts` | Kubernetes node port | `{}` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `drupal.local` | -| `ingress.path` | The Path to Drupal. You may need to set this to '/*' in order to use this | `/` | -| `ingress.annotations` | Ingress annotations done as key:value pairs | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Database parameters - -| Name | Description | Value | -| ------------------------------------------- | ---------------------------------------------------------------------------------------- | ------------------- | -| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements | `true` | -| `mariadb.architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_drupal` | -| `mariadb.auth.username` | Database user to create | `bn_drupal` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | -| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` | -| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `externalDatabase.host` | Host of the existing database | `""` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.user` | Existing username in the external db | `bn_drupal` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_drupal` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `10-debian-10-r198` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | - - -### Metrics parameters - -| Name | Description | Value | -| --------------------------- | ------------------------------------------------ | ------------------------- | -| `metrics.enabled` | Start a exporter side-car | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag | `0.10.0-debian-10-r52` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | -| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` | - - -### Certificate injection parameters - -| Name | Description | Value | -| ---------------------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------- | -| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` | -| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `secret-name` | -| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `secret-key` | -| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` | -| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` | -| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/mychain.pem` | -| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` | -| `certificates.command` | Override default container command (useful when using custom images) | `[]` | -| `certificates.args` | Override default container args (useful when using custom images) | `[]` | -| `certificates.extraEnvVars` | Container sidecar extra environment variables (eg proxy) | `[]` | -| `certificates.extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | -| `certificates.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | -| `certificates.image.registry` | Container sidecar registry | `docker.io` | -| `certificates.image.repository` | Container sidecar image | `bitnami/bitnami-shell` | -| `certificates.image.tag` | Container sidecar image tag | `10-debian-10-r198` | -| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` | -| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `[]` | - - -The above parameters map to the env variables defined in [bitnami/drupal](http://github.com/bitnami/bitnami-docker-drupal). For more information please refer to the [bitnami/drupal](http://github.com/bitnami/bitnami-docker-drupal) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set drupalUsername=admin,drupalPassword=password,mariadb.auth.rootPassword=secretpassword \ - bitnami/drupal -``` - -The above command sets the Drupal administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/drupal -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Image - -The `image` parameter allows specifying which image will be pulled for the chart. - -#### Private registry - -If you configure the `image` value to one in a private registry, you will need to [specify an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). - -1. Manually create image pull secret(s) in the namespace. See [this YAML example reference](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config). Consult your image registry's documentation about getting the appropriate secret. -1. Note that the `imagePullSecrets` configuration value cannot currently be passed to helm using the `--set` parameter, so you must supply these using a `values.yaml` file, such as: - -```yaml -imagePullSecrets: - - name: SECRET_NAME -``` - -1. Install the chart - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami Drupal](https://github.com/bitnami/bitnami-docker-drupal) image stores the Drupal data and configurations at the `/bitnami/drupal` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -### Existing PersistentVolumeClaim - -1. Create the PersistentVolume -1. Create the PersistentVolumeClaim -1. Install the chart - -```bash -$ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/drupal -``` - -### Host path - -#### System compatibility - -- The local filesystem accessibility to a container in a pod with `hostPath` has been tested on OSX/MacOS with xhyve, and Linux with VirtualBox. -- Windows has not been tested with the supported VM drivers. Minikube does however officially support [Mounting Host Folders](https://github.com/kubernetes/minikube/blob/master/docs/host_folder_mount.md) per pod. Or you may manually sync your container whenever host files are changed with tools like [docker-sync](https://github.com/EugenMayer/docker-sync) or [docker-bg-sync](https://github.com/cweagans/docker-bg-sync). - -#### Mounting steps - -1. The specified `hostPath` directory must already exist (create one if it does not). -1. Install the chart - - ```bash - $ helm install my-release --set persistence.hostPath=/PATH/TO/HOST/MOUNT bitnami/drupal - ``` - - This will mount the `drupal-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch. -1. Because the container cannot control the host machine's directory permissions, you must set the Drupal file directory permissions yourself and disable or clear Drupal cache. See Drupal Core’s [INSTALL.txt](http://cgit.drupalcode.org/drupal/tree/core/INSTALL.txt?h=8.3.x#n152) for setting file permissions, and see [Drupal handbook page](https://www.drupal.org/node/2598914) to disable the cache, or [Drush handbook](https://drushcommands.com/drush-8x/cache/cache-rebuild/) to clear cache. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 10.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 9.0.0 - -MariaDB dependency version was bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -To upgrade to `9.0.0`, you have two alternatives: - -- Install a new Drupal chart, and migrate your Drupal site using backup/restore tools such as [Drupal Backup and Migrate](https://www.drupal.org/project/backup_migrate). -- Reuse the PVC used to hold the MariaDB data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `drupal`): - -> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x - -Obtain the credentials and the name of the PVC used to hold the MariaDB data on your current release: - -```console -export DRUPAL_PASSWORD=$(kubectl get secret --namespace default drupal -o jsonpath="{.data.drupal-password}" | base64 --decode) -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default drupal-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default drupal-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=drupal -o jsonpath="{.items[0].metadata.name}") -``` - -Upgrade your release (maintaining the version) disabling MariaDB and scaling Drupal replicas to 0: - -```console -$ helm upgrade drupal bitnami/drupal --set drupalPassword=$DRUPAL_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 8.2.1 -``` - -Finally, upgrade you release to 9.0.0 reusing the existing PVC, and enabling back MariaDB: - -```console -$ helm upgrade drupal bitnami/drupal --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set drupalPassword=$DRUPAL_PASSWORD -``` - -You should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=drupal,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` - -### To 8.0.0 - -The [Bitnami Drupal](https://github.com/bitnami/bitnami-docker-drupal) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by setting the parameters `containerSecurityContext.runAsUser` to `root`. - -Consequences: - -- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. -- Backwards compatibility is not guaranteed. - -To upgrade to `8.0.0`, backup Drupal data and the previous MariaDB databases, install a new Drupal chart and import the backups and data, ensuring the `1001` user has the appropriate permissions on the migrated volume. - -This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information. - -### To 6.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17295 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 2.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 2.0.0. The following example assumes that the release name is drupal: - -```console -$ kubectl patch deployment drupal-drupal --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl delete statefulset drupal-mariadb --cascade=false -``` diff --git a/bitnami/drupal/templates/NOTES.txt b/bitnami/drupal/templates/NOTES.txt deleted file mode 100644 index 5a6d137..0000000 --- a/bitnami/drupal/templates/NOTES.txt +++ /dev/null @@ -1,82 +0,0 @@ -{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} - -******************************************************************* -*** PLEASE BE PATIENT: Drupal may take a few minutes to install *** -******************************************************************* - -1. Get the Drupal URL: - -{{- if .Values.ingress.enabled }} - - You should be able to access your new Drupal installation through - - http://{{- .Values.ingress.hostname }}/ - -{{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - -{{- $port:=.Values.service.port | toString }} - echo "Drupal URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - -{{- else if eq .Values.service.type "ClusterIP" }} - - echo "Drupal URL: http://127.0.0.1:8080/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }} - -{{- end }} - -{{- if eq .Values.service.type "NodePort" }} - - Or running: - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "Drupal URL: http://$NODE_IP:$NODE_PORT/" - -{{- end }} - -2. Get your Drupal login credentials by running: - - echo Username: {{ .Values.drupalUsername }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "drupal.secretName" . }} -o jsonpath="{.data.drupal-password}" | base64 --decode) - -{{- else -}} - -######################################################################################## -### ERROR: You did not provide an external database host in your 'helm install' call ### -######################################################################################## - -This deployment will be incomplete until you configure Drupal with a resolvable database -host. To configure Drupal to use and external database host: - -1. Complete your Drupal deployment by running: - - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "drupal.secretName" . }} -o jsonpath="{.data.drupal-password}" | base64 --decode) - - ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set drupalPassword=$APP_PASSWORD,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} - -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} - -{{- $passwordValidationErrors := list -}} -{{- if not .Values.existingSecret -}} - {{- $secretName := include "drupal.secretName" . -}} - {{- $requiredDrupalPassword := dict "valueKey" "drupalPassword" "secret" $secretName "field" "drupal-password" "context" $ -}} - {{- $requiredDrupalPasswordError := include "common.validations.values.single.empty" $requiredDrupalPassword -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $requiredDrupalPasswordError -}} -{{- end -}} - -{{- $mariadbSecretName := include "drupal.databaseSecretName" . -}} -{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/drupal/templates/_helpers.tpl b/bitnami/drupal/templates/_helpers.tpl deleted file mode 100644 index 37019a7..0000000 --- a/bitnami/drupal/templates/_helpers.tpl +++ /dev/null @@ -1,128 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "drupal.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper certificate image name -*/}} -{{- define "certificates.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Drupal image name -*/}} -{{- define "drupal.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "drupal.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "drupal.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "drupal.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "drupal.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -Drupal credential secret name -*/}} -{{- define "drupal.secretName" -}} -{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "drupal.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "drupal.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "drupal.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "drupal.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "drupal.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "drupal.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "drupal.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "drupal.mariadb.fullname" .) -}} -{{- else if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the database password key -*/}} -{{- define "drupal.databasePasswordKey" -}} -{{- if .Values.mariadb.enabled -}} -mariadb-password -{{- else -}} -db-password -{{- end -}} -{{- end -}} diff --git a/bitnami/drupal/templates/deployment.yaml b/bitnami/drupal/templates/deployment.yaml deleted file mode 100644 index 3d40c15..0000000 --- a/bitnami/drupal/templates/deployment.yaml +++ /dev/null @@ -1,291 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "drupal.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "drupal.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p "/bitnami/drupal" - chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/drupal" - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: drupal-data - mountPath: /bitnami/drupal - {{- end }} - {{- if .Values.certificates.customCAs }} - - name: certificates - image: {{ template "certificates.image" . }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }} - imagePullSecrets: - {{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }} - - name: {{ . }} - {{- end }} - command: - {{- if .Values.certificates.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }} - {{- else if .Values.certificates.customCertificate.certificateSecret }} - - sh - - -c - - install_packages ca-certificates openssl - {{- else }} - - sh - - -c - - install_packages ca-certificates openssl - && openssl req -new -x509 -days 3650 -nodes -sha256 - -subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)" - -out /etc/ssl/certs/ssl-cert-snakeoil.pem - -keyout /etc/ssl/private/ssl-cert-snakeoil.key -extensions v3_req - {{- end }} - {{- if .Values.certificates.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }} - {{- end }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }} - envFrom: - {{- if .Values.certificates.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.certificates.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }} - {{- end }} - volumeMounts: - - name: etc-ssl-certs - mountPath: /etc/ssl/certs - readOnly: false - - name: etc-ssl-private - mountPath: /etc/ssl/private - readOnly: false - - name: custom-ca-certificates - mountPath: /usr/local/share/ca-certificates - readOnly: true - {{- end }} - containers: - - name: {{ include "common.names.fullname" . }} - image: {{ template "drupal.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} - - name: APACHE_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: APACHE_HTTPS_PORT_NUMBER - value: {{ .Values.containerPorts.https | quote }} - - name: DRUPAL_DATABASE_HOST - value: {{ include "drupal.databaseHost" . | quote }} - - name: DRUPAL_DATABASE_PORT_NUMBER - value: {{ include "drupal.databasePort" . | quote }} - - name: DRUPAL_DATABASE_NAME - value: {{ include "drupal.databaseName" . | quote }} - - name: DRUPAL_DATABASE_USER - value: {{ include "drupal.databaseUser" . | quote }} - - name: DRUPAL_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "drupal.databaseSecretName" . }} - key: {{ include "drupal.databasePasswordKey" . | quote }} - - name: DRUPAL_SKIP_BOOTSTRAP - value: {{ ternary "yes" "no" .Values.drupalSkipInstall | quote }} - - name: DRUPAL_PROFILE - value: {{ .Values.drupalProfile | quote }} - - name: DRUPAL_USERNAME - value: {{ .Values.drupalUsername | quote }} - - name: DRUPAL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "drupal.secretName" . }} - key: drupal-password - - name: DRUPAL_EMAIL - value: {{ .Values.drupalEmail | quote }} - {{- if .Values.smtpHost }} - - name: SMTP_HOST - value: {{ .Values.smtpHost | quote }} - {{- end }} - {{- if .Values.smtpPort }} - - name: SMTP_PORT - value: {{ .Values.smtpPort | quote }} - {{- end }} - {{- if .Values.smtpUser }} - - name: SMTP_USER - value: {{ .Values.smtpUser | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "drupal.secretName" . }} - key: smtp-password - {{- end }} - {{- if .Values.smtpProtocol }} - - name: SMTP_PROTOCOL - value: {{ .Values.smtpProtocol | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: drupal-data - mountPath: /bitnami/drupal - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "drupal.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto' ] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: drupal-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (printf "%s-drupal" (include "common.names.fullname" .)) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/drupal/templates/externaldb-secrets.yaml b/bitnami/drupal/templates/externaldb-secrets.yaml deleted file mode 100644 index 43e9f4e..0000000 --- a/bitnami/drupal/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if not .Values.mariadb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ include "common.names.fullname" . }}-externaldb" - labels: {{- include "common.labels.standard" . | nindent 4 }} -type: Opaque -data: - db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/drupal/templates/ingress.yaml b/bitnami/drupal/templates/ingress.yaml deleted file mode 100644 index 7eec3aa..0000000 --- a/bitnami/drupal/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range (coalesce .Values.ingress.extraHosts .Values.ingress.hosts) }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/drupal/templates/pv.yaml b/bitnami/drupal/templates/pv.yaml deleted file mode 100644 index 0847a26..0000000 --- a/bitnami/drupal/templates/pv.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "common.names.fullname" . }}-drupal - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - capacity: - storage: {{ .Values.persistence.size | quote }} - hostPath: - path: {{ .Values.persistence.hostPath | quote }} -{{- end -}} diff --git a/bitnami/drupal/templates/pvc.yaml b/bitnami/drupal/templates/pvc.yaml deleted file mode 100644 index 8058bbc..0000000 --- a/bitnami/drupal/templates/pvc.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }}-drupal - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.persistence.hostPath }} - storageClassName: "" - {{- end }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "drupal.storageClass" . | nindent 2 }} -{{- end -}} diff --git a/bitnami/drupal/templates/secrets.yaml b/bitnami/drupal/templates/secrets.yaml deleted file mode 100644 index a36e334..0000000 --- a/bitnami/drupal/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.drupalPassword }} - drupal-password: {{ default "" .Values.drupalPassword | b64enc | quote }} - {{- else }} - drupal-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - smtp-password: {{ .Values.smtpPassword | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/bitnami/drupal/values.schema.json b/bitnami/drupal/values.schema.json deleted file mode 100644 index 72aa4d5..0000000 --- a/bitnami/drupal/values.schema.json +++ /dev/null @@ -1,188 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "drupalUsername": { - "type": "string", - "title": "Username", - "form": true - }, - "drupalPassword": { - "type": "string", - "title": "Password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set" - }, - "drupalEmail": { - "type": "string", - "title": "Admin email", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "drupal": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - } - } - }, - "ingress": { - "type": "object", - "form": true, - "title": "Ingress Configuration", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Use a custom hostname", - "description": "Enable the ingress resource that allows you to access the Drupal installation." - }, - "hostname": { - "type": "string", - "form": true, - "title": "Hostname", - "hidden": { - "value": false, - "path": "ingress/enabled" - } - } - } - }, - "service": { - "type": "object", - "form": true, - "title": "Service Configuration", - "properties": { - "type": { - "type": "string", - "form": true, - "title": "Service Type", - "description": "Allowed values: \"ClusterIP\", \"NodePort\" and \"LoadBalancer\"" - } - } - }, - "mariadb": { - "type": "object", - "title": "MariaDB Details", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Use a new MariaDB database hosted in the cluster", - "form": true, - "description": "Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database switch this off and configure the external database details" - }, - "primary": { - "type": "object", - "properties": { - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Volume Size", - "form": true, - "hidden": { - "value": false, - "path": "mariadb/enabled" - }, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - } - } - } - } - }, - "externalDatabase": { - "type": "object", - "title": "External Database Details", - "description": "If MariaDB is disabled. Use this section to specify the external database details", - "form": true, - "hidden": "mariadb/enabled", - "properties": { - "host": { - "type": "string", - "form": true, - "title": "Database Host" - }, - "user": { - "type": "string", - "form": true, - "title": "Database Username" - }, - "password": { - "type": "string", - "form": true, - "title": "Database Password" - }, - "database": { - "type": "string", - "form": true, - "title": "Database Name" - }, - "port": { - "type": "integer", - "form": true, - "title": "Database Port" - } - } - }, - "resources": { - "type": "object", - "title": "Requested Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Metrics", - "description": "Prometheus Exporter / Metrics", - "form": true - } - } - } - } -} diff --git a/bitnami/drupal/values.yaml b/bitnami/drupal/values.yaml deleted file mode 100644 index 2bce066..0000000 --- a/bitnami/drupal/values.yaml +++ /dev/null @@ -1,654 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override drupal.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override drupal.fullname template -## -fullnameOverride: "" -## @param commonAnnotations Common annotations to add to all Drupal resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels Common labels to add to all Drupal resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). -## -extraDeploy: [] - -## @section Drupal parameters - -## Bitnami Drupal image version -## ref: https://hub.docker.com/r/bitnami/drupal/tags/ -## @param image.registry Drupal image registry -## @param image.repository Drupal Image name -## @param image.tag Drupal Image tag -## @param image.pullPolicy Drupal image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/drupal - tag: 9.2.6-debian-10-r5 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param replicaCount Number of Drupal Pods to run (requires ReadWriteMany PVC support) -## -replicaCount: 1 -## @param drupalProfile Drupal installation profile -## ref: https://github.com/bitnami/bitnami-docker-drupal#configuration -## -drupalProfile: standard -## @param drupalSkipInstall Skip Drupal installation wizard. Useful for migrations and restoring from SQL dump -## ref: https://github.com/bitnami/bitnami-docker-drupal#configuration -## -drupalSkipInstall: false -## @param drupalUsername User of the application -## ref: https://github.com/bitnami/bitnami-docker-drupal#configuration -## -drupalUsername: user -## @param drupalPassword Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-drupal#configuration -## -drupalPassword: "" -## @param drupalEmail Admin email -## ref: https://github.com/bitnami/bitnami-docker-drupal#configuration -## -drupalEmail: user@example.com -## @param allowEmptyPassword Allow DB blank passwords -## ref: https://github.com/bitnami/bitnami-docker-drupal#environment-variables -## -allowEmptyPassword: true -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate -## @param hostAliases [array] Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - ## Necessary for apache-exporter to work - ## - - ip: "127.0.0.1" - hostnames: - - "status.localhost" -## @param extraEnvVars Extra environment variables -## For example: -## -extraEnvVars: [] -# - name: BEARER_AUTH -# value: true -## @param extraEnvVarsCM ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) -## -extraEnvVarsSecret: "" -## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. -## -extraVolumeMounts: [] -## @param initContainers Add additional init containers to the pod (evaluated as a template) -## -initContainers: [] -## @param sidecars Attach additional containers to the pod (evaluated as a template) -## -sidecars: [] -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param existingSecret Name of a secret with the application password -## -existingSecret: "" -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-drupal/#smtp-configuration -## @param smtpHost SMTP host -## @param smtpPort SMTP port -## @param smtpUser SMTP user -## @param smtpPassword SMTP password -## @param smtpProtocol SMTP Protocol (options: ssl,tls, nil) -## -smtpHost: "" -smtpPort: "" -smtpUser: "" -smtpPassword: "" -smtpProtocol: "" -## @param containerPorts [object] Container ports -## -containerPorts: - http: 8080 - https: 8443 -## @param sessionAffinity Control where client requests go, to the same pod or round-robin. Values: ClientIP or None -## ref: https://kubernetes.io/docs/user-guide/services/ -## -sessionAffinity: "None" -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.storageClass PVC Storage Class for Drupal volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessMode PVC Access Mode for Drupal volume - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - accessMode: ReadWriteOnce - ## @param persistence.size PVC Storage Request for Drupal volume - ## - size: 8Gi - ## @param persistence.existingClaim A manually managed Persistent Volume Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - ## @param persistence.hostPath If defined, the drupal-data volume will mount to the specified hostPath. - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. -## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. -## -nodeAffinityPreset: - type: "" - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param resources [object] CPU/Memory resource requests/limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - requests: - memory: 512Mi - cpu: 300m -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable Drupal pods' Security Context -## @param podSecurityContext.fsGroup Drupal pods' group ID -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable Drupal containers' Security Context -## @param containerSecurityContext.runAsUser Drupal containers' Security Context -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## Configure extra options for liveness probe -## Drupal core exposes /user/login to unauthenticated requests, making it a good -## default liveness and readiness path. However, that may not always be the -## case. For example, if the image value is overridden to an image containing a -## module that alters that route, or an image that does not auto-install Drupal. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.path Request path for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: /user/login - initialDelaySeconds: 600 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 1 -## Configure extra options for readiness probe -## Drupal core exposes /user/login to unauthenticated requests, making it a good -## default liveness and readiness path. However, that may not always be the -## case. For example, if the image value is overridden to an image containing a -## module that alters that route, or an image that does not auto-install Drupal. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Request path for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: /user/login - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 1 - failureThreshold: 5 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template -## -lifecycleHooks: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Add additional labels to the pod (evaluated as a template) -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## @section Traffic Exposure Parameters - -## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 80 - ## @param service.httpsPort Service HTTPS port - ## - httpsPort: 443 - ## @param service.loadBalancerSourceRanges Restricts access for LoadBalancer (only with `service.type: LoadBalancer`) - ## e.g: - ## loadBalancerSourceRanges: - ## - 0.0.0.0/0 - ## - loadBalancerSourceRanges: [] - ## @param service.loadBalancerIP loadBalancerIP for the Drupal Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - loadBalancerIP: "" - ## @param service.nodePorts [object] Kubernetes node port - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster -## Configure the ingress resource that allows you to access the -## Drupal installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: drupal.local - ## @param ingress.path The Path to Drupal. You may need to set this to '/*' in order to use this - ## with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations done as key:value pairs - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: drupal.local - ## path: / - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - drupal.local - ## secretName: drupal.local-tls - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## Example: - ## - name: drupal.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Database parameters - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements - ## To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture (`standalone` or `replication`) - ## - architecture: standalone - ## MariaDB Authentication parameters - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## @param mariadb.auth.database Database name to create - ## @param mariadb.auth.username Database user to create - ## @param mariadb.auth.password Password for the database - ## - auth: - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - database: bitnami_drupal - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: bn_drupal - password: "" - primary: - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class - ## @param mariadb.primary.persistence.accessModes Database Persistent Volume Access Modes - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production) - ## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas - ## - persistence: - enabled: true - ## mariadb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - accessModes: - - ReadWriteOnce - size: 8Gi - hostPath: "" - existingClaim: "" -## External database configuration -## @param externalDatabase.host Host of the existing database -## @param externalDatabase.port Port of the existing database -## @param externalDatabase.user Existing username in the external db -## @param externalDatabase.password Password for the above username -## @param externalDatabase.database Name of the existing database -## -externalDatabase: - host: "" - port: 3306 - user: bn_drupal - password: "" - database: bitnami_drupal - -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image name - ## @param volumePermissions.image.tag Init container volume-permissions image tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r198 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - -## @section Metrics parameters - -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a exporter side-car - ## - enabled: false - ## @param metrics.image.registry Apache exporter image registry - ## @param metrics.image.repository Apache exporter image repository - ## @param metrics.image.tag Apache exporter image tag - ## @param metrics.image.pullPolicy Image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.0-debian-10-r52 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.resources Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## - ## @param metrics.podAnnotations [object] Additional annotations for Metrics exporter pod - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" - -## @section Certificate injection parameters - -## Add custom certificates and certificate authorities to redmine container -## -certificates: - ## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add - ## @param certificates.customCertificate.chainSecret.name Name of the secret containing the certificate chain - ## @param certificates.customCertificate.chainSecret.key Key of the certificate chain file inside the secret - ## @param certificates.customCertificate.certificateLocation Location in the container to store the certificate - ## @param certificates.customCertificate.keyLocation Location in the container to store the private key - ## @param certificates.customCertificate.chainLocation Location in the container to store the certificate chain - ## - customCertificate: - certificateSecret: "" - chainSecret: - name: secret-name - key: secret-key - certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem - keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key - chainLocation: /etc/ssl/certs/mychain.pem - ## @param certificates.customCAs Defines a list of secrets to import into the container trust store - ## - customCAs: [] - ## @param certificates.command Override default container command (useful when using custom images) - ## - command: [] - ## @param certificates.args Override default container args (useful when using custom images) - ## - args: [] - ## @param certificates.extraEnvVars Container sidecar extra environment variables (eg proxy) - ## - extraEnvVars: [] - ## @param certificates.extraEnvVarsCM ConfigMap containing extra env vars - ## - extraEnvVarsCM: "" - ## @param certificates.extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param certificates.image.registry Container sidecar registry - ## @param certificates.image.repository Container sidecar image - ## @param certificates.image.tag Container sidecar image tag - ## @param certificates.image.pullPolicy Container sidecar image pull policy - ## @param certificates.image.pullSecrets Container sidecar image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r198 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] diff --git a/bitnami/ejbca/Chart.lock b/bitnami/ejbca/Chart.lock deleted file mode 100644 index 74d8458..0000000 --- a/bitnami/ejbca/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.6.0 -digest: sha256:eb99dfdf0c54a1a4360c52b579628216254ee8c26e40374fb44107628cdc439d -generated: "2021-09-23T16:52:34.229133413Z" diff --git a/bitnami/ejbca/Chart.yaml b/bitnami/ejbca/Chart.yaml deleted file mode 100644 index ecd6573..0000000 --- a/bitnami/ejbca/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -annotations: - category: CertificateAuthority -apiVersion: v2 -appVersion: 7.4.3-2 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - tags: - - ejbca-database - version: 9.x.x -description: Enterprise class PKI Certificate Authority built on JEE technology. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/ejbca -icon: https://bitnami.com/assets/stacks/ejbca/img/ejbca-stack-220x234.png -keywords: - - ejbca - - ca - - pki - - certificate -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: ejbca -sources: - - https://github.com/bitnami/bitnami-docker-ejbca - - https://www.ejbca.org/ -version: 3.0.0 diff --git a/bitnami/ejbca/README.md b/bitnami/ejbca/README.md deleted file mode 100644 index b8f6e5e..0000000 --- a/bitnami/ejbca/README.md +++ /dev/null @@ -1,317 +0,0 @@ -# EJBCA - -[EJBCA](https://www.ejbca.org/) is a free software public key infrastructure certificate authority software package. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/ejbca -``` - -## Introduction - -This chart bootstraps a [EJBCA](https://www.ejbca.org/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages [Bitnami MariaDB](https://github.com/bitnami/charts/tree/master/bitnami/mariadb) as the required databases for the EJBCA application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/ejbca -``` - -The command deploys EJBCA on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------- | -------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override ebjca.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override ebjca.fullname template | `""` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Annotations to be added to all deployed resources | `{}` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### EJBCA parameters - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------------------------------------------------------- | ---------------------- | -| `image.registry` | EJBCA image registry | `docker.io` | -| `image.repository` | EJBCA image name | `bitnami/ejbca` | -| `image.tag` | EJBCA image tag | `7.4.3-2-debian-10-r0` | -| `image.pullPolicy` | EJBCA image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `replicaCount` | Number of EJBCA replicas to deploy | `1` | -| `extraVolumeMounts` | Additional volume mounts (used along with `extraVolumes`) | `[]` | -| `extraVolumes` | Array of extra volumes to be added deployment. Requires setting `extraVolumeMounts` | `[]` | -| `podAnnotations` | Additional pod annotations | `{}` | -| `podLabels` | Additional pod labels | `{}` | -| `podSecurityContext.enabled` | Enable security context for EJBCA container | `true` | -| `podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `persistence.enabled` | Whether to enable persistence based on Persistent Volume Claims | `true` | -| `persistence.accessMode` | PVC Access Mode (RWO, ROX, RWX) | `ReadWriteOnce` | -| `persistence.size` | Size of the PVC to request | `2Gi` | -| `persistence.storageClass` | PVC Storage Class | `""` | -| `persistence.existingClaim` | Name of an existing PVC to reuse | `""` | -| `sidecars` | Attach additional sidecar containers to the pod | `[]` | -| `initContainers` | Additional init containers to add to the pods | `[]` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `ejbcaAdminUsername` | EJBCA administrator username | `bitnami` | -| `ejbcaAdminPassword` | Password for the administrator account | `""` | -| `existingSecret` | Alternatively, you can provide the name of an existing secret containing | `""` | -| `ejbcaJavaOpts` | Options used to launch the WildFly server | `""` | -| `ejbcaCA.name` | Name of the CA EJBCA will instantiate by default | `ManagementCA` | -| `ejbcaCA.baseDN` | Base DomainName of the CA EJBCA will instantiate by default | `""` | -| `ejbcaKeystoreExistingSecret` | Name of an existing Secret containing a Keystore object | `""` | -| `extraEnv` | Additional container environment variables | `[]` | -| `command` | Custom command to override image cmd | `[]` | -| `args` | Custom args for the custom command | `[]` | -| `resources.limits` | The resources limits for the container | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `containerSecurityContext.enabled` | Enabled EJBCA containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set EJBCA containers' Security Context runAsUser | `1001` | -| `livenessProbe.enabled` | Enable/disable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `500` | -| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `readinessProbe.enabled` | Enable/disable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `500` | -| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `customLivenessProbe` | Custom liveness probe to execute (when the main one is disabled) | `{}` | -| `customReadinessProbe` | Custom readiness probe to execute (when the main one is disabled) | `{}` | -| `containerPorts` | EJBCA Container ports to open | `{}` | - - -### Service parameters - -| Name | Description | Value | -| ---------------------------------- | ----------------------------------------------------------------------------- | -------------- | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `8080` | -| `service.httpsPort` | Service HTTPS port | `8443` | -| `service.advertisedHttpsPort` | Port used for the administration | `443` | -| `service.httpsTargetPort` | Service Target HTTPS port | `https` | -| `service.nodePorts` | Node Ports to expose | `{}` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.annotations` | Service annotations | `{}` | -| `service.loadBalancerSourceRanges` | Limits which cidr blocks can connect to service's load balancer | `[]` | -| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | - - -### Ingress parameters - -| Name | Description | Value | -| --------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `ejbca.local` | -| `ingress.path` | The Path to EJBCA. You may need to set this to '/*' in order to use this | `/` | -| `ingress.annotations` | Ingress annotations done as key:value pairs | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Database parameters - -| Name | Description | Value | -| ------------------------------------------- | ------------------------------------------------------------------------------------------ | --------------- | -| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements. | `true` | -| `mariadb.architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_ejbca` | -| `mariadb.auth.username` | Database user to create | `bn_ejbca` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | -| `mariadb.primary.persistence.accessMode` | Persistent Volume access mode | `ReadWriteOnce` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` | -| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `externalDatabase.host` | Host of the external database | `localhost` | -| `externalDatabase.user` | non-root Username for EJBCA Database | `bn_ejbca` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.existingSecret` | Name of an existing secret resource containing the DB password in a 'mariadb-password' key | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_ejbca` | -| `externalDatabase.port` | Database port number | `3306` | - - -The above parameters map to the env variables defined in [bitnami/ejbca](http://github.com/bitnami/bitnami-docker-ejbca). For more information please refer to the [bitnami/ejbca](http://github.com/bitnami/bitnami-docker-ejbca) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set ejbcaAdminUsername=admin,ejbcaAdminPassword=password,mariadb.auth.password=secretpassword \ - bitnami/discourse -``` - -The above command sets the EJBCA administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `bn_ejbca` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/ejbca -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Set up replication - -By default, this chart only deploys a single pod running EJBCA. To increase the number of replicas, follow the steps below: - -1. Create a conventional release with only one replica. This will be scaled later. -2. Wait for the release to complete and for EJBCA to be running. Verify access to the main page of the application. -3. Perform an upgrade specifying the number of replicas and the credentials that were previously used. Set the parameters `replicaCount`, `ejbcaAdminPassword` and `mariadb.auth.password` accordingly. - -For example, for a release using `secretPassword` and `dbPassword` to scale up to a total of `2` replicas, the aforementioned parameters should hold these values `replicaCount=2`, `ejbcaAdminPassword=secretPassword`, `mariadb.auth.password=dbPassword`. - -> **Tip**: You can modify the file [values.yaml](values.yaml) - -### Configure Sidecars and Init Containers - -If additional containers are needed in the same pod as EJBCA (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. Similarly, you can add extra init containers using the `initContainers` parameter. - -[Learn more about configuring and using sidecar and init containers](https://docs.bitnami.com/kubernetes/apps/ejbca/configuration/configure-sidecar-init-containers/). - -### Use an external database - -Sometimes, you may want to have EJBCA connect to an external database rather than a database within your cluster - for example, when using a managed database service, or when running a single database server for all your applications. To do this, set the `mariadb.enabled` parameter to `false` and specify the credentials for the external database using the `externalDatabase.*` parameters. - -Refer to the [chart documentation on using an external database](https://docs.bitnami.com/kubernetes/apps/ejbca/configuration/use-external-database) for more details and an example. - -### Set Pod affinity - -This chart allows you to set custom Pod affinity using the `affinity` parameter. Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -### Use a different EJBCA version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/apps/ejbca/configuration/change-image-version/). - -## Persistence - -The [Bitnami EJBCA](https://github.com/bitnami/bitnami-docker-discourse) image stores the EJBCA data and configurations at the `/bitnami` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 2.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/apps/ejbca/administration/upgrade-helm3/). - -### To 1.0.0 - -MariaDB dependency version was bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -To upgrade to `1.0.0`, you have two alternatives: - -- Install a new EJBCA chart, and migrate your EJBCA following [the official documentation](https://doc.primekey.com/ejbca/ejbca-operations/ejbca-operations-guide/ca-operations-guide/ejbca-maintenance/backup-and-restore). -- Reuse the PVC used to hold the MariaDB data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `ejbca`): - -> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x - -Obtain the credentials and the name of the PVC used to hold the MariaDB data on your current release: - -```console -export EJBCA_ADMIN_PASSWORD=$(kubectl get secret --namespace default ejbca -o jsonpath="{.data.ejbca-admin-password}" | base64 --decode) -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default ejbca-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default ejbca-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=ejbca -o jsonpath="{.items[0].metadata.name}") -``` - -Upgrade your release (maintaining the version) disabling MariaDB and scaling EJBCA replicas to 0: - -```console -$ helm upgrade ejbca bitnami/ejbca --set ejbcaAdminPassword=$EJBCA_ADMIN_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 0.4.0 -``` - -Finally, upgrade you release to 1.0.0 reusing the existing PVC, and enabling back MariaDB: - -```console -$ helm upgrade ejbca bitnami/ejbca --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set ejbcaAdminPassword=$EJBCA_ADMIN_PASSWORD -``` - -You should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=ejbca,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` diff --git a/bitnami/ejbca/templates/NOTES.txt b/bitnami/ejbca/templates/NOTES.txt deleted file mode 100644 index 9d560a8..0000000 --- a/bitnami/ejbca/templates/NOTES.txt +++ /dev/null @@ -1,86 +0,0 @@ -{{- $databaseSecretName := include "ejbca.databaseSecretName" . -}} -{{- $secretName := include "ejbca.secretName" . -}} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/bitnami/scripts/ejbca/entrypoint.sh /opt/bitnami/scripts/ejbca/run.sh - -{{- else }} - -To access your EJBCA site from outside the cluster follow the steps below: - -{{- $port := .Values.service.httpsPort | toString }} - -1. Get the EJBCA URL by running these commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "EJBCA Public URL: https://$NODE_IP:$NODE_PORT/ejbca" - echo "EJBCA Admin URL: https://$NODE_IP:$NODE_PORT/ejbca/adminweb" - echo "EJBCA Enrol URL: https://$NODE_IP:$NODE_PORT/ejbca/enrol/keystore.jsp" - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo "EJBCA Public URL: https://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca" - echo "EJBCA Admin URL: https://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca/adminweb" - echo "EJBCA Enrol URL: https://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca/enrol/keystore.jsp" - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.service.httpsPort }}:{{ .Values.service.httpsPort }} & - echo "EJBCA Public URL: https://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca" - echo "EJBCA Admin URL: https://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca/adminweb" - echo "EJBCA Enrol URL: https://127.0.0.1{{- if ne $port "80" }}:{{ .Values.service.httpsPort }}{{ end }}/ejbca/enrol/keystore.jsp" - -{{- end }} - -2. Open a browser and access EJBCA using the obtained URL. - -3. In order to be able to log in to the Admin Portal, you first need to enrol and import the generated certificate in your Browser: - export EJBCA_ADMIN_USERNAME={{ .Values.ejbcaAdminUsername }} - {{ include "common.utils.secret.getvalue" (dict "secret" $secretName "field" "ejbca-admin-password" "context" $) }} - echo Username: $EJBCA_ADMIN_USERNAME - echo Password: $EJBCA_ADMIN_PASSWORD - -4. You can access the DB using the following password: - {{ include "common.utils.secret.getvalue" (dict "secret" $databaseSecretName "field" "mariadb-password" "context" $) }} - -{{- $passwordErrors := list -}} - -{{- if not .Values.existingSecret -}} - {{- $requiredEJBCAPassword := dict "valueKey" "ejbcaAdminPassword" "secret" $secretName "field" "ejbca-admin-password" "context" $ -}} - {{- $requiredEJBCAPasswordError := include "common.validations.values.single.empty" $requiredEJBCAPassword -}} - {{- $passwordErrors = append $passwordErrors $requiredEJBCAPasswordError -}} -{{- end -}} - -{{- $mariadbSecretName := include "ejbca.databaseSecretName" . -}} -{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} -{{- $passwordErrors = append $passwordErrors $mariadbPasswordValidationErrors -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordErrors "context" $) -}} - -{{- end -}} - -{{- include "common.warnings.rollingTag" .Values.image }} diff --git a/bitnami/ejbca/templates/_helpers.tpl b/bitnami/ejbca/templates/_helpers.tpl deleted file mode 100644 index 251ec0d..0000000 --- a/bitnami/ejbca/templates/_helpers.tpl +++ /dev/null @@ -1,123 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper EJBCA image name -*/}} -{{- define "ejbca.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "ejbca.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "ejbca.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the correct EJBCA secret. -*/}} -{{- define "ejbca.secretName" -}} -{{- if .Values.existingSecret -}} - {{- printf "%s" .Values.existingSecret -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "ejbca.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "ejbca.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "ejbca.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "ejbca.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "ejbca.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "ejbca.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "ejbca.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "ejbca.databaseUsername" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "ejbca.databaseSecretName" -}} -{{- if and (.Values.mariadb.enabled) (not .Values.mariadb.existingSecret) -}} - {{- printf "%s" (include "mariadb.fullname" .) -}} -{{- else if and (.Values.mariadb.enabled) (.Values.mariadb.existingSecret) -}} - {{- printf "%s" .Values.mariadb.existingSecret -}} -{{- else }} - {{- if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} - {{- else -}} - {{- printf "%s-%s" .Release.Name "externaldb" -}} - {{- end -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/ejbca/templates/deployment.yaml b/bitnami/ejbca/templates/deployment.yaml deleted file mode 100644 index 3ab3b12..0000000 --- a/bitnami/ejbca/templates/deployment.yaml +++ /dev/null @@ -1,197 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "ejbca.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.podSecurityContext.fsGroup }} - {{- end }} - {{- if .Values.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: ejbca - {{- if .Values.containerSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.containerSecurityContext.runAsUser }} - {{- end }} - image: {{ template "ejbca.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: EJBCA_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "ejbca.secretName" . }} - key: ejbca-admin-password - - name: EJBCA_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "ejbca.databaseSecretName" . }} - key: mariadb-password - {{- if .Values.ejbcaKeystoreExistingSecret }} - - name: EJBCA_SERVER_CERT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.ejbcaKeystoreExistingSecret }} - key: keystore-password - {{- end }} - - name: EJBCA_ADMIN_USERNAME - value: {{ .Values.ejbcaAdminUsername | quote }} - - name: EJBCA_DATABASE_HOST - value: {{ include "ejbca.databaseHost" . | quote }} - - name: EJBCA_DATABASE_PORT - value: {{ include "ejbca.databasePort" . | quote }} - - name: EJBCA_DATABASE_NAME - value: {{ include "ejbca.databaseName" . | quote }} - - name: EJBCA_DATABASE_USERNAME - value: {{ include "ejbca.databaseUsername" . | quote }} - - name: EJBCA_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: EJBCA_HTTPS_PORT_NUMBER - value: {{ .Values.service.httpsPort | quote }} - - name: EJBCA_HTTPS_ADVERTISED_PORT_NUMBER - value: {{ .Values.service.advertisedHttpsPort | quote }} - {{- if .Values.ejbcaKeystoreExistingSecret }} - - name: EJBCA_SERVER_CERT_FILE - value: /opt/bitnami/ejbca/mounted-jks/keystore.jks - {{- end }} - {{- if .Values.ejbcaJavaOpts }} - - name: JAVA_OPTS - value: {{ .Values.ejbcaJavaOpts | quote }} - {{- end }} - {{- if .Values.ejbcaCA }} - {{- if .Values.ejbcaCA.name }} - - name: EJBCA_CA_NAME - value: {{ .Values.ejbcaCA.name | quote }} - {{- end }} - {{- if .Values.ejbcaCA.baseDN }} - - name: EJBCA_BASE_DN - value: {{ .Values.ejbcaCA.baseDN | quote }} - {{- end }} - {{- end }} - {{- if .Values.extraEnv }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - httpGet: - path: /ejbca - port: http - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - httpGet: - path: /ejbca - port: http - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - volumeMounts: - - name: ejbca-data - mountPath: /bitnami/ejbca - subPath: ejbca - {{- if .Values.ejbcaKeystoreExistingSecret }} - - name: ejbca-keystore - mountPath: /opt/bitnami/ejbca/mounted-jks/keystore.jks - subPath: "keystore.jks" - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.ejbcaKeystoreExistingSecret }} - - name: ejbca-keystore - secret: - secretName: {{ .Values.ejbcaKeystoreExistingSecret }} - items: - - key: "keystore.jks" - path: "keystore.jks" - {{- end }} - - name: ejbca-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} - {{- else }} - emptyDir: {} - {{ end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/ejbca/templates/externaldb-secrets.yaml b/bitnami/ejbca/templates/externaldb-secrets.yaml deleted file mode 100644 index 8ce33dd..0000000 --- a/bitnami/ejbca/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.mariadb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-%s" .Release.Name "externaldb" }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - mariadb-password: {{ .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/ejbca/templates/ingress.yaml b/bitnami/ejbca/templates/ingress.yaml deleted file mode 100644 index bc1e9df..0000000 --- a/bitnami/ejbca/templates/ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/backend-protocol: HTTPS - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "https" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "https" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/ejbca/templates/pvc.yaml b/bitnami/ejbca/templates/pvc.yaml deleted file mode 100644 index aed5144..0000000 --- a/bitnami/ejbca/templates/pvc.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "ejbca.storageClass" . }} -{{- end }} diff --git a/bitnami/ejbca/templates/secrets.yaml b/bitnami/ejbca/templates/secrets.yaml deleted file mode 100644 index 4178c54..0000000 --- a/bitnami/ejbca/templates/secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.ejbcaAdminPassword }} - ejbca-admin-password: {{ .Values.ejbcaAdminPassword | b64enc | quote }} - {{- else }} - ejbca-admin-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} diff --git a/bitnami/ejbca/templates/svc.yaml b/bitnami/ejbca/templates/svc.yaml deleted file mode 100644 index 12a9ef4..0000000 --- a/bitnami/ejbca/templates/svc.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations}} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: - {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: {{ .Values.service.httpsTargetPort }} - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/ejbca/values.yaml b/bitnami/ejbca/values.yaml deleted file mode 100644 index fb9bfec..0000000 --- a/bitnami/ejbca/values.yaml +++ /dev/null @@ -1,507 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override ebjca.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override ebjca.fullname template -## -fullnameOverride: "" -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param commonAnnotations Annotations to be added to all deployed resources -## -commonAnnotations: {} - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @section EJBCA parameters - -## Bitnami EJBCA image version -## ref: https://hub.docker.com/r/bitnami/ejbca/tags/ -## @param image.registry EJBCA image registry -## @param image.repository EJBCA image name -## @param image.tag EJBCA image tag -## @param image.pullPolicy EJBCA image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/ejbca - tag: 7.4.3-2-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false -## @param replicaCount Number of EJBCA replicas to deploy -## -replicaCount: 1 -## @param extraVolumeMounts Additional volume mounts (used along with `extraVolumes`) -## Example: Mount CA file -## extraVolumeMounts -## - name: ca-cert -## subPath: ca_cert -## mountPath: /path/to/ca_cert -## -extraVolumeMounts: [] -## @param extraVolumes Array of extra volumes to be added deployment. Requires setting `extraVolumeMounts` -## Example: Add secret volume -## extraVolumes: -## - name: ca-cert -## secret: -## secretName: ca-cert -## items: -## - key: ca-cert -## path: ca_cert -## -extraVolumes: [] -## @param podAnnotations Additional pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Additional pod labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## K8s Security Context for EJBCA pods -## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## @param podSecurityContext.enabled Enable security context for EJBCA container -## @param podSecurityContext.fsGroup Group ID for the volumes of the pod -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. -## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. -## -nodeAffinityPreset: - type: "" - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## @param persistence.enabled Whether to enable persistence based on Persistent Volume Claims -## @param persistence.accessMode PVC Access Mode (RWO, ROX, RWX) -## @param persistence.size Size of the PVC to request -## @param persistence.storageClass PVC Storage Class -## @param persistence.existingClaim Name of an existing PVC to reuse -## -persistence: - enabled: true - ## EJBCA data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## If you want to reuse an existing claim, you can pass the name of the PVC using the existingClaim variable - ## e.g: - ## existingClaim: your-claim - ## - existingClaim: "" - accessMode: ReadWriteOnce - size: 2Gi -## @param sidecars Attach additional sidecar containers to the pod -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @param initContainers Additional init containers to add to the pods -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## -initContainers: [] -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param ejbcaAdminUsername EJBCA administrator username -## ref: https://github.com/bitnami/bitnami-docker-ejbca#environment-variables -## -ejbcaAdminUsername: bitnami -## @param ejbcaAdminPassword Password for the administrator account -## If the password is not specified, a random one will be generated -## -ejbcaAdminPassword: "" -## @param existingSecret Alternatively, you can provide the name of an existing secret containing -## a key named "ejbca-admin-password" -## NOTE: This will override the password defined at ejbcaAdminPassword -## -existingSecret: "" -## @param ejbcaJavaOpts Options used to launch the WildFly server -## E.g. ejbcaJavaOpts: "-Xms2048m -Xmx2048m" -ejbcaJavaOpts: "" -## Details regarding the CA that EJBCA will instantiate -## @param ejbcaCA.name Name of the CA EJBCA will instantiate by default -## @param ejbcaCA.baseDN Base DomainName of the CA EJBCA will instantiate by default -## -ejbcaCA: - name: "ManagementCA" - ## e.g. baseDN: "O=Example CA,C=SE,UID=c-5ca04c9328c8208704310f7c2ed16414" - ## - baseDN: "" -## @param ejbcaKeystoreExistingSecret Name of an existing Secret containing a Keystore object -## to be imported by EBJCA. -## -## It should contain at the following two keys: -## -## "keystore.jks" --> The actual keystore object -## "keystore-password" --> Password used to encrypt keystore.jks -## -ejbcaKeystoreExistingSecret: "" -## @param extraEnv Additional container environment variables -## extraEnv: -## - name: -## value: -## -extraEnv: [] -## @param command Custom command to override image cmd -## -command: [] -## @param args Custom args for the custom command -## -args: [] -## EJBCA containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.limits The resources limits for the container -## @param resources.requests [object] The requested resources for the container -## -resources: - limits: {} - requests: - memory: 512Mi - cpu: 300m -## K8s Security Context for EJBCA container -## @param containerSecurityContext.enabled Enabled EJBCA containers' Security Context -## @param containerSecurityContext.runAsUser Set EJBCA containers' Security Context runAsUser -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## EJBCA pod extra options for liveness probe -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param livenessProbe.enabled Enable/disable livenessProbe -## @param livenessProbe.initialDelaySeconds Delay before liveness probe is initiated -## @param livenessProbe.periodSeconds How often to perform the probe -## @param livenessProbe.timeoutSeconds When the probe times out -## @param livenessProbe.failureThreshold Minimum consecutive failures for the probe -## @param livenessProbe.successThreshold Minimum consecutive successes for the probe -## -livenessProbe: - enabled: true - initialDelaySeconds: 500 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## EJBCA pod extra options for readiness probe -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param readinessProbe.enabled Enable/disable readinessProbe -## @param readinessProbe.initialDelaySeconds Delay before readiness probe is initiated -## @param readinessProbe.periodSeconds How often to perform the probe -## @param readinessProbe.timeoutSeconds When the probe times out -## @param readinessProbe.failureThreshold Minimum consecutive failures for the probe -## @param readinessProbe.successThreshold Minimum consecutive successes for the probe -## -readinessProbe: - enabled: true - initialDelaySeconds: 500 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param customLivenessProbe Custom liveness probe to execute (when the main one is disabled) -## -customLivenessProbe: {} -## @param customReadinessProbe Custom readiness probe to execute (when the main one is disabled) -## -customReadinessProbe: {} -## @param containerPorts [object] EJBCA Container ports to open -## -containerPorts: - http: 8080 - https: 8443 - -## @section Service parameters - -## Kubernetes configuration. For minikube, set this to NodePort, elsewhere use LoadBalancer or ClusterIP -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 8080 - ## @param service.httpsPort Service HTTPS port - ## - httpsPort: 8443 - ## @param service.advertisedHttpsPort Port used for the administration - ## - advertisedHttpsPort: 443 - ## @param service.httpsTargetPort Service Target HTTPS port - ## defaults to https unless overridden to the specified port. - ## if you want the target port to be "http" or "80" you can specify that here. - ## - httpsTargetPort: https - ## @param service.nodePorts [object] Node Ports to expose - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Service annotations - ## - annotations: {} - ## @param service.loadBalancerSourceRanges Limits which cidr blocks can connect to service's load balancer - ## Only valid if service.type: LoadBalancer - ## - loadBalancerSourceRanges: [] - ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) - ## - extraPorts: [] - -## @section Ingress parameters - -## Configure the ingress resource that allows you to access the -## EJBCA installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: ejbca.local - ## @param ingress.path The Path to EJBCA. You may need to set this to '/*' in order to use this - ## with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations done as key:value pairs - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: ejbca.local - ## path: / - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - ejbca.local - ## secretName: ejbca.local-tls - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## Example: - ## - name: ejbca.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Database parameters - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements. - ## To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture (`standalone` or `replication`) - ## - architecture: standalone - ## MariaDB Authentication parameters - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## @param mariadb.auth.database Database name to create - ## @param mariadb.auth.username Database user to create - ## @param mariadb.auth.password Password for the database - ## - auth: - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - database: bitnami_ejbca - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: bn_ejbca - password: "" - primary: - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class - ## @param mariadb.primary.persistence.accessMode Persistent Volume access mode - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production) - ## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas - ## - persistence: - enabled: true - ## mariadb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - accessMode: ReadWriteOnce - size: 8Gi - hostPath: "" - existingClaim: "" -## External Database Configuration -## All of these values are only used when mariadb.enabled is set to false -## @param externalDatabase.host Host of the external database -## @param externalDatabase.user non-root Username for EJBCA Database -## @param externalDatabase.password Password for the above username -## @param externalDatabase.existingSecret Name of an existing secret resource containing the DB password in a 'mariadb-password' key -## @param externalDatabase.database Name of the existing database -## @param externalDatabase.port Database port number -## -externalDatabase: - host: localhost - user: bn_ejbca - password: "" - existingSecret: "" - database: bitnami_ejbca - port: 3306 diff --git a/bitnami/external-dns/Chart.lock b/bitnami/external-dns/Chart.lock deleted file mode 100644 index 8059496..0000000 --- a/bitnami/external-dns/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-25T09:19:15.508320937Z" diff --git a/bitnami/external-dns/Chart.yaml b/bitnami/external-dns/Chart.yaml deleted file mode 100644 index 2c66731..0000000 --- a/bitnami/external-dns/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -annotations: - category: DeveloperTools -apiVersion: v2 -appVersion: 0.9.0 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: ExternalDNS is a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes services to make them discoverable. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/external-dns -icon: https://bitnami.com/assets/stacks/external-dns/img/external-dns-stack-220x234.png -keywords: - - external-dns - - network - - dns -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: external-dns -sources: - - https://github.com/kubernetes-sigs/external-dns - - https://github.com/bitnami/bitnami-docker-external-dns - - https://github.com/kubernetes-sigs/external-dns -version: 5.4.8 diff --git a/bitnami/external-dns/README.md b/bitnami/external-dns/README.md deleted file mode 100644 index 11204a2..0000000 --- a/bitnami/external-dns/README.md +++ /dev/null @@ -1,398 +0,0 @@ -# external-dns - -[ExternalDNS](https://github.com/kubernetes-sigs/external-dns) is a Kubernetes addon that configures public DNS servers with information about exposed Kubernetes services to make them discoverable. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/external-dns -``` - -## Introduction - -This chart bootstraps a [ExternalDNS](https://github.com/bitnami/bitnami-docker-external-dns) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install my-release bitnami/external-dns -``` - -The command deploys ExternalDNS on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | - - -### Common parameters - -| Name | Description | Value | -| ------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| `nameOverride` | String to partially override external-dns.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override external-dns.fullname template | `""` | -| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | - - -### external-dns parameters - -| Name | Description | Value | -| --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `image.registry` | ExternalDNS image registry | `docker.io` | -| `image.repository` | ExternalDNS image repository | `bitnami/external-dns` | -| `image.tag` | ExternalDNS Image tag (immutable tags are recommended) | `0.9.0-debian-10-r50` | -| `image.pullPolicy` | ExternalDNS image pull policy | `IfNotPresent` | -| `image.pullSecrets` | ExternalDNS image pull secrets | `[]` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `sources` | K8s resources type to be observed for new DNS entries by ExternalDNS | `[]` | -| `provider` | DNS provider where the DNS records will be created. | `aws` | -| `namespace` | Limit sources of endpoints to a specific namespace (default: all namespaces) | `""` | -| `fqdnTemplates` | Templated strings that are used to generate DNS names from sources that don't define a hostname themselves | `[]` | -| `combineFQDNAnnotation` | Combine FQDN template and annotations instead of overwriting | `false` | -| `ignoreHostnameAnnotation` | Ignore hostname annotation when generating DNS names, valid only when fqdn-template is set | `false` | -| `publishInternalServices` | Allow external-dns to publish DNS records for ClusterIP services | `false` | -| `publishHostIP` | Allow external-dns to publish host-ip for headless services | `false` | -| `serviceTypeFilter` | The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName) | `[]` | -| `alibabacloud.accessKeyId` | When using the Alibaba Cloud provider, set `accessKeyId` in the Alibaba Cloud configuration file (optional) | `""` | -| `alibabacloud.accessKeySecret` | When using the Alibaba Cloud provider, set `accessKeySecret` in the Alibaba Cloud configuration file (optional) | `""` | -| `alibabacloud.regionId` | When using the Alibaba Cloud provider, set `regionId` in the Alibaba Cloud configuration file (optional) | `""` | -| `alibabacloud.vpcId` | Alibaba Cloud VPC Id | `""` | -| `alibabacloud.secretName` | Use an existing secret with key "alibaba-cloud.json" defined. | `""` | -| `alibabacloud.zoneType` | Zone Filter. Available values are: public, private, or no value for both | `""` | -| `aws.credentials.secretKey` | When using the AWS provider, set `aws_secret_access_key` in the AWS credentials (optional) | `""` | -| `aws.credentials.accessKey` | When using the AWS provider, set `aws_access_key_id` in the AWS credentials (optional) | `""` | -| `aws.credentials.mountPath` | When using the AWS provider, determine `mountPath` for `credentials` secret | `/.aws` | -| `aws.credentials.secretName` | Use an existing secret with key "credentials" defined. | `""` | -| `aws.region` | When using the AWS provider, `AWS_DEFAULT_REGION` to set in the environment (optional) | `us-east-1` | -| `aws.zoneType` | When using the AWS provider, filter for zones of this type (optional, options: public, private) | `""` | -| `aws.assumeRoleArn` | When using the AWS provider, assume role by specifying --aws-assume-role to the external-dns daemon | `""` | -| `aws.apiRetries` | Maximum number of retries for AWS API calls before giving up | `3` | -| `aws.batchChangeSize` | When using the AWS provider, set the maximum number of changes that will be applied in each batch | `1000` | -| `aws.zoneTags` | When using the AWS provider, filter for zones with these tags | `[]` | -| `aws.preferCNAME` | When using the AWS provider, replaces Alias records with CNAME (options: true, false) | `""` | -| `aws.evaluateTargetHealth` | When using the AWS provider, sets the evaluate target health flag (options: true, false) | `""` | -| `azure.secretName` | When using the Azure provider, set the secret containing the `azure.json` file | `""` | -| `azure.cloud` | When using the Azure provider, set the Azure Cloud | `""` | -| `azure.resourceGroup` | When using the Azure provider, set the Azure Resource Group | `""` | -| `azure.tenantId` | When using the Azure provider, set the Azure Tenant ID | `""` | -| `azure.subscriptionId` | When using the Azure provider, set the Azure Subscription ID | `""` | -| `azure.aadClientId` | When using the Azure provider, set the Azure AAD Client ID | `""` | -| `azure.aadClientSecret` | When using the Azure provider, set the Azure AAD Client Secret | `""` | -| `azure.useManagedIdentityExtension` | When using the Azure provider, set if you use Azure MSI | `false` | -| `azure.userAssignedIdentityID` | When using the Azure provider with Azure MSI, set Client ID of Azure user-assigned managed identity (optional, otherwise system-assigned managed identity is used) | `""` | -| `cloudflare.apiToken` | When using the Cloudflare provider, `CF_API_TOKEN` to set (optional) | `""` | -| `cloudflare.apiKey` | When using the Cloudflare provider, `CF_API_KEY` to set (optional) | `""` | -| `cloudflare.secretName` | When using the Cloudflare provider, it's the name of the secret containing cloudflare_api_token or cloudflare_api_key. | `""` | -| `cloudflare.email` | When using the Cloudflare provider, `CF_API_EMAIL` to set (optional). Needed when using CF_API_KEY | `""` | -| `cloudflare.proxied` | When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional) | `true` | -| `coredns.etcdEndpoints` | When using the CoreDNS provider, set etcd backend endpoints (comma-separated list) | `http://etcd-extdns:2379` | -| `coredns.etcdTLS.enabled` | When using the CoreDNS provider, enable secure communication with etcd | `false` | -| `coredns.etcdTLS.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | -| `coredns.etcdTLS.secretName` | When using the CoreDNS provider, specify a name of existing Secret with etcd certs and keys | `etcd-client-certs` | -| `coredns.etcdTLS.mountPath` | When using the CoreDNS provider, set destination dir to mount data from `coredns.etcdTLS.secretName` to | `/etc/coredns/tls/etcd` | -| `coredns.etcdTLS.caFilename` | When using the CoreDNS provider, specify CA PEM file name from the `coredns.etcdTLS.secretName` | `ca.crt` | -| `coredns.etcdTLS.certFilename` | When using the CoreDNS provider, specify cert PEM file name from the `coredns.etcdTLS.secretName` | `cert.pem` | -| `coredns.etcdTLS.keyFilename` | When using the CoreDNS provider, specify private key PEM file name from the `coredns.etcdTLS.secretName` | `key.pem` | -| `designate.username` | When using the Designate provider, specify the OpenStack authentication username. (optional) | `""` | -| `designate.password` | When using the Designate provider, specify the OpenStack authentication password. (optional) | `""` | -| `designate.authUrl` | When using the Designate provider, specify the OpenStack authentication Url. (optional) | `""` | -| `designate.regionName` | When using the Designate provider, specify the OpenStack region name. (optional) | `""` | -| `designate.userDomainName` | When using the Designate provider, specify the OpenStack user domain name. (optional) | `""` | -| `designate.projectName` | When using the Designate provider, specify the OpenStack project name. (optional) | `""` | -| `designate.username` | When using the Designate provider, specify the OpenStack authentication username. (optional) | `""` | -| `designate.customCAHostPath` | When using the Designate provider, use a CA file already on the host to validate Openstack APIs. This conflicts with `designate.customCA.enabled` | `""` | -| `designate.customCA.enabled` | When using the Designate provider, enable a custom CA (optional) | `false` | -| `designate.customCA.content` | When using the Designate provider, set the content of the custom CA | `""` | -| `designate.customCA.mountPath` | When using the Designate provider, set the mountPath in which to mount the custom CA configuration | `/config/designate` | -| `designate.customCA.filename` | When using the Designate provider, set the custom CA configuration filename | `designate-ca.pem` | -| `digitalocean.apiToken` | When using the DigitalOcean provider, `DO_TOKEN` to set (optional) | `""` | -| `digitalocean.secretName` | Use an existing secret with key "digitalocean_api_token" defined. | `""` | -| `google.project` | When using the Google provider, specify the Google project (required when provider=google) | `""` | -| `google.serviceAccountSecret` | When using the Google provider, specify the existing secret which contains credentials.json (optional) | `""` | -| `google.serviceAccountSecretKey` | When using the Google provider with an existing secret, specify the key name (optional) | `credentials.json` | -| `google.serviceAccountKey` | When using the Google provider, specify the service account key JSON file. In this case a new secret will be created holding this service account (optional) | `""` | -| `hetzner.token` | When using the Hetzner provider, specify your token here. (required when `hetzner.secretName` is not provided. In this case a new secret will be created holding the token.) | `""` | -| `hetzner.secretName` | When using the Hetzner provider, specify the existing secret which contains your token. Disables the usage of `hetzner.token` (optional) | `""` | -| `hetzner.secretKey` | When using the Hetzner provider with an existing secret, specify the key name (optional) | `hetzner_token` | -| `infoblox.wapiUsername` | When using the Infoblox provider, specify the Infoblox WAPI username | `admin` | -| `infoblox.wapiPassword` | When using the Infoblox provider, specify the Infoblox WAPI password (required when provider=infoblox) | `""` | -| `infoblox.gridHost` | When using the Infoblox provider, specify the Infoblox Grid host (required when provider=infoblox) | `""` | -| `infoblox.view` | Infoblox view | `""` | -| `infoblox.domainFilter` | When using the Infoblox provider, specify the domain (optional) | `""` | -| `infoblox.noSslVerify` | When using the Infoblox provider, disable SSL verification (optional) | `false` | -| `infoblox.wapiPort` | When using the Infoblox provider, specify the Infoblox WAPI port (optional) | `""` | -| `infoblox.wapiVersion` | When using the Infoblox provider, specify the Infoblox WAPI version (optional) | `""` | -| `infoblox.wapiConnectionPoolSize` | When using the Infoblox provider, specify the Infoblox WAPI request connection pool size (optional) | `""` | -| `infoblox.wapiHttpTimeout` | When using the Infoblox provider, specify the Infoblox WAPI request timeout in seconds (optional) | `""` | -| `infoblox.maxResults` | When using the Infoblox provider, specify the Infoblox Max Results (optional) | `""` | -| `linode.apiToken` | When using the Linode provider, `LINODE_TOKEN` to set (optional) | `""` | -| `linode.secretName` | Use an existing secret with key "linode_api_token" defined. | `""` | -| `ns1.minTTL` | When using the ns1 provider, specify minimal TTL, as an integer, for records | `10` | -| `ovh.consumerKey` | When using the OVH provider, specify the existing consumer key. (required when provider=ovh and `ovh.secretName` is not provided.) | `""` | -| `ovh.applicationKey` | When using the OVH provider with an existing application, specify the application key. (required when provider=ovh and `ovh.secretName` is not provided.) | `""` | -| `ovh.applicationSecret` | When using the OVH provider with an existing application, specify the application secret. (required when provider=ovh and `ovh.secretName` is not provided.) | `""` | -| `ovh.secretName` | When using the OVH provider, it's the name of the secret containing `ovh_consumer_key`, `ovh_application_key` and `ovh_application_secret`. Disables usage of other `ovh. | `""` | -| `scaleway.scwAccessKey` | When using the Scaleway provider, specify an existing access key. (required when provider=scaleway) | `""` | -| `scaleway.scwSecretKey` | When using the Scaleway provider, specify an existing secret key. (required when provider=scaleway) | `""` | -| `scaleway.scwDefaultOrganizationId` | When using the Scaleway provider, specify the existing organization id. (required when provider=scaleway) | `""` | -| `rfc2136.host` | When using the rfc2136 provider, specify the RFC2136 host (required when provider=rfc2136) | `""` | -| `rfc2136.port` | When using the rfc2136 provider, specify the RFC2136 port (optional) | `53` | -| `rfc2136.zone` | When using the rfc2136 provider, specify the zone (required when provider=rfc2136) | `""` | -| `rfc2136.tsigSecret` | When using the rfc2136 provider, specify the tsig secret to enable security. (do not specify if `rfc2136.secretName` is provided.) (optional) | `""` | -| `rfc2136.secretName` | When using the rfc2136 provider, specify the existing secret which contains your tsig secret. Disables the usage of `rfc2136.tsigSecret` (optional) | `""` | -| `rfc2136.tsigSecretAlg` | When using the rfc2136 provider, specify the tsig secret to enable security (optional) | `hmac-sha256` | -| `rfc2136.tsigKeyname` | When using the rfc2136 provider, specify the tsig keyname to enable security (optional) | `externaldns-key` | -| `rfc2136.tsigAxfr` | When using the rfc2136 provider, enable AFXR to enable security (optional) | `true` | -| `rfc2136.minTTL` | When using the rfc2136 provider, specify minimal TTL (in duration format) for records[ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration | `0s` | -| `rfc2136.rfc3645Enabled` | When using the rfc2136 provider, extend using RFC3645 to support secure updates over Kerberos with GSS-TSIG | `false` | -| `rfc2136.kerberosConfig` | When using the rfc2136 provider with rfc3645Enabled, the contents of a configuration file for krb5 (optional) | `""` | -| `rfc2136.kerberosUsername` | When using the rfc2136 provider with rfc3645Enabled, specify the username to authenticate with (optional) | `""` | -| `rfc2136.kerberosPassword` | When using the rfc2136 provider with rfc3645Enabled, specify the password to authenticate with (optional) | `""` | -| `rfc2136.kerberosRealm` | When using the rfc2136 provider with rfc3645Enabled, specify the realm to authenticate to (required when provider=rfc2136 and rfc2136.rfc3645Enabled=true) | `""` | -| `pdns.apiUrl` | When using the PowerDNS provider, specify the API URL of the server. | `""` | -| `pdns.apiPort` | When using the PowerDNS provider, specify the API port of the server. | `8081` | -| `pdns.apiKey` | When using the PowerDNS provider, specify the API key of the server. | `""` | -| `pdns.secretName` | When using the PowerDNS provider, specify as secret name containing the API Key | `""` | -| `transip.account` | When using the TransIP provider, specify the account name. | `""` | -| `transip.apiKey` | When using the TransIP provider, specify the API key to use. | `""` | -| `vinyldns.host` | When using the VinylDNS provider, specify the VinylDNS API host. | `""` | -| `vinyldns.accessKey` | When using the VinylDNS provider, specify the Access Key to use. | `""` | -| `vinyldns.secretKey` | When using the VinylDNS provider, specify the Secret key to use. | `""` | -| `domainFilters` | Limit possible target zones by domain suffixes (optional) | `[]` | -| `excludeDomains` | Exclude subdomains (optional) | `[]` | -| `regexDomainFilter` | Limit possible target zones by regex domain suffixes (optional) | `""` | -| `regexDomainExclusion` | Exclude subdomains by using regex pattern (optional) | `""` | -| `zoneNameFilters` | Filter target zones by zone domain (optional) | `[]` | -| `zoneIdFilters` | Limit possible target zones by zone id (optional) | `[]` | -| `annotationFilter` | Filter sources managed by external-dns via annotation using label selector (optional) | `""` | -| `dryRun` | When enabled, prints DNS record changes rather than actually performing them (optional) | `false` | -| `triggerLoopOnEvent` | When enabled, triggers run loop on create/update/delete events in addition to regular interval (optional) | `false` | -| `interval` | Interval update period to use | `1m` | -| `logLevel` | Verbosity of the logs (options: panic, debug, info, warning, error, fatal, trace) | `info` | -| `logFormat` | Which format to output logs in (options: text, json) | `text` | -| `policy` | Modify how DNS records are synchronized between sources and providers (options: sync, upsert-only ) | `upsert-only` | -| `registry` | Registry method to use (options: txt, aws-sd, noop) | `txt` | -| `txtPrefix` | When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) (Mutual exclusive with txt-suffix) | `""` | -| `txtSuffix` | When using the TXT registry, a suffix for ownership records that avoids collision with CNAME entries (optional).suffix (Mutual exclusive with txt-prefix) | `""` | -| `txtOwnerId` | A name that identifies this instance of ExternalDNS. Currently used by registry types: txt & aws-sd (optional) | `""` | -| `forceTxtOwnerId` | (backward compatibility) When using the non-TXT registry, it will pass the value defined by `txtOwnerId` down to the application (optional) | `false` | -| `extraArgs` | Extra arguments to be passed to external-dns | `{}` | -| `extraEnv` | Extra environment variables to be passed to external-dns | `[]` | -| `replicas` | Desired number of ExternalDNS replicas | `1` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `podAnnotations` | Additional annotations to apply to the pod. | `{}` | -| `podLabels` | Additional labels to be added to pods | `{}` | -| `priorityClassName` | priorityClassName | `""` | -| `secretAnnotations` | Additional annotations to apply to the secret | `{}` | -| `crd.create` | Install and use the integrated DNSEndpoint CRD | `false` | -| `crd.apiversion` | Sets the API version for the CRD to watch | `""` | -| `crd.kind` | Sets the kind for the CRD to watch | `""` | -| `service.enabled` | Whether to create Service resource or not | `true` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | ExternalDNS client port | `7979` | -| `service.nodePort` | Port to bind to for NodePort service type (client port) | `""` | -| `service.clusterIP` | IP address to assign to service | `""` | -| `service.externalIPs` | Service external IP addresses | `[]` | -| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `service.annotations` | Annotations to add to service | `{}` | -| `service.labels` | Provide any additional labels which may be required. | `{}` | -| `serviceAccount.create` | Determine whether a Service Account should be created or it should reuse a exiting one. | `true` | -| `serviceAccount.name` | ServiceAccount to use. A name is generated using the external-dns.fullname template if it is not set | `""` | -| `serviceAccount.annotations` | Additional Service Account annotations | `{}` | -| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `true` | -| `rbac.create` | Whether to create & use RBAC resources or not | `true` | -| `rbac.clusterRole` | Whether to create Cluster Role. When set to false creates a Role in `namespace` | `true` | -| `rbac.apiVersion` | Version of the RBAC API | `v1` | -| `rbac.pspEnabled` | PodSecurityPolicy | `false` | -| `securityContext` | Security context for the container | `{}` | -| `podSecurityContext.fsGroup` | Group ID for the container | `1001` | -| `podSecurityContext.runAsUser` | User ID for the container | `1001` | -| `resources.limits` | The resources limits for the container | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.httpGet.path` | Request path for livenessProbe | `/healthz` | -| `livenessProbe.httpGet.port` | Port for livenessProbe | `http` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `2` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.httpGet.path` | Request path for readinessProbe | `/healthz` | -| `readinessProbe.httpGet.port` | Port for readinessProbe | `http` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `extraVolumes` | A list of volumes to be added to the pod | `[]` | -| `extraVolumeMounts` | A list of volume mounts to be added to the pod | `[]` | -| `podDisruptionBudget` | Configure PodDisruptionBudget | `{}` | -| `metrics.enabled` | Enable prometheus to access external-dns metrics endpoint | `false` | -| `metrics.podAnnotations` | Annotations for enabling prometheus to access the metrics endpoint | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor object | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | Additional labels for ServiceMonitor object | `{}` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set provider=aws bitnami/external-dns -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/external-dns -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -### Using IRSA -If you are deploying to AWS EKS and you want to leverage [IRSA](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html). You will need to override `fsGroup` and `runAsUser` with `65534`(nfsnobody) and `0` respectively. Otherwise service account token will not be properly mounted. -You can use the following arguments: -``` ---set podSecurityContext.fsGroup=65534 --set podSecurityContext.runAsUser=0 -``` -## Tutorials - -Find information about the requirements for each DNS provider on the link below: - -- [ExternalDNS Tutorials](https://github.com/kubernetes-sigs/external-dns/tree/master/docs/tutorials) - -For instance, to install ExternalDNS on AWS, you need to: - -- Provide the K8s worker node which runs the cluster autoscaler with a minimum IAM policy (check [IAM permissions docs](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md#iam-permissions) for more information). -- Setup a hosted zone on Route53 and annotate the Hosted Zone ID and its associated "nameservers" as described on [these docs](https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md#set-up-a-hosted-zone). -- Install ExternalDNS chart using the command below: - -> Note: replace the placeholder HOSTED_ZONE_IDENTIFIER and HOSTED_ZONE_NAME, with your hosted zoned identifier and name, respectively. -```bash -$ helm install my-release \ - --set provider=aws \ - --set aws.zoneType=public \ - --set txtOwnerId=HOSTED_ZONE_IDENTIFIER \ - --set domainFilters[0]=HOSTED_ZONE_NAME \ - bitnami/external-dns -``` - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 5.0.0 - -The CRD was updated according to the latest changes in the upstream project. As a consequence, the CRD API version was moved from `apiextensions.k8s.io/v1beta1` to `apiextensions.k8s.io/v1`. If you deployed the Helm Chart using `crd.create=true` you need to manually delete the old CRD before upgrading the release. - -```console -kubectl delete crd dnsendpoints.externaldns.k8s.io -helm upgrade my-release -f my-values.yaml -``` - -### To 4.3.0 - -This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated thechart dependencies before executing any upgrade. - -### To 4.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 3.0.0 - -- The parameters below are renamed: - - `rbac.serviceAccountCreate` -> `serviceAccount.create` - - `rbac.serviceAccountName` -> `serviceAccount.name` - - `rbac.serviceAccountAnnotations` -> `serviceAccount.annotations` -- It is now possible to create serviceAccount, clusterRole and clusterRoleBinding manually and give the serviceAccount to the chart. - -### To 2.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is `my-release`: - -```console -$ kubectl delete deployment my-release-external-dns -$ helm upgrade my-release bitnami/external-dns -``` - -Other mayor changes included in this major version are: - -- Default image changes from `registry.opensource.zalan.do/teapot/external-dns` to `bitnami/external-dns`. -- The parameters below are renamed: - - `aws.secretKey` -> `aws.credentials.secretKey` - - `aws.accessKey` -> `aws.credentials.accessKey` - - `aws.credentialsPath` -> `aws.credentials.mountPath` - - `designate.customCA.directory` -> `designate.customCA.mountPath` -- Support to Prometheus metrics is added. diff --git a/bitnami/external-dns/templates/NOTES.txt b/bitnami/external-dns/templates/NOTES.txt deleted file mode 100644 index 7488186..0000000 --- a/bitnami/external-dns/templates/NOTES.txt +++ /dev/null @@ -1,8 +0,0 @@ -** Please be patient while the chart is being deployed ** - -To verify that external-dns has started, run: - - kubectl --namespace={{ .Release.Namespace }} get pods -l "app.kubernetes.io/name={{ template "external-dns.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" - -{{ include "external-dns.validateValues" . }} -{{ include "external-dns.checkRollingTags" . }} diff --git a/bitnami/external-dns/templates/_helpers.tpl b/bitnami/external-dns/templates/_helpers.tpl deleted file mode 100644 index a4dedd2..0000000 --- a/bitnami/external-dns/templates/_helpers.tpl +++ /dev/null @@ -1,853 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "external-dns.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "external-dns.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "external-dns.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* Helm required labels */}} -{{- define "external-dns.labels" -}} -app.kubernetes.io/name: {{ template "external-dns.name" . }} -helm.sh/chart: {{ template "external-dns.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.podLabels }} -{{ toYaml .Values.podLabels }} -{{- end }} -{{- end -}} - -{{/* matchLabels */}} -{{- define "external-dns.matchLabels" -}} -app.kubernetes.io/name: {{ template "external-dns.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* podAnnotations */}} -{{- define "external-dns.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations }} -{{- end }} -{{- if .Values.metrics.podAnnotations }} -{{ toYaml .Values.metrics.podAnnotations }} -{{- end }} -{{- end -}} - -{{/* -Return the proper External DNS image name -*/}} -{{- define "external-dns.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "external-dns.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if .Values.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if .Values.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "external-dns.createSecret" -}} -{{- if and (eq .Values.provider "alibabacloud") .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret (not .Values.alibabacloud.secretName) }} - {{- true -}} -{{- else if and (eq .Values.provider "aws") .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey (not .Values.aws.credentials.secretName) }} - {{- true -}} -{{- else if and (or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns")) (or (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.aadClientId .Values.azure.aadClientSecret (not .Values.azure.useManagedIdentityExtension)) (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId .Values.azure.useManagedIdentityExtension)) (not .Values.azure.secretName) -}} - {{- true -}} -{{- else if and (eq .Values.provider "cloudflare") (or .Values.cloudflare.apiToken .Values.cloudflare.apiKey) (not .Values.cloudflare.secretName) -}} - {{- true -}} -{{- else if and (eq .Values.provider "designate") (or .Values.designate.username .Values.designate.password) -}} - {{- true -}} -{{- else if and (eq .Values.provider "digitalocean") .Values.digitalocean.apiToken (not .Values.digitalocean.secretName) -}} - {{- true -}} -{{- else if and (eq .Values.provider "google") .Values.google.serviceAccountKey (not .Values.google.serviceAccountSecret) -}} - {{- true -}} -{{- else if and (eq .Values.provider "hetzner") .Values.hetzner.token (not .Values.hetzner.secretName) -}} - {{- true -}} -{{- else if and (eq .Values.provider "infoblox") (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) (not .Values.infoblox.secretName) -}} - {{- true -}} -{{- else if and (eq .Values.provider "linode") .Values.linode.apiToken (not .Values.linode.secretName) -}} - {{- true -}} -{{- else if and (eq .Values.provider "rfc2136") (or .Values.rfc2136.tsigSecret (and .Values.rfc2136.kerberosUsername .Values.rfc2136.kerberosPassword)) (not .Values.rfc2136.secretName) -}} - {{- true -}} -{{- else if and (eq .Values.provider "pdns") .Values.pdns.apiKey (not .Values.pdns.secretName) -}} - {{- true -}} -{{- else if and (eq .Values.provider "transip") .Values.transip.apiKey -}} - {{- true -}} -{{- else if and (eq .Values.provider "ovh") .Values.ovh.consumerKey (not .Values.ovh.secretName) -}} - {{- true -}} -{{- else if and (eq .Values.provider "scaleway") .Values.scaleway.scwAccessKey -}} - {{- true -}} -{{- else if and (eq .Values.provider "vinyldns") (or .Values.vinyldns.secretKey .Values.vinyldns.accessKey) -}} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created -*/}} -{{- define "external-dns.createConfigMap" -}} -{{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - {{- true -}} -{{- else if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - - -{{/* -Return the name of the Secret used to store the passwords -*/}} -{{- define "external-dns.secretName" -}} -{{- if and (eq .Values.provider "alibabacloud") .Values.alibabacloud.secretName }} -{{- .Values.alibabacloud.secretName }} -{{- else if and (eq .Values.provider "aws") .Values.aws.credentials.secretName }} -{{- .Values.aws.credentials.secretName }} -{{- else if and (or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns")) .Values.azure.secretName }} -{{- .Values.azure.secretName }} -{{- else if and (eq .Values.provider "cloudflare") .Values.cloudflare.secretName }} -{{- .Values.cloudflare.secretName }} -{{- else if and (eq .Values.provider "digitalocean") .Values.digitalocean.secretName }} -{{- .Values.digitalocean.secretName }} -{{- else if and (eq .Values.provider "google") .Values.google.serviceAccountSecret }} -{{- .Values.google.serviceAccountSecret }} -{{- else if and (eq .Values.provider "hetzner") .Values.hetzner.secretName -}} -{{- .Values.hetzner.secretName -}} -{{- else if and (eq .Values.provider "linode") .Values.linode.secretName }} -{{- .Values.linode.secretName }} -{{- else if and (eq .Values.provider "ovh") .Values.ovh.secretName }} -{{- .Values.ovh.secretName }} -{{- else if and (eq .Values.provider "pdns") .Values.pdns.secretName }} -{{- .Values.pdns.secretName }} -{{- else if and (eq .Values.provider "infoblox") .Values.infoblox.secretName }} -{{- .Values.infoblox.secretName }} -{{- else if and (eq .Values.provider "rfc2136") .Values.rfc2136.secretName }} -{{- .Values.rfc2136.secretName }} -{{- else -}} -{{- template "external-dns.fullname" . }} -{{- end -}} -{{- end -}} - -{{- define "external-dns.alibabacloud-credentials" -}} -{ - {{- if .Values.alibabacloud.regionId }} - "regionId": "{{ .Values.alibabacloud.regionId }}", - {{- end}} - {{- if .Values.alibabacloud.vpcId }} - "vpcId": "{{ .Values.alibabacloud.vpcId }}", - {{- end}} - {{- if .Values.alibabacloud.accessKeyId }} - "accessKeyId": "{{ .Values.alibabacloud.accessKeyId }}", - {{- end}} - {{- if .Values.alibabacloud.accessKeySecret }} - "accessKeySecret": "{{ .Values.alibabacloud.accessKeySecret }}" - {{- end}} -} -{{ end }} - -{{- define "external-dns.aws-credentials" }} -[default] -aws_access_key_id = {{ .Values.aws.credentials.accessKey }} -aws_secret_access_key = {{ .Values.aws.credentials.secretKey }} -{{ end }} - -{{- define "external-dns.aws-config" }} -[profile default] -region = {{ .Values.aws.region }} -{{ end }} - -{{- define "external-dns.azure-credentials" -}} -{ - {{- if .Values.azure.cloud }} - "cloud": "{{ .Values.azure.cloud }}", - {{- end}} - "tenantId": "{{ .Values.azure.tenantId }}", - "subscriptionId": "{{ .Values.azure.subscriptionId }}", - "resourceGroup": "{{ .Values.azure.resourceGroup }}", - {{- if not .Values.azure.useManagedIdentityExtension }} - "aadClientId": "{{ .Values.azure.aadClientId }}", - "aadClientSecret": "{{ .Values.azure.aadClientSecret }}" - {{- end }} - {{- if and .Values.azure.useManagedIdentityExtension .Values.azure.userAssignedIdentityID }} - "useManagedIdentityExtension": true, - "userAssignedIdentityID": "{{ .Values.azure.userAssignedIdentityID }}" - {{- else if and .Values.azure.useManagedIdentityExtension (not .Values.azure.userAssignedIdentityID) }} - "useManagedIdentityExtension": true - {{- end }} -} -{{ end }} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "external-dns.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "external-dns.validateValues.provider" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.sources" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.aws" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.infoblox.gridHost" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.infoblox.wapiPassword" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.pdns.apiUrl" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.pdns.apiKey" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azure.resourceGroupWithoutTenantId" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azure.resourceGroupWithoutSubscriptionId" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azure.tenantIdWithoutResourceGroup" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azure.tenantIdWithoutSubscriptionId" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azure.subscriptionIdWithoutResourceGroup" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azure.subscriptionIdWithoutTenantId" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientId" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientSecret" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azure.userAssignedIdentityIDWithoutUseManagedIdentityExtension" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azure.aadClientId" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azure.aadClientSecret" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.resourceGroup" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.tenantId" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.subscriptionId" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.aadClientId" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.aadClientSecret" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.useManagedIdentityExtensionAadClientId" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.useManagedIdentityExtensionAadClientSecret" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.azurePrivateDns.userAssignedIdentityIDWithoutUseManagedIdentityExtension" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.transip.account" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.transip.apiKey" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.linode.apiToken" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.ovh.consumerKey" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.ovh.applicationKey" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.ovh.applicationSecret" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.rfc2136.kerberosRealm" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.rfc2136.kerberosConfig" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.scaleway.scwAccessKey" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.scaleway.scwSecretKey" .) -}} -{{- $messages := append $messages (include "external-dns.validateValues.scaleway.scwDefaultOrganizationId" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must set a provider -*/}} -{{- define "external-dns.validateValues.provider" -}} -{{- if not .Values.provider -}} -external-dns: provider - You must set a provider (options: aws, google, azure, cloudflare, ...) - Please set the provider parameter (--set provider="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide sources to be observed for new DNS entries by ExternalDNS -*/}} -{{- define "external-dns.validateValues.sources" -}} -{{- if empty .Values.sources -}} -external-dns: sources - You must provide sources to be observed for new DNS entries by ExternalDNS - Please set the sources parameter (--set sources="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- The AWS Role to assume must follow ARN format when provider is "aws" -*/}} -{{- define "external-dns.validateValues.aws" -}} -{{- if and (eq .Values.provider "aws") .Values.aws.assumeRoleArn -}} -{{- if not (regexMatch "^arn:(aws|aws-us-gov|aws-cn):iam::.*$" .Values.aws.assumeRoleArn) -}} -external-dns: aws.assumeRoleArn - The AWS Role to assume must follow ARN format: `arn:aws:iam::123455567:role/external-dns` - Ref: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html - Please set a valid ARN (--set aws.assumeRoleARN="xxxx") -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide the Grid Manager host when provider is "infoblox" -*/}} -{{- define "external-dns.validateValues.infoblox.gridHost" -}} -{{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.gridHost) -}} -external-dns: infoblox.gridHost - You must provide the Grid Manager host when provider="infoblox". - Please set the gridHost parameter (--set infoblox.gridHost="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide a WAPI password when provider is "infoblox" -*/}} -{{- define "external-dns.validateValues.infoblox.wapiPassword" -}} -{{- if and (eq .Values.provider "infoblox") (not .Values.infoblox.wapiPassword) (not .Values.infoblox.secretName) -}} -external-dns: infoblox.wapiPassword - You must provide a WAPI password when provider="infoblox". - Please set the wapiPassword parameter (--set infoblox.wapiPassword="xxxx") - or you can provide an existing secret name via infoblox.secretName -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiVersion" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide the PowerDNS API URL when provider is "pdns" -*/}} -{{- define "external-dns.validateValues.pdns.apiUrl" -}} -{{- if and (eq .Values.provider "pdns") (not .Values.pdns.apiUrl) -}} -external-dns: pdns.apiUrl - You must provide the PowerDNS API URL when provider="pdns". - Please set the apiUrl parameter (--set pdns.apiUrl="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide the PowerDNS API key when provider is "pdns" -*/}} -{{- define "external-dns.validateValues.pdns.apiKey" -}} -{{- if and (eq .Values.provider "pdns") (not .Values.pdns.apiKey) (not .Values.pdns.secretName) -}} -external-dns: pdns.apiKey - You must provide the PowerDNS API key when provider="pdns". - Please set the apiKey parameter (--set pdns.apiKey="xxxx") -{{- end -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "external-dns.checkRollingTags" -}} -{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} -{{- end -}} - -{{/* -Validate values of Azure DNS: -- must provide the Azure Resource Group when provider is "azure" and tenantId is set -*/}} -{{- define "external-dns.validateValues.azure.resourceGroupWithoutTenantId" -}} -{{- if and (eq .Values.provider "azure") (not .Values.azure.resourceGroup) (not .Values.azure.secretName) .Values.azure.tenantId -}} -external-dns: azure.resourceGroup - You must provide the Azure Resource Group when provider="azure" and tenantId is set. - Please set the resourceGroup parameter (--set azure.resourceGroup="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure DNS: -- must provide the Azure Resource Group when provider is "azure" and subscriptionId is set -*/}} -{{- define "external-dns.validateValues.azure.resourceGroupWithoutSubscriptionId" -}} -{{- if and (eq .Values.provider "azure") (not .Values.azure.resourceGroup) (not .Values.azure.secretName) .Values.azure.subscriptionId -}} -external-dns: azure.resourceGroup - You must provide the Azure Resource Group when provider="azure" and subscriptionId is set. - Please set the resourceGroup parameter (--set azure.resourceGroup="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure DNS: -- must provide the Azure Tenant ID when provider is "azure" and secretName is not set and resourceGroup is set -*/}} -{{- define "external-dns.validateValues.azure.tenantIdWithoutResourceGroup" -}} -{{- if and (eq .Values.provider "azure") (not .Values.azure.tenantId) (not .Values.azure.secretName) .Values.azure.resourceGroup -}} -external-dns: azure.tenantId - You must provide the Azure Tenant ID when provider="azure" and resourceGroup is set. - Please set the tenantId parameter (--set azure.tenantId="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure DNS: -- must provide the Azure Tenant ID when provider is "azure" and secretName is not set and subscriptionId is set -*/}} -{{- define "external-dns.validateValues.azure.tenantIdWithoutSubscriptionId" -}} -{{- if and (eq .Values.provider "azure") (not .Values.azure.tenantId) (not .Values.azure.secretName) .Values.azure.subscriptionId -}} -external-dns: azure.tenantId - You must provide the Azure Tenant ID when provider="azure" and subscriptionId is set. - Please set the tenantId parameter (--set azure.tenantId="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure DNS: -- must provide the Azure Subscription ID when provider is "azure" and secretName is not set and resourceGroup is set -*/}} -{{- define "external-dns.validateValues.azure.subscriptionIdWithoutResourceGroup" -}} -{{- if and (eq .Values.provider "azure") (not .Values.azure.subscriptionId) (not .Values.azure.secretName) .Values.azure.resourceGroup -}} -external-dns: azure.subscriptionId - You must provide the Azure Subscription ID when provider="azure" and resourceGroup is set. - Please set the subscriptionId parameter (--set azure.subscriptionId="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure DNS: -- must provide the Azure Subscription ID when provider is "azure" and secretName is not set and tenantId is set -*/}} -{{- define "external-dns.validateValues.azure.subscriptionIdWithoutTenantId" -}} -{{- if and (eq .Values.provider "azure") (not .Values.azure.subscriptionId) (not .Values.azure.secretName) .Values.azure.tenantId -}} -external-dns: azure.subscriptionId - You must provide the Azure Subscription ID when provider="azure" and tenantId is set. - Please set the subscriptionId parameter (--set azure.subscriptionId="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure DNS: -- must not provide the Azure AAD Client ID when provider is "azure", secretName is not set and MSI is enabled -*/}} -{{- define "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientId" -}} -{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) .Values.azure.aadClientId .Values.azure.useManagedIdentityExtension -}} -external-dns: azure.useManagedIdentityExtension - You must not provide the Azure AAD Client ID when provider="azure" and useManagedIdentityExtension is "true". - Please unset the aadClientId parameter (--set azure.aadClientId="") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure DNS: -- must not provide the Azure AAD Client secret when provider is "azure", secretName is not set and MSI is enabled -*/}} -{{- define "external-dns.validateValues.azure.useManagedIdentityExtensionAadClientSecret" -}} -{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) .Values.azure.aadClientSecret .Values.azure.useManagedIdentityExtension -}} -external-dns: azure.useManagedIdentityExtension - You must not provide the Azure AAD Client Secret when provider="azure" and useManagedIdentityExtension is "true". - Please unset the aadClientSecret parameter (--set azure.aadClientSecret="") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure DNS: -- must enable the MSI when provider is "azure", secretName is not set and managed identity ID is set -*/}} -{{- define "external-dns.validateValues.azure.userAssignedIdentityIDWithoutUseManagedIdentityExtension" -}} -{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.useManagedIdentityExtension) .Values.azure.userAssignedIdentityID -}} -external-dns: azure.userAssignedIdentityID - You must enable the MSI when provider="azure" and userAssignedIdentityID is set. - Please set the useManagedIdentityExtension parameter (--set azure.useManagedIdentityExtension="true") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure DNS: -- must provide the Azure AAD Client ID when provider is "azure", secretName is not set and MSI is disabled and aadClientSecret is set -*/}} -{{- define "external-dns.validateValues.azure.aadClientId" -}} -{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.aadClientId) (not .Values.azure.useManagedIdentityExtension) .Values.azure.aadClientSecret -}} -external-dns: azure.aadClientId - You must provide the Azure AAD Client ID when provider="azure" and aadClientSecret is set and useManagedIdentityExtension is not set. - Please set the aadClientId parameter (--set azure.aadClientId="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure DNS: -- must provide the Azure AAD Client Secret when provider is "azure", secretName is not set and MSI is disabled and aadClientId is set -*/}} -{{- define "external-dns.validateValues.azure.aadClientSecret" -}} -{{- if and (eq .Values.provider "azure") (not .Values.azure.secretName) (not .Values.azure.aadClientSecret) (not .Values.azure.useManagedIdentityExtension) .Values.azure.aadClientId -}} -external-dns: azure.aadClientSecret - You must provide the Azure AAD Client Secret when provider="azure" and aadClientId is set and useManagedIdentityExtension is not set. - Please set the aadClientSecret parameter (--set azure.aadClientSecret="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure Private DNS: -- must provide the Azure AAD Client Secret when provider is "azure-private-dns", secretName is not set and useManagedIdentityExtension is "true" -*/}} -{{- define "external-dns.validateValues.azurePrivateDns.useManagedIdentityExtensionAadClientSecret" -}} -{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) .Values.azure.aadClientSecret .Values.azure.useManagedIdentityExtension -}} -external-dns: azure.useManagedIdentityExtension - You must not provide the Azure AAD Client Secret when provider="azure-private-dns", secretName is not set, and useManagedIdentityExtension is "true". - Please unset the aadClientSecret parameter (--set azure.aadClientSecret="") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure Private DNS: -- must enable the MSI when provider is "azure", secretName is not set and managed identity ID is set -*/}} -{{- define "external-dns.validateValues.azurePrivateDns.userAssignedIdentityIDWithoutUseManagedIdentityExtension" -}} -{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) (not .Values.azure.useManagedIdentityExtension) .Values.azure.userAssignedIdentityID -}} -external-dns: azure.userAssignedIdentityID - You must enable the MSI when provider="azure-private-dns" and userAssignedIdentityID is set. - Please set the useManagedIdentityExtension parameter (--set azure.useManagedIdentityExtension="true") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure Private DNS: -- must provide the Azure Resource Group when provider is "azure-private-dns" -- azure-private-dns provider does not use azure.json for specifying the resource group so it must be set -*/}} -{{- define "external-dns.validateValues.azurePrivateDns.resourceGroup" -}} -{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.resourceGroup) -}} -external-dns: azure.resourceGroup - You must provide the Azure Resource Group when provider="azure-private-dns". - Please set the resourceGroup parameter (--set azure.resourceGroup="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure Private DNS: -- must provide the Azure Tenant ID when provider is "azure-private-dns" -*/}} -{{- define "external-dns.validateValues.azurePrivateDns.tenantId" -}} -{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.tenantId) -}} -external-dns: azure.tenantId - You must provide the Azure Tenant ID when provider="azure-private-dns". - Please set the tenantId parameter (--set azure.tenantId="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure Private DNS: -- must provide the Azure Subscription ID when provider is "azure-private-dns" -*/}} -{{- define "external-dns.validateValues.azurePrivateDns.subscriptionId" -}} -{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.subscriptionId) -}} -external-dns: azure.subscriptionId - You must provide the Azure Subscription ID when provider="azure-private-dns". - Please set the subscriptionId parameter (--set azure.subscriptionId="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure Private DNS: -- must not provide the Azure AAD Client Secret when provider is "azure-private-dns", secretName is not set and MSI is enabled -*/}} -{{- define "external-dns.validateValues.azurePrivateDns.useManagedIdentityExtensionAadClientId" -}} -{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) .Values.azure.aadClientId .Values.azure.useManagedIdentityExtension -}} -external-dns: azure.useManagedIdentityExtension - You must not provide the Azure AAD Client ID when provider="azure-private-dns" and useManagedIdentityExtension is "true". - Please unset the aadClientId parameter (--set azure.aadClientId="") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure Private DNS: -- must provide the Azure AAD Client ID when provider is "azure-private-dns", secret name is not set and MSI is disabled -*/}} -{{- define "external-dns.validateValues.azurePrivateDns.aadClientId" -}} -{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) (not .Values.azure.aadClientId) (not .Values.azure.useManagedIdentityExtension) (not .Values.azure.userAssignedIdentityID) -}} -external-dns: azure.useManagedIdentityExtension - You must provide the Azure AAD Client ID when provider="azure-private-dns" and useManagedIdentityExtension is not set. - Please set the aadClientSecret parameter (--set azure.aadClientId="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of Azure Private DNS: -- must provide the Azure AAD Client Secret when provider is "azure-private-dns", secretName is not set and MSI is disabled -*/}} -{{- define "external-dns.validateValues.azurePrivateDns.aadClientSecret" -}} -{{- if and (eq .Values.provider "azure-private-dns") (not .Values.azure.secretName) (not .Values.azure.aadClientSecret) (not .Values.azure.useManagedIdentityExtension) (not .Values.azure.userAssignedIdentityID) -}} -external-dns: azure.useManagedIdentityExtension - You must provide the Azure AAD Client Secret when provider="azure-private-dns" and useManagedIdentityExtension is not set. - Please set the aadClientSecret parameter (--set azure.aadClientSecret="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of TransIP DNS: -- must provide the account name when provider is "transip" -*/}} -{{- define "external-dns.validateValues.transip.account" -}} -{{- if and (eq .Values.provider "transip") (not .Values.transip.account) -}} -external-dns: transip.account - You must provide the TransIP account name when provider="transip". - Please set the account parameter (--set transip.account="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide an API token when provider is "hetzner" -*/}} -{{- define "external-dns.validateValues.hetzner" -}} -{{- if and (eq .Values.provider "hetzner") (or (not .Values.hetzner.token) (not .Values.hetzner.secretName)) -}} -external-dns: hetzner.token - You must provide the a Hetzner API Token when provider="hetzner". - Please set the token parameter (--set hetzner.token="xxxx") - or specify a secret that contains an API token. (--set hetzner.secretName="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of TransIP DNS: -- must provide the API key when provider is "transip" -*/}} -{{- define "external-dns.validateValues.transip.apiKey" -}} -{{- if and (eq .Values.provider "transip") (not .Values.transip.apiKey) -}} -external-dns: transip.apiKey - You must provide the TransIP API key when provider="transip". - Please set the apiKey parameter (--set transip.apiKey="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide the Linode API token when provider is "linode" -*/}} -{{- define "external-dns.validateValues.linode.apiToken" -}} -{{- if and (eq .Values.provider "linode") (not .Values.linode.apiToken) (not .Values.linode.secretName) -}} -external-dns: linode.apiToken - You must provide the Linode API token when provider="linode". - Please set the apiToken parameter (--set linode.apiToken="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide the OVH consumer key when provider is "ovh" -*/}} -{{- define "external-dns.validateValues.ovh.consumerKey" -}} -{{- if and (eq .Values.provider "ovh") (not .Values.ovh.consumerKey) (not .Values.ovh.secretName) -}} -external-dns: ovh.consumerKey - You must provide the OVH consumer key when provider="ovh". - Please set the consumerKey parameter (--set ovh.consumerKey="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide the OVH application key when provider is "ovh" -*/}} -{{- define "external-dns.validateValues.ovh.applicationKey" -}} -{{- if and (eq .Values.provider "ovh") (not .Values.ovh.applicationKey) (not .Values.ovh.secretName) -}} -external-dns: ovh.applicationKey - You must provide the OVH appliciation key when provider="ovh". - Please set the applicationKey parameter (--set ovh.applicationKey="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide the OVH application secret when provider is "ovh" -*/}} -{{- define "external-dns.validateValues.ovh.applicationSecret" -}} -{{- if and (eq .Values.provider "ovh") (not .Values.ovh.applicationSecret) (not .Values.ovh.secretName) -}} -external-dns: ovh.applicationSecret - You must provide the OVH appliciation secret key when provider="ovh". - Please set the applicationSecret parameter (--set ovh.applicationSecret="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of RFC2136 DNS: -- Must provide the kerberos realm when provider is rfc2136 and rfc3645Enabled is true -*/}} -{{- define "external-dns.validateValues.rfc2136.kerberosRealm" -}} -{{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled (not .Values.rfc2136.kerberosRealm) -}} -external-dns: rfc2136.kerberosRealm - You must provide the kerberos realm when provider is rfc2136 and rfc3645Enabled is true - Please set the kerberosRealm parameter (--set rfc2136.kerberosRealm="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of RFC2136 DNS: -- Must provide the kerberos config when provider is rfc2136 and rfc3645Enabled is true -*/}} -{{- define "external-dns.validateValues.rfc2136.kerberosConfig" -}} -{{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled (not .Values.rfc2136.kerberosConfig) -}} -external-dns: rfc2136.kerberosConfig - You must provide the kerberos config when provider is rfc2136 and rfc3645Enabled is true - Please set the kerberosConfig parameter (--set-file rfc2136.kerberosConfig="path/to/krb5.conf") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide the Scaleway access key when provider is "scaleway" -*/}} -{{- define "external-dns.validateValues.scaleway.scwAccessKey" -}} -{{- if and (eq .Values.provider "scaleway") (not .Values.scaleway.scwAccessKey) -}} -external-dns: scaleway.scwAccessKey - You must provide the Scaleway access key when provider="scaleway". - Please set the scwAccessKey parameter (--set scaleway.scwAccessKey="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide the scaleway secret key when provider is "scaleway" -*/}} -{{- define "external-dns.validateValues.scaleway.scwSecretKey" -}} -{{- if and (eq .Values.provider "scaleway") (not .Values.scaleway.scwSecretKey) -}} -external-dns: scaleway.scwSecretKey - You must provide the scaleway secret key when provider="scaleway". - Please set the scwSecretKey parameter (--set scaleway.scwSecretKey="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Validate values of External DNS: -- must provide the scaleway organization id when provider is "scaleway" -*/}} -{{- define "external-dns.validateValues.scaleway.scwDefaultOrganizationId" -}} -{{- if and (eq .Values.provider "scaleway") (not .Values.scaleway.scwDefaultOrganizationId) -}} -external-dns: scaleway.scwDefaultOrganizationId - You must provide the scaleway organization id key when provider="scaleway". - Please set the scwDefaultOrganizationId parameter (--set scaleway.scwDefaultOrganizationId="xxxx") -{{- end -}} -{{- end -}} - -{{/* -Return the ExternalDNS service account name -*/}} -{{- define "external-dns.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "external-dns.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Return the ExternalDNS namespace to be used -*/}} -{{- define "external-dns.namespace" -}} -{{- if and .Values.rbac.create (not .Values.rbac.clusterRole) -}} - {{ default .Release.Namespace .Values.namespace }} -{{- else -}} - {{ .Values.namespace }} -{{- end -}} -{{- end -}} - -{{/* -Return the secret containing external-dns TLS certificates -*/}} -{{- define "external-dns.tlsSecretName" -}} -{{- if .Values.coredns.etcdTLS.autoGenerated -}} - {{- printf "%s-crt" (include "external-dns.fullname" .) -}} -{{- else -}} -{{- $secretName := .Values.coredns.etcdTLS.secretName -}} -{{- printf "%s" (tpl $secretName $) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "external-dns.tlsCACert" -}} -{{- if .Values.coredns.etcdTLS.autoGenerated }} - {{- printf "ca.crt" -}} -{{- else -}} - {{- printf "%s" .Values.coredns.etcdTLS.caFilename -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "external-dns.tlsCert" -}} -{{- if .Values.coredns.etcdTLS.autoGenerated }} - {{- printf "tls.crt" -}} -{{- else -}} - {{- printf "%s" .Values.coredns.etcdTLS.certFilename -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "external-dns.tlsCertKey" -}} -{{- if .Values.coredns.etcdTLS.autoGenerated }} - {{- printf "tls.key" -}} -{{- else -}} - {{- printf "%s" .Values.coredns.etcdTLS.keyFilename -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "external-dns.createTlsSecret" -}} -{{- if and .Values.coredns.etcdTLS.enabled .Values.coredns.etcdTLS.autoGenerated }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/external-dns/templates/clusterrole.yaml b/bitnami/external-dns/templates/clusterrole.yaml deleted file mode 100644 index 247b1f3..0000000 --- a/bitnami/external-dns/templates/clusterrole.yaml +++ /dev/null @@ -1,120 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.clusterRole }} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRole -metadata: - name: {{ template "external-dns.fullname" . }} - labels: {{ include "external-dns.labels" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - services - - pods - - nodes - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - "networking.k8s.io" - - getambassador.io - resources: - - ingresses - - hosts - verbs: - - get - - list - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - get - - list - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - - virtualservices - verbs: - - get - - list - - watch - - apiGroups: - - zalando.org - resources: - - routegroups - verbs: - - get - - list - - watch - - apiGroups: - - zalando.org - resources: - - routegroups/status - verbs: - - patch - - update - - apiGroups: - - projectcontour.io - resources: - - httpproxies - verbs: - - get - - watch - - list - - apiGroups: - - gloo.solo.io - - gateway.solo.io - resources: - - proxies - - virtualservices - verbs: - - get - - list - - watch - - apiGroups: - - configuration.konghq.com - resources: - - tcpingresses - verbs: - - get - - list - - watch - {{- if or .Values.crd.create .Values.crd.apiversion }} - - apiGroups: - {{- if .Values.crd.create }} - - externaldns.k8s.io - {{- else }} - - {{ $api := splitn "/" 2 .Values.crd.apiversion }}{{ $api._0 }} - {{- end }} - resources: - {{- if .Values.crd.create }} - - dnsendpoints - {{- else }} - - {{ printf "%ss" (.Values.crd.kind | lower) }} - {{- end }} - verbs: - - get - - list - - watch - - apiGroups: - {{- if .Values.crd.create }} - - externaldns.k8s.io - {{- else }} - - {{ $api := splitn "/" 2 .Values.crd.apiversion }}{{ $api._0 }} - {{- end }} - resources: - {{- if .Values.crd.create }} - - dnsendpoints/status - {{- else }} - - {{ printf "%ss/status" (.Values.crd.kind | lower) }} - {{- end }} - verbs: - - update - {{- end }} -{{- end }} diff --git a/bitnami/external-dns/templates/clusterrolebinding.yaml b/bitnami/external-dns/templates/clusterrolebinding.yaml deleted file mode 100644 index fd7d137..0000000 --- a/bitnami/external-dns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.clusterRole }} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRoleBinding -metadata: - name: {{ template "external-dns.fullname" . }} - labels: {{ include "external-dns.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "external-dns.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "external-dns.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/external-dns/templates/configmap.yaml b/bitnami/external-dns/templates/configmap.yaml deleted file mode 100644 index 3aa3fd2..0000000 --- a/bitnami/external-dns/templates/configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if (include "external-dns.createConfigMap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "external-dns.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{ include "external-dns.labels" . | nindent 4 }} -data: -{{- if .Values.designate.customCA.enabled }} - {{ .Values.designate.customCA.filename }}: | -{{ .Values.designate.customCA.content | indent 4 }} -{{- end }} -{{- if .Values.rfc2136.rfc3645Enabled }} - krb5.conf: | -{{ .Values.rfc2136.kerberosConfig | indent 4 }} -{{- end }} -{{- end }} diff --git a/bitnami/external-dns/templates/crd.yaml b/bitnami/external-dns/templates/crd.yaml deleted file mode 100644 index a50a1a9..0000000 --- a/bitnami/external-dns/templates/crd.yaml +++ /dev/null @@ -1,94 +0,0 @@ -{{- if .Values.crd.create }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.5.0 - api-approved.kubernetes.io: "https://github.com/kubernetes-sigs/external-dns/pull/2007" - creationTimestamp: null - name: dnsendpoints.externaldns.k8s.io -spec: - group: externaldns.k8s.io - names: - kind: DNSEndpoint - listKind: DNSEndpointList - plural: dnsendpoints - singular: dnsendpoint - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DNSEndpointSpec defines the desired state of DNSEndpoint - properties: - endpoints: - items: - description: Endpoint is a high-level way of a connection between a service and an IP - properties: - dnsName: - description: The hostname of the DNS record - type: string - labels: - additionalProperties: - type: string - description: Labels stores labels defined for the Endpoint - type: object - providerSpecific: - description: ProviderSpecific stores provider specific config - items: - description: ProviderSpecificProperty holds the name and value of a configuration which is specific to individual DNS providers - properties: - name: - type: string - value: - type: string - type: object - type: array - recordTTL: - description: TTL for the record - format: int64 - type: integer - recordType: - description: RecordType type of record, e.g. CNAME, A, SRV, TXT etc - type: string - setIdentifier: - description: Identifier to distinguish multiple records with the same name and type (e.g. Route53 records with routing policies other than 'simple') - type: string - targets: - description: The targets the DNS record points to - items: - type: string - type: array - type: object - type: array - type: object - status: - description: DNSEndpointStatus defines the observed state of DNSEndpoint - properties: - observedGeneration: - description: The generation observed by the external-dns controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] -{{- end }} diff --git a/bitnami/external-dns/templates/deployment.yaml b/bitnami/external-dns/templates/deployment.yaml deleted file mode 100644 index db48d28..0000000 --- a/bitnami/external-dns/templates/deployment.yaml +++ /dev/null @@ -1,660 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "external-dns.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{ include "external-dns.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }} - template: - metadata: - labels: {{ include "external-dns.labels" . | nindent 8 }} - annotations: - {{- if or .Values.podAnnotations .Values.metrics.enabled }} - {{- include "external-dns.podAnnotations" . | trim | nindent 8 }} - {{- end }} - {{- if (include "external-dns.createSecret" .) }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- end }} - {{- if and (eq .Values.provider "designate") .Values.designate.customCA.enabled }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - spec: - {{- include "external-dns.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext }} - securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "external-dns.serviceAccountName" . }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - containers: - - name: external-dns - image: "{{ template "external-dns.image" . }}" - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - args: - # Generic arguments - {{- if .Values.logLevel }} - - --log-level={{ .Values.logLevel }} - {{- end }} - {{- if .Values.logFormat }} - - --log-format={{ .Values.logFormat }} - {{- end }} - {{- if .Values.dryRun }} - - --dry-run - {{- end }} - {{- if .Values.triggerLoopOnEvent }} - - --events - {{- end }} - {{- if (include "external-dns.namespace" .) }} - - --namespace={{ template "external-dns.namespace" . }} - {{- end }} - {{- if .Values.fqdnTemplates }} - - --fqdn-template={{ join "," .Values.fqdnTemplates }}{{/* Explicitly wants comma separated list */}} - {{- end }} - {{- if .Values.combineFQDNAnnotation }} - - --combine-fqdn-annotation - {{- end }} - {{- if and .Values.ignoreHostnameAnnotation .Values.fqdnTemplates }} - - --ignore-hostname-annotation - {{- end }} - {{- if .Values.publishInternalServices }} - - --publish-internal-services - {{- end }} - {{- if .Values.publishHostIP }} - - --publish-host-ip - {{- end }} - {{- range .Values.serviceTypeFilter }} - - --service-type-filter={{ . }} - {{- end }} - {{- range .Values.domainFilters }} - - --domain-filter={{ . }} - {{- end }} - {{- range .Values.excludeDomains }} - - --exclude-domains={{ . }} - {{- end }} - {{- if .Values.regexDomainFilter }} - - --regex-domain-filter={{ .Values.regexDomainFilter }} - {{- end }} - {{- if .Values.regexDomainExclusion }} - - --regex-domain-exclusion={{ .Values.regexDomainExclusion }} - {{- end }} - {{- range .Values.zoneNameFilters }} - - --zone-name-filter={{ . }} - {{- end }} - {{- range .Values.zoneIdFilters }} - - --zone-id-filter={{ . }} - {{- end }} - - --policy={{ .Values.policy }} - - --provider={{ .Values.provider }} - - --registry={{ .Values.registry }} - - --interval={{ .Values.interval }} - {{- if or (ne .Values.registry "aws-sd") .Values.forceTxtOwnerId }} - {{- if .Values.txtOwnerId }} - - --txt-owner-id={{ .Values.txtOwnerId }} - {{- end }} - {{- end }} - {{- if eq .Values.registry "txt" }} - {{- if .Values.txtPrefix }} - - --txt-prefix={{ .Values.txtPrefix }} - {{- end }} - {{- if .Values.txtSuffix }} - - --txt-suffix={{ .Values.txtSuffix }} - {{- end }} - {{- end }} - {{- if .Values.annotationFilter }} - - --annotation-filter={{ .Values.annotationFilter }} - {{- end }} - {{- if .Values.crd.apiversion }} - - --crd-source-apiversion={{ .Values.crd.apiversion }} - {{- end }} - {{- if .Values.crd.kind }} - - --crd-source-kind={{ .Values.crd.kind }} - {{- end }} - {{- range .Values.sources }} - - --source={{ . }} - {{- end }} - {{- if eq .Values.provider "alibabacloud" }} - # Alibaba Cloud arguments - {{- if or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName }} - - --alibaba-cloud-config-file=/etc/kubernetes/alibaba-cloud.json - {{- else }} - - --alibaba-cloud-config-file= - {{- end }} - {{- if .Values.alibabacloud.zoneType }} - - --alibaba-cloud-zone-type={{ .Values.alibabacloud.zoneType }} - {{- end }} - {{- end }} - {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} - # AWS arguments - {{- if .Values.aws.apiRetries }} - - --aws-api-retries={{ .Values.aws.apiRetries }} - {{- end }} - - --aws-zone-type={{ .Values.aws.zoneType }} - {{- if .Values.aws.assumeRoleArn }} - - --aws-assume-role={{ .Values.aws.assumeRoleArn }} - {{- end }} - {{- if .Values.aws.batchChangeSize }} - - --aws-batch-change-size={{ .Values.aws.batchChangeSize }} - {{- end }} - {{- end }} - {{- range .Values.aws.zoneTags }} - - --aws-zone-tags={{ . }} - {{- end }} - {{- if .Values.aws.preferCNAME }} - - --aws-prefer-cname - {{- end }} - {{- if and (kindIs "bool" .Values.aws.evaluateTargetHealth) (not .Values.aws.evaluateTargetHealth) }} - - --no-aws-evaluate-target-health - {{- end }} - {{- if or (and (eq .Values.provider "azure") (not .Values.azure.secretName)) (eq .Values.provider "azure-private-dns") }} - # Azure Arguments - {{- if .Values.azure.resourceGroup }} - - --azure-resource-group={{ .Values.azure.resourceGroup }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "azure-private-dns" }} - {{- if .Values.azure.subscriptionId }} - - --azure-subscription-id={{ .Values.azure.subscriptionId }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "cloudflare" }} - # Cloudflare arguments - {{- if .Values.cloudflare.proxied }} - - --cloudflare-proxied - {{- end }} - {{- end }} - {{- if eq .Values.provider "google" }} - # Google Arguments - {{- if .Values.google.project }} - - --google-project={{ .Values.google.project }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "infoblox" }} - # Infloblox Arguments - - --infoblox-grid-host={{ .Values.infoblox.gridHost }} - - --infoblox-view={{ .Values.infoblox.view }} - {{- if .Values.infoblox.domainFilter }} - - --domain-filter={{ .Values.infoblox.domainFilter }} - {{- end }} - {{- if .Values.infoblox.wapiPort }} - - --infoblox-wapi-port={{ .Values.infoblox.wapiPort }} - {{- end }} - {{- if .Values.infoblox.wapiVersion }} - - --infoblox-wapi-version={{ .Values.infoblox.wapiVersion }} - {{- end }} - {{- if .Values.infoblox.noSslVerify }} - - --no-infoblox-ssl-verify - {{- else }} - - --infoblox-ssl-verify - {{- end }} - {{- if .Values.infoblox.maxResults }} - - --infoblox-max-results={{ .Values.infoblox.maxResults }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "ns1" }} - # ns1 arguments - - --ns1-min-ttl={{ .Values.ns1.minTTL }} - {{- end }} - {{- if eq .Values.provider "rfc2136" }} - # RFC 2136 arguments - - --rfc2136-host={{ required "rfc2136.host must be supplied for provider 'rfc2136'" .Values.rfc2136.host }} - - --rfc2136-port={{ .Values.rfc2136.port }} - - --rfc2136-zone={{ required "rfc2136.zone must be supplied for provider 'rfc2136'" .Values.rfc2136.zone }} - - --rfc2136-min-ttl={{ .Values.rfc2136.minTTL }} - {{- if .Values.rfc2136.tsigAxfr }} - - --rfc2136-tsig-axfr - {{- end }} - {{- if .Values.rfc2136.rfc3645Enabled }} - - --rfc2136-gss-tsig - - --rfc2136-kerberos-realm={{ .Values.rfc2136.kerberosRealm }} - {{- else }} - {{- if .Values.rfc2136.tsigKeyname }} - - --rfc2136-tsig-secret-alg={{ .Values.rfc2136.tsigSecretAlg }} - - --rfc2136-tsig-keyname={{ .Values.rfc2136.tsigKeyname }} - {{- else }} - - --rfc2136-insecure - {{- end }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "pdns" }} - # PowerDNS arguments - - --pdns-server={{ .Values.pdns.apiUrl }}:{{ .Values.pdns.apiPort }} - - --pdns-api-key=$(PDNS_API_KEY) - {{- end }} - {{- if eq .Values.provider "transip" }} - # TransIP arguments - - --transip-account={{ .Values.transip.account }} - - --transip-keyfile=/transip/transip-api-key - {{- end }} - {{- range $key, $value := .Values.extraArgs }} - # Extra arguments - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - env: - {{- if or (eq .Values.provider "aws") (eq .Values.provider "aws-sd") }} - # AWS environment variables - {{- if .Values.aws.region }} - - name: AWS_DEFAULT_REGION - value: {{ .Values.aws.region }} - {{- end }} - {{- if .Values.aws.roleArn }} - - name: AWS_CONFIG_FILE - value: {{ .Values.aws.credentials.mountPath }}/config - {{- end }} - {{- if and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey }} - - name: AWS_SHARED_CREDENTIALS_FILE - value: {{ .Values.aws.credentials.mountPath }}/credentials - {{- end }} - {{- end }} - {{- if eq .Values.provider "cloudflare" }} - # Cloudflare environment variables - - name: CF_API_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: cloudflare_api_token - optional: true - - name: CF_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: cloudflare_api_key - optional: true - - name: CF_API_EMAIL - value: {{ .Values.cloudflare.email | quote }} - {{- end }} - {{- if eq .Values.provider "coredns" }} - # CoreDNS environment variables - - name: ETCD_URLS - value: {{ .Values.coredns.etcdEndpoints | quote }} - {{- if .Values.coredns.etcdTLS.enabled }} - - name: ETCD_CERT_FILE - value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCert" . }} - - name: ETCD_KEY_FILE - value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCertKey" . }} - - name: ETCD_CA_FILE - value: {{ .Values.coredns.etcdTLS.mountPath }}/{{ include "external-dns.tlsCACert" . }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "designate" }} - # Designate environment variables - {{- if .Values.designate.customCA.enabled }} - - name: OPENSTACK_CA_FILE - value: {{ .Values.designate.customCA.mountPath }}/{{ .Values.designate.customCA.filename }} - {{- else if .Values.designate.customCAHostPath }} - - name: OPENSTACK_CA_FILE - value: {{ .Values.designate.customCAHostPath }} - {{- end }} - {{- if .Values.designate.username}} - - name: OS_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: designate_username - {{- end }} - {{- if .Values.designate.password}} - - name: OS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: designate_password - {{- end }} - {{- if .Values.designate.authUrl }} - - name: OS_AUTH_URL - value: {{ .Values.designate.authUrl }} - {{- end }} - {{- if .Values.designate.regionName }} - - name: OS_REGION_NAME - value: {{ .Values.designate.regionName }} - {{- end }} - {{- if .Values.designate.userDomainName }} - - name: OS_USER_DOMAIN_NAME - value: {{ .Values.designate.userDomainName }} - {{- end }} - {{- if .Values.designate.projectName }} - - name: OS_PROJECT_NAME - value: {{ .Values.designate.projectName }} - {{- end }} - {{- end }} - {{- if and (eq .Values.provider "digitalocean") (or .Values.digitalocean.apiToken .Values.digitalocean.secretName) }} - # DigitalOcean environment variables - - name: DO_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: digitalocean_api_token - {{- end }} - {{- if eq .Values.provider "google" }} - # Google environment variables - {{- if or .Values.google.serviceAccountSecret .Values.google.serviceAccountKey }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /etc/secrets/service-account/credentials.json - {{- end }} - {{- end }} - {{- if eq .Values.provider "hetzner" }} - # Hetzner environment variables - {{- if .Values.hetzner.secretName }} - - name: HETZNER_TOKEN - valueFrom: - secretKeyRef: - name: {{ .Values.hetzner.secretName }} - key: {{ .Values.hetzner.secretKey }} - {{- else }} - - name: HETZNER_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: hetzner_token - {{- end }} - {{- end }} - {{- if eq .Values.provider "linode" }} - # Linode environment variables - {{- if or (.Values.linode.apiToken) (.Values.linode.secretName) }} - - name: LINODE_TOKEN - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: linode_api_token - {{- end }} - {{- end }} - {{- if eq .Values.provider "ovh" }} - # OVH environment variables - {{- if or (.Values.ovh.consumerKey) (.Values.ovh.secretName) }} - - name: OVH_CONSUMER_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: ovh_consumer_key - {{- end }} - {{- if or (.Values.ovh.applicationKey) (.Values.ovh.secretName) }} - - name: OVH_APPLICATION_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: ovh_application_key - {{- end }} - {{- if or (.Values.ovh.applicationSecret) (.Values.ovh.secretName) }} - - name: OVH_APPLICATION_SECRET - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: ovh_application_secret - {{- end }} - {{- end }} - {{- if eq .Values.provider "scaleway" }} - # Scaleway environment variables - {{- if .Values.scaleway.scwAccessKey }} - - name: SCW_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: scw_access_key - {{- end }} - {{- if .Values.scaleway.scwSecretKey }} - - name: SCW_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: scw_secret_key - {{- end }} - {{- if .Values.scaleway.scwDefaultOrganizationId }} - - name: SCW_DEFAULT_ORGANIZATION_ID - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: scw_default_organization_id - {{- end }} - {{- end }} - {{- if eq .Values.provider "infoblox" }} - # Infloblox environment variables - {{- if .Values.infoblox.wapiConnectionPoolSize }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS - value: "{{ .Values.infoblox.wapiConnectionPoolSize }}" - {{- end }} - {{- if .Values.infoblox.wapiHttpTimeout }} - - name: EXTERNAL_DNS_INFOBLOX_HTTP_REQUEST_TIMEOUT - value: "{{ .Values.infoblox.wapiHttpTimeout }}" - {{- end }} - {{- if or (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) (.Values.infoblox.secretName) }} - - name: EXTERNAL_DNS_INFOBLOX_WAPI_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: infoblox_wapi_username - - name: EXTERNAL_DNS_INFOBLOX_WAPI_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: infoblox_wapi_password - {{- end }} - {{- end }} - {{- if .Values.rfc2136.tsigSecret | or (and .Values.rfc2136.kerberosUsername .Values.rfc2136.kerberosPassword) | or .Values.rfc2136.secretName }} - # RFC 2136 environment variables - {{- if .Values.rfc2136.rfc3645Enabled }} - - name: EXTERNAL_DNS_RFC2136_KERBEROS_USERNAME - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: rfc2136_kerberos_username - - name: EXTERNAL_DNS_RFC2136_KERBEROS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: rfc2136_kerberos_password - {{- else }} - - name: EXTERNAL_DNS_RFC2136_TSIG_SECRET - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: rfc2136_tsig_secret - {{- end }} - {{- end }} - {{- if eq .Values.provider "pdns" }} - # PowerDNS environment variables - - name: PDNS_API_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: pdns_api_key - {{- end }} - {{- if eq .Values.provider "vinyldns" }} - # VinylDNS environment variables - {{- if .Values.vinyldns.host }} - - name: VINYLDNS_HOST - value: {{ .Values.vinyldns.host }} - {{- end }} - {{- if .Values.vinyldns.accessKey }} - - name: VINYLDNS_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: vinyldns-access-key - {{- end }} - {{- if .Values.vinyldns.secretKey }} - - name: VINYLDNS_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ template "external-dns.secretName" . }} - key: vinyldns-secret-key - {{- end }} - {{- end }} - {{- if .Values.extraEnv }} - # Extra environment variables - {{- toYaml .Values.extraEnv | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.service.port }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.readinessProbe "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.livenessProbe "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{ toYaml .Values.securityContext | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }} - # Alibaba Cloud mountPath(s) - - name: alibabacloud-config-file - mountPath: /etc/kubernetes/ - readOnly: true - {{- end }} - {{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }} - # AWS mountPath(s) - - name: aws-credentials - mountPath: {{ .Values.aws.credentials.mountPath }} - readOnly: true - {{- end }} - {{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }} - # Azure mountPath(s) - - name: azure-config-file - {{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }} - mountPath: /etc/kubernetes/ - {{- else if not .Values.azure.useManagedIdentityExtension }} - mountPath: /etc/kubernetes/azure.json - {{- end }} - readOnly: true - {{- end }} - {{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }} - # CoreDNS mountPath(s) - - name: {{ include "external-dns.tlsSecretName" . }} - mountPath: {{ .Values.coredns.etcdTLS.mountPath }} - readOnly: true - {{- end }} - {{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }} - # Google mountPath(s) - - name: google-service-account - mountPath: /etc/secrets/service-account/ - {{- end }} - {{- if eq .Values.provider "designate" }} - # Designate mountPath(s) - {{- if and (.Values.designate.customCAHostPath) (.Values.designate.customCA.enabled) }} - {{- fail "designate.customCAHostPath cannot be specified with designate.customCA.enabled set to true"}} - {{- else if .Values.designate.customCA.enabled }} - - name: designate-custom-ca - mountPath: {{ .Values.designate.customCA.mountPath }} - readOnly: true - {{- else if .Values.designate.customCAHostPath }} - - name: designate-custom-ca-hostpath - mountPath: {{ .Values.designate.customCAHostPath }} - readOnly: true - {{- end }} - {{- end }} - {{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }} - - name: krb5config - mountPath: /etc/krb5.conf - subPath: krb5.conf - {{- end}} - {{- if (eq .Values.provider "transip") }} - # TransIP mountPath(s) - - name: transip-api-key - mountPath: /transip - readOnly: true - {{- end }} - {{- if .Values.extraVolumeMounts }} - # Extra volume mount(s) - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - volumes: - {{- if and (eq .Values.provider "alibabacloud") (or (and .Values.alibabacloud.accessKeyId .Values.alibabacloud.accessKeySecret) .Values.alibabacloud.secretName) }} - # Alibaba Cloud volume(s) - - name: alibabacloud-config-file - secret: - secretName: {{ template "external-dns.secretName" . }} - {{- end }} - {{- if and (eq .Values.provider "aws") (or (and .Values.aws.credentials.secretKey .Values.aws.credentials.accessKey) .Values.aws.credentials.secretName) }} - # AWS volume(s) - - name: aws-credentials - secret: - secretName: {{ template "external-dns.secretName" . }} - {{- end }} - {{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }} - # Azure and Azure Private DNS volume(s) - - name: azure-config-file - {{- if or .Values.azure.secretName (and .Values.azure.resourceGroup .Values.azure.tenantId .Values.azure.subscriptionId) }} - secret: - secretName: {{ template "external-dns.secretName" . }} - {{- else if not .Values.azure.useManagedIdentityExtension }} - hostPath: - path: /etc/kubernetes/azure.json - type: File - {{- end }} - {{- end }} - {{- if and (eq .Values.provider "coredns") (.Values.coredns.etcdTLS.enabled) }} - # CoreDNS volume(s) - - name: {{ include "external-dns.tlsSecretName" . }} - secret: - secretName: {{ include "external-dns.tlsSecretName" . }} - defaultMode: 400 - {{- end }} - {{- if and (eq .Values.provider "google") (or .Values.google.serviceAccountKey .Values.google.serviceAccountSecret) }} - # Google volume(s) - - name: google-service-account - secret: - secretName: {{ template "external-dns.secretName" . }} - {{- if and .Values.google.serviceAccountSecret .Values.google.serviceAccountSecretKey }} - items: - - key: {{ .Values.google.serviceAccountSecretKey | quote }} - path: credentials.json - {{- end }} - {{- end }} - {{- if eq .Values.provider "designate" }} - # Designate volume(s) - {{- if .Values.designate.customCA.enabled }} - - name: designate-custom-ca - configMap: - name: {{ template "external-dns.fullname" . }} - items: - - key: {{ .Values.designate.customCA.filename }} - path: {{ .Values.designate.customCA.filename }} - {{- else if .Values.designate.customCAHostPath }} - - name: designate-custom-ca-hostpath - hostPath: - path: {{ .Values.designate.customCAHostPath }} - {{- end }} - {{- end }} - {{- if and (eq .Values.provider "rfc2136") .Values.rfc2136.rfc3645Enabled }} - # Kerberos config volume - - name: krb5config - configMap: - name: {{ template "external-dns.fullname" . }} - items: - - key: "krb5.conf" - path: "krb5.conf" - {{- end }} - {{- if (eq .Values.provider "transip") }} - # TransIP volume(s) - - name: transip-api-key - secret: - secretName: {{ template "external-dns.fullname" . }} - {{- end }} - {{- if .Values.extraVolumes }} - # Extra volume(s) - {{- toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} diff --git a/bitnami/external-dns/templates/pdb.yaml b/bitnami/external-dns/templates/pdb.yaml deleted file mode 100644 index ac06990..0000000 --- a/bitnami/external-dns/templates/pdb.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.podDisruptionBudget -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "external-dns.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{ include "external-dns.labels" . | nindent 4 }} -spec: - selector: - matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }} -{{- include "common.tplvalues.render" (dict "value" .Values.podDisruptionBudget "context" $) | nindent 2 }} -{{- end -}} diff --git a/bitnami/external-dns/templates/psp-clusterrole.yaml b/bitnami/external-dns/templates/psp-clusterrole.yaml deleted file mode 100644 index 3bebb5f..0000000 --- a/bitnami/external-dns/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -kind: ClusterRole -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "external-dns.fullname" . }}-psp - labels: {{ include "external-dns.labels" . | nindent 4 }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "external-dns.fullname" . }} -{{- end }} diff --git a/bitnami/external-dns/templates/psp-clusterrolebinding.yaml b/bitnami/external-dns/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index 0d1678d..0000000 --- a/bitnami/external-dns/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ template "external-dns.fullname" . }}-psp - labels: {{ include "external-dns.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "external-dns.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "external-dns.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/external-dns/templates/psp.yaml b/bitnami/external-dns/templates/psp.yaml deleted file mode 100644 index 4648e2a..0000000 --- a/bitnami/external-dns/templates/psp.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "external-dns.fullname" . }} - labels: {{ include "external-dns.labels" . | nindent 4 }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'hostPath' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 -{{- end }} diff --git a/bitnami/external-dns/templates/role.yaml b/bitnami/external-dns/templates/role.yaml deleted file mode 100644 index 4af9fc2..0000000 --- a/bitnami/external-dns/templates/role.yaml +++ /dev/null @@ -1,112 +0,0 @@ -{{- if and .Values.rbac.create (not .Values.rbac.clusterRole) }} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: Role -metadata: - name: {{ template "external-dns.fullname" . }} - namespace: {{ template "external-dns.namespace" . }} - labels: {{ include "external-dns.labels" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - services - - pods - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - - "networking.k8s.io" - - getambassador.io - resources: - - ingresses - - hosts - verbs: - - get - - list - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - get - - list - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - - virtualservices - verbs: - - get - - list - - watch - - apiGroups: - - zalando.org - resources: - - routegroups - verbs: - - get - - list - - watch - - apiGroups: - - zalando.org - resources: - - routegroups/status - verbs: - - patch - - update - - apiGroups: - - projectcontour.io - resources: - - httpproxies - verbs: - - get - - watch - - list - - apiGroups: - - gloo.solo.io - - gateway.solo.io - resources: - - proxies - - virtualservices - verbs: - - get - - list - - watch - {{- if or .Values.crd.create .Values.crd.apiversion }} - - apiGroups: - {{- if .Values.crd.create }} - - externaldns.k8s.io - {{- else }} - - {{ $api := splitn "/" 2 .Values.crd.apiversion }}{{ $api._0 }} - {{- end }} - resources: - {{- if .Values.crd.create }} - - dnsendpoints - {{- else }} - - {{ printf "%ss" (.Values.crd.kind | lower) }} - {{- end }} - verbs: - - get - - list - - watch - - apiGroups: - {{- if .Values.crd.create }} - - externaldns.k8s.io - {{- else }} - - {{ $api := splitn "/" 2 .Values.crd.apiversion }}{{ $api._0 }} - {{- end }} - resources: - {{- if .Values.crd.create }} - - dnsendpoints/status - {{- else }} - - {{ printf "%ss/status" (.Values.crd.kind | lower) }} - {{- end }} - verbs: - - update - {{- end }} -{{- end }} diff --git a/bitnami/external-dns/templates/rolebindings.yaml b/bitnami/external-dns/templates/rolebindings.yaml deleted file mode 100644 index d916066..0000000 --- a/bitnami/external-dns/templates/rolebindings.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.rbac.create (not .Values.rbac.clusterRole) }} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: RoleBinding -metadata: - name: {{ template "external-dns.fullname" . }} - namespace: {{ template "external-dns.namespace" . }} - labels: {{ include "external-dns.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "external-dns.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "external-dns.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/external-dns/templates/secret.yaml b/bitnami/external-dns/templates/secret.yaml deleted file mode 100644 index 55e68f8..0000000 --- a/bitnami/external-dns/templates/secret.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if (include "external-dns.createSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "external-dns.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{ include "external-dns.labels" . | nindent 4 }} - {{- if .Values.secretAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.secretAnnotations "context" $) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if eq .Values.provider "alibabacloud" }} - alibaba-cloud.json: {{ include "external-dns.alibabacloud-credentials" . | b64enc | quote }} - {{- end }} - {{- if eq .Values.provider "aws" }} - credentials: {{ include "external-dns.aws-credentials" . | b64enc | quote }} - {{- if .Values.aws.region }} - config: {{ include "external-dns.aws-config" . | b64enc | quote }} - {{- end }} - {{- end }} - {{- if or (eq .Values.provider "azure") (eq .Values.provider "azure-private-dns") }} - azure.json: {{ include "external-dns.azure-credentials" . | b64enc | quote }} - {{- end }} - {{- if eq .Values.provider "google" }} - credentials.json: {{ .Values.google.serviceAccountKey | b64enc | quote }} - {{- end }} - {{- if and (eq .Values.provider "hetzner") (not .Values.hetzner.secretName) }} - hetzner_token: {{ .Values.hetzner.token | b64enc | quote }} - {{- end }} - {{- if eq .Values.provider "cloudflare" }} - {{- if .Values.cloudflare.apiToken }} - cloudflare_api_token: {{ .Values.cloudflare.apiToken | b64enc | quote }} - {{- else }} - cloudflare_api_key: {{ required "cloudflare.apiKey is required if cloudflare.apiToken is not provided" .Values.cloudflare.apiKey | b64enc | quote }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "designate" }} - {{- if .Values.designate.username }} - designate_username: {{ .Values.designate.username | b64enc | quote }} - {{- end }} - {{- if .Values.designate.password }} - designate_password: {{ .Values.designate.password | b64enc | quote }} - {{- end }} - {{- end }} - {{- if eq .Values.provider "digitalocean" }} - digitalocean_api_token: {{ .Values.digitalocean.apiToken | b64enc | quote }} - {{- end }} - {{- if eq .Values.provider "infoblox" }} - infoblox_wapi_username: {{ .Values.infoblox.wapiUsername | b64enc | quote }} - infoblox_wapi_password: {{ .Values.infoblox.wapiPassword | b64enc | quote }} - {{- end }} - {{- if eq .Values.provider "linode" }} - linode_api_token: {{ .Values.linode.apiToken | b64enc | quote }} - {{- end }} - {{- if eq .Values.provider "pdns" }} - pdns_api_key: {{ .Values.pdns.apiKey | b64enc | quote }} - {{- end }} - {{- if eq .Values.provider "rfc2136" }} - rfc2136_tsig_secret: {{ .Values.rfc2136.tsigSecret | b64enc | quote }} - rfc2136_kerberos_username: {{ .Values.rfc2136.kerberosUsername | b64enc | quote }} - rfc2136_kerberos_password: {{ .Values.rfc2136.kerberosPassword | b64enc | quote }} - {{- end }} - {{- if eq .Values.provider "transip" }} - transip-api-key: {{ .Values.transip.apiKey | b64enc | quote }} - {{- end }} - {{- if eq .Values.provider "ovh" }} - ovh_consumer_key: {{ .Values.ovh.consumerKey | b64enc | quote }} - ovh_application_key: {{ .Values.ovh.applicationKey | b64enc | quote }} - ovh_application_secret: {{ .Values.ovh.applicationSecret | b64enc | quote }} - {{- end }} - {{- if eq .Values.provider "scaleway" }} - scw_access_key: {{ .Values.scaleway.scwAccessKey | b64enc | quote }} - scw_secret_key: {{ .Values.scaleway.scwSecretKey | b64enc | quote }} - scw_default_organization_id: {{ .Values.scaleway.scwDefaultOrganizationId | b64enc | quote }} - {{- end }} - {{- if eq .Values.provider "vinyldns" }} - vinyldns-access-key: {{ .Values.vinyldns.accessKey | b64enc | quote }} - vinyldns-secret-key: {{ .Values.vinyldns.secretKey | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/bitnami/external-dns/templates/service.yaml b/bitnami/external-dns/templates/service.yaml deleted file mode 100644 index 01ae350..0000000 --- a/bitnami/external-dns/templates/service.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.service.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "external-dns.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{ include "external-dns.labels" . | nindent 4 }} - {{- if .Values.service.labels -}} - {{ toYaml .Values.service.labels | nindent 4 }} - {{- end }} - {{- if .Values.service.annotations }} - annotations: {{ toYaml .Values.service.annotations | nindent 4 }} - {{- end }} -spec: - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - protocol: TCP - targetPort: http - {{- if and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort)) }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - selector: {{ include "external-dns.matchLabels" . | nindent 4 }} - type: {{ .Values.service.type }} -{{- end }} diff --git a/bitnami/external-dns/templates/serviceaccount.yaml b/bitnami/external-dns/templates/serviceaccount.yaml deleted file mode 100644 index 571194f..0000000 --- a/bitnami/external-dns/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "external-dns.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{ include "external-dns.labels" . | nindent 4 }} - {{- if .Values.serviceAccount.annotations }} - annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end }} diff --git a/bitnami/external-dns/templates/servicemonitor.yaml b/bitnami/external-dns/templates/servicemonitor.yaml deleted file mode 100644 index 84a1b59..0000000 --- a/bitnami/external-dns/templates/servicemonitor.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "external-dns.fullname" . }} - {{- with .Values.metrics.serviceMonitor.namespace }} - namespace: {{ . }} - {{- end }} - labels: {{ include "external-dns.labels" . | nindent 4 }} - {{- with .Values.metrics.serviceMonitor.selector }} - {{ toYaml . | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: http - path: /metrics - {{- with .Values.metrics.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: {{ include "external-dns.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/bitnami/external-dns/templates/tls-secret.yaml b/bitnami/external-dns/templates/tls-secret.yaml deleted file mode 100644 index 5a72136..0000000 --- a/bitnami/external-dns/templates/tls-secret.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if (include "external-dns.createTlsSecret" .) }} -{{- $ca := genCA "external-dns-ca" 365 }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $fullname := include "external-dns.fullname" . }} -{{- $serviceName := include "external-dns.fullname" . }} -{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "external-dns.fullname" . }}-crt - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} -{{- end }} diff --git a/bitnami/external-dns/values.yaml b/bitnami/external-dns/values.yaml deleted file mode 100644 index 875a41d..0000000 --- a/bitnami/external-dns/values.yaml +++ /dev/null @@ -1,841 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param nameOverride String to partially override external-dns.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override external-dns.fullname template -## -fullnameOverride: "" -## @param clusterDomain Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## @section external-dns parameters - -## Bitnami external-dns image version -## ref: https://hub.docker.com/r/bitnami/external-dns/tags/ -## @param image.registry ExternalDNS image registry -## @param image.repository ExternalDNS image repository -## @param image.tag ExternalDNS Image tag (immutable tags are recommended) -## @param image.pullPolicy ExternalDNS image pull policy -## @param image.pullSecrets ExternalDNS image pull secrets -## -image: - registry: docker.io - repository: bitnami/external-dns - tag: 0.9.0-debian-10-r50 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - -## @param hostAliases Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param sources [array] K8s resources type to be observed for new DNS entries by ExternalDNS -## -sources: - # - crd - - service - - ingress - # - contour-httpproxy -## @param provider DNS provider where the DNS records will be created. -## Available providers are: -## - alibabacloud, aws, azure, azure-private-dns, cloudflare, coredns, designate, digitalocean, google, hetzner, infoblox, linode, rfc2136, transip -## -provider: aws -## Flags related to processing sources -## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/pkg/apis/externaldns/types.go#L272 -## @param namespace Limit sources of endpoints to a specific namespace (default: all namespaces) -## -namespace: "" -## @param fqdnTemplates Templated strings that are used to generate DNS names from sources that don't define a hostname themselves -## -fqdnTemplates: [] -## @param combineFQDNAnnotation Combine FQDN template and annotations instead of overwriting -## -combineFQDNAnnotation: false -## @param ignoreHostnameAnnotation Ignore hostname annotation when generating DNS names, valid only when fqdn-template is set -## -ignoreHostnameAnnotation: false -## @param publishInternalServices Allow external-dns to publish DNS records for ClusterIP services -## -publishInternalServices: false -## @param publishHostIP Allow external-dns to publish host-ip for headless services -## -publishHostIP: false -## @param serviceTypeFilter The service types to take care about (default: all, options: ClusterIP, NodePort, LoadBalancer, ExternalName) -## -serviceTypeFilter: [] -## Alibaba cloud configuration to be set via arguments/env. variables -## These will be added to /etc/kubernetes/alibaba-cloud.json via secret -## -alibabacloud: - ## @param alibabacloud.accessKeyId When using the Alibaba Cloud provider, set `accessKeyId` in the Alibaba Cloud configuration file (optional) - ## - accessKeyId: "" - ## @param alibabacloud.accessKeySecret When using the Alibaba Cloud provider, set `accessKeySecret` in the Alibaba Cloud configuration file (optional) - ## - accessKeySecret: "" - ## @param alibabacloud.regionId When using the Alibaba Cloud provider, set `regionId` in the Alibaba Cloud configuration file (optional) - ## - regionId: "" - ## @param alibabacloud.vpcId Alibaba Cloud VPC Id - ## - vpcId: "" - ## @param alibabacloud.secretName Use an existing secret with key "alibaba-cloud.json" defined. - ## This ignores alibabacloud.accessKeyId, and alibabacloud.accessKeySecret - ## - secretName: "" - ## @param alibabacloud.zoneType Zone Filter. Available values are: public, private, or no value for both - ## - zoneType: "" -## AWS configuration to be set via arguments/env. variables -## -aws: - ## AWS credentials - ## @param aws.credentials.secretKey When using the AWS provider, set `aws_secret_access_key` in the AWS credentials (optional) - ## @param aws.credentials.accessKey When using the AWS provider, set `aws_access_key_id` in the AWS credentials (optional) - ## @param aws.credentials.mountPath When using the AWS provider, determine `mountPath` for `credentials` secret - ## - credentials: - secretKey: "" - accessKey: "" - ## Before external-dns 0.5.9 home dir should be `/root/.aws` - ## - mountPath: "/.aws" - ## @param aws.credentials.secretName Use an existing secret with key "credentials" defined. - ## This ignores aws.credentials.secretKey, and aws.credentials.accessKey - ## - secretName: "" - ## @param aws.region When using the AWS provider, `AWS_DEFAULT_REGION` to set in the environment (optional) - ## - region: "us-east-1" - ## @param aws.zoneType When using the AWS provider, filter for zones of this type (optional, options: public, private) - ## - zoneType: "" - ## @param aws.assumeRoleArn When using the AWS provider, assume role by specifying --aws-assume-role to the external-dns daemon - ## - assumeRoleArn: "" - ## @param aws.apiRetries Maximum number of retries for AWS API calls before giving up - ## - apiRetries: 3 - ## @param aws.batchChangeSize When using the AWS provider, set the maximum number of changes that will be applied in each batch - ## - batchChangeSize: 1000 - ## @param aws.zoneTags When using the AWS provider, filter for zones with these tags - ## - zoneTags: [] - ## @param aws.preferCNAME When using the AWS provider, replaces Alias records with CNAME (options: true, false) - ## - preferCNAME: "" - ## @param aws.evaluateTargetHealth When using the AWS provider, sets the evaluate target health flag (options: true, false) - ## - evaluateTargetHealth: "" -## Azure configuration to be set via arguments/env. variables -## -azure: - ## When a secret to load azure.json is not specified, the host's /etc/kubernetes/azure.json will be used - ## @param azure.secretName When using the Azure provider, set the secret containing the `azure.json` file - ## - secretName: "" - ## @param azure.cloud When using the Azure provider, set the Azure Cloud - ## - cloud: "" - ## @param azure.resourceGroup When using the Azure provider, set the Azure Resource Group - ## - resourceGroup: "" - ## @param azure.tenantId When using the Azure provider, set the Azure Tenant ID - ## - tenantId: "" - ## @param azure.subscriptionId When using the Azure provider, set the Azure Subscription ID - ## - subscriptionId: "" - ## @param azure.aadClientId When using the Azure provider, set the Azure AAD Client ID - ## - aadClientId: "" - ## @param azure.aadClientSecret When using the Azure provider, set the Azure AAD Client Secret - ## - aadClientSecret: "" - ## @param azure.useManagedIdentityExtension When using the Azure provider, set if you use Azure MSI - ## - useManagedIdentityExtension: false - ## @param azure.userAssignedIdentityID When using the Azure provider with Azure MSI, set Client ID of Azure user-assigned managed identity (optional, otherwise system-assigned managed identity is used) - ## - userAssignedIdentityID: "" -## Cloudflare configuration to be set via arguments/env. variables -## -cloudflare: - ## @param cloudflare.apiToken When using the Cloudflare provider, `CF_API_TOKEN` to set (optional) - ## - apiToken: "" - ## @param cloudflare.apiKey When using the Cloudflare provider, `CF_API_KEY` to set (optional) - ## - apiKey: "" - ## @param cloudflare.secretName When using the Cloudflare provider, it's the name of the secret containing cloudflare_api_token or cloudflare_api_key. - ## This ignores cloudflare.apiToken, and cloudflare.apiKey - ## - secretName: "" - ## @param cloudflare.email When using the Cloudflare provider, `CF_API_EMAIL` to set (optional). Needed when using CF_API_KEY - ## - email: "" - ## @param cloudflare.proxied When using the Cloudflare provider, enable the proxy feature (DDOS protection, CDN...) (optional) - ## - proxied: true -## CoreDNS configuration to be set via arguments/env variables -## -coredns: - ## @param coredns.etcdEndpoints When using the CoreDNS provider, set etcd backend endpoints (comma-separated list) - ## Secure (https) endpoints can be used as well, in that case `etcdTLS` section - ## should be filled in accordingly - ## - etcdEndpoints: "http://etcd-extdns:2379" - ## Configuration of the secure communication and client authentication to the etcd cluster - ## If enabled all the values under this key must hold a valid data - ## - etcdTLS: - ## @param coredns.etcdTLS.enabled When using the CoreDNS provider, enable secure communication with etcd - ## - enabled: false - ## @param coredns.etcdTLS.autoGenerated Generate automatically self-signed TLS certificates - ## - autoGenerated: false - ## @param coredns.etcdTLS.secretName When using the CoreDNS provider, specify a name of existing Secret with etcd certs and keys - ## ref: https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md - ## ref (secret creation): - ## https://github.com/bitnami/charts/tree/master/bitnami/etcd#configure-certificates-for-client-communication - ## - secretName: "etcd-client-certs" - ## @param coredns.etcdTLS.mountPath When using the CoreDNS provider, set destination dir to mount data from `coredns.etcdTLS.secretName` to - ## - mountPath: "/etc/coredns/tls/etcd" - ## @param coredns.etcdTLS.caFilename When using the CoreDNS provider, specify CA PEM file name from the `coredns.etcdTLS.secretName` - ## - caFilename: "ca.crt" - ## @param coredns.etcdTLS.certFilename When using the CoreDNS provider, specify cert PEM file name from the `coredns.etcdTLS.secretName` - ## Will be used by external-dns to authenticate against etcd - ## - certFilename: "cert.pem" - ## @param coredns.etcdTLS.keyFilename When using the CoreDNS provider, specify private key PEM file name from the `coredns.etcdTLS.secretName` - ## Will be used by external-dns to authenticate against etcd - ## - keyFilename: "key.pem" -## OpenStack Designate provider configuration to be set via arguments/env. variables -## -designate: - ## Set Openstack environment variables (optional). Username and password will be saved in a kubernetes secret - ## The alternative to this is to export the necessary Openstack environment variables in the extraEnv argument - ## @param designate.username When using the Designate provider, specify the OpenStack authentication username. (optional) - ## @param designate.password When using the Designate provider, specify the OpenStack authentication password. (optional) - ## @param designate.authUrl When using the Designate provider, specify the OpenStack authentication Url. (optional) - ## @param designate.regionName When using the Designate provider, specify the OpenStack region name. (optional) - ## @param designate.userDomainName When using the Designate provider, specify the OpenStack user domain name. (optional) - ## @param designate.projectName When using the Designate provider, specify the OpenStack project name. (optional) - ## @param designate.username When using the Designate provider, specify the OpenStack authentication username. (optional) - ## e.g: - ## username: "someuser" - ## password: "p@55w0rd" - ## authUrl: "https://mykeystone.example.net:5000/v3/" - ## regionName: "dev" - ## userDomainName: "development" - ## projectName: "myteamname" - ## - username: "" - password: "" - authUrl: "" - regionName: "" - userDomainName: "" - projectName: "" - ## @param designate.customCAHostPath When using the Designate provider, use a CA file already on the host to validate Openstack APIs. This conflicts with `designate.customCA.enabled` - ## This conflicts setting the above customCA to true and chart rendering will fail if you set customCA to true and specify customCAHostPath - ## - customCAHostPath: "" - ## Use a custom CA (optional) - ## @param designate.customCA.enabled When using the Designate provider, enable a custom CA (optional) - ## @param designate.customCA.content When using the Designate provider, set the content of the custom CA - ## @param designate.customCA.mountPath When using the Designate provider, set the mountPath in which to mount the custom CA configuration - ## @param designate.customCA.filename When using the Designate provider, set the custom CA configuration filename - ## - customCA: - enabled: false - content: "" - mountPath: "/config/designate" - filename: "designate-ca.pem" -## DigitalOcean configuration to be set via arguments/env. variables -## -digitalocean: - ## @param digitalocean.apiToken When using the DigitalOcean provider, `DO_TOKEN` to set (optional) - ## - apiToken: "" - ## @param digitalocean.secretName Use an existing secret with key "digitalocean_api_token" defined. - ## This ignores digitalocean.apiToken - ## - secretName: "" -## Google configuration to be set via arguments/env. variables -## -google: - ## @param google.project When using the Google provider, specify the Google project (required when provider=google) - ## - project: "" - ## @param google.serviceAccountSecret When using the Google provider, specify the existing secret which contains credentials.json (optional) - ## - serviceAccountSecret: "" - ## @param google.serviceAccountSecretKey When using the Google provider with an existing secret, specify the key name (optional) - ## - serviceAccountSecretKey: "credentials.json" - ## @param google.serviceAccountKey When using the Google provider, specify the service account key JSON file. In this case a new secret will be created holding this service account (optional) - ## - serviceAccountKey: "" -## Hetzner configuration to be set via arguments/env. variables -## -hetzner: - ## @param hetzner.token When using the Hetzner provider, specify your token here. (required when `hetzner.secretName` is not provided. In this case a new secret will be created holding the token.) - ## Mutually exclusive with `hetzner.secretName`. - ## - token: "" - ## @param hetzner.secretName When using the Hetzner provider, specify the existing secret which contains your token. Disables the usage of `hetzner.token` (optional) - ## - secretName: "" - ## @param hetzner.secretKey When using the Hetzner provider with an existing secret, specify the key name (optional) - ## - secretKey: "hetzner_token" -## Infoblox configuration to be set via arguments/env. variables -## -infoblox: - ## @param infoblox.wapiUsername When using the Infoblox provider, specify the Infoblox WAPI username - ## - wapiUsername: "admin" - ## @param infoblox.wapiPassword When using the Infoblox provider, specify the Infoblox WAPI password (required when provider=infoblox) - ## - wapiPassword: "" - ## @param infoblox.gridHost When using the Infoblox provider, specify the Infoblox Grid host (required when provider=infoblox) - ## - gridHost: "" - ## @param infoblox.view Infoblox view - ## - view: "" - ## Optional keys - ## - ## Existing secret name, when in place wapiUsername and wapiPassword are not required - ## secretName: "" - ## - ## @param infoblox.domainFilter When using the Infoblox provider, specify the domain (optional) - ## - domainFilter: "" - ## @param infoblox.noSslVerify When using the Infoblox provider, disable SSL verification (optional) - ## - noSslVerify: false - ## @param infoblox.wapiPort When using the Infoblox provider, specify the Infoblox WAPI port (optional) - ## - wapiPort: "" - ## @param infoblox.wapiVersion When using the Infoblox provider, specify the Infoblox WAPI version (optional) - ## - wapiVersion: "" - ## @param infoblox.wapiConnectionPoolSize When using the Infoblox provider, specify the Infoblox WAPI request connection pool size (optional) - ## - wapiConnectionPoolSize: "" - ## @param infoblox.wapiHttpTimeout When using the Infoblox provider, specify the Infoblox WAPI request timeout in seconds (optional) - ## - wapiHttpTimeout: "" - ## @param infoblox.maxResults When using the Infoblox provider, specify the Infoblox Max Results (optional) - ## - maxResults: "" -## Linode configuration to be set via arguments/env. variables -## -linode: - ## @param linode.apiToken When using the Linode provider, `LINODE_TOKEN` to set (optional) - ## - apiToken: "" - ## @param linode.secretName Use an existing secret with key "linode_api_token" defined. - ## This ignores linode.apiToken - ## - secretName: "" -## NS1 configuration to be set via arguments/env. variables -## @param ns1.minTTL When using the ns1 provider, specify minimal TTL, as an integer, for records -## -ns1: - minTTL: 10 -## OVH configuration to be set via arguments/env. variables -## -ovh: - ## @param ovh.consumerKey When using the OVH provider, specify the existing consumer key. (required when provider=ovh and `ovh.secretName` is not provided.) - ## - consumerKey: "" - ## @param ovh.applicationKey When using the OVH provider with an existing application, specify the application key. (required when provider=ovh and `ovh.secretName` is not provided.) - ## - applicationKey: "" - ## @param ovh.applicationSecret When using the OVH provider with an existing application, specify the application secret. (required when provider=ovh and `ovh.secretName` is not provided.) - ## - applicationSecret: "" - ## @param ovh.secretName When using the OVH provider, it's the name of the secret containing `ovh_consumer_key`, `ovh_application_key` and `ovh_application_secret`. Disables usage of other `ovh. - ## with following keys: - ## - ovh_consumer_key - ## - ovh_application_key - ## - ovh_application_secret - ## This ignores consumerKey, applicationKey & applicationSecret - ## - secretName: "" -## Scaleway configuration to be set via arguments/env. variables -## -scaleway: - ## @param scaleway.scwAccessKey When using the Scaleway provider, specify an existing access key. (required when provider=scaleway) - ## - scwAccessKey: "" - ## @param scaleway.scwSecretKey When using the Scaleway provider, specify an existing secret key. (required when provider=scaleway) - ## - scwSecretKey: "" - ## @param scaleway.scwDefaultOrganizationId When using the Scaleway provider, specify the existing organization id. (required when provider=scaleway) - ## - scwDefaultOrganizationId: "" -## RFC 2136 configuration to be set via arguments/env. variables -## -rfc2136: - ## @param rfc2136.host When using the rfc2136 provider, specify the RFC2136 host (required when provider=rfc2136) - ## - host: "" - ## @param rfc2136.port When using the rfc2136 provider, specify the RFC2136 port (optional) - ## - port: 53 - ## @param rfc2136.zone When using the rfc2136 provider, specify the zone (required when provider=rfc2136) - ## - zone: "" - ## @param rfc2136.tsigSecret When using the rfc2136 provider, specify the tsig secret to enable security. (do not specify if `rfc2136.secretName` is provided.) (optional) - ## - tsigSecret: "" - ## @param rfc2136.secretName When using the rfc2136 provider, specify the existing secret which contains your tsig secret. Disables the usage of `rfc2136.tsigSecret` (optional) - ## - secretName: "" - ## @param rfc2136.tsigSecretAlg When using the rfc2136 provider, specify the tsig secret to enable security (optional) - ## - tsigSecretAlg: hmac-sha256 - ## @param rfc2136.tsigKeyname When using the rfc2136 provider, specify the tsig keyname to enable security (optional) - ## - tsigKeyname: externaldns-key - ## @param rfc2136.tsigAxfr When using the rfc2136 provider, enable AFXR to enable security (optional) - ## - tsigAxfr: true - ## @param rfc2136.minTTL When using the rfc2136 provider, specify minimal TTL (in duration format) for records[ns, us, ms, s, m, h], see more https://golang.org/pkg/time/#ParseDuration - ## - minTTL: "0s" - ## @param rfc2136.rfc3645Enabled When using the rfc2136 provider, extend using RFC3645 to support secure updates over Kerberos with GSS-TSIG - ## - rfc3645Enabled: false - ## @param rfc2136.kerberosConfig When using the rfc2136 provider with rfc3645Enabled, the contents of a configuration file for krb5 (optional) - ## - kerberosConfig: "" - ## @param rfc2136.kerberosUsername When using the rfc2136 provider with rfc3645Enabled, specify the username to authenticate with (optional) - ## - kerberosUsername: "" - ## @param rfc2136.kerberosPassword When using the rfc2136 provider with rfc3645Enabled, specify the password to authenticate with (optional) - ## - kerberosPassword: "" - ## @param rfc2136.kerberosRealm When using the rfc2136 provider with rfc3645Enabled, specify the realm to authenticate to (required when provider=rfc2136 and rfc2136.rfc3645Enabled=true) - ## - kerberosRealm: "" - -## PowerDNS configuration to be set via arguments/env. variables -## -pdns: - ## @param pdns.apiUrl When using the PowerDNS provider, specify the API URL of the server. - ## - apiUrl: "" - ## @param pdns.apiPort When using the PowerDNS provider, specify the API port of the server. - ## - apiPort: "8081" - ## @param pdns.apiKey When using the PowerDNS provider, specify the API key of the server. - ## - apiKey: "" - ## @param pdns.secretName When using the PowerDNS provider, specify as secret name containing the API Key - ## - secretName: "" -## TransIP configuration to be set via arguments/env. variables -## -transip: - ## @param transip.account When using the TransIP provider, specify the account name. - ## - account: "" - ## @param transip.apiKey When using the TransIP provider, specify the API key to use. - ## - apiKey: "" -## VinylDNS configuration to be set via arguments/env. variables -## -vinyldns: - ## @param vinyldns.host When using the VinylDNS provider, specify the VinylDNS API host. - ## - host: "" - ## @param vinyldns.accessKey When using the VinylDNS provider, specify the Access Key to use. - ## - accessKey: "" - ## @param vinyldns.secretKey When using the VinylDNS provider, specify the Secret key to use. - ## - secretKey: "" -## @param domainFilters Limit possible target zones by domain suffixes (optional) -## -domainFilters: [] -## @param excludeDomains Exclude subdomains (optional) -## -excludeDomains: [] -## @param regexDomainFilter Limit possible target zones by regex domain suffixes (optional) -## If regexDomainFilter is specified, domainFilters will be ignored -## -regexDomainFilter: "" -## @param regexDomainExclusion Exclude subdomains by using regex pattern (optional) -## If regexDomainFilter is specified, excludeDomains will be ignored and external-dns will use regexDomainExclusion even though regexDomainExclusion is empty -## -regexDomainExclusion: "" -## @param zoneNameFilters Filter target zones by zone domain (optional) -## -zoneNameFilters: [] -## @param zoneIdFilters Limit possible target zones by zone id (optional) -## -zoneIdFilters: [] -## @param annotationFilter Filter sources managed by external-dns via annotation using label selector (optional) -## -annotationFilter: "" -## @param dryRun When enabled, prints DNS record changes rather than actually performing them (optional) -## -dryRun: false -## @param triggerLoopOnEvent When enabled, triggers run loop on create/update/delete events in addition to regular interval (optional) -## -triggerLoopOnEvent: false -## @param interval Interval update period to use -## -interval: "1m" -## @param logLevel Verbosity of the logs (options: panic, debug, info, warning, error, fatal, trace) -## -logLevel: info -## @param logFormat Which format to output logs in (options: text, json) -## -logFormat: text -## @param policy Modify how DNS records are synchronized between sources and providers (options: sync, upsert-only ) -## -policy: upsert-only -## @param registry Registry method to use (options: txt, aws-sd, noop) -## ref: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/proposal/registry.md -## -registry: "txt" -## @param txtPrefix When using the TXT registry, a prefix for ownership records that avoids collision with CNAME entries (optional) (Mutual exclusive with txt-suffix) -## -txtPrefix: "" -## @param txtSuffix When using the TXT registry, a suffix for ownership records that avoids collision with CNAME entries (optional).suffix (Mutual exclusive with txt-prefix) -## -txtSuffix: "" -## @param txtOwnerId A name that identifies this instance of ExternalDNS. Currently used by registry types: txt & aws-sd (optional) -## But other registry types might be added in the future. -## -txtOwnerId: "" -## @param forceTxtOwnerId (backward compatibility) When using the non-TXT registry, it will pass the value defined by `txtOwnerId` down to the application (optional) -## This setting added for backward compatibility for -## customers who already used bitnami/external-dns helm chart -## to privision 'aws-sd' registry type. -## Previously bitnami/external-dns helm chart did not pass -## txtOwnerId value down to the external-dns application -## so the app itself sets that value to be a string 'default'. -## If existing customers force the actual txtOwnerId value to be -## passed properly, their external-dns updates will stop working -## because the owner's value for exting DNS records in -## AWS Service Discovery would remain 'default'. -## NOTE: It is up to the end user to update AWS Service Discovery -## 'default' values in description fields to make it work with new -## value passed as txtOwnerId when forceTxtOwnerId=true -forceTxtOwnerId: false -## @param extraArgs Extra arguments to be passed to external-dns -## -extraArgs: {} -## @param extraEnv Extra environment variables to be passed to external-dns -## -## extraEnv: -## - name: VARNAME1 -## value: value1 -## - name: VARNAME2 -## valueFrom: -## secretKeyRef: -## name: existing-secret -## key: varname2-key -## -extraEnv: [] -## @param replicas Desired number of ExternalDNS replicas -## -replicas: 1 -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param podAnnotations Additional annotations to apply to the pod. -## -podAnnotations: {} -## @param podLabels Additional labels to be added to pods -## -podLabels: {} -## @param priorityClassName priorityClassName -## -priorityClassName: "" -## @param secretAnnotations Additional annotations to apply to the secret -## -secretAnnotations: {} -## Options for the source type "crd" -## -crd: - ## @param crd.create Install and use the integrated DNSEndpoint CRD - ## - create: false - ## @param crd.apiversion Sets the API version for the CRD to watch - ## - apiversion: "" - ## @param crd.kind Sets the kind for the CRD to watch - ## - kind: "" -## Kubernetes svc configutarion -## -service: - ## @param service.enabled Whether to create Service resource or not - ## - enabled: true - ## @param service.type Kubernetes Service type - ## - type: ClusterIP - ## @param service.port ExternalDNS client port - ## - port: 7979 - ## @param service.nodePort Port to bind to for NodePort service type (client port) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param service.clusterIP IP address to assign to service - ## - clusterIP: "" - ## @param service.externalIPs Service external IP addresses - ## - externalIPs: [] - ## @param service.loadBalancerIP IP address to assign to load balancer (if supported) - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges List of IP CIDRs allowed access to load balancer (if supported) - ## - loadBalancerSourceRanges: [] - ## @param service.annotations Annotations to add to service - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - ## @param service.labels Provide any additional labels which may be required. - ## This can be used to have external-dns show up in `kubectl cluster-info` - ## kubernetes.io/cluster-service: "true" - ## kubernetes.io/name: "external-dns" - ## - labels: {} -## ServiceAccount parameters -## https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Determine whether a Service Account should be created or it should reuse a exiting one. - ## - create: true - ## @param serviceAccount.name ServiceAccount to use. A name is generated using the external-dns.fullname template if it is not set - ## - name: "" - ## @param serviceAccount.annotations Additional Service Account annotations - ## - annotations: {} - ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account. - ## - automountServiceAccountToken: true -## RBAC parameters -## https://kubernetes.io/docs/reference/access-authn-authz/rbac/ -## -rbac: - ## @param rbac.create Whether to create & use RBAC resources or not - ## - create: true - ## @param rbac.clusterRole Whether to create Cluster Role. When set to false creates a Role in `namespace` - ## - clusterRole: true - ## @param rbac.apiVersion Version of the RBAC API - ## - apiVersion: v1 - ## @param rbac.pspEnabled PodSecurityPolicy - ## - pspEnabled: false -## @param securityContext Security context for the container -## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## Example: -## securityContext: -## allowPrivilegeEscalation: false -## readOnlyRootFilesystem: true -## capabilities: -## drop: ["ALL"] -## -securityContext: {} -## @param podSecurityContext.fsGroup Group ID for the container -## @param podSecurityContext.runAsUser User ID for the container -## -podSecurityContext: - fsGroup: 1001 - runAsUser: 1001 -## Container resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the container -## @param resources.requests The requested resources for the container -## -resources: - ## Example: - ## limits: - ## cpu: 50m - ## memory: 50Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 10m - ## memory: 50Mi - requests: {} -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.httpGet.path Request path for livenessProbe -## @param livenessProbe.httpGet.port Port for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - httpGet: - path: /healthz - port: http - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 2 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.httpGet.path Request path for readinessProbe -## @param readinessProbe.httpGet.port Port for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - httpGet: - path: /healthz - port: http - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param extraVolumes A list of volumes to be added to the pod -## -extraVolumes: [] -## @param extraVolumeMounts A list of volume mounts to be added to the pod -## -extraVolumeMounts: [] -## @param podDisruptionBudget Configure PodDisruptionBudget -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -podDisruptionBudget: {} -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Enable prometheus to access external-dns metrics endpoint - ## - enabled: false - ## @param metrics.podAnnotations Annotations for enabling prometheus to access the metrics endpoint - ## - podAnnotations: {} - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor object - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.selector Additional labels for ServiceMonitor object - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} diff --git a/bitnami/grafana-operator/Chart.lock b/bitnami/grafana-operator/Chart.lock deleted file mode 100644 index 33ababb..0000000 --- a/bitnami/grafana-operator/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-23T17:22:45.024092817Z" diff --git a/bitnami/grafana-operator/Chart.yaml b/bitnami/grafana-operator/Chart.yaml deleted file mode 100644 index 255a22d..0000000 --- a/bitnami/grafana-operator/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - category: Analytics -apiVersion: v2 -appVersion: 3.10.3 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Kubernetes Operator based on the Operator SDK for creating and managing Grafana instances and dashboards. -engine: gotpl -home: https://github.com/integr8ly/grafana-operator -icon: https://bitnami.com/assets/stacks/grafana/img/grafana-stack-220x234.png -keywords: - - grafana - - operator - - monitoring -maintainers: - - name: cellebyte - url: cellebyte@gmail.com - - email: containers@bitnami.com - name: Bitnami -name: grafana-operator -sources: - - https://github.com/integr8ly/grafana-operator - - https://github.com/bitnami/bitnami-docker-grafana-operator -version: 1.1.4 diff --git a/bitnami/grafana-operator/README.md b/bitnami/grafana-operator/README.md deleted file mode 100644 index 90a4fed..0000000 --- a/bitnami/grafana-operator/README.md +++ /dev/null @@ -1,278 +0,0 @@ -# grafana-operator - -[Grafana Operator](https://github.com/integr8ly/grafana-operator) is an Operator which introduces Lifecycle Management for Grafana Dashboards and Plugins. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/grafana-operator -``` - -## Introduction -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - -This chart bootstraps a [Grafana Operator](https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md) Deployment [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/grafana-operator -``` - -These commands deploy grafana-operator on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` helm release: - -```console -$ helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Differences between the Bitnami Grafana chart and the Bitnami Grafana Operator chart - -The Bitnami catalog offers both the `bitnami/grafana` and `bitnami/grafana-operator` charts. Each solution covers different needs and use cases. - -* The `bitnami/grafana` chart deploys a single Grafana installation (with Grafana Image Renderer) using a Kubernetes Deployment object (together with Services, PVCs, ConfigMaps, etc.). Its lifecycle is managed using Helm and, at the Grafana container level, the following operations are automated: persistence management, configuration based on environment variables and plugin initialization. The chart also allows deploying dashboards and data sources using ConfigMaps. The Deployments do not require any ServiceAccounts with special RBAC privileges so this solution would fit better in more restricted Kubernetes installations. - -* The `bitnami/grafana-operator` chart deploys a Grafana Operator installation using a Kubernetes Deployment. The operator will extend the Kubernetes API with the following objects: `Grafana`, `GrafanaDashboard` and `GrafanaDataSource`. From that moment, the user will be able to deploy objects of these kinds and the previously deployed Operator will take care of deploying all the required Deployments, ConfigMaps and Services for running a Grafana instance. Its lifecycle is managed using *kubectl* on the Grafana, GrafanaDashboard and GrafanaDataSource objects. - -> Note: As the operator automatically deploys Grafana installations, the Grafana Operator pods will require a ServiceAccount with privileges to create and destroy multiple Kubernetes objects. This may be problematic for Kubernetes clusters with strict role-based access policies. - -For more information, refer to the [documentation on the differences between these charts](https://docs.bitnami.com/kubernetes/infrastructure/grafana-operator/get-started/compare-solutions/), including more information on the differences in the deployment objects. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | --------------------------------------------------------------------------------------------------------- | ----- | -| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template with a string | `""` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `commonLabels` | Common Labels which are applied to every resource deployed | `{}` | -| `commonAnnotations` | Common Annotations which are applied to every ressource deployed | `{}` | - - -### Grafana Operator parameters - -| Name | Description | Value | -| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `operator.enabled` | Enable the deployment of the Grafana Operator | `true` | -| `operator.replicaCount` | Number of grafana-operator Pod replicas | `1` | -| `operator.updateStrategy.type` | Set up update strategy for Grafana Operator installation. | `Recreate` | -| `operator.image.registry` | Grafana Operator image registry | `docker.io` | -| `operator.image.repository` | Grafana Operator image name | `bitnami/grafana-operator` | -| `operator.image.tag` | Grafana Operator image tag | `3.10.3-debian-10-r61` | -| `operator.image.pullPolicy` | Grafana Operator image pull policy | `IfNotPresent` | -| `operator.image.pullSecrets` | Grafana Operator image pull secrets | `[]` | -| `operator.args.scanAllNamespaces` | Specify if all namespace should be scanned for dashboards and datasources. (Creates ClusterRole) | `false` | -| `operator.args.scanNamespaces` | Specify the namespaces which should be scanned for dashboards and datasources (Creates ClusterRole) | `[]` | -| `operator.rbac.create` | Create specifies whether to install and use RBAC rules | `true` | -| `operator.serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `operator.serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `operator.podSecurityContext.enabled` | Enable pods security context | `true` | -| `operator.podSecurityContext.runAsUser` | User ID for the pods | `1001` | -| `operator.podSecurityContext.runAsGroup` | User ID for the pods | `1001` | -| `operator.podSecurityContext.runAsNonRoot` | Grafana Operator must run as nonRoot | `true` | -| `operator.podSecurityContext.fsGroup` | Group ID for the pods | `1001` | -| `operator.podSecurityContext.supplementalGroups` | Which group IDs containers add | `[]` | -| `operator.containerSecurityContext.enabled` | Enable container security context | `true` | -| `operator.containerSecurityContext.runAsUser` | User ID for the operator container | `1001` | -| `operator.containerSecurityContext.runAsGroup` | User ID for the operator container | `1001` | -| `operator.containerSecurityContext.readOnlyRootFilesystem` | ReadOnlyRootFilesystem fot the operator container | `false` | -| `operator.containerSecurityContext.allowPrivilegeEscalation` | Allow Privilege Escalation for the operator container | `false` | -| `operator.resources` | Container resource requests and limits | `{}` | -| `operator.hostAliases` | Add deployment host aliases | `[]` | -| `operator.podAffinityPreset` | Pod affinity preset | `""` | -| `operator.podAntiAffinityPreset` | Pod anti-affinity preset. Allowed values: `soft` or `hard` | `soft` | -| `operator.nodeAffinityPreset.type` | Node affinity preset type. Allowed values: `soft` or `hard` | `""` | -| `operator.nodeAffinityPreset.key` | Set nodeAffinity preset key | `""` | -| `operator.nodeAffinityPreset.values` | Set nodeAffinity preset values | `[]` | -| `operator.podAnnotations` | Pod annotations | `{}` | -| `operator.podLabels` | Additional pod labels | `{}` | -| `operator.nodeSelector` | Node labels for pod assignment | `{}` | -| `operator.tolerations` | Tolerations for controller pod assignment | `[]` | -| `operator.affinity` | Affinity for controller pod assignment | `{}` | -| `operator.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator | `false` | -| `operator.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | -| `operator.prometheus.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` | -| `operator.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | -| `operator.prometheus.serviceMonitor.relabelings` | Specify general relabeling | `[]` | -| `operator.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `operator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `operator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `operator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `operator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `operator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `operator.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `operator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `operator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `operator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `operator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `operator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | - - -### Grafana parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------- | -------------------- | -| `grafana.enabled` | Enabled the deployment of the Grafana CRD object into the cluster | `true` | -| `grafana.image.registry` | Grafana image registry | `docker.io` | -| `grafana.image.repository` | Grafana image name | `bitnami/grafana` | -| `grafana.image.tag` | Grafana image tag | `8.1.5-debian-10-r2` | -| `grafana.image.pullSecrets` | Grafana image pull secrets | `[]` | -| `grafana.serviceAccount` | Additional service account configuration | `{}` | -| `grafana.podSecurityContext.enabled` | Enable pods security context | `true` | -| `grafana.podSecurityContext.runAsUser` | User ID for the pods | `1001` | -| `grafana.podSecurityContext.runAsGroup` | User ID for the pods | `1001` | -| `grafana.podSecurityContext.runAsNonRoot` | Grafana Operator must run as nonRoot | `true` | -| `grafana.podSecurityContext.fsGroup` | Group ID for the pods | `1001` | -| `grafana.podSecurityContext.supplementalGroups` | Which group IDs containers add | `[]` | -| `grafana.containerSecurityContext.enabled` | Enable containers security context | `true` | -| `grafana.containerSecurityContext.runAsUser` | User ID for the containers | `1001` | -| `grafana.containerSecurityContext.runAsGroup` | Group ID for the containers | `1001` | -| `grafana.containerSecurityContext.fsGroup` | Filesystem Group ID for the containers | `1001` | -| `grafana.containerSecurityContext.allowPrivilegeEscalation` | Don't allow privilege escalation for the containers | `false` | -| `grafana.resources.limits` | The resources limits for the container | `{}` | -| `grafana.resources.requests` | The requested resources for the container | `{}` | -| `grafana.replicaCount` | Specify the amount of replicas running | `1` | -| `grafana.podAffinityPreset` | Pod affinity preset | `""` | -| `grafana.podAntiAffinityPreset` | Pod anti-affinity preset | `soft` | -| `grafana.nodeAffinityPreset.type` | Set nodeAffinity preset type | `""` | -| `grafana.nodeAffinityPreset.key` | Set nodeAffinity preset key | `""` | -| `grafana.nodeAffinityPreset.values` | Set nodeAffinity preset values | `[]` | -| `grafana.affinity` | Affinity for controller pod assignment | `{}` | -| `grafana.nodeSelector` | Node labels for controller pod assignment | `{}` | -| `grafana.tolerations` | Tolerations for controller pod assignment | `[]` | -| `grafana.envFrom` | Extra environment variable to pass to the running container | `[]` | -| `grafana.client.timeout` | The timeout in seconds for the Grafana Rest API on that instance | `5` | -| `grafana.client.preferService` | If the API should be used via Ingress or via the internal service | `true` | -| `grafana.ingress.enabled` | If an ingress or OpenShift Route should be created | `false` | -| `grafana.ingress.hostname` | The hostname under which the grafana instance should be reachable | `grafana.local` | -| `grafana.ingress.path` | The path for the ingress instance to forward to the grafana app | `/` | -| `grafana.ingress.labels` | Additional Labels for the ingress resource | `{}` | -| `grafana.ingress.annotations` | Additional Annotations for the ingress resource | `{}` | -| `grafana.ingress.tls` | This enables tls support for the ingress resource | `false` | -| `grafana.ingress.tlsSecret` | The name for the secret to use for the tls termination | `grafana.local-tls` | -| `grafana.persistence.enabled` | Enable persistent storage for the grafana deployment | `false` | -| `grafana.persistence.storageClass` | Define the storageClass for the persistent storage if not defined default is used | `""` | -| `grafana.persistence.accessMode` | Define the accessMode for the persistent storage | `ReadWriteOnce` | -| `grafana.persistence.size` | Define the size of the PersistentVolumeClaim to request for | `10Gi` | -| `grafana.config` | grafana.ini configuration for the instance for this to configure please look at upstream docs | `{}` | -| `grafana.configMaps` | Extra configMaps to mount into the grafana pod | `[]` | -| `grafana.secrets` | Extra secrets to mount into the grafana pod | `[]` | -| `grafana.jsonnetLibrarySelector` | Configuring the read for jsonnetLibraries to pull in. | `{}` | -| `grafana.dashboardLabelSelectors` | This selects dashboards on the label. | `{}` | -| `grafana.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `grafana.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `grafana.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `grafana.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `grafana.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `grafana.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `grafana.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `grafana.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `grafana.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `grafana.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `grafana.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `grafana.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `grafana.updateStrategy` | Set up update strategy for Grafana installation. | `{}` | -| `grafana.extraVolumes` | Optionally specify extra list of additional volumes for the grafana pod(s) | `[]` | -| `grafana.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the grafana container(s) | `[]` | -| `grafana.sidecars` | Add additional sidecar containers to the grafana pod(s) | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set livenessProbe.successThreshold=5 \ - bitnami/grafana-operator -``` - -The above command sets the `livenessProbe.successThreshold` to `5`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/grafana-operator -``` - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Create Grafana Dashboards - -After the installation, create Dashboards under a CRD of your Kubernetes cluster. - -For more details regarding what is possible with those CRDs please have a look at [Working with Dashboards](https://github.com/integr8ly/grafana-operator/blob/master/documentation/dashboards.md). - -### Deploy extra Grafana resources or objects - -There are cases where you may want to deploy extra objects, such as custom *Grafana*, *GrafanaDashboard* or *GrafanaDataSource* objects. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. - -Refer to the documentation on deploying extra Grafana resources for an [example of deploying a custom Grafana definition](https://docs.bitnami.com/kubernetes/infrastructure/grafana-operator/configuration/deploy-extra-resources/) or to the [tutorial on managing multiple Grafana instances and dashboards on Kubernetes with the Grafana Operator](https://docs.bitnami.com/tutorials/manage-multiple-grafana-operator). - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -```bash -$ helm upgrade my-release bitnami/grafana-operator -``` - -### To 1.0.0 - -In this version, the `image` block is defined once and is used in the different templates, while in the previous version, the `image` block was duplicated for the grafana container and the grafana plugin init one - -```yaml -image: - registry: docker.io - repository: bitnami/grafana - tag: 7.5.10 -``` -VS -```yaml -image: - registry: docker.io - repository: bitnami/grafana - tag: 7.5.10 -... -grafanaPluginInit: - image: - registry: docker.io - repository: bitnami/grafana - tag: 7.5.10 -``` - -See [PR#7114](https://github.com/bitnami/charts/pull/7114) for more info about the implemented changes diff --git a/bitnami/grafana-operator/crds/grafanadashboards.yaml b/bitnami/grafana-operator/crds/grafanadashboards.yaml deleted file mode 100644 index 772710a..0000000 --- a/bitnami/grafana-operator/crds/grafanadashboards.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# https://raw.githubusercontent.com/grafana-operator/grafana-operator/v3.10.3/deploy/crds/GrafanaDashboard.yaml - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: grafanadashboards.integreatly.org -spec: - group: integreatly.org - names: - kind: GrafanaDashboard - listKind: GrafanaDashboardList - plural: grafanadashboards - singular: grafanadashboard - scope: Namespaced - subresources: - status: {} - version: v1alpha1 - validation: - openAPIV3Schema: - properties: - spec: - properties: - name: - type: string - json: - type: string - jsonnet: - description: Jsonnet source. Has access to grafonnet. - type: string - url: - type: string - description: URL to dashboard json - datasources: - type: array - items: - description: Input datasources to resolve before importing - type: object - plugins: - type: array - items: - description: Grafana Plugin Object - type: object - customFolderName: - description: Folder name that this dashboard will be assigned to. - type: string diff --git a/bitnami/grafana-operator/crds/grafanadatasources.yaml b/bitnami/grafana-operator/crds/grafanadatasources.yaml deleted file mode 100644 index 4875b35..0000000 --- a/bitnami/grafana-operator/crds/grafanadatasources.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# https://raw.githubusercontent.com/grafana-operator/grafana-operator/v3.10.3/deploy/crds/GrafanaDataSource.yaml - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: grafanadatasources.integreatly.org -spec: - group: integreatly.org - names: - kind: GrafanaDataSource - listKind: GrafanaDataSourceList - plural: grafanadatasources - singular: grafanadatasource - scope: Namespaced - subresources: - status: {} - version: v1alpha1 - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - required: ["datasources", "name"] - properties: - name: - type: string - minimum: 1 - datasources: - type: array - items: - description: Grafana Datasource Object - type: object diff --git a/bitnami/grafana-operator/crds/grafanas.yaml b/bitnami/grafana-operator/crds/grafanas.yaml deleted file mode 100644 index 28321f2..0000000 --- a/bitnami/grafana-operator/crds/grafanas.yaml +++ /dev/null @@ -1,251 +0,0 @@ -# https://raw.githubusercontent.com/grafana-operator/grafana-operator/v3.10.3/deploy/crds/Grafana.yaml - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: grafanas.integreatly.org -spec: - group: integreatly.org - names: - kind: Grafana - listKind: GrafanaList - plural: grafanas - singular: grafana - scope: Namespaced - subresources: - status: { } - version: v1alpha1 - validation: - openAPIV3Schema: - required: [ "spec" ] - properties: - spec: - properties: - containers: - type: array - items: - type: object - description: Additional container to add to the grafana pod - secrets: - type: array - items: - type: string - description: Secret to be mounted as volume into the grafana deployment - configMaps: - type: array - items: - type: string - description: Config map to be mounted as volume into the grafana deployment - logLevel: - type: string - description: Log level of the grafana instance, defaults to info - adminUser: - type: string - description: Default admin user name - adminPassword: - type: string - description: Default admin password - basicAuth: - type: boolean - description: Basic auth enabled - disableLoginForm: - type: boolean - description: Disable login form - disableSignoutMenu: - type: boolean - description: Disable signout menu - anonymous: - type: boolean - description: Anonymous auth enabled - config: - type: object - description: Grafana config - ingress: - type: object - properties: - enabled: - type: boolean - description: Create an ingress / route - ingressClassName: - type: string - description: Ingress class name - path: - type: string - description: Ingress path - pathType: - type: string - description: pathType specifies how ingress paths should be matched - hostname: - type: string - description: The hostname of the ingress / route - annotations: - type: object - description: Additional annotations for the ingress / route - labels: - type: object - description: Additional labels for the ingress / route - targetPort: - type: string - description: Override port to target in the grafana service - service: - type: object - properties: - name: - type: string - description: Override default service name - ports: - type: array - description: Override default ports - items: - type: object - description: A port to add to the grafana service - annotations: - type: object - description: Additional annotations for the service - labels: - type: object - description: Additional labels for the service - type: - type: string - description: Service type (NodePort, ClusterIP or LoadBalancer) - deployment: - type: object - properties: - annotations: - type: object - description: Additional annotations for the service - labels: - type: object - description: Additional labels for the service - nodeSelector: - type: object - description: Additional labels for the running grafana pods in a labeled node. - tolerations: - type: array - description: Additonal labels for running grafana pods in tained nodes. - affinity: - type: object - description: Additonal labels for running grafana pods with affinity properties. - envFrom: - type: array - description: Environment variables from Secret or ConfigMap. - skipCreateAdminAccount: - type: boolean - description: Disable creating a random admin user - priorityClassName: - type: string - description: Pod priority class name - extraVolumeMounts: - type: array - description: Extra volumes mounts to be mounted to the grafana deployment - items: - type: object - description: additional volumeMount - extraVolumes: - type: array - description: Extra volumes to be attached to the grafana deployment - items: - type: object - description: additional volume - serviceAccount: - type: object - properties: - skip: - type: boolean - description: Disable ServiceAccount creation for grafana - annotations: - type: object - description: Additional annotations for the serviceaccount - labels: - type: object - description: Additional labels for the serviceaccount - client: - type: object - description: Grafana client settings - compat: - type: object - description: Backwards compatibility switches - dashboardLabelSelectors: - type: array - items: - type: object - description: Label selector or match expressions - jsonnet: - type: object - description: Jsonnet library configuration - livenessProbeSpec: - type: object - properties: - initialDelaySeconds: - description: >- - Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times out. Defaults to 1 second. - Minimum value is 1. - format: int32 - type: integer - periodSeconds: - description: >- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: >- - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - failureThreshold: - description: >- - When a probe fails, Kubernetes will try failureThreshold times before giving up. - Giving up in case of liveness probe means restarting the container. - In case of readiness probe the Pod will be marked Unready. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - readinessProbeSpec: - type: object - properties: - initialDelaySeconds: - description: >- - Number of seconds after the container has - started before liveness probes are initiated. More info - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - timeoutSeconds: - description: >- - Number of seconds after which the probe times out. Defaults to 1 second. - Minimum value is 1. - format: int32 - type: integer - periodSeconds: - description: >- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: >- - Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - failureThreshold: - description: >- - When a probe fails, Kubernetes will try failureThreshold times before giving up. - Giving up in case of liveness probe means restarting the container. - In case of readiness probe the Pod will be marked Unready. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer diff --git a/bitnami/grafana-operator/templates/NOTES.txt b/bitnami/grafana-operator/templates/NOTES.txt deleted file mode 100644 index fa29b95..0000000 --- a/bitnami/grafana-operator/templates/NOTES.txt +++ /dev/null @@ -1,12 +0,0 @@ -** Please be patient while the chart is being deployed ** - -Watch the Grafana Operator Deployment status using the command: - - kubectl get deploy -w --namespace {{ .Release.Namespace }} -l app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }} - -{{- if .Values.operator.enabled }} -{{ include "common.warnings.rollingTag" .Values.operator.image }} -{{- end }} -{{- if .Values.grafana.enabled }} -{{ include "common.warnings.rollingTag" .Values.grafana.image }} -{{- end }} diff --git a/bitnami/grafana-operator/templates/_helpers.tpl b/bitnami/grafana-operator/templates/_helpers.tpl deleted file mode 100644 index 3923f64..0000000 --- a/bitnami/grafana-operator/templates/_helpers.tpl +++ /dev/null @@ -1,44 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper grafana-operator grafana baseImage name -*/}} -{{- define "grafana-operator.grafana.baseImage" -}} -{{- $registryName := .Values.grafana.image.registry -}} -{{- $repositoryName := .Values.grafana.image.repository -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s" .Values.global.imageRegistry $repositoryName -}} - {{- else -}} - {{- printf "%s/%s" $registryName $repositoryName -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s" $registryName $repositoryName -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the grafana-operator service account to use -*/}} -{{- define "grafana-operator.serviceAccountName" -}} -{{- if .Values.operator.serviceAccount.create -}} - {{ default (printf "%s" (include "common.names.fullname" .)) .Values.operator.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.operator.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Renders a List to a comma separated string values. -Usage: -{{ include "grafana-operator.joinListWithComma" .Values.path.to.the.Value }} -*/}} -{{- define "grafana-operator.joinListWithComma" -}} -{{- $local := dict "first" true -}} -{{- range $k, $v := . -}}{{- if not $local.first -}},{{- end -}}{{- $v -}}{{- $_ := set $local "first" false -}}{{- end -}} -{{- end -}} diff --git a/bitnami/grafana-operator/templates/deployment.yaml b/bitnami/grafana-operator/templates/deployment.yaml deleted file mode 100644 index 21cd306..0000000 --- a/bitnami/grafana-operator/templates/deployment.yaml +++ /dev/null @@ -1,116 +0,0 @@ -{{- if .Values.operator.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.operator.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.operator.updateStrategy }} - strategy: {{ toYaml .Values.operator.updateStrategy | nindent 4 }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.operator.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.operator.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.operator.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.operator.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "common.images.pullSecrets" (dict "images" (list .Values.operator.image .Values.grafana.image ) "global" .Values.global) | nindent 6 }} - {{- if .Values.operator.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.operator.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.operator.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.operator.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.operator.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.operator.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.operator.podAffinityPreset "component" "grafana-operator" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.operator.podAntiAffinityPreset "component" "grafana-operator" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.operator.nodeAffinityPreset.type "key" .Values.operator.nodeAffinityPreset.key "values" .Values.operator.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.operator.tolerations}} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.operator.tolerations "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "grafana-operator.serviceAccountName" . }} - {{- if .Values.operator.podSecurityContext.enabled }} - securityContext: {{- omit .Values.operator.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: grafana-operator - image: {{ include "common.images.image" (dict "imageRoot" .Values.operator.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.operator.image.pullPolicy }} - ports: - - containerPort: 8080 - name: metrics - command: - - grafana-operator - args: - - --grafana-image={{ include "grafana-operator.grafana.baseImage" . }} - - --grafana-image-tag={{ .Values.grafana.image.tag | trim }} - - --grafana-plugins-init-container-image={{ include "grafana-operator.grafana.baseImage" . }} - - --grafana-plugins-init-container-tag={{ .Values.grafana.image.tag | trim }} - {{- if (and .Values.operator.args.scanAllNamespaces (not .Values.operator.args.scanNamespaces)) }} - - --scan-all=True - {{- else if .Values.operator.args.scanNamespaces }} - - --namespaces={{ include "grafana-operator.joinListWithComma" .Values.operator.args.scanNamespaces }} - {{- end }} - {{- if .Values.operator.resources }} - resources: {{- toYaml .Values.operator.resources | nindent 12 }} - {{- end }} - {{- if .Values.operator.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.operator.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.operator.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.operator.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.operator.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.operator.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.operator.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.operator.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.operator.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.operator.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.operator.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.operator.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.operator.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.operator.livenessProbe.failureThreshold }} - {{- end }} - env: - - name: TEMPLATE_PATH - value: /usr/local/bin/templates - - name: WATCH_NAMESPACE - {{- if .Values.operator.watchNamespace }} - value: {{ .Values.operator.watchNamespace }} - {{- else }} - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: {{ include "common.names.fullname" . }} -{{- end }} diff --git a/bitnami/grafana-operator/templates/grafana.yaml b/bitnami/grafana-operator/templates/grafana.yaml deleted file mode 100644 index 2cfc79e..0000000 --- a/bitnami/grafana-operator/templates/grafana.yaml +++ /dev/null @@ -1,146 +0,0 @@ -{{- if .Values.grafana.enabled }} -apiVersion: integreatly.org/v1alpha1 -kind: Grafana -metadata: - name: {{ include "common.names.fullname" . }}-grafana - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - baseImage: {{ include "common.images.image" (dict "imageRoot" .Values.grafana.image "global" .Values.global) }} - client: - timeout: {{ .Values.grafana.client.timeout }} - preferService: {{ .Values.grafana.client.preferService }} - {{- if .Values.grafana.persistence.enabled }} - dataStorage: - labels: {{- include "common.labels.standard" . | nindent 6 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 6 }} - {{- end }} - accessModes: [{{ .Values.grafana.persistence.accessMode }}] - size: {{ .Values.grafana.persistence.size }} - {{- if .Values.grafana.persistence.storageClass }} - class: {{ .Values.grafana.persistence.storageClass }} - {{- end }} - {{- end }} - service: - labels: {{- include "common.labels.standard" . | nindent 6 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 6 }} - {{- end }} - {{- $imagePullSecrets := include "common.images.pullSecrets" (dict "images" (list .Values.operator.image .Values.grafana.image) "global" .Values.global) }} - {{- if (not (empty ($imagePullSecrets))) | or .Values.grafana.serviceAccount }} - serviceAccount: - {{- with .Values.grafana.serviceAccount }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- $imagePullSecrets | nindent 4 }} - {{- end }} - {{- if .Values.grafana.sidecars }} - containers: - {{- include "common.tplvalues.render" ( dict "value" .Values.grafana.sidecars "context" $) | nindent 4 }} - {{- end }} - deployment: - labels: {{- include "common.labels.standard" . | nindent 6 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 6 }} - {{- end }} - {{- if .Values.grafana.envFrom }} - envFrom: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.envFrom "context" $ ) | nindent 6 }} - {{- end }} - replicas: {{ .Values.grafana.replicaCount }} - {{- if .Values.grafana.podSecurityContext.enabled }} - securityContext: {{- omit .Values.grafana.podSecurityContext "enabled" | toYaml | nindent 6 }} - {{- end }} - {{- if .Values.grafana.containerSecurityContext.enabled }} - containerSecurityContext: {{- omit .Values.grafana.containerSecurityContext "enabled" | toYaml | nindent 6 }} - {{- end }} - {{- if .Values.grafana.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.tolerations "context" $) | nindent 6 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.affinity "context" $) | nindent 6 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.grafana.podAffinityPreset "component" "grafana" "context" $) | nindent 8 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.grafana.podAntiAffinityPreset "component" "grafana" "context" $) | nindent 8 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.grafana.nodeAffinityPreset.type "key" .Values.grafana.nodeAffinityPreset.key "values" .Values.grafana.nodeAffinityPreset.values) | nindent 8 }} - {{- end }} - {{- if .Values.grafana.livenessProbe.enabled }} - livenessProbeSpec: - initialDelaySeconds: {{ .Values.grafana.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.grafana.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.grafana.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.grafana.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.grafana.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.grafana.readinessProbe.enabled }} - readinessProbeSpec: - initialDelaySeconds: {{ .Values.grafana.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.grafana.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.grafana.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.grafana.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.grafana.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.grafana.updateStrategy }} - strategy: {{ toYaml .Values.grafana.updateStrategy | nindent 6 }} - {{- end }} - {{- if .Values.grafana.extraVolumeMounts }} - extraVolumeMounts: - {{- include "common.tplvalues.render" (dict "value" .Values.grafana.extraVolumeMounts "context" $) | nindent 6 }} - {{- end }} - {{- if .Values.grafana.extraVolumes }} - extraVolumes: - {{- include "common.tplvalues.render" (dict "value" .Values.grafana.extraVolumes "context" $) | nindent 6 }} - {{- end }} - {{- if .Values.grafana.resources }} - resources: {{- toYaml .Values.grafana.resources | nindent 4 }} - {{- end }} - ingress: - enabled: {{ .Values.grafana.ingress.enabled }} - hostname: {{ include "common.tplvalues.render" (dict "value" .Values.grafana.ingress.hostname "context" $) }} - tlsEnabled: {{ .Values.grafana.ingress.tls }} - tlsSecretName: {{ .Values.grafana.ingress.tlsSecret }} - {{- if or .Values.commonLabels .Values.grafana.ingress.labels }} - labels: - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 6 }} - {{- end }} - {{- if .Values.grafana.ingress.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.grafana.ingress.labels "context" $ ) | nindent 6 }} - {{- end }} - {{- end }} - {{- if or .Values.commonAnnotations .Values.grafana.ingress.annotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 6 }} - {{- end }} - {{- if .Values.grafana.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.grafana.ingress.annotations "context" $ ) | nindent 6 }} - {{- end }} - {{- end }} - path: {{ include "common.tplvalues.render" (dict "value" .Values.grafana.ingress.path "context" $) }} - config: {{- include "common.tplvalues.render" ( dict "value" .Values.grafana.config "context" $ ) | nindent 4 }} - {{- if .Values.grafana.configMaps }} - configMaps: {{ toYaml .Values.grafana.configMaps | nindent 4 }} - {{- end }} - {{- if .Values.grafana.secrets }} - secrets: {{ toYaml .Values.grafana.secrets | nindent 4 }} - {{- end }} - dashboardLabelSelector: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.dashboardLabelSelectors "context" $ ) | nindent 4 }} - jsonnet: - libraryLabelSelector: {{- include "common.tplvalues.render" (dict "value" .Values.grafana.jsonnetLibrarySelector "context" $ ) | nindent 6 }} -{{- end }} diff --git a/bitnami/grafana-operator/templates/rbac.yaml b/bitnami/grafana-operator/templates/rbac.yaml deleted file mode 100644 index 4f3428f..0000000 --- a/bitnami/grafana-operator/templates/rbac.yaml +++ /dev/null @@ -1,249 +0,0 @@ -{{- if and .Values.operator.rbac.create .Values.operator.enabled }} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - configmaps - - secrets - - serviceaccounts - - configmaps - verbs: - - get - - list - - create - - update - - delete - - deletecollection - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create - - delete - - update - - patch - - apiGroups: - - apps - resources: - - deployments - - deployments/finalizers - - daemonsets - - replicasets - - statefulsets - verbs: - - get - - list - - create - - update - - delete - - deletecollection - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - get - - list - - create - - update - - delete - - deletecollection - - watch - - create - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - create - - update - - delete - - deletecollection - - watch - - apiGroups: - - integreatly.org - resources: - - grafanas - - grafanas/status - - grafanas/finalizers - - grafanadashboards - - grafanadatasources - - grafanadatasources/status - verbs: - - get - - list - - create - - update - - delete - - deletecollection - - watch ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - name: {{ include "common.names.fullname" . }} - kind: Role - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ include "grafana-operator.serviceAccountName" . }} -{{- if or .Values.operator.args.scanAllNamespaces .Values.operator.args.scanNamespaces }} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - configmaps - - secrets - - serviceaccounts - - configmaps - verbs: - - get - - list - - create - - update - - delete - - deletecollection - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create - - delete - - update - - patch - - apiGroups: - - apps - resources: - - deployments - - deployments/finalizers - - daemonsets - - replicasets - - statefulsets - verbs: - - get - - list - - create - - update - - delete - - deletecollection - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - get - - list - - create - - update - - delete - - deletecollection - - watch - - create - - apiGroups: - - extensions - resources: - - ingresses - verbs: - - get - - list - - create - - update - - delete - - deletecollection - - watch - - apiGroups: - - integreatly.org - resources: - - grafanas - - grafanas/status - - grafanas/finalizers - - grafanadashboards - - grafanadatasources - - grafanadatasources/status - verbs: - - get - - list - - create - - update - - delete - - deletecollection - - watch ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - name: {{ include "common.names.fullname" . }} - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ include "grafana-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/bitnami/grafana-operator/templates/serviceaccount.yaml b/bitnami/grafana-operator/templates/serviceaccount.yaml deleted file mode 100644 index a414583..0000000 --- a/bitnami/grafana-operator/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.operator.serviceAccount.create .Values.operator.enabled -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "grafana-operator.serviceAccountName" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/bitnami/grafana-operator/templates/servicemonitor.yaml b/bitnami/grafana-operator/templates/servicemonitor.yaml deleted file mode 100644 index 81f99c6..0000000 --- a/bitnami/grafana-operator/templates/servicemonitor.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if and .Values.operator.prometheus.serviceMonitor.enabled .Values.operator.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - clusterIP: None - type: ClusterIP - ports: - - port: 8080 - targetPort: metrics - protocol: TCP - name: metrics - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.operator.prometheus.serviceMonitor.jobLabel }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: metrics - {{- if .Values.operator.prometheus.serviceMonitor.interval }} - interval: {{ .Values.operator.prometheus.serviceMonitor.interval }} - {{- end }} - {{- if .Values.operator.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: {{ toYaml .Values.operator.prometheus.serviceMonitor.metricRelabelings | nindent 8 }} - {{- end }} - {{- if .Values.operator.prometheus.serviceMonitor.relabelings }} - relabelings: {{ toYaml .Values.operator.prometheus.serviceMonitor.relabelings | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/grafana-operator/values.yaml b/bitnami/grafana-operator/values.yaml deleted file mode 100644 index 1fc1ab9..0000000 --- a/bitnami/grafana-operator/values.yaml +++ /dev/null @@ -1,585 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template with a string -## -fullnameOverride: "" -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] -## @param commonLabels Common Labels which are applied to every resource deployed -## -commonLabels: {} -## @param commonAnnotations Common Annotations which are applied to every ressource deployed -## -commonAnnotations: {} - -## @section Grafana Operator parameters - -## This all configuration for the Grafana Operator. -## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/README.md -## Constants it is using for creating instances: -## Ref: https://github.com/integr8ly/grafana-operator/blob/master/pkg/controller/model/constants.go -## -operator: - ## @param operator.enabled Enable the deployment of the Grafana Operator - ## - enabled: true - ## @param operator.replicaCount Number of grafana-operator Pod replicas - ## - replicaCount: 1 - ## @param operator.updateStrategy.type Set up update strategy for Grafana Operator installation. - ## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first. - ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - ## Example: - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: - type: Recreate - ## @param operator.image.registry Grafana Operator image registry - ## @param operator.image.repository Grafana Operator image name - ## @param operator.image.tag Grafana Operator image tag - ## @param operator.image.pullPolicy Grafana Operator image pull policy - ## @param operator.image.pullSecrets Grafana Operator image pull secrets - ## - image: - registry: docker.io - repository: bitnami/grafana-operator - tag: 3.10.3-debian-10-r61 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## Ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param operator.args.scanAllNamespaces Specify if all namespace should be scanned for dashboards and datasources. (Creates ClusterRole) - ## @param operator.args.scanNamespaces Specify the namespaces which should be scanned for dashboards and datasources (Creates ClusterRole) - ## - args: - ## If one of these options is set a clusterRole and clusterRoleBinding is created to - ## ensure that the operator is able to get data from other namespaces. - ## - scanAllNamespaces: false - scanNamespaces: [] - ## @param operator.rbac.create Create specifies whether to install and use RBAC rules - ## - rbac: - create: true - ## @param operator.serviceAccount.create Specifies whether a service account should be created - ## @param operator.serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template - ## - serviceAccount: - create: true - name: "" - ## Pod securityContext - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param operator.podSecurityContext.enabled Enable pods security context - ## @param operator.podSecurityContext.runAsUser User ID for the pods - ## @param operator.podSecurityContext.runAsGroup User ID for the pods - ## @param operator.podSecurityContext.runAsNonRoot Grafana Operator must run as nonRoot - ## @param operator.podSecurityContext.fsGroup Group ID for the pods - ## @param operator.podSecurityContext.supplementalGroups Which group IDs containers add - ## - podSecurityContext: - enabled: true - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - fsGroup: 1001 - supplementalGroups: [] - ## Container securityContext - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param operator.containerSecurityContext.enabled Enable container security context - ## @param operator.containerSecurityContext.runAsUser User ID for the operator container - ## @param operator.containerSecurityContext.runAsGroup User ID for the operator container - ## @param operator.containerSecurityContext.readOnlyRootFilesystem ReadOnlyRootFilesystem fot the operator container - ## @param operator.containerSecurityContext.allowPrivilegeEscalation Allow Privilege Escalation for the operator container - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsGroup: 1001 - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - ## @param operator.resources Container resource requests and limits - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - resources: {} - ## @param operator.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param operator.podAffinityPreset Pod affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAffinityPreset: "" - ## @param operator.podAntiAffinityPreset Pod anti-affinity preset. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param operator.nodeAffinityPreset.type Node affinity preset type. Allowed values: `soft` or `hard` - ## - type: "" - ## @param operator.nodeAffinityPreset.key Set nodeAffinity preset key - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param operator.nodeAffinityPreset.values Set nodeAffinity preset values - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param operator.podAnnotations Pod annotations - ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param operator.podLabels Additional pod labels - ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param operator.nodeSelector Node labels for pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param operator.tolerations Tolerations for controller pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param operator.affinity Affinity for controller pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - prometheus: - ## Prometheus Operator service monitors - ## - serviceMonitor: - ## @param operator.prometheus.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator - ## - enabled: false - ## @param operator.prometheus.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator - ## - jobLabel: app.kubernetes.io/name - ## @param operator.prometheus.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used - ## - interval: "" - ## @param operator.prometheus.serviceMonitor.metricRelabelings Specify additional relabeling of metrics - ## - metricRelabelings: [] - ## @param operator.prometheus.serviceMonitor.relabelings Specify general relabeling - ## - relabelings: [] - ## Liveness probe value - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param operator.livenessProbe.enabled Enable livenessProbe - ## @param operator.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param operator.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param operator.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param operator.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param operator.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## Readiness probe values - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param operator.readinessProbe.enabled Enable readinessProbe - ## @param operator.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param operator.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param operator.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param operator.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param operator.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - -## @section Grafana parameters - -grafana: - ## @param grafana.enabled Enabled the deployment of the Grafana CRD object into the cluster - ## - enabled: true - ## @param grafana.image.registry Grafana image registry - ## @param grafana.image.repository Grafana image name - ## @param grafana.image.tag Grafana image tag - ## @param grafana.image.pullSecrets Grafana image pull secrets - ## - image: - registry: docker.io - repository: bitnami/grafana - tag: 8.1.5-debian-10-r2 - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param grafana.serviceAccount Additional service account configuration - ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#configuring-the-serviceaccount - ## e.g: - ## serviceAccount: - ## annotations: - ## iam.gke.io/gcp-service-account: "grafana@preprodz.iam.gserviceaccount.com" - serviceAccount: {} - ## Pod securityContext - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param grafana.podSecurityContext.enabled Enable pods security context - ## @param grafana.podSecurityContext.runAsUser User ID for the pods - ## @param grafana.podSecurityContext.runAsGroup User ID for the pods - ## @param grafana.podSecurityContext.runAsNonRoot Grafana Operator must run as nonRoot - ## @param grafana.podSecurityContext.fsGroup Group ID for the pods - ## @param grafana.podSecurityContext.supplementalGroups Which group IDs containers add - ## - podSecurityContext: - enabled: true - runAsUser: 1001 - runAsGroup: 1001 - runAsNonRoot: true - fsGroup: 1001 - supplementalGroups: [] - ## Container securityContext - ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param grafana.containerSecurityContext.enabled Enable containers security context - ## @param grafana.containerSecurityContext.runAsUser User ID for the containers - ## @param grafana.containerSecurityContext.runAsGroup Group ID for the containers - ## @param grafana.containerSecurityContext.fsGroup Filesystem Group ID for the containers - ## @param grafana.containerSecurityContext.allowPrivilegeEscalation Don't allow privilege escalation for the containers - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsGroup: 1001 - fsGroup: 1001 - allowPrivilegeEscalation: false - ## Grafana containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param grafana.resources.limits The resources limits for the container - ## @param grafana.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## @param grafana.replicaCount Specify the amount of replicas running - ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#configuring-the-deployment - ## NOTE: Number of replicas. If more than one is selected, a shared database should be configured. - ## - replicaCount: 1 - ## @param grafana.podAffinityPreset Pod affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAffinityPreset: "" - ## @param grafana.podAntiAffinityPreset Pod anti-affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## @param grafana.nodeAffinityPreset.type Set nodeAffinity preset type - ## Allowed values: soft, hard - ## - type: "" - ## @param grafana.nodeAffinityPreset.key Set nodeAffinity preset key - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param grafana.nodeAffinityPreset.values Set nodeAffinity preset values - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param grafana.affinity Affinity for controller pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param grafana.nodeSelector Node labels for controller pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param grafana.tolerations Tolerations for controller pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param grafana.envFrom Extra environment variable to pass to the running container - ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#configuring-the-deployment - ## e.g: - ## envFrom: - ## - configMapRef: - ## name: grafana-configmap - ## - secretRef: - ## name: grafana-secrets - envFrom: [] - ## The grafana-operator client-configuration for this grafana instance - ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#configuring-grafana-api-access - ## @param grafana.client.timeout The timeout in seconds for the Grafana Rest API on that instance - ## @param grafana.client.preferService If the API should be used via Ingress or via the internal service - ## - client: - timeout: 5 - preferService: true - ## Configure the ingress resource that allows you to access the - ## Grafana web. Set up the URL - ## Ref: http://kubernetes.io/docs/user-guide/ingress/ - ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#configuring-the-ingress-or-route - ## - ingress: - ## @param grafana.ingress.enabled If an ingress or OpenShift Route should be created - ## - enabled: false - ## @param grafana.ingress.hostname The hostname under which the grafana instance should be reachable - ## - hostname: grafana.local - ## @param grafana.ingress.path The path for the ingress instance to forward to the grafana app - ## - path: / - ## @param grafana.ingress.labels Additional Labels for the ingress resource - ## - labels: {} - ## @param grafana.ingress.annotations Additional Annotations for the ingress resource - ## For a full list of possible ingress annotations, please see - ## Ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## - annotations: {} - ## @param grafana.ingress.tls This enables tls support for the ingress resource - ## - tls: false - ## @param grafana.ingress.tlsSecret The name for the secret to use for the tls termination - ## - tlsSecret: grafana.local-tls - ## Enable persistence using Persistent Volume Claims - ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param grafana.persistence.enabled Enable persistent storage for the grafana deployment - ## NOTE: In order to avoid deployment failure due to multi-attach of the same volume, - ## you might also want to set `grafana.updateStrategy` to Recreate. - ## More information can be found here: https://github.com/grafana-operator/grafana-operator/issues/453 - ## - enabled: false - ## @param grafana.persistence.storageClass Define the storageClass for the persistent storage if not defined default is used - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param grafana.persistence.accessMode Define the accessMode for the persistent storage - ## - accessMode: ReadWriteOnce - ## @param grafana.persistence.size Define the size of the PersistentVolumeClaim to request for - ## - size: 10Gi - ## @param grafana.config [object] grafana.ini configuration for the instance for this to configure please look at upstream docs - ## This is the configuration from the grafana pod itself. Every toml section is a root key - ## Ref: https://grafana.com/docs/grafana/latest/administration/configuration/ - ## - config: - server: - root_url: |- - {{- if .Values.grafana.ingress.enabled }} - {{ if .Values.grafana.ingress.tls }}https{{ else }}http{{ end }}://{{ .Values.grafana.ingress.hostname }} - {{- else }} - http://localhost:3000 - {{- end }} - log: - mode: "console" - level: "warn" - alerting: - enabled: false - analytics: - reporting_enabled: false - check_for_updates: false - security: - disable_initial_admin_creation: false - disable_gravatar: false - # ## Grafana Admin credentials, if omitted they will be admin: - # admin_user: - # admin_password: - # - # ## OIDC configuration - # ## - # auth: - # disable_login_form: false - # disable_signout_menu: false - # auth.generic_oauth: - # enabled: True - # client_id: grafana - # client_secret: a391df94-dd1f-46d6-b3ab-60e90f23e8a2 - # scopes: profile email - # auth_url: https://keycloak.example.com/auth/realms/master/protocol/openid-connect/auth - # token_url: https://keycloak.example.com/auth/realms/master/protocol/openid-connect/token - # api_url: https://keycloak.example.com/auth/realms/master/protocol/openid-connect/userinfo - # ## Automatic role handling with OIDC - # ## - # # role_attribute_path: contains(groups[*], 'platform-readonly') && 'Viewer' || contains(groups[*], 'platform-admin') && 'Admin' || contains(groups[*], 'platform-emergency') && 'Admin' || contains(groups[*], 'customer-poweruser') && 'Admin' || contains(groups[*], 'customer-collaborator') && 'Editor' || contains(groups[*], 'customer-readonly') && 'Viewer' - # # allowed_domains: example.com - # allow_sign_up: True - ## @param grafana.configMaps Extra configMaps to mount into the grafana pod - ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/extra_files.md - ## e.g: - ## configMaps: - ## - myCustomConfigMap - ## - configMaps: [] - ## @param grafana.secrets Extra secrets to mount into the grafana pod - ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/extra_files.md - ## e.g: - ## secrets: - ## - myCustomSecret - ## - secrets: [] - ## @param grafana.jsonnetLibrarySelector [object] Configuring the read for jsonnetLibraries to pull in. - ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#jsonnet-library-discovery - ## - jsonnetLibrarySelector: - matchLabels: - app.kubernetes.io/instance: "{{ .Release.Name }}" - ## @param grafana.dashboardLabelSelectors [object] This selects dashboards on the label. - ## A cachall is not possible so you need to define at least one label selector here. - ## Ref: https://github.com/integr8ly/grafana-operator/blob/master/documentation/deploy_grafana.md#deploying-grafana - ## - dashboardLabelSelectors: - - matchLabels: - app.kubernetes.io/instance: "{{ .Release.Name }}" - ## Grafana containers' liveness probe - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param grafana.livenessProbe.enabled Enable livenessProbe - ## @param grafana.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param grafana.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param grafana.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param grafana.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param grafana.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## Grafana containers' readiness probe - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param grafana.readinessProbe.enabled Enable readinessProbe - ## @param grafana.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param grafana.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param grafana.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param grafana.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param grafana.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param grafana.updateStrategy Set up update strategy for Grafana installation. - ## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first. - ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy - ## Example: - ## updateStrategy: - ## type: RollingUpdate - ## rollingUpdate: - ## maxSurge: 25% - ## maxUnavailable: 25% - ## - updateStrategy: {} - ## @param grafana.extraVolumes Optionally specify extra list of additional volumes for the grafana pod(s) - ## - extraVolumes: [] - ## @param grafana.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the grafana container(s) - ## - extraVolumeMounts: [] - ## @param grafana.sidecars Add additional sidecar containers to the grafana pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] diff --git a/bitnami/grafana/Chart.lock b/bitnami/grafana/Chart.lock deleted file mode 100644 index 96d5701..0000000 --- a/bitnami/grafana/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:6d608d323ac01a7950ba64fa7caf4169a5d9d33e442c99e23e123caaf303b6b9 -generated: "2021-09-16T09:49:24.322554506Z" diff --git a/bitnami/grafana/Chart.yaml b/bitnami/grafana/Chart.yaml deleted file mode 100644 index e0896e2..0000000 --- a/bitnami/grafana/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -annotations: - category: Analytics -apiVersion: v2 -appVersion: 8.1.5 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB™. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/grafana -icon: https://bitnami.com/assets/stacks/grafana/img/grafana-stack-220x234.png -keywords: - - analytics - - monitoring - - metrics - - logs -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: grafana -sources: - - https://github.com/bitnami/bitnami-docker-grafana - - https://grafana.com/ -version: 6.1.15 diff --git a/bitnami/grafana/README.md b/bitnami/grafana/README.md deleted file mode 100644 index 70d79af..0000000 --- a/bitnami/grafana/README.md +++ /dev/null @@ -1,515 +0,0 @@ -# Grafana - -[Grafana](https://grafana.com/) is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB™. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/grafana -``` - -## Introduction - -This chart bootstraps a [grafana](https://github.com/bitnami/bitnami-docker-grafana) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/grafana -``` - -These commands deploy grafana on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. Use the option `--purge` to delete all persistent volumes too. - -## Differences between the Bitnami Grafana chart and the Bitnami Grafana Operator chart - -In the Bitnami catalog we offer both the bitnami/grafana and bitnami/grafana-operator charts. Each solution covers different needs and use cases. - -The *bitnami/grafana* chart deploys a single Grafana installation (with grafana-image-renderer) using a Kubernetes Deployment object (together with Services, PVCs, ConfigMaps, etc.). The figure below shows the deployed objects in the cluster after executing *helm install*: - -``` - +--------------+ +-----+ - | | | | - Service & Ingress | Grafana +<------------+ PVC | -<-------------------+ | | | - | Deployment | +-----+ - | | - +-----------+--+ - ^ +------------+ - | | | - +----------------+ Configmaps | - | Secrets | - | | - +------------+ - -``` - -Its lifecycle is managed using Helm and, at the Grafana container level, the following operations are automated: persistence management, configuration based on environment variables and plugin initialization. The chart also allows deploying dashboards and data sources using ConfigMaps. The Deployments do not require any ServiceAccounts with special RBAC privileges so this solution would fit better in more restricted Kubernetes installations. - -The *bitnami/grafana-operator* chart deploys a Grafana Operator installation using a Kubernetes Deployment. The figure below shows the Grafana operator deployment after executing *helm install*: - -``` -+--------------------+ -| | +---------------+ -| Grafana Operator | | | -| | | RBAC | -| Deployment | | Privileges | -| | | | -+-------+------------+ +-------+-------+ - ^ | - | +-----------------+ | - +---+ Service Account +<----+ - +-----------------+ -``` - -The operator will extend the Kubernetes API with the following objects: *Grafana*, *GrafanaDashboards* and *GrafanaDataSources*. From that moment, the user will be able to deploy objects of these kinds and the previously deployed Operator will take care of deploying all the required Deployments, ConfigMaps and Services for running a Grafana instance. Its lifecycle is managed using *kubectl* on the Grafana, GrafanaDashboards and GrafanaDataSource objects. The following figure shows the deployed objects after - deploying a *Grafana* object using *kubectl*: - -``` -+--------------------+ -| | +---------------+ -| Grafana Operator | | | -| | | RBAC | -| Deployment | | Privileges | -| | | | -+--+----+------------+ +-------+-------+ - | ^ | - | | +-----------------+ | - | +---+ Service Account +<----+ - | +-----------------+ - | - | - | - | - | Grafana - | +---------------------------------------------------------------------------+ - | | | - | | +--------------+ +-----+ | - | | | | | | | - +-------------------->+ Service & Ingress | Grafana +<------------+ PVC | | - | <-------------------+ | | | | - | | Deployment | +-----+ | - | | | | - | +-----------+--+ | - | ^ +------------+ | - | | | | | - | +----------------+ Configmaps | | - | | Secrets | | - | | | | - | +------------+ | - | | - +---------------------------------------------------------------------------+ - -``` - -This solution allows to easily deploy multiple Grafana instances compared to the *bitnami/grafana* chart. As the operator automatically deploys Grafana installations, the Grafana Operator pods will require a ServiceAccount with privileges to create and destroy mulitple Kubernetes objects. This may be problematic for Kubernetes clusters with strict role-based access policies. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------ | --------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `nameOverride` | String to partially override grafana.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override grafana.fullname template | `""` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | - - -### Grafana parameters - -| Name | Description | Value | -| ---------------------------------- | --------------------------------------------------------------------------------- | -------------------- | -| `image.registry` | Grafana image registry | `docker.io` | -| `image.repository` | Grafana image repository | `bitnami/grafana` | -| `image.tag` | Grafana image tag (immutable tags are recommended) | `8.1.5-debian-10-r0` | -| `image.pullPolicy` | Grafana image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Grafana image pull secrets | `[]` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `admin.user` | Grafana admin username | `admin` | -| `admin.password` | Admin password. If a password is not provided a random password will be generated | `""` | -| `admin.existingSecret` | Name of the existing secret containing admin password | `""` | -| `admin.existingSecretPasswordKey` | Password key on the existing secret | `password` | -| `smtp.enabled` | Enable SMTP configuration | `false` | -| `smtp.user` | SMTP user | `user` | -| `smtp.password` | SMTP password | `password` | -| `smtp.host` | Custom host for the smtp server | `""` | -| `smtp.existingSecret` | Name of existing secret containing SMTP credentials (user and password) | `""` | -| `smtp.existingSecretUserKey` | User key on the existing secret | `user` | -| `smtp.existingSecretPasswordKey` | Password key on the existing secret | `password` | -| `plugins` | Grafana plugins to be installed in deployment time separated by commas | `""` | -| `ldap.enabled` | Enable LDAP for Grafana | `false` | -| `ldap.allowSignUp` | Allows LDAP sign up for Grafana | `false` | -| `ldap.configMapName` | Name of the ConfigMap with the LDAP configuration file for Grafana | `""` | -| `extraEnvVars` | Array containing extra env vars to configure Grafana | `{}` | -| `extraConfigmaps` | Array to mount extra ConfigMaps to configure Grafana | `{}` | -| `config.useGrafanaIniFile` | Allows to load a `grafana.ini` file | `false` | -| `config.grafanaIniConfigMap` | Name of the ConfigMap containing the `grafana.ini` file | `""` | -| `config.grafanaIniSecret` | Name of the Secret containing the `grafana.ini` file | `""` | -| `dashboardsProvider.enabled` | Enable the use of a Grafana dashboard provider | `false` | -| `dashboardsProvider.configMapName` | Name of a ConfigMap containing a custom dashboard provider | `""` | -| `dashboardsConfigMaps` | Array with the names of a series of ConfigMaps containing dashboards files | `[]` | -| `datasources.secretName` | Secret name containing custom datasource files | `""` | - - -### Deployment parameters - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------------------------------------------------------- | --------------- | -| `replicaCount` | Number of Grafana nodes | `1` | -| `updateStrategy.type` | Set up update strategy for Grafana installation. | `RollingUpdate` | -| `schedulerName` | Alternative scheduler | `""` | -| `priorityClassName` | Priority class name | `""` | -| `podLabels` | Extra labels for Grafana pods | `{}` | -| `podAnnotations` | Grafana Pod annotations | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `securityContext.enabled` | Enable securityContext on for Grafana deployment | `true` | -| `securityContext.fsGroup` | Group to configure permissions for volumes | `1001` | -| `securityContext.runAsUser` | User for the security context | `1001` | -| `securityContext.runAsNonRoot` | Run containers as non-root users | `true` | -| `resources.limits` | The resources limits for Grafana containers | `{}` | -| `resources.requests` | The requested resources for Grafana containers | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `sidecars` | Attach additional sidecar containers to the Grafana pod | `[]` | -| `extraVolumes` | Additional volumes for the Grafana pod | `[]` | -| `extraVolumeMounts` | Additional volume mounts for the Grafana container | `[]` | - - -### Persistence parameters - -| Name | Description | Value | -| --------------------------- | --------------------------------------------------------------------------------------------------------- | --------------- | -| `persistence.enabled` | Enable persistence | `true` | -| `persistence.accessMode` | Access mode to the PV | `ReadWriteOnce` | -| `persistence.storageClass` | Storage class to use with the PVC | `""` | -| `persistence.existingClaim` | If you want to reuse an existing claim, you can pass the name of the PVC using the existingClaim variable | `""` | -| `persistence.size` | Size for the PV | `10Gi` | - - -### RBAC parameters - -| Name | Description | Value | -| ---------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------ | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `serviceAccount.annotations` | Annotations to add to the ServiceAccount Metadata | `{}` | - - -### Traffic exposure parameters - -| Name | Description | Value | -| ---------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | Grafana service port | `3000` | -| `service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types | `""` | -| `service.loadBalancerIP` | loadBalancerIP if Grafana service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `service.loadBalancerSourceRanges` | loadBalancerSourceRanges if Grafana service type is `LoadBalancer` (optional, cloud specific) | `[]` | -| `service.annotations` | Provide any additional annotations which may be required. | `{}` | -| `ingress.enabled` | Set to true to enable ingress record generation | `false` | -| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | When the ingress is enabled, a host pointing to this will be created | `grafana.local` | -| `ingress.path` | Default path for the ingress resource | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `ingress.secrets` | It is also possible to create and manage the certificates outside of this helm chart | `[]` | - - -### Metrics parameters - -| Name | Description | Value | -| -------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | -| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | -| `metrics.service.annotations` | Annotations for Prometheus metrics service | `{}` | -| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | - - -### Grafana Image Renderer parameters - -| Name | Description | Value | -| ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | -------------------------------- | -| `imageRenderer.enabled` | Enable using a remote rendering service to render PNG images | `false` | -| `imageRenderer.image.registry` | Grafana Image Renderer image registry | `docker.io` | -| `imageRenderer.image.repository` | Grafana Image Renderer image repository | `bitnami/grafana-image-renderer` | -| `imageRenderer.image.tag` | Grafana Image Renderer image tag (immutable tags are recommended) | `3.2.0-debian-10-r4` | -| `imageRenderer.image.pullPolicy` | Grafana Image Renderer image pull policy | `IfNotPresent` | -| `imageRenderer.image.pullSecrets` | Grafana image Renderer pull secrets | `[]` | -| `imageRenderer.replicaCount` | Number of Grafana Image Renderer Pod replicas | `1` | -| `imageRenderer.podAnnotations` | Grafana Image Renderer Pod annotations | `{}` | -| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` | -| `imageRenderer.tolerations` | Tolerations for pod assignment | `[]` | -| `imageRenderer.affinity` | Affinity for pod assignment | `{}` | -| `imageRenderer.resources.limits` | The resources limits for Grafana containers | `{}` | -| `imageRenderer.resources.requests` | The requested resources for Grafana containers | `{}` | -| `imageRenderer.securityContext.enabled` | Enable securityContext on for Grafana Image Renderer deployment | `true` | -| `imageRenderer.securityContext.fsGroup` | Group to configure permissions for volumes | `1001` | -| `imageRenderer.securityContext.runAsUser` | User for the security context | `1001` | -| `imageRenderer.securityContext.runAsNonRoot` | Run containers as non-root users | `true` | -| `imageRenderer.service.port` | Grafana Image Renderer metrics port | `8080` | -| `imageRenderer.metrics.enabled` | Enable the export of Prometheus metrics | `false` | -| `imageRenderer.metrics.annotations` | Prometheus annotations | `{}` | -| `imageRenderer.metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `imageRenderer.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `imageRenderer.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `imageRenderer.metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set admin.user=admin-user bitnami/grafana -``` - -The above command sets the Grafana admin user to `admin-user`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/grafana -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Using custom configuration - -Grafana supports multiples configuration files. Using kubernetes you can mount a file using a ConfigMap or a Secret. For example, to mount a custom `grafana.ini` file or `custom.ini` file you can create a ConfigMap like the following: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myconfig -data: - grafana.ini: |- - # Raw text of the file -``` - -And now you need to pass the ConfigMap name, to the corresponding parameters: `config.useGrafanaIniFile=true` and `config.grafanaIniConfigMap=myconfig`. - -To provide dashboards on deployment time, Grafana needs a dashboards provider and the dashboards themselves. -A default provider is created if enabled, or you can mount your own provider using a ConfigMap, but have in mind that the path to the dashboard folder must be `/opt/bitnami/grafana/dashboards`. - 1. To create a dashboard, it is needed to have a datasource for it. The datasources must be created mounting a secret with all the datasource files in it. In this case, it is not a ConfigMap because the datasource could contain sensitive information. - 2. To load the dashboards themselves you need to create a ConfigMap for each one containing the `json` file that defines the dashboard and set the array with the ConfigMap names into the `dashboardsConfigMaps` parameter. -Note the difference between the datasources and the dashboards creation. For the datasources we can use just one secret with all of the files, while for the dashboards we need one ConfigMap per file. - -For example, create the dashboard ConfigMap(s) and datasource Secret as described below: - -```console -$ kubectl create secret generic datasource-secret --from-file=datasource-secret.yaml -$ kubectl create configmap my-dashboard-1 --from-file=my-dashboard-1.json -$ kubectl create configmap my-dashboard-2 --from-file=my-dashboard-2.json -``` - -> Note: the commands above assume you had previously exported your dashboards in the JSON files: *my-dashboard-1.json* and *my-dashboard-2.json* - -> Note: the commands above assume you had previously created a datasource config file *datasource-secret.yaml*. Find an example at https://grafana.com/docs/grafana/latest/administration/provisioning/#example-datasource-config-file - -Once you have them, use the following parameters to deploy Grafana with 2 custom dashboards: - -```console -dashboardsProvider.enabled=true -datasources.secretName=datasource-secret -dashboardsConfigMaps[0].configMapName=my-dashboard-1 -dashboardsConfigMaps[0].fileName=my-dashboard-1.json -dashboardsConfigMaps[1].configMapName=my-dashboard-2 -dashboardsConfigMaps[1].fileName=my-dashboard-2.json -``` - -More info at [Grafana documentation](https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards). - -### LDAP configuration - -To enable LDAP authentication it is necessary to provide a ConfigMap with the Grafana LDAP configuration file. For instance: - -**configmap.yaml**: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: ldap-config -data: - ldap.toml: |- - [[servers]] - # Ldap server host (specify multiple hosts space separated) - host = "ldap" - # Default port is 389 or 636 if use_ssl = true - port = 389 - # Set to true if ldap server supports TLS - use_ssl = false - # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS) - start_tls = false - # set to true if you want to skip ssl cert validation - ssl_skip_verify = false - # set to the path to your root CA certificate or leave unset to use system defaults - # root_ca_cert = "/path/to/certificate.crt" - # Authentication against LDAP servers requiring client certificates - # client_cert = "/path/to/client.crt" - # client_key = "/path/to/client.key" - - # Search user bind dn - bind_dn = "cn=admin,dc=example,dc=org" - # Search user bind password - # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" - bind_password = 'admin' - - # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)" - # Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))" - search_filter = "(uid=%s)" - - # An array of base dns to search through - search_base_dns = ["ou=People,dc=support,dc=example,dc=org"] - - # group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))" - # group_search_filter_user_attribute = "distinguishedName" - # group_search_base_dns = ["ou=groups,dc=grafana,dc=org"] - - # Specify names of the ldap attributes your ldap uses - [servers.attributes] - name = "givenName" - surname = "sn" - username = "cn" - member_of = "memberOf" - email = "email" -``` - -Create the ConfigMap into the cluster and deploy the Grafana Helm Chart using the existing ConfigMap and the following parameters: - -```console -ldap.enabled=true -ldap.configMapName=ldap-config -ldap.allowSignUp=true -``` - -### Supporting HA (High Availability) - -To support HA Grafana just need an external database where store dashboards, users and other persistent data. -To configure the external database provide a configuration file containing the [database section](https://grafana.com/docs/installation/configuration/#database) - -More information about Grafana HA [here](https://grafana.com/docs/tutorials/ha_setup/) - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami Grafana](https://github.com/bitnami/bitnami-docker-grafana) image stores the Grafana data and configurations at the `/opt/bitnami/grafana/data` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 4.1.0 - -This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 4.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 3.0.0 - -Deployment label selector is immutable after it gets created, so you cannot "upgrade". - -In https://github.com/bitnami/charts/pull/2773 the deployment label selectors of the resources were updated to add the component name. Resulting in compatibility breakage. - -In order to "upgrade" from a previous version, you will need to [uninstall](#uninstalling-the-chart) the existing chart manually. - -This major version signifies this change. diff --git a/bitnami/grafana/templates/NOTES.txt b/bitnami/grafana/templates/NOTES.txt deleted file mode 100644 index 1202a62..0000000 --- a/bitnami/grafana/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -** Please be patient while the chart is being deployed ** - -1. Get the application URL by running these commands: - -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.name }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - echo "Browse to http://127.0.0.1:8080" - kubectl port-forward svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }} & -{{- end }} - -2. Get the admin credentials: - - echo "User: {{ .Values.admin.user }}" - echo "Password: $(kubectl get secret {{ include "grafana.adminSecretName" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.data.{{ include "grafana.adminSecretPasswordKey" . }}}" | base64 --decode)" - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.imageRenderer.image }} -{{ include "grafana.validateValues" . }} diff --git a/bitnami/grafana/templates/_helpers.tpl b/bitnami/grafana/templates/_helpers.tpl deleted file mode 100644 index 4a2f6cc..0000000 --- a/bitnami/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,177 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Grafana image name -*/}} -{{- define "grafana.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Grafana Image Renderer image name -*/}} -{{- define "grafana.imageRenderer.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.imageRenderer.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "grafana.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.imageRenderer.image) "global" .Values.global) -}} -{{- end }} - -{{/* -Return the proper Storage Class -*/}} -{{- define "grafana.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the Grafana admin credentials secret -*/}} -{{- define "grafana.adminSecretName" -}} -{{- if .Values.admin.existingSecret -}} - {{- printf "%s" (tpl .Values.admin.existingSecret $) -}} -{{- else -}} - {{- printf "%s-admin" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Grafana admin password key -*/}} -{{- define "grafana.adminSecretPasswordKey" -}} -{{- if and .Values.admin.existingSecret .Values.admin.existingSecretPasswordKey -}} - {{- printf "%s" (tpl .Values.admin.existingSecretPasswordKey $) -}} -{{- else -}} - {{- printf "GF_SECURITY_ADMIN_PASSWORD" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "grafana.createAdminSecret" -}} -{{- if not .Values.admin.existingSecret }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Grafana SMTP credentials secret -*/}} -{{- define "grafana.smtpSecretName" -}} -{{- if .Values.smtp.existingSecret }} - {{- printf "%s" (tpl .Values.smtp.existingSecret $) -}} -{{- else -}} - {{- printf "%s-smtp" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Grafana SMTP user key -*/}} -{{- define "grafana.smtpSecretUserKey" -}} -{{- if and .Values.smtp.existingSecret .Values.smtp.existingSecretUserKey -}} - {{- printf "%s" (tpl .Values.smtp.existingSecretUserKey $) -}} -{{- else -}} - {{- printf "GF_SMTP_USER" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Grafana SMTP password key -*/}} -{{- define "grafana.smtpSecretPasswordKey" -}} -{{- if and .Values.smtp.existingSecret .Values.smtp.existingSecretPasswordKey -}} - {{- printf "%s" (tpl .Values.smtp.existingSecretPasswordKey $) -}} -{{- else -}} - {{- printf "GF_SMTP_PASSWORD" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "grafana.createSMTPSecret" -}} -{{- if and .Values.smtp.enabled (not .Values.smtp.existingSecret) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values for Grafana. -*/}} -{{- define "grafana.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "grafana.validateValues.database" .) -}} -{{- $messages := append $messages (include "grafana.validateValues.configmapsOrSecrets" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Function to validate the external database -*/}} -{{- define "grafana.validateValues.database" -}} -{{- $replicaCount := int .Values.replicaCount }} -{{- if gt $replicaCount 1 -}} -WARNING: Using more than one replica requires using an external database to share data between Grafana instances. - By default Grafana uses an internal sqlite3 per instance but you can configure an external MySQL or PostgreSQL. - Please, ensure you provide a configuration file configuring the external database to share data between replicas. -{{- end -}} -{{- end -}} - -{{/* -Function to validate grafana confirmaps and secrets -*/}} -{{- define "grafana.validateValues.configmapsOrSecrets" -}} -{{- if and .Values.config.useGrafanaIniFile (not .Values.config.grafanaIniSecret) (not .Values.config.grafanaIniConfigMap) -}} -WARNING: You enabled config.useGrafanaIniFile but did not specify config.grafanaIniSecret nor config.grafanaIniConfigMap -{{- end -}} -{{- end -}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{/* -Returns the proper service account name depending if an explicit service account name is set -in the values file. If the name is not set it will default to either common.names.fullname if serviceAccount.create -is true or default otherwise. -*/}} -{{- define "grafana.serviceAccountName" -}} - {{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} - {{- else -}} - {{ default "default" .Values.serviceAccount.name }} - {{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "grafana.ingress.apiVersion" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/grafana/templates/configmap.yaml b/bitnami/grafana/templates/configmap.yaml deleted file mode 100644 index 99d4761..0000000 --- a/bitnami/grafana/templates/configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-envvars - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: grafana -data: - GF_SECURITY_ADMIN_USER: {{ .Values.admin.user | quote }} - {{- if .Values.imageRenderer.enabled }} - {{- $domain := .Values.clusterDomain }} - {{- $namespace := .Release.Namespace }} - GF_RENDERING_SERVER_URL: "http://{{ include "common.names.fullname" . }}-image-renderer.{{ $namespace }}.svc.{{ $domain }}:{{ .Values.imageRenderer.service.port }}/render" - GF_RENDERING_CALLBACK_URL: "http://{{ include "common.names.fullname" . }}.{{ $namespace }}.svc.{{ $domain }}:{{ .Values.service.port }}/" - {{- end }} - {{- if .Values.plugins }} - GF_INSTALL_PLUGINS: {{ .Values.plugins | quote }} - {{- else }} - GF_INSTALL_PLUGINS: "" - {{- end }} - GF_PATHS_PLUGINS: "/opt/bitnami/grafana/data/plugins" - GF_AUTH_LDAP_ENABLED: {{ .Values.ldap.enabled | quote }} - GF_AUTH_LDAP_CONFIG_FILE: "/opt/bitnami/grafana/conf/ldap.toml" - GF_AUTH_LDAP_ALLOW_SIGN_UP: {{ .Values.ldap.allowSignUp | quote }} - GF_PATHS_PROVISIONING: "/opt/bitnami/grafana/conf/provisioning" - GF_PATHS_CONFIG: "/opt/bitnami/grafana/conf/grafana.ini" - GF_PATHS_DATA: "/opt/bitnami/grafana/data" - GF_PATHS_LOGS: "/opt/bitnami/grafana/logs" diff --git a/bitnami/grafana/templates/dashboard-provider.yaml b/bitnami/grafana/templates/dashboard-provider.yaml deleted file mode 100644 index b1e2d39..0000000 --- a/bitnami/grafana/templates/dashboard-provider.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.dashboardsProvider.enabled (not .Values.dashboardsProvider.configMapName) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-provider - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: grafana -data: - default-provider.yaml: |- - apiVersion: 1 - - providers: - # an unique provider name - - name: 'default-provider' - # org id. will default to orgId 1 if not specified - orgId: 1 - # name of the dashboard folder. Required - folder: dashboards - # folder UID. will be automatically generated if not specified - folderUid: '' - # provider type. Required - type: file - # disable dashboard deletion - disableDeletion: false - # enable dashboard editing - editable: true - # how often Grafana will scan for changed dashboards - updateIntervalSeconds: 10 - options: - # path to dashboard files on disk. Required - path: /opt/bitnami/grafana/dashboards - # enable folders creation for dashboards - #foldersFromFilesStructure: true -{{- end }} diff --git a/bitnami/grafana/templates/deployment.yaml b/bitnami/grafana/templates/deployment.yaml deleted file mode 100644 index a673451..0000000 --- a/bitnami/grafana/templates/deployment.yaml +++ /dev/null @@ -1,221 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: grafana -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: grafana - {{- if .Values.updateStrategy }} - strategy: {{ toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: grafana - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "grafana.createAdminSecret" .) }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- end }} - {{- if (include "grafana.createSMTPSecret" .) }} - checksum/smtp-secret: {{ include (print $.Template.BasePath "/smtp-secret.yaml") . | sha256sum }} - {{- end }} - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/dashboard-provider: {{ include (print $.Template.BasePath "/dashboard-provider.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} - {{- end }} - spec: - {{- include "grafana.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "grafana.serviceAccountName" . }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "grafana" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "grafana" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} - {{- end }} - containers: - - name: grafana - image: {{ template "grafana.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ include "common.names.fullname" . }}-envvars - env: - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "grafana.adminSecretName" . }} - key: {{ include "grafana.adminSecretPasswordKey" . }} - {{- if .Values.smtp.enabled }} - - name: GF_SMTP_ENABLED - value: "true" - {{- if .Values.smtp.host }} - - name: GF_SMTP_HOST - value: {{ .Values.smtp.host }} - {{- end }} - - name: GF_SMTP_USER - valueFrom: - secretKeyRef: - name: {{ include "grafana.smtpSecretName" . }} - key: {{ include "grafana.smtpSecretUserKey" . }} - - name: GF_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "grafana.smtpSecretName" . }} - key: {{ include "grafana.smtpSecretPasswordKey" . }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- toYaml .Values.extraEnvVars | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.config.useGrafanaIniFile }} - - name: grafana-ini - mountPath: /opt/bitnami/grafana/conf/grafana.ini - subPath: grafana.ini - {{- end }} - {{- if .Values.persistence.enabled }} - - name: data - mountPath: /opt/bitnami/grafana/data - {{- end }} - {{- if .Values.dashboardsProvider.enabled }} - - name: dashboards-provider - mountPath: /opt/bitnami/grafana/conf/provisioning/dashboards - {{- end }} - {{- range .Values.dashboardsConfigMaps }} - - name: {{ .configMapName }} - {{- if .folderName }} - mountPath: /opt/bitnami/grafana/dashboards/{{ .folderName }}/{{ .fileName }} - {{- else }} - mountPath: /opt/bitnami/grafana/dashboards/{{ .fileName }} - {{- end }} - subPath: {{ .fileName }} - {{- end }} - {{- if .Values.datasources.secretName }} - - name: datasources - mountPath: /opt/bitnami/grafana/conf/provisioning/datasources - {{- end }} - {{- if and .Values.ldap.enabled .Values.ldap.configMapName }} - - name: ldap - mountPath: /opt/bitnami/grafana/conf/ldap.toml - subPath: ldap.toml - {{- end }} - {{- range .Values.extraConfigmaps }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath | default "" }} - readOnly: {{ .readOnly }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - ports: - - name: dashboard - containerPort: 3000 - protocol: TCP - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /api/health - port: dashboard - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /api/health - port: dashboard - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.persistence.enabled }} - - name: data - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} - {{- end }} - {{- if and .Values.ldap.enabled .Values.ldap.configMapName }} - - name: ldap - configMap: - name: {{ .Values.ldap.configMapName }} - {{- end }} - {{- if .Values.dashboardsProvider.enabled }} - - name: dashboards-provider - configMap: - {{- if .Values.dashboardsProvider.configMapName }} - name: {{ include "common.tplvalues.render" ( dict "value" .Values.dashboardsProvider.configMapName "context" $) }} - {{- else }} - name: {{ include "common.names.fullname" . }}-provider - {{- end }} - {{- end }} - {{- range .Values.dashboardsConfigMaps }} - - name: {{ .configMapName }} - configMap: - name: {{ .configMapName }} - {{- end }} - {{- if .Values.datasources.secretName }} - - name: datasources - secret: - secretName: {{ .Values.datasources.secretName }} - {{- end }} - {{- if .Values.config.useGrafanaIniFile }} - - name: grafana-ini - {{- if .Values.config.grafanaIniConfigMap }} - configMap: - name: {{ .Values.config.grafanaIniConfigMap }} - {{- else if .Values.config.grafanaIniSecret }} - secret: - secretName: {{ .Values.config.grafanaIniSecret }} - {{- end }} - {{- end }} - {{- range .Values.extraConfigmaps }} - - name: {{ .name }} - configMap: - name: {{ .name }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} diff --git a/bitnami/grafana/templates/image-renderer-deployment.yaml b/bitnami/grafana/templates/image-renderer-deployment.yaml deleted file mode 100644 index e524f16..0000000 --- a/bitnami/grafana/templates/image-renderer-deployment.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.imageRenderer.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }}-image-renderer - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: image-renderer -spec: - replicas: {{ .Values.imageRenderer.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: image-renderer - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: image-renderer - {{- if .Values.imageRenderer.podAnnotations }} - annotations: {{- toYaml .Values.imageRenderer.podAnnotations | nindent 8 }} - {{- end }} - spec: - {{- include "grafana.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ template "grafana.serviceAccountName" . }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - {{- if .Values.imageRenderer.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.imageRenderer.affinity "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.imageRenderer.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.imageRenderer.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.imageRenderer.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.imageRenderer.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.imageRenderer.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.imageRenderer.securityContext.runAsUser }} - fsGroup: {{ .Values.imageRenderer.securityContext.fsGroup }} - runAsNonRoot: {{ .Values.imageRenderer.securityContext.runAsNonRoot }} - {{- end }} - containers: - - name: grafana-image-renderer - image: {{ template "grafana.imageRenderer.image" . }} - imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} - env: - - name: HTTP_PORT - value: "8080" - - name: HTTP_HOST - value: "0.0.0.0" - - name: ENABLE_METRICS - value: {{ ternary "true" "false" .Values.imageRenderer.metrics.enabled | quote }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - {{- if .Values.imageRenderer.resources }} - resources: {{- toYaml .Values.imageRenderer.resources | nindent 12 }} - {{- end }} -{{- end }} diff --git a/bitnami/grafana/templates/image-renderer-service.yaml b/bitnami/grafana/templates/image-renderer-service.yaml deleted file mode 100644 index f7222c4..0000000 --- a/bitnami/grafana/templates/image-renderer-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.imageRenderer.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-image-renderer - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: image-renderer - {{- if and .Values.imageRenderer.metrics.enabled .Values.imageRenderer.metrics.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.imageRenderer.metrics.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.imageRenderer.service.port }} - targetPort: http - protocol: TCP - name: http - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: image-renderer -{{- end }} diff --git a/bitnami/grafana/templates/image-renderer-servicemonitor.yaml b/bitnami/grafana/templates/image-renderer-servicemonitor.yaml deleted file mode 100644 index 1c77d1e..0000000 --- a/bitnami/grafana/templates/image-renderer-servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and .Values.imageRenderer.metrics.enabled .Values.imageRenderer.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-image-renderer - {{- if .Values.imageRenderer.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.imageRenderer.metrics.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: image-renderer - {{- range $key, $value := .Values.imageRenderer.metrics.serviceMonitor.selector }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: image-renderer - endpoints: - - port: http - path: "/metrics" - {{- if .Values.imageRenderer.metrics.serviceMonitor.interval }} - interval: {{ .Values.imageRenderer.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.imageRenderer.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.imageRenderer.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/grafana/templates/ingress.yaml b/bitnami/grafana/templates/ingress.yaml deleted file mode 100644 index ca83ce7..0000000 --- a/bitnami/grafana/templates/ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: grafana - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- if ne .Values.ingress.hostname "*" }} - host: {{ .Values.ingress.hostname }} - {{- end }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/grafana/templates/pvc.yaml b/bitnami/grafana/templates/pvc.yaml deleted file mode 100644 index 33d755a..0000000 --- a/bitnami/grafana/templates/pvc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: grafana -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "grafana.storageClass" . }} -{{- end -}} diff --git a/bitnami/grafana/templates/secret.yaml b/bitnami/grafana/templates/secret.yaml deleted file mode 100644 index b2f243f..0000000 --- a/bitnami/grafana/templates/secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if (include "grafana.createAdminSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }}-admin - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: grafana -type: Opaque -data: - GF_SECURITY_ADMIN_PASSWORD: {{ ternary (randAlphaNum 10) .Values.admin.password (empty .Values.admin.password) | b64enc | quote }} -{{- end }} diff --git a/bitnami/grafana/templates/service.yaml b/bitnami/grafana/templates/service.yaml deleted file mode 100644 index a3770ee..0000000 --- a/bitnami/grafana/templates/service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: grafana - {{- if or (and .Values.metrics.enabled .Values.metrics.service.annotations) .Values.service.annotations }} - annotations: - {{- if and .Values.metrics.enabled .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{ toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - port: {{ .Values.service.port }} - targetPort: dashboard - protocol: TCP - name: http - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} - nodePort: {{ .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: grafana diff --git a/bitnami/grafana/templates/serviceaccount.yaml b/bitnami/grafana/templates/serviceaccount.yaml deleted file mode 100644 index 30a9863..0000000 --- a/bitnami/grafana/templates/serviceaccount.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "grafana.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.serviceAccount.annotations }} - annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} - {{- end }} -secrets: - - name: {{ template "common.names.fullname" . }}-admin - {{- if .Values.datasources.secretName }} - - name: {{ .Values.datasources.secretName }} - {{- end }} - {{- if (include "grafana.createSMTPSecret" .) }} - - name: {{ template "common.names.fullname" . }}-smtp - {{- end }} -{{- end }} diff --git a/bitnami/grafana/templates/servicemonitor.yaml b/bitnami/grafana/templates/servicemonitor.yaml deleted file mode 100644 index 0c87e14..0000000 --- a/bitnami/grafana/templates/servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: grafana - {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: grafana - endpoints: - - port: http - path: "/metrics" - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/grafana/templates/smtp-secret.yaml b/bitnami/grafana/templates/smtp-secret.yaml deleted file mode 100644 index 2bb02d4..0000000 --- a/bitnami/grafana/templates/smtp-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if (include "grafana.createSMTPSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }}-smtp - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: grafana -type: Opaque -data: - GF_SMTP_USER: {{ .Values.smtp.user | b64enc | quote }} - GF_SMTP_PASSWORD: {{ .Values.smtp.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/grafana/values.yaml b/bitnami/grafana/values.yaml deleted file mode 100644 index d35352f..0000000 --- a/bitnami/grafana/values.yaml +++ /dev/null @@ -1,641 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] -## @param nameOverride String to partially override grafana.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override grafana.fullname template -## -fullnameOverride: "" -## @param clusterDomain Default Kubernetes cluster domain -## -clusterDomain: cluster.local - -## @section Grafana parameters - -## Bitnami Grafana image version -## ref: https://hub.docker.com/r/bitnami/grafana/tags/ -## @param image.registry Grafana image registry -## @param image.repository Grafana image repository -## @param image.tag Grafana image tag (immutable tags are recommended) -## @param image.pullPolicy Grafana image pull policy -## @param image.pullSecrets Grafana image pull secrets -## -image: - registry: docker.io - repository: bitnami/grafana - tag: 8.1.5-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - ## pullSecrets: - ## - myRegistryKeySecretName - pullSecrets: [] -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## Admin credentials configuration -## -admin: - ## @param admin.user Grafana admin username - ## - user: "admin" - ## @param admin.password Admin password. If a password is not provided a random password will be generated - ## - password: "" - ## @param admin.existingSecret Name of the existing secret containing admin password - ## - existingSecret: "" - ## @param admin.existingSecretPasswordKey Password key on the existing secret - ## - existingSecretPasswordKey: password -## SMTP configuration -## -smtp: - ## @param smtp.enabled Enable SMTP configuration - ## - enabled: false - ## @param smtp.user SMTP user - ## - user: user - ## @param smtp.password SMTP password - ## - password: password - ## @param smtp.host Custom host for the smtp server - ## e.g: - ## host: mysmtphost.com - ## - host: "" - ## @param smtp.existingSecret Name of existing secret containing SMTP credentials (user and password) - ## - existingSecret: "" - ## @param smtp.existingSecretUserKey User key on the existing secret - ## - existingSecretUserKey: user - ## @param smtp.existingSecretPasswordKey Password key on the existing secret - ## - existingSecretPasswordKey: password -## @param plugins Grafana plugins to be installed in deployment time separated by commas -## Specify plugins as a list separated by commas ( you will need to scape them when specifying from command line ) -## Example: -## plugins: grafana-kubernetes-app,grafana-example-app -## -plugins: "" -## Ldap configuration for Grafana -## @param ldap.enabled Enable LDAP for Grafana -## @param ldap.allowSignUp Allows LDAP sign up for Grafana -## @param ldap.configMapName Name of the ConfigMap with the LDAP configuration file for Grafana -## -ldap: - enabled: false - allowSignUp: false - configMapName: "" -## @param extraEnvVars Array containing extra env vars to configure Grafana -## For example: -## extraEnvVars: -## - name: GF_DEFAULT_INSTANCE_NAME -## value: my-instance -## -extraEnvVars: {} -## @param extraConfigmaps Array to mount extra ConfigMaps to configure Grafana -## For example: -## extraConfigmaps: -## - name: myconfigmap -## mountPath: /opt/bitnami/desired-path -## subPath: file-name.extension (optional) -## readOnly: true -## -extraConfigmaps: {} -## Parameters to override the default grafana.ini file. -## It is needed to create a configmap or a secret containing the grafana.ini file. -## @param config.useGrafanaIniFile Allows to load a `grafana.ini` file -## @param config.grafanaIniConfigMap Name of the ConfigMap containing the `grafana.ini` file -## @param config.grafanaIniSecret Name of the Secret containing the `grafana.ini` file -## -config: - useGrafanaIniFile: false - grafanaIniConfigMap: "" - grafanaIniSecret: "" -## Create dasboard provider to load dashboards, a default one is created to load dashboards -## from "/opt/bitnami/grafana/dashboards" -## @param dashboardsProvider.enabled Enable the use of a Grafana dashboard provider -## @param dashboardsProvider.configMapName Name of a ConfigMap containing a custom dashboard provider -## -dashboardsProvider: - enabled: false - ## Important to set the Path to "/opt/bitnami/grafana/dashboards" - ## Evaluated as a template. - ## - configMapName: "" -## @param dashboardsConfigMaps Array with the names of a series of ConfigMaps containing dashboards files -## They will be mounted by the default dashboard provider if it is enabled -## Use an array with the configMap names. -## In order to use subfolders, uncomment "#foldersFromFilesStructure: true" line in default provider config. or create your own dashboard provider. -## Example: -## dashboardsConfigMaps: -## - configMapName: mydashboard -## folderName: foo -## fileName: mydashboard.json -## - configMapName: myotherdashboard -## folderName: bar -## fileName: myotherdashboard.json -## -dashboardsConfigMaps: [] -## Create datasources from a custom secret -## The secret must contain the files -## @param datasources.secretName Secret name containing custom datasource files -## -datasources: - secretName: "" - -## @section Deployment parameters - -## @param replicaCount Number of Grafana nodes -## -replicaCount: 1 -## @param updateStrategy.type Set up update strategy for Grafana installation. -## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first. -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## Example: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate -## @param schedulerName Alternative scheduler -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param priorityClassName Priority class name -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## @param podLabels Extra labels for Grafana pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Grafana Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. -## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. -## -nodeAffinityPreset: - type: "" - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param securityContext.enabled Enable securityContext on for Grafana deployment -## @param securityContext.fsGroup Group to configure permissions for volumes -## @param securityContext.runAsUser User for the security context -## @param securityContext.runAsNonRoot Run containers as non-root users -## -securityContext: - enabled: true - runAsUser: 1001 - fsGroup: 1001 - runAsNonRoot: true -## Grafana containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for Grafana containers -## @param resources.requests The requested resources for Grafana containers -## -resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} -## Grafana containers' liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Grafana containers' readinessProbe probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## @param sidecars Attach additional sidecar containers to the Grafana pod -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @param extraVolumes Additional volumes for the Grafana pod -## Example: -## extraVolumes: -## - name: my-volume -## emptyDir: {} -## -extraVolumes: [] -## @param extraVolumeMounts Additional volume mounts for the Grafana container -## Example: -## extraVolumeMounts: -## - name: my-volume -## mountPath: /opt/bitnami/grafana/my-stuff -## -extraVolumeMounts: [] - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## @param persistence.enabled Enable persistence -## @param persistence.accessMode Access mode to the PV -## @param persistence.storageClass Storage class to use with the PVC -## @param persistence.existingClaim If you want to reuse an existing claim, you can pass the name of the PVC using the existingClaim variable -## @param persistence.size Size for the PV -## -persistence: - enabled: true - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - existingClaim: "" - accessMode: ReadWriteOnce - size: 10Gi - -## @section RBAC parameters - -## @param serviceAccount.create Specifies whether a ServiceAccount should be created -## @param serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template -## @param serviceAccount.annotations Annotations to add to the ServiceAccount Metadata -serviceAccount: - create: true - name: "" - annotations: {} - -## @section Traffic exposure parameters - -## Service parameters -## -service: - ## @param service.type Kubernetes Service type - ## - type: ClusterIP - ## @param service.port Grafana service port - ## - port: 3000 - ## @param service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param service.loadBalancerIP loadBalancerIP if Grafana service type is `LoadBalancer` (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges loadBalancerSourceRanges if Grafana service type is `LoadBalancer` (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.annotations Provide any additional annotations which may be required. - ## This can be used to set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} -## Configure the ingress resource that allows you to access the -## Grafana installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Set to true to enable ingress record generation - ## - enabled: false - ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created - ## - hostname: grafana.local - ## @param ingress.path Default path for the ingress resource - ## The Path to Grafana. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: grafana.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - grafana.local - ## secretName: grafana.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## @param ingress.secrets It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: grafana.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Metrics parameters - -## Prometheus metrics -## -metrics: - ## @param metrics.enabled Enable the export of Prometheus metrics - ## - enabled: false - ## Prometheus Operator ServiceMonitor configuration - ## @param metrics.service.annotations [object] Annotations for Prometheus metrics service - ## - service: - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "3000" - prometheus.io/path: "/metrics" - serviceMonitor: - ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - -## @section Grafana Image Renderer parameters - -imageRenderer: - ## @param imageRenderer.enabled Enable using a remote rendering service to render PNG images - ## - enabled: false - ## Bitnami Grafana Image Renderer image - ## ref: https://hub.docker.com/r/bitnami/grafana-image-renderer/tags/ - ## @param imageRenderer.image.registry Grafana Image Renderer image registry - ## @param imageRenderer.image.repository Grafana Image Renderer image repository - ## @param imageRenderer.image.tag Grafana Image Renderer image tag (immutable tags are recommended) - ## @param imageRenderer.image.pullPolicy Grafana Image Renderer image pull policy - ## @param imageRenderer.image.pullSecrets Grafana image Renderer pull secrets - ## - image: - registry: docker.io - repository: bitnami/grafana-image-renderer - tag: 3.2.0-debian-10-r4 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param imageRenderer.replicaCount Number of Grafana Image Renderer Pod replicas - ## - replicaCount: 1 - ## @param imageRenderer.podAnnotations Grafana Image Renderer Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param imageRenderer.nodeSelector Node labels for pod assignment - ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param imageRenderer.tolerations Tolerations for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param imageRenderer.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## Grafana Image Renderer containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param imageRenderer.resources.limits The resources limits for Grafana containers - ## @param imageRenderer.resources.requests The requested resources for Grafana containers - ## - resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## SecurityContext configuration - ## @param imageRenderer.securityContext.enabled Enable securityContext on for Grafana Image Renderer deployment - ## @param imageRenderer.securityContext.fsGroup Group to configure permissions for volumes - ## @param imageRenderer.securityContext.runAsUser User for the security context - ## @param imageRenderer.securityContext.runAsNonRoot Run containers as non-root users - ## - securityContext: - enabled: true - runAsUser: 1001 - fsGroup: 1001 - runAsNonRoot: true - service: - ## @param imageRenderer.service.port Grafana Image Renderer metrics port - ## - port: 8080 - ## Enable Prometheus metrics endpoint - ## - metrics: - ## @param imageRenderer.metrics.enabled Enable the export of Prometheus metrics - ## - enabled: false - ## @param imageRenderer.metrics.annotations [object] Annotations for Prometheus metrics service[object] Prometheus annotations - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "8080" - prometheus.io/path: "/metrics" - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param imageRenderer.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param imageRenderer.metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: "" - ## @param imageRenderer.metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param imageRenderer.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" diff --git a/bitnami/jasperreports/Chart.lock b/bitnami/jasperreports/Chart.lock deleted file mode 100644 index 6ca815b..0000000 --- a/bitnami/jasperreports/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.6.0 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:6d618e256ecb1deea43a6ed15deee9d170e1161e7f94f2b43e2c9da68cb9165d -generated: "2021-09-25T13:31:05.971908Z" diff --git a/bitnami/jasperreports/Chart.yaml b/bitnami/jasperreports/Chart.yaml deleted file mode 100644 index df081d2..0000000 --- a/bitnami/jasperreports/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 7.8.0 -dependencies: - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: The JasperReports server can be used as a stand-alone or embedded reporting and BI server that offers web-based reporting, analytic tools and visualization, and a dashboard feature for compiling multiple custom views -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/jasperreports -icon: https://bitnami.com/assets/stacks/jasperserver/img/jasperserver-stack-220x234.png -keywords: - - business intelligence - - java - - jasper - - reporting - - analytic - - visualization -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: jasperreports -sources: - - https://github.com/bitnami/bitnami-docker-jasperreports - - http://community.jaspersoft.com/project/jasperreports-server -version: 11.0.5 diff --git a/bitnami/jasperreports/README.md b/bitnami/jasperreports/README.md deleted file mode 100644 index 6ec56f4..0000000 --- a/bitnami/jasperreports/README.md +++ /dev/null @@ -1,415 +0,0 @@ -# JasperReports - -[JasperReports](http://community.jaspersoft.com/project/jasperreports-server) The JasperReports server can be used as a stand-alone or embedded reporting and BI server that offers web-based reporting, analytic tools and visualization, and a dashboard feature for compiling multiple custom views - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/jasperreports -``` - -## Introduction - -This chart bootstraps a [JasperReports](https://github.com/bitnami/bitnami-docker-jasperreports) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which bootstraps a MariaDB deployment required by the JasperReports application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/jasperreports -``` - -The command deploys JasperReports on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### JasperReports parameters - -| Name | Description | Value | -| ----------------------- | ---------------------------------------------------------------------- | ----------------------- | -| `image.registry` | JasperReports image registry | `docker.io` | -| `image.repository` | JasperReports image repository | `bitnami/jasperreports` | -| `image.tag` | JasperReports image tag (immutable tags are recommended) | `7.8.0-debian-10-r338` | -| `image.pullPolicy` | JasperReports image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `jasperreportsUsername` | JasperReports user | `jasperadmin` | -| `jasperreportsPassword` | JasperReports password | `""` | -| `jasperreportsEmail` | JasperReports user email | `user@example.com` | -| `allowEmptyPassword` | Set to `yes` to allow the container to be started with blank passwords | `no` | -| `smtpHost` | SMTP host | `""` | -| `smtpPort` | SMTP port | `""` | -| `smtpEmail` | SMTP email | `""` | -| `smtpUser` | SMTP user | `""` | -| `smtpPassword` | SMTP password | `""` | -| `smtpProtocol` | SMTP protocol [`ssl`, `none`] | `""` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraEnvVars` | Extra environment variables to be set on Jasperreports container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | -| `updateStrategy.type` | StrategyType | `RollingUpdate` | - - -### Jasperreports deployment parameters - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------------------------------------------------------- | -------------------------- | -| `hostAliases` | Add deployment host aliases | `[]` | -| `containerPort` | HTTP port to expose at container level | `8080` | -| `podSecurityContext.enabled` | Enable pod's Security Context | `true` | -| `podSecurityContext.fsGroup` | Set pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enable container's Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set container's Security Context runAsUser | `1001` | -| `resources.limits` | The resources limits for the Jasperreports container | `{}` | -| `resources.requests` | The requested resources for the Jasperreports container | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Request path for livenessProbe | `/jasperserver/login.html` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `450` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Request path for readinessProbe | `/jasperserver/login.html` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `podLabels` | Extra labels for Jasperreports pods | `{}` | -| `podAnnotations` | Annotations for Jasperreports pods | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `lifecycleHooks` | LifecycleHooks to set additional configuration at startup. | `{}` | -| `extraVolumes` | Optionally specify extra list of additional volumes for Jasperreports pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Jasperreports container(s) | `[]` | -| `initContainers` | Add additional init containers to the Jasperreports pods | `[]` | -| `sidecars` | Add additional sidecar containers to the Jasperreports pods | `[]` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for Jasperreports volume | `""` | -| `persistence.accessModes` | Persistent Volume Access Mode | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for Jasperreports volume | `8Gi` | -| `persistence.existingClaim` | An Existing PVC name for Jasperreports volume | `""` | - - -### Exposure parameters - -| Name | Description | Value | -| ------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.nodePort` | Kubernetes http node port | `""` | -| `service.loadBalancerIP` | Kubernetes LoadBalancerIP to request | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.annotations` | Annotations for Jasperreports service | `{}` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `jasperreports.local` | -| `ingress.path` | Ingress path | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Database parameters - -| Name | Description | Value | -| ------------------------------------------- | ---------------------------------------------------- | ----------------------- | -| `mariadb.enabled` | Whether to use the MariaDB chart | `true` | -| `mariadb.architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_jasperreports` | -| `mariadb.auth.username` | Database user to create | `bn_jasperreports` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | PVC Storage Class | `""` | -| `mariadb.primary.persistence.accessModes` | Access mode of persistent volume | `["ReadWriteOnce"]` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Host mount path for MariaDB volume | `""` | -| `mariadb.primary.persistence.existingClaim` | Enable persistence using an existing PVC | `""` | -| `externalDatabase.existingSecret` | Name of the database existing Secret Object | `""` | -| `externalDatabase.host` | Host of the existing database | `""` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.user` | Existing username in the external db | `bn_jasperreports` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_jasperreports` | - - -The above parameters map to the env variables defined in [bitnami/jasperreports](http://github.com/bitnami/bitnami-docker-jasperreports). For more information please refer to the [bitnami/jasperreports](http://github.com/bitnami/bitnami-docker-jasperreports) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set jasperreportsUsername=admin,jasperreportsPassword=password,mariadb.auth.rootPassword=secretpassword \ - bitnami/jasperreports -``` - -The above command sets the JasperReports administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/jasperreports -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -## Persistence - -The [Bitnami JasperReports](https://github.com/bitnami/bitnami-docker-jasperreports) image stores the JasperReports data and configurations at the `/bitnami/jasperreports` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -### Adding extra environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: DEBUG -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as the JasperReports app (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 11.0.0 - -The [Bitnami JasperReports](https://github.com/bitnami/bitnami-docker-jasperreports) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Tomcat daemon was started as the `tomcat` user. From now on, both the container and the Tomcat daemon run as user `1001`. You can revert this behavior by setting the parameters `containerSecurityContext.runAsUser` to `root`. - -Consequences: - -- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. -- Backwards compatibility is not guaranteed. - -To upgrade to `11.0.0`, backup JasperReports data and the previous MariaDB databases, install a new JasperReports chart and import the backups and data, ensuring the `1001` user has the appropriate permissions on the migrated volume. - -In addition to this, the image was refactored and now the source code is published in GitHub in the [`rootfs`](https://github.com/bitnami/bitnami-docker-jasperreports/tree/master/7/debian-10/rootfs) folder of the container image. - -We also fixed a regression with readiness and liveness probes. Now the kind of probe cannot be configured under the *readinessProbe/livenessProbe* sections but in the *customReadinessProbe/customLivenessProbe* sections. - -### To 10.0.0 - -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- Ingress configuration was also adapted to follow the Helm charts best practices. - -Consequences: - -- Backwards compatibility is not guaranteed. However, you can easily workaround this issue by removing JasperReports deployment before upgrading (the following example assumes that the release name is `jasperreports`): - -```console -$ export JASPER_PASSWORD=$(kubectl get secret --namespace default jasperreports -o jsonpath="{.data.jasperreports-password}" | base64 --decode) -$ export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default jasperreports-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -$ export MARIADB_PASSWORD=$(kubectl get secret --namespace default jasperreports-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -$ kubectl delete deployments.apps jasperreports -$ helm upgrade jasperreports bitnami/jasperreports --set jasperreportsPassword=$JASPER_PASSWORD,mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD,mariadb.auth.password=$MARIADB_PASSWORD -``` - -### To 9.0.0 - -In this major there were two main changes introduced: - -1. Adaptation to Helm v2 EOL -2. Updated MariaDB dependency version - -Please read the update notes carefully. - -**1. Adaptation to Helm v2 EOL** - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -**2. Updated MariaDB dependency version** - -In this major the MariaDB dependency version was also bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -To upgrade to `9.0.0`, it should be done reusing the PVCs used to hold both the MariaDB and JasperReports data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `jasperreports` and that a `rootUser.password` was defined for MariaDB in `values.yaml` when the chart was first installed): - -> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x - -Obtain the credentials and the names of the PVCs used to hold both the MariaDB and JasperReports data on your current release: - -```console -export JASPERREPORTS_PASSWORD=$(kubectl get secret --namespace default jasperreports -o jsonpath="{.data.jasperreports-password}" | base64 --decode) -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default jasperreports-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default jasperreports-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=jasperreports -o jsonpath="{.items[0].metadata.name}") -``` - -Delete the JasperReports deployment and delete the MariaDB statefulset. Notice the option `--cascade=false` in the latter: - -```console - $ kubectl delete deployments.apps jasperreports - - $ kubectl delete statefulsets.apps jasperreports-mariadb --cascade=false -``` - -Now the upgrade works: - -```console -$ helm upgrade jasperreports bitnami/jasperreports --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set jasperreportsPassword=$JASPERREPORTS_PASSWORD --set allowEmptyPasswords=false -``` - -You will have to delete the existing MariaDB pod and the new statefulset is going to create a new one - - ```console - $ kubectl delete pod jasperreports-mariadb-0 - ``` - -Finally, you should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=jasperreports,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` - -### To 8.0.0 - -JasperReports 7.5.0 includes some new configuration options that are required to be added if you upgrade from previous versions. Please check the [official community guide](https://community.jaspersoft.com/documentation/tibco-jasperreports-server-upgrade-guide/v750/upgrading-72-75) to upgrade your previous JasperReports installation. - -### To 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17298 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is jasperreports: - -```console -$ kubectl patch deployment jasperreports-jasperreports --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl delete statefulset jasperreports-mariadb --cascade=false diff --git a/bitnami/jasperreports/ci/values-with-ingress.yaml b/bitnami/jasperreports/ci/values-with-ingress.yaml deleted file mode 100644 index f705732..0000000 --- a/bitnami/jasperreports/ci/values-with-ingress.yaml +++ /dev/null @@ -1,6 +0,0 @@ -service: - type: ClusterIP -ingress: - enabled: true - tls: true - hostname: jasperreports.local diff --git a/bitnami/jasperreports/templates/NOTES.txt b/bitnami/jasperreports/templates/NOTES.txt deleted file mode 100644 index a648b6e..0000000 --- a/bitnami/jasperreports/templates/NOTES.txt +++ /dev/null @@ -1,70 +0,0 @@ - -** Please be patient while the chart is being deployed ** - -{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} - -{{- if .Values.ingress.enabled }} - -1. Get the JasperReports URL and associate its hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "JasperReports URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}" - echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts - -{{- else }} - -1. Get the JasperReports URL: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "JasperReports URL: http://$NODE_IP:$NODE_PORT" - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{- $port:=.Values.service.port | toString }} - echo "JasperReports URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 8080:{{ .Values.service.port }} & - echo "JasperReports URL: http://127.0.0.1:8080/" - -{{- end }} -{{- end }} - -2. Login with the following credentials - - echo Username: {{ .Values.jasperreportsUsername }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.data.jasperreports-password}" | base64 --decode) - -{{- else -}} - -######################################################################################## -### ERROR: You did not provide an external database host in your 'helm install' call ### -######################################################################################## - -This deployment will be incomplete until you configure JasperReports with a resolvable database -host. To configure JasperReports to use and external database host: - -1. Complete your JasperReports deployment by running: - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} --set service.type={{ .Values.service.type }},mariadb.enabled=false,externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST bitnami/jasperreports - -{{- end }} - -{{- include "jasperreports.checkRollingTags" . }} -{{- $passwordValidationErrors := list -}} -{{- $secretName := include "common.names.fullname" . -}} -{{- $requiredJasperReportsPassword := dict "valueKey" "jasperreportsPassword" "secret" $secretName "field" "jasperreports-password" "context" $ -}} -{{- $requiredJasperReportsPasswordError := include "common.validations.values.single.empty" $requiredJasperReportsPassword -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $requiredJasperReportsPasswordError -}} -{{- $mariadbSecretName := include "jasperreports.databaseSecretName" . -}} -{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/jasperreports/templates/_helpers.tpl b/bitnami/jasperreports/templates/_helpers.tpl deleted file mode 100644 index 399cfa9..0000000 --- a/bitnami/jasperreports/templates/_helpers.tpl +++ /dev/null @@ -1,106 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Jasper Reports image name -*/}} -{{- define "jasperreports.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "jasperreports.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "jasperreports.mariadb.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- printf "%s-mariadb" .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-mariadb" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "jasperreports.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "jasperreports.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "jasperreports.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "jasperreports.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "jasperreports.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "jasperreports.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "jasperreports.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "jasperreports.mariadb.fullname" .) -}} -{{- else if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the database password key -*/}} -{{- define "jasperreports.databasePasswordKey" -}} -{{- if .Values.mariadb.enabled -}} -mariadb-password -{{- else -}} -db-password -{{- end -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "jasperreports.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- end -}} diff --git a/bitnami/jasperreports/templates/deployment.yaml b/bitnami/jasperreports/templates/deployment.yaml deleted file mode 100644 index d9f51fb..0000000 --- a/bitnami/jasperreports/templates/deployment.yaml +++ /dev/null @@ -1,184 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "jasperreports.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: jasperreports - image: {{ template "jasperreports.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: ALLOW_EMPTY_PASSWORD - value: {{ .Values.allowEmptyPassword | quote }} - - name: MARIADB_HOST - value: {{ include "jasperreports.databaseHost" . | quote }} - - name: MARIADB_PORT_NUMBER - value: {{ include "jasperreports.databasePort" . | quote }} - - name: JASPERREPORTS_DATABASE_NAME - value: {{ include "jasperreports.databaseName" . | quote }} - - name: JASPERREPORTS_DATABASE_USER - value: {{ include "jasperreports.databaseUser" . | quote }} - - name: JASPERREPORTS_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "jasperreports.databaseSecretName" . }} - key: {{ include "jasperreports.databasePasswordKey" . }} - - name: JASPERREPORTS_USERNAME - value: {{ .Values.jasperreportsUsername | quote }} - - name: JASPERREPORTS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - key: jasperreports-password - - name: JASPERREPORTS_EMAIL - value: {{ .Values.jasperreportsEmail | quote }} - {{- if .Values.smtpHost }} - - name: SMTP_HOST - value: {{ .Values.smtpHost | quote }} - {{- end }} - {{- if .Values.smtpPort }} - - name: SMTP_PORT - value: {{ .Values.smtpPort | quote }} - {{- end }} - {{- if .Values.smtpEmail }} - - name: SMTP_EMAIL - value: {{ .Values.smtpEmail| quote }} - {{- end }} - {{- if .Values.smtpUser }} - - name: SMTP_USER - value: {{ .Values.smtpUser | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - key: smtp-password - {{- end }} - {{- if .Values.smtpProtocol }} - - name: SMTP_PROTOCOL - value: {{ .Values.smtpProtocol | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPort }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: jasperreports-data - mountPath: /bitnami/jasperreports - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: jasperreports-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ template "common.names.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/jasperreports/templates/externaldb-secrets.yaml b/bitnami/jasperreports/templates/externaldb-secrets.yaml deleted file mode 100644 index 2b58dba..0000000 --- a/bitnami/jasperreports/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-externaldb" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - db-password: {{ .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/jasperreports/templates/pvc.yaml b/bitnami/jasperreports/templates/pvc.yaml deleted file mode 100644 index 3602432..0000000 --- a/bitnami/jasperreports/templates/pvc.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} -{{- end -}} diff --git a/bitnami/jasperreports/templates/secrets.yaml b/bitnami/jasperreports/templates/secrets.yaml deleted file mode 100644 index 3eacd34..0000000 --- a/bitnami/jasperreports/templates/secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.jasperreportsPassword }} - jasperreports-password: {{ .Values.jasperreportsPassword | b64enc | quote }} - {{- else }} - jasperreports-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - smtp-password: {{ .Values.smtpPassword | b64enc | quote }} - {{- end }} diff --git a/bitnami/jasperreports/templates/svc.yaml b/bitnami/jasperreports/templates/svc.yaml deleted file mode 100644 index a536487..0000000 --- a/bitnami/jasperreports/templates/svc.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} - nodePort: {{ .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/jasperreports/templates/tls-secrets.yaml b/bitnami/jasperreports/templates/tls-secrets.yaml deleted file mode 100644 index e340282..0000000 --- a/bitnami/jasperreports/templates/tls-secrets.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls (not .Values.ingress.certManager) }} -{{- $ca := genCA "jasperreports-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/jasperreports/values.yaml b/bitnami/jasperreports/values.yaml deleted file mode 100644 index e764e17..0000000 --- a/bitnami/jasperreports/values.yaml +++ /dev/null @@ -1,510 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters -## - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param clusterDomain Default Kubernetes cluster domain -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section JasperReports parameters -## - -## Bitnami JasperReports image version -## ref: https://hub.docker.com/r/bitnami/dokuwiki/tags/ -## @param image.registry JasperReports image registry -## @param image.repository JasperReports image repository -## @param image.tag JasperReports image tag (immutable tags are recommended) -## @param image.pullPolicy JasperReports image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## -image: - registry: docker.io - repository: bitnami/jasperreports - tag: 7.8.0-debian-10-r338 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param jasperreportsUsername JasperReports user -## ref: https://github.com/bitnami/bitnami-docker-jasperreports#configuration -## -jasperreportsUsername: jasperadmin -## @param jasperreportsPassword JasperReports password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-jasperreports#configuration -## -jasperreportsPassword: "" -## @param jasperreportsEmail JasperReports user email -## ref: https://github.com/bitnami/bitnami-docker-jasperreports#configuration -## -jasperreportsEmail: user@example.com -## @param allowEmptyPassword Set to `yes` to allow the container to be started with blank passwords -## ref: https://github.com/bitnami/bitnami-docker-jasperreports#environment-variables -## -allowEmptyPassword: "no" -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-jasperreports#smtp-configuration -## @param smtpHost SMTP host -## @param smtpPort SMTP port -## @param smtpEmail SMTP email -## @param smtpUser SMTP user -## @param smtpPassword SMTP password -## @param smtpProtocol SMTP protocol [`ssl`, `none`] -## -smtpHost: "" -smtpPort: "" -smtpEmail: "" -smtpUser: "" -smtpPassword: "" -smtpProtocol: "" -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param extraEnvVars Extra environment variables to be set on Jasperreports container -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars -## -extraEnvVarsSecret: "" -## Strategy to use to update Pods -## -updateStrategy: - ## @param updateStrategy.type StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate - -## @section Jasperreports deployment parameters -## - -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param containerPort HTTP port to expose at container level -## -containerPort: 8080 -## JasperReports pods' Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param podSecurityContext.enabled Enable pod's Security Context -## @param podSecurityContext.fsGroup Set pod's Security Context fsGroup -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## JasperReports containers' SecurityContext -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param containerSecurityContext.enabled Enable container's Security Context -## @param containerSecurityContext.runAsUser Set container's Security Context runAsUser -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## JasperReports resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the Jasperreports container -## @param resources.requests [object] The requested resources for the Jasperreports container -## -resources: - ## Example: - ## limits: - ## cpu: 200m - ## memory: 256Mi - ## - limits: {} - requests: - memory: 512Mi - cpu: 300m -## JasperReports containers' liveness and readiness probes. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.path Request path for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: /jasperserver/login.html - initialDelaySeconds: 450 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## JasperReports containers' readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Request path for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: /jasperserver/login.html - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param podLabels Extra labels for Jasperreports pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Annotations for Jasperreports pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param lifecycleHooks LifecycleHooks to set additional configuration at startup. -## -lifecycleHooks: {} -## @param extraVolumes Optionally specify extra list of additional volumes for Jasperreports pods -## -extraVolumes: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Jasperreports container(s) -## -extraVolumeMounts: [] -## @param initContainers Add additional init containers to the Jasperreports pods -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param sidecars Add additional sidecar containers to the Jasperreports pods -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.storageClass PVC Storage Class for Jasperreports volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessModes Persistent Volume Access Mode - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for Jasperreports volume - ## - size: 8Gi - ## @param persistence.existingClaim An Existing PVC name for Jasperreports volume - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - -## @section Exposure parameters -## - -## Kubernetes configuration -## For minikube, set this to NodePort, elsewhere use LoadBalancer -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 80 - ## @param service.nodePort Kubernetes http node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param service.loadBalancerIP Kubernetes LoadBalancerIP to request - ## - loadBalancerIP: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Annotations for Jasperreports service - ## - annotations: {} -## Configure the ingress resource that allows you to access the -## JasperReports installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: jasperreports.local - ## @param ingress.path Ingress path - ## You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: jasperreports.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - jasperreports.local - ## secretName: jasperreports.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - name: jasperreports.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Database parameters -## - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to use the MariaDB chart - ## To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture (`standalone` or `replication`) - ## - architecture: standalone - ## MariaDB Authentication parameters - ## - auth: - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param mariadb.auth.database Database name to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - database: bitnami_jasperreports - ## @param mariadb.auth.username Database user to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: bn_jasperreports - ## @param mariadb.auth.password Password for the database - ## - password: "" - primary: - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## @param mariadb.primary.persistence.storageClass PVC Storage Class - ## @param mariadb.primary.persistence.accessModes Access mode of persistent volume - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## @param mariadb.primary.persistence.hostPath Host mount path for MariaDB volume - ## @param mariadb.primary.persistence.existingClaim Enable persistence using an existing PVC - ## - persistence: - enabled: true - ## mariadb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - accessModes: - - ReadWriteOnce - size: 8Gi - ## Set path in case you want to use local host path volumes (not recommended in production) - ## - hostPath: "" - ## Use an existing PVC - ## - existingClaim: "" -## External database configuration -## -externalDatabase: - ## @param externalDatabase.existingSecret Name of the database existing Secret Object - ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored - ## - existingSecret: "" - ## @param externalDatabase.host Host of the existing database - ## - host: "" - ## @param externalDatabase.port Port of the existing database - ## - port: 3306 - ## @param externalDatabase.user Existing username in the external db - ## - user: bn_jasperreports - ## @param externalDatabase.password Password for the above username - ## - password: "" - ## @param externalDatabase.database Name of the existing database - ## - database: bitnami_jasperreports diff --git a/bitnami/jenkins/Chart.lock b/bitnami/jenkins/Chart.lock deleted file mode 100644 index 9773a89..0000000 --- a/bitnami/jenkins/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-23T11:35:40.348836205Z" diff --git a/bitnami/jenkins/Chart.yaml b/bitnami/jenkins/Chart.yaml deleted file mode 100644 index 4ce27ba..0000000 --- a/bitnami/jenkins/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 2.303.1 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: The leading open source automation server -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/jenkins -icon: https://bitnami.com/assets/stacks/jenkins/img/jenkins-stack-220x234.png -keywords: - - jenkins - - ci - - cd - - http - - web - - application -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: jenkins -sources: - - https://github.com/bitnami/bitnami-docker-jenkins - - https://jenkins.io/ -version: 8.0.12 diff --git a/bitnami/jenkins/README.md b/bitnami/jenkins/README.md deleted file mode 100644 index db5ed49..0000000 --- a/bitnami/jenkins/README.md +++ /dev/null @@ -1,380 +0,0 @@ -# Jenkins - -[Jenkins](https://jenkins.io) is widely recognized as the most feature-rich CI available with easy configuration, continuous delivery and continuous integration support, easily test, build and stage your app, and more. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based projects as well as arbitrary scripts. - -## TL;DR - -```console -helm repo add bitnami https://charts.bitnami.com/bitnami -helm install my-release bitnami/jenkins -``` - -## Introduction - -This chart bootstraps a [Jenkins](https://github.com/bitnami/bitnami-docker-jenkins) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm repo add bitnami https://charts.bitnami.com/bitnami -helm install my-release bitnami/jenkins -``` - -These commands deploy Jenkins on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------- | --------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### Jenkins Image parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------- | ----------------------- | -| `image.registry` | Jenkins image registry | `docker.io` | -| `image.repository` | Jenkins image repository | `bitnami/jenkins` | -| `image.tag` | Jenkins image tag (immutable tags are recommended) | `2.303.1-debian-10-r28` | -| `image.pullPolicy` | Jenkins image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Jenkins image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | - - -### Jenkins Configuration parameters - -| Name | Description | Value | -| ----------------------- | ---------------------------------------------------------------------- | ----------------------- | -| `jenkinsUser` | Jenkins username | `user` | -| `jenkinsPassword` | Jenkins user password | `""` | -| `jenkinsHost` | Jenkins host to create application URLs | `""` | -| `jenkinsHome` | Jenkins home directory | `/bitnami/jenkins/home` | -| `javaOpts` | Custom JVM parameters | `[]` | -| `disableInitialization` | Skip performing the initial bootstrapping for Jenkins | `no` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraEnvVars` | Array with extra environment variables to add to the Jenkins container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | - - -### Jenkins deployment parameters - -| Name | Description | Value | -| --------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- | -| `updateStrategy.type` | Jenkins deployment strategy type | `RollingUpdate` | -| `priorityClassName` | Jenkins pod priority class name | `""` | -| `hostAliases` | Jenkins pod host aliases | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes for Jenkins pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Jenkins container(s) | `[]` | -| `sidecars` | Add additional sidecar containers to the Jenkins pod | `[]` | -| `initContainers` | Add additional init containers to the Jenkins pods | `[]` | -| `lifecycleHooks` | Add lifecycle hooks to the Jenkins deployment | `{}` | -| `podLabels` | Extra labels for Jenkins pods | `{}` | -| `podAnnotations` | Annotations for Jenkins pods | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `{}` | -| `resources.limits` | The resources limits for the Jenkins container | `{}` | -| `resources.requests` | The requested resources for the Jenkins container | `{}` | -| `containerPorts.http` | Jenkins HTTP container port | `8080` | -| `containerPorts.https` | Jenkins HTTPS container port | `8443` | -| `podSecurityContext.enabled` | Enabled Jenkins pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Set Jenkins pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled Jenkins containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set Jenkins container's Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set Jenkins container's Security Context runAsNonRoot | `true` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Jenkins service type | `LoadBalancer` | -| `service.port` | Jenkins service HTTP port | `80` | -| `service.httpsPort` | Jenkins service HTTPS port | `443` | -| `service.nodePorts.http` | Node port for HTTP | `""` | -| `service.nodePorts.https` | Node port for HTTPS | `""` | -| `service.clusterIP` | Jenkins service Cluster IP | `""` | -| `service.loadBalancerIP` | Jenkins service Load Balancer IP | `""` | -| `service.loadBalancerSourceRanges` | Jenkins service Load Balancer sources | `[]` | -| `service.externalTrafficPolicy` | Jenkins service external traffic policy | `Cluster` | -| `service.annotations` | Additional custom annotations for Jenkins service | `{}` | -| `ingress.enabled` | Enable ingress record generation for Jenkins | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress record | `jenkins.local` | -| `ingress.path` | Default path for the ingress record | `/` | -| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` | -| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | -| `ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` | -| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | -| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | -| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | -| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | -| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | - - -### Persistence Parameters - -| Name | Description | Value | -| --------------------------------------------- | ----------------------------------------------------------------------------------------------- | ----------------------- | -| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | -| `persistence.storageClass` | Persistent Volume storage class | `""` | -| `persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `persistence.accessModes` | Persistent Volume access modes | `[]` | -| `persistence.size` | Persistent Volume size | `8Gi` | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | -| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `10-debian-10-r201` | -| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | -| `volumePermissions.securityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | - - -### Metrics Parameters - -| Name | Description | Value | -| -------------------------------------------- | ------------------------------------------------------------------------------------------------ | ----------------------------- | -| `metrics.enabled` | Start a sidecar prometheus exporter to expose Jenkins metrics | `false` | -| `metrics.image.registry` | Jenkins Exporter image registry | `docker.io` | -| `metrics.image.repository` | Jenkins Exporter image repository | `bitnami/jenkins-exporter` | -| `metrics.image.tag` | Jenkins Jenkins Exporter image tag (immutable tags are recommended) | `0.20171225.0-debian-10-r567` | -| `metrics.image.pullPolicy` | Jenkins Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Jenkins Exporter image pull secrets | `[]` | -| `metrics.containerSecurityContext.enabled` | Enabled Jenkins exporter containers' Security Context | `true` | -| `metrics.containerSecurityContext.runAsUser` | Set Jenkins exporter containers' Security Context runAsUser | `1001` | -| `metrics.resources.limits` | The resources limits for the Jenkins exporter container | `{}` | -| `metrics.resources.requests` | The requested resources for the Jenkins exporter container | `{}` | -| `metrics.service.type` | Jenkins exporter service type | `ClusterIP` | -| `metrics.service.port` | Jenkins exporter service port | `9122` | -| `metrics.service.nodePort` | Node port for exporter | `""` | -| `metrics.service.externalTrafficPolicy` | Jenkins exporter service external traffic policy | `Cluster` | -| `metrics.service.loadBalancerIP` | Jenkins exporter service Load Balancer IP | `""` | -| `metrics.service.loadBalancerSourceRanges` | Jenkins exporter service Load Balancer sources | `[]` | -| `metrics.service.annotations` | Additional custom annotations for Jenkins exporter service | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | -| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabellings` | Metrics relabellings to add to the scrape endpoint | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | - - -The above parameters map to the env variables defined in [bitnami/jenkins](http://github.com/bitnami/bitnami-docker-jenkins). For more information please refer to the [bitnami/jenkins](http://github.com/bitnami/bitnami-docker-jenkins) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set jenkinsUser=admin \ - --set jenkinsPassword=password \ - bitnami/jenkins -``` - -The above command sets the Jenkins administrator account username and password to `admin` and `password` respectively. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -helm install my-release -f values.yaml bitnami/jenkins -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Configure Ingress - -This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/master/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/master/bitnami/contour) you can utilize the ingress controller to serve your application. - -To enable Ingress integration, set `ingress.enabled` to `true`. The `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. It is also possible to have more than one host, with a separate TLS configuration for each host. [Learn more about configuring and using Ingress](https://docs.bitnami.com/kubernetes/apps/jenkins/configuration/configure-ingress/). - -### Configure TLS Secrets for use with Ingress - -The chart also facilitates the creation of TLS secrets for use with the Ingress controller, with different options for certificate management. [Learn more about TLS secrets](https://docs.bitnami.com/kubernetes/apps/jenkins/administration/enable-tls-ingress/). - -### Configure extra environment variables - -To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: DEBUG -``` - -Alternatively, use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Configure Sidecars and Init Containers - -If additional containers are needed in the same pod as Jenkins (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. Similarly, you can add extra init containers using the `initContainers` parameter. - -[Learn more about configuring and using sidecar and init containers](https://docs.bitnami.com/kubernetes/apps/jenkins/configuration/configure-sidecar-init-containers/). - -### Deploy extra resources - -There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. - -### Set Pod affinity - -This chart allows you to set custom Pod affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami Jenkins](https://github.com/bitnami/bitnami-docker-jenkins) image stores the Jenkins data and configurations at the `/bitnami/jenkins` path of the container. Persistent Volume Claims (PVCs) are used to keep the data across deployments. - -If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 8.0.0 - -Due to recent changes in the container image (see [Notable changes](https://github.com/bitnami/bitnami-docker-jenkins#notable-changes)), the major version of the chart has been bumped preemptively. - -Upgrading from version `7.x.x` should be possible following the workaround below (the following example assumes that the release name is `jenkins`): - -- Create a backup of your Jenkins data (e.g. using Velero to backup your PV) -- Remove Jenkins deployment: - -```console -$ export JENKINS_PASSWORD=$(kubectl get secret --namespace default jenkins -o jsonpath="{.data.jenkins-password}" | base64 --decode) -$ kubectl delete deployments.apps jenkins -``` - -- Upgrade your release and delete data that should not be persisted anymore: - -```console -$ helm upgrade jenkins bitnami/jenkins --set jenkinsPassword=$JENKINS_PASSWORD --set jenkinsHome=/bitnami/jenkins/jenkins_home -$ kubectl exec -it $(kubectl get pod -l app.kubernetes.io/instance=jenkins,app.kubernetes.io/name=jenkins -o jsonpath="{.items[0].metadata.name}") -- find /bitnami/jenkins -mindepth 1 -maxdepth 1 -not -name jenkins_home -exec rm -rf {} \; -``` - -### To 7.0.0 - -Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). - -Consequences: - -- Backwards compatibility is not guaranteed. However, you can easily workaround this issue by removing Jenkins deployment before upgrading (the following example assumes that the release name is `jenkins`): - -```console -$ export JENKINS_PASSWORD=$(kubectl get secret --namespace default jenkins -o jsonpath="{.data.jenkins-password}" | base64 --decode) -$ kubectl delete deployments.apps jenkins -$ helm upgrade jenkins bitnami/jenkins --set jenkinsPassword=$JENKINS_PASSWORD -``` - -### To 6.1.0 - -This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 6.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/apps/jenkins/administration/upgrade-helm3/). - -### To 5.0.0 - -The [Bitnami Jenkins](https://github.com/bitnami/bitnami-docker-jenkins) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Jenkins service was started as the `jenkins` user. From now on, both the container and the Jenkins service run as user `jenkins` (`uid=1001`). You can revert this behavior by setting the parameters `securityContext.runAsUser`, and `securityContext.fsGroup` to `root`. -Ingress configuration was also adapted to follow the Helm charts best practices. - -Consequences: - -- No "privileged" actions are allowed anymore. -- Backwards compatibility is not guaranteed when persistence is enabled. - -To upgrade to `5.0.0`, install a new Jenkins chart, and migrate your Jenkins data ensuring the `jenkins` user has the appropriate permissions. - -### To 4.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In 4dfac075aacf74405e31ae5b27df4369e84eb0b0 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 1.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is jenkins: - -```console -kubectl patch deployment jenkins --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` diff --git a/bitnami/jenkins/templates/NOTES.txt b/bitnami/jenkins/templates/NOTES.txt deleted file mode 100644 index bdb3e9b..0000000 --- a/bitnami/jenkins/templates/NOTES.txt +++ /dev/null @@ -1,50 +0,0 @@ - -** Please be patient while the chart is being deployed ** - -{{- if .Values.ingress.enabled }} - -1. Get the Jenkins URL and associate its hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "Jenkins URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}" - echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts - -{{- else }} - -1. Get the Jenkins URL by running: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "Jenkins URL: http://$NODE_IP:$NODE_PORT/" - -{{- else if contains "LoadBalancer" .Values.service.type }} - -** Please ensure an external IP is associated to the {{ template "common.names.fullname" . }} service before proceeding ** -** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }} ** - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") -{{- $port:=.Values.service.port | toString }} - echo "Jenkins URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - -{{- else if contains "ClusterIP" .Values.service.type }} - - echo "Jenkins URL: http://127.0.0.1:8080/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 8080:{{ .Values.service.port }} - -{{- end }} -{{- end }} - -2. Login with the following credentials - - echo Username: {{ .Values.jenkinsUser }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.data.jenkins-password}" | base64 --decode) - -{{- include "jenkins.checkRollingTags" . }} -{{- $passwordValidationErrors := list -}} -{{- $secretName := include "common.names.fullname" . -}} -{{- $requiredJenkinsPassword := dict "valueKey" "jenkinsPassword" "secret" $secretName "field" "jenkins-password" "context" $ -}} -{{- $requiredJenkinsPasswordError := include "common.validations.values.single.empty" $requiredJenkinsPassword -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $requiredJenkinsPasswordError -}} -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/jenkins/templates/_helpers.tpl b/bitnami/jenkins/templates/_helpers.tpl deleted file mode 100644 index bb25ca2..0000000 --- a/bitnami/jenkins/templates/_helpers.tpl +++ /dev/null @@ -1,49 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Jenkins image name -*/}} -{{- define "jenkins.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "jenkins.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "jenkins.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "jenkins.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Gets the host to be used for this application. -When using Ingress, it will be set to the Ingress hostname. -*/}} -{{- define "jenkins.host" -}} -{{- if .Values.ingress.enabled }} -{{- .Values.ingress.hostname | default "" -}} -{{- else -}} -{{- .Values.jenkinsHost | default "" -}} -{{- end -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "jenkins.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- end -}} diff --git a/bitnami/jenkins/templates/deployment.yaml b/bitnami/jenkins/templates/deployment.yaml deleted file mode 100644 index bfc9ff4..0000000 --- a/bitnami/jenkins/templates/deployment.yaml +++ /dev/null @@ -1,228 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "jenkins.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.initContainers }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "jenkins.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p /bitnami/jenkins - chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" /bitnami/jenkins - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto"}} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: jenkins-data - mountPath: /bitnami/jenkins - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: jenkins - image: {{ include "jenkins.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: JENKINS_USERNAME - value: {{ .Values.jenkinsUser | quote }} - - name: JENKINS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: jenkins-password - - name: JENKINS_HOME - value: {{ .Values.jenkinsHome | quote }} - - name: DISABLE_JENKINS_INITIALIZATION - value: {{ .Values.disableInitialization | quote }} - - name: JENKINS_HOST - value: {{ include "jenkins.host" . | quote }} - - name: JENKINS_EXTERNAL_HTTP_PORT_NUMBER - value: {{ .Values.service.port | quote }} - - name: JENKINS_EXTERNAL_HTTPS_PORT_NUMBER - value: {{ .Values.service.httpsPort | quote }} - {{- if .Values.javaOpts }} - - name: JAVA_OPTS - value: {{ .Values.javaOpts | join " " | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - protocol: TCP - - name: https - containerPort: {{ .Values.containerPorts.https }} - protocol: TCP - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /login - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /login - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: jenkins-data - mountPath: /bitnami/jenkins - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "jenkins.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - command: - - sh - - -c - - | - python -u ./jenkins_exporter.py -j http://127.0.0.1:8080 --user $JENKINS_USERNAME --password $JENKINS_PASSWORD - env: - - name: JENKINS_USERNAME - value: {{ .Values.jenkinsUser | quote }} - - name: JENKINS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: jenkins-password - ports: - - name: metrics - containerPort: 9118 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: jenkins-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.names.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/jenkins/templates/ingress.yaml b/bitnami/jenkins/templates/ingress.yaml deleted file mode 100644 index 46a1b5e..0000000 --- a/bitnami/jenkins/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/jenkins/templates/metrics-svc.yaml b/bitnami/jenkins/templates/metrics-svc.yaml deleted file mode 100644 index 56b405f..0000000 --- a/bitnami/jenkins/templates/metrics-svc.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - app.kubernetes.io/component: metrics - {{- if .Values.metrics.service.annotations }} - annotations: {{ include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if eq .Values.metrics.service.type "LoadBalancer" }} - externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: metrics - port: {{ .Values.metrics.service.port }} - targetPort: metrics - {{- if (and (or (eq .Values.metrics.service.type "NodePort") (eq .Values.metrics.service.type "LoadBalancer")) (not (empty .Values.metrics.service.nodePort))) }} - nodePort: {{ .Values.metrics.service.nodePort }} - {{- else if eq .Values.metrics.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} -{{- end }} diff --git a/bitnami/jenkins/templates/pvc.yaml b/bitnami/jenkins/templates/pvc.yaml deleted file mode 100644 index 29caa35..0000000 --- a/bitnami/jenkins/templates/pvc.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.persistence.enabled -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.persistence.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - volume.alpha.kubernetes.io/storage-class: {{ ternary "default" (trimPrefix "storageClassName: " (include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global))) (empty (include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global))) }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} -{{- end -}} diff --git a/bitnami/jenkins/templates/secrets.yaml b/bitnami/jenkins/templates/secrets.yaml deleted file mode 100644 index eeb3597..0000000 --- a/bitnami/jenkins/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - jenkins-password: {{ include "common.secrets.passwords.manage" (dict "secret" ( include "common.names.fullname" .) "key" "jenkins-password" "providedValues" (list "jenkinsPassword") "context" $) }} diff --git a/bitnami/jenkins/templates/servicemonitor.yaml b/bitnami/jenkins/templates/servicemonitor.yaml deleted file mode 100644 index 450e044..0000000 --- a/bitnami/jenkins/templates/servicemonitor.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace | quote }} - {{- else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: metrics - endpoints: - - port: http - path: /metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/jenkins/templates/svc.yaml b/bitnami/jenkins/templates/svc.yaml deleted file mode 100644 index b158d69..0000000 --- a/bitnami/jenkins/templates/svc.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.service.annotations }} - annotations: {{ include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - protocol: TCP - targetPort: http - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - protocol: TCP - targetPort: https - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/jenkins/templates/tls-secret.yaml b/bitnami/jenkins/templates/tls-secret.yaml deleted file mode 100644 index 0e3ad51..0000000 --- a/bitnami/jenkins/templates/tls-secret.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} -{{- $ca := genCA "jenkins-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/jenkins/values.schema.json b/bitnami/jenkins/values.schema.json deleted file mode 100644 index 19b8581..0000000 --- a/bitnami/jenkins/values.schema.json +++ /dev/null @@ -1,121 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "jenkinsUser": { - "type": "string", - "title": "Username", - "form": true - }, - "jenkinsPassword": { - "type": "string", - "title": "Password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set" - }, - "persistence": { - "type": "object", - "title": "Persistence", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "persistence/enabled" - } - } - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "ingress": { - "type": "object", - "form": true, - "title": "Ingress Configuration", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Use a custom hostname", - "description": "Enable the ingress resource that allows you to access the Jenkins installation." - }, - "hostname": { - "type": "string", - "form": true, - "title": "Hostname", - "hidden": { - "value": false, - "path": "ingress/enabled" - } - } - } - }, - "service": { - "type": "object", - "form": true, - "title": "Service Configuration", - "properties": { - "type": { - "type": "string", - "form": true, - "title": "Service Type", - "description": "Allowed values: \"ClusterIP\", \"NodePort\" and \"LoadBalancer\"" - } - } - }, - "metrics": { - "type": "object", - "form": true, - "title": "Prometheus metrics details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus metrics exporter", - "description": "Create a side-car container to expose Prometheus metrics", - "form": true - } - } - } - } -} diff --git a/bitnami/jenkins/values.yaml b/bitnami/jenkins/values.yaml deleted file mode 100644 index 4c46ced..0000000 --- a/bitnami/jenkins/values.yaml +++ /dev/null @@ -1,590 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section Jenkins Image parameters - -## Bitnami Jenkins image -## ref: https://hub.docker.com/r/bitnami/jenkins/tags/ -## @param image.registry Jenkins image registry -## @param image.repository Jenkins image repository -## @param image.tag Jenkins image tag (immutable tags are recommended) -## @param image.pullPolicy Jenkins image pull policy -## @param image.pullSecrets Jenkins image pull secrets -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/jenkins - tag: 2.303.1-debian-10-r28 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - -## @section Jenkins Configuration parameters -## Jenkins settings based on environment variables -## ref: https://github.com/bitnami/bitnami-docker-jenkins#configuration - -## @param jenkinsUser Jenkins username -## -jenkinsUser: user -## @param jenkinsPassword Jenkins user password -## Defaults to a random 10-character alphanumeric string if not set -## -jenkinsPassword: "" -## @param jenkinsHost Jenkins host to create application URLs -## -jenkinsHost: "" -## @param jenkinsHome Jenkins home directory -## -jenkinsHome: /bitnami/jenkins/home -## @param javaOpts Custom JVM parameters -## -javaOpts: [] -## @param disableInitialization Skip performing the initial bootstrapping for Jenkins -## -disableInitialization: "no" -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param extraEnvVars Array with extra environment variables to add to the Jenkins container -## e.g: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars -## -extraEnvVarsSecret: "" - -## @section Jenkins deployment parameters - -## @param updateStrategy.type Jenkins deployment strategy type -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods -## e.g: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate -## @param priorityClassName Jenkins pod priority class name -## -priorityClassName: "" -## @param hostAliases Jenkins pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param extraVolumes Optionally specify extra list of additional volumes for Jenkins pods -## -extraVolumes: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Jenkins container(s) -## -extraVolumeMounts: [] -## @param sidecars Add additional sidecar containers to the Jenkins pod -## e.g: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @param initContainers Add additional init containers to the Jenkins pods -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## e.g: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param lifecycleHooks Add lifecycle hooks to the Jenkins deployment -## -lifecycleHooks: {} -## @param podLabels Extra labels for Jenkins pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Annotations for Jenkins pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: {} -## Jenkins containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.limits The resources limits for the Jenkins container -## @param resources.requests [object] The requested resources for the Jenkins container -## -resources: - limits: {} - requests: - memory: 512Mi - cpu: 300m -## Container ports -## @param containerPorts.http Jenkins HTTP container port -## @param containerPorts.https Jenkins HTTPS container port -## -containerPorts: - http: 8080 - https: 8443 -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled Jenkins pods' Security Context -## @param podSecurityContext.fsGroup Set Jenkins pod's Security Context fsGroup -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled Jenkins containers' Security Context -## @param containerSecurityContext.runAsUser Set Jenkins container's Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set Jenkins container's Security Context runAsNonRoot -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true -## Configure extra options for Jenkins containers' liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 180 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - successThreshold: 1 - failureThreshold: 3 -## @param customLivenessProbe Custom livenessProbe that overrides the default one -## -customLivenessProbe: {} -## @param customReadinessProbe Custom readinessProbe that overrides the default one -# -customReadinessProbe: {} - -## @section Traffic Exposure Parameters - -## Jenkins service parameters -## -service: - ## @param service.type Jenkins service type - ## - type: LoadBalancer - ## @param service.port Jenkins service HTTP port - ## - port: 80 - ## @param service.httpsPort Jenkins service HTTPS port - ## - httpsPort: 443 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: "" - https: "" - ## @param service.clusterIP Jenkins service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerIP Jenkins service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Jenkins service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy Jenkins service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for Jenkins service - ## - annotations: {} -## Configure the ingress resource that allows you to access the Jenkins installation -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress record generation for Jenkins - ## - enabled: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress record - ## - hostname: jenkins.local - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers - ## - path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## - tls: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## - certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: jenkins.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - jenkins.local - ## secretName: jenkins.local-tls - ## - extraTls: [] - ## @param ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: jenkins.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] - -## @section Persistence Parameters - -## Persistence Parameters -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using Persistent Volume Claims - ## - enabled: true - ## @param persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param persistence.accessModes [array] Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size Persistent Volume size - ## - size: 8Gi -## 'volumePermissions' init container parameters -## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values -## based on the podSecurityContext/containerSecurityContext parameters -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` - ## - enabled: false - ## Bitnami Shell image - ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ - ## @param volumePermissions.image.registry Bitnami Shell image registry - ## @param volumePermissions.image.repository Bitnami Shell image repository - ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy - ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r201 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} - ## Init container Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param volumePermissions.securityContext.runAsUser Set init container's Security Context runAsUser - ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the - ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) - ## - securityContext: - runAsUser: 0 - -## @section Metrics Parameters - -metrics: - ## @param metrics.enabled Start a sidecar prometheus exporter to expose Jenkins metrics - ## - enabled: false - ## Bitnami Jenkins Exporter image - ## ref: https://hub.docker.com/r/bitnami/jenkins-exporter/tags/ - ## @param metrics.image.registry Jenkins Exporter image registry - ## @param metrics.image.repository Jenkins Exporter image repository - ## @param metrics.image.tag Jenkins Jenkins Exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Jenkins Exporter image pull policy - ## @param metrics.image.pullSecrets Jenkins Exporter image pull secrets - ## - image: - registry: docker.io - repository: bitnami/jenkins-exporter - tag: 0.20171225.0-debian-10-r567 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param metrics.containerSecurityContext.enabled Enabled Jenkins exporter containers' Security Context - ## @param metrics.containerSecurityContext.runAsUser Set Jenkins exporter containers' Security Context runAsUser - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## Jenkins exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param metrics.resources.limits The resources limits for the Jenkins exporter container - ## @param metrics.resources.requests The requested resources for the Jenkins exporter container - ## - resources: - limits: {} - requests: {} - ## Jenkins exporter service parameters - ## - service: - ## @param metrics.service.type Jenkins exporter service type - ## - type: ClusterIP - ## @param metrics.service.port Jenkins exporter service port - ## - port: 9122 - ## @param metrics.service.nodePort Node port for exporter - ## - nodePort: "" - ## @param metrics.service.externalTrafficPolicy Jenkins exporter service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param metrics.service.loadBalancerIP Jenkins exporter service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param metrics.service.loadBalancerSourceRanges Jenkins exporter service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param metrics.service.annotations [object] Additional custom annotations for Jenkins exporter service - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.port }}" - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created - ## - namespace: "" - ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabellings Metrics relabellings to add to the scrape endpoint - ## - relabellings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus - ## - additionalLabels: {} diff --git a/bitnami/joomla/Chart.lock b/bitnami/joomla/Chart.lock deleted file mode 100644 index 4705ce0..0000000 --- a/bitnami/joomla/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.5.1 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:dec30603bd7112e123d49eed25cb9d9823799bbefd91954ce613013dfc1fbd57 -generated: "2021-09-14T09:49:17.381607649Z" diff --git a/bitnami/joomla/Chart.yaml b/bitnami/joomla/Chart.yaml deleted file mode 100644 index 8fa85c6..0000000 --- a/bitnami/joomla/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -annotations: - category: CMS -apiVersion: v2 -appVersion: 3.10.2 -dependencies: - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - version: 1.x.x -description: PHP content management system (CMS) for publishing web content -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/joomla -icon: https://bitnami.com/assets/stacks/joomla/img/joomla-stack-220x234.png -keywords: - - joomla - - cms - - blog - - http - - php -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: joomla -sources: - - https://github.com/bitnami/bitnami-docker-joomla - - http://www.joomla.org/ -version: 10.1.21 diff --git a/bitnami/joomla/README.md b/bitnami/joomla/README.md deleted file mode 100644 index af61b4a..0000000 --- a/bitnami/joomla/README.md +++ /dev/null @@ -1,411 +0,0 @@ -# Joomla! - -[Joomla!](http://www.joomla.org/) is a PHP content management system (CMS) for publishing web content. It includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, search, and support for language international. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/joomla -``` - -## Introduction - -This chart bootstraps a [Joomla!](https://github.com/bitnami/bitnami-docker-joomla) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the Joomla! application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/joomla -``` - -The command deploys Joomla! on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ---------------------------------------------------------------------------------------------------------- | ----- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `commonAnnotations` | Common annotations to add to all Harbor resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all Harbor resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `[]` | - - -### Joomla! parameters - -| Name | Description | Value | -| ------------------------------------ | -------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | Joomla! image registry | `docker.io` | -| `image.repository` | Joomla! Image name | `bitnami/joomla` | -| `image.tag` | Joomla! Image tag | `3.10.2-debian-10-r0` | -| `image.pullPolicy` | Joomla! image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `joomlaSkipInstall` | Skip Joomla! installation wizard. Useful for migrations and restoring from SQL dump | `no` | -| `joomlaUsername` | User of the application | `user` | -| `joomlaPassword` | Application password | `""` | -| `joomlaEmail` | Admin email | `user@example.com` | -| `allowEmptyPassword` | Allow DB blank passwords | `no` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `replicaCount` | Number of replicas (requires ReadWriteMany PVC support) | `1` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `extraEnvVars` | Extra environment variables | `[]` | -| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | -| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes` | `[]` | -| `initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` | -| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | -| `existingSecret` | Name of a secret with the application password | `""` | -| `smtpHost` | SMTP host | `""` | -| `smtpPort` | SMTP port | `""` | -| `smtpUser` | SMTP user | `""` | -| `smtpPassword` | SMTP password | `""` | -| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `""` | -| `containerPorts` | Container ports | `{}` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for Joomla! volume | `""` | -| `persistence.accessMode` | PVC Access Mode for Joomla! volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for Joomla! volume | `8Gi` | -| `persistence.existingClaim` | An Existing PVC name | `""` | -| `persistence.hostPath` | Host mount path for Joomla! volume | `""` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `resources.limits` | The resources limits for the container | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `podSecurityContext.enabled` | Enable Joomla! pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Joomla! pods' group ID | `1001` | -| `containerSecurityContext.enabled` | Enable Joomla! containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Joomla! containers' Security Context | `1001` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `priorityClassName` | Define the priority class name to use for the joomla pods here. | `""` | -| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.loadBalancerIP` | loadBalancerIP for the Joomla Service (optional, cloud specific) | `""` | -| `service.nodePorts.http` | Node port for HTTP | `""` | -| `service.nodePorts.https` | Node port for HTTPS | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `joomla.local` | -| `ingress.path` | Default path for the ingress resource | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Database parameters - -| Name | Description | Value | -| ------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters | `true` | -| `mariadb.architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_joomla` | -| `mariadb.auth.username` | Database user to create | `bn_joomla` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | PVC Storage Class | `""` | -| `mariadb.primary.persistence.accessModes` | Persistent Volume access modes | `[]` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Host mount path for MariaDB volume | `""` | -| `mariadb.primary.persistence.existingClaim` | Enable persistence using an existing PVC | `""` | -| `externalDatabase.existingSecret` | Name of the database existing Secret Object | `""` | -| `externalDatabase.host` | Host of the existing database | `""` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.user` | Existing username in the external db | `bn_joomla` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_joomla` | - - -### Metrics parameters - -| Name | Description | Value | -| --------------------------- | ------------------------------------------------ | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image name | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag | `0.10.0-debian-10-r46` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources` | Exporter resource requests/limit | `{}` | -| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` | - - -The above parameters map to the env variables defined in [bitnami/joomla](http://github.com/bitnami/bitnami-docker-joomla). For more information please refer to the [bitnami/joomla](http://github.com/bitnami/bitnami-docker-joomla) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set joomlaUsername=admin,joomlaPassword=password,mariadb.mariadbRootPassword=secretpassword \ - bitnami/joomla -``` - -The above command sets the Joomla! administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/joomla -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Ingress without TLS - -For using ingress (example without TLS): - -```console -ingress.enabled=True -ingress.hosts[0]=joomla.domain.com -serviceType=ClusterIP -joomlaUsername=admin -joomlaPassword=password -mariadb.mariadbRootPassword=secretpassword -``` - -These are the *3 mandatory parameters* when *Ingress* is desired: `ingress.enabled=True`, `ingress.hosts[0]=joomla.domain.com` and `serviceType=ClusterIP` - -### Ingress TLS - -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [kube-lego](https://github.com/jetstack/kube-lego)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret (named `joomla-server-tls` in this example) in the namespace. Include the secret's name, along with the desired hostnames, in the Ingress TLS section of your custom `values.yaml` file: - -```yaml -ingress: - ## If true, Joomla! server Ingress will be created - ## - enabled: true - - ## Joomla! server Ingress annotations - ## - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: 'true' - - ## Joomla! server Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - joomla.domain.com - - ## Joomla! server Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: joomla-server-tls - hosts: - - joomla.domain.com -``` - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami Joomla!](https://github.com/bitnami/bitnami-docker-joomla) image stores the Joomla! data and configurations at the `/bitnami/joomla` and `/bitnami/apache` paths of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, vpshere, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. -You may want to review the [PV reclaim policy](https://kubernetes.io/docs/tasks/administer-cluster/change-pv-reclaim-policy/) and update as required. By default, it's set to delete, and when Joomla! is uninstalled, data is also removed. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 10.0.0 - -This version standardizes the way of defining Ingress rules. When configuring a single hostname for the Ingress rule, set the `ingress.hostname` value. When defining more than one, set the `ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading. - -### To 9.0.0 - -In this major there were two main changes introduced: - -1. Adaptation to Helm v2 EOL -2. Updated MariaDB dependency version - -Please read the update notes carefully. - -**1. Adaptation to Helm v2 EOL** - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -**2. Updated MariaDB dependency version** - -In this major the MariaDB dependency version was also bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -To upgrade to `9.0.0`, it should be done reusing the PVCs used to hold both the MariaDB and Joomla data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `joomla`): - -> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x - -Obtain the credentials and the names of the PVCs used to hold both the MariaDB and Joomla data on your current release: - -```console -export JOOMLA_PASSWORD=$(kubectl get secret --namespace default joomla -o jsonpath="{.data.joomla-password}" | base64 --decode) -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default joomla-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default joomla-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=joomla -o jsonpath="{.items[0].metadata.name}") -``` - -Upgrade your release (maintaining the version) disabling MariaDB and scaling Joomla replicas to 0: - -```console -$ helm upgrade joomla bitnami/joomla --set joomlaPassword=$JOOMLA_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 8.1.9 -``` - -Finally, upgrade you release to 9.0.0 reusing the existing PVC, and enabling back MariaDB: - -```console -$ helm upgrade joomla bitnami/joomla --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set joomlaPassword=$JOOMLA_PASSWORD -``` - -You should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=joomla,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` - -### To 8.0.0 - -The [Bitnami Joomla!](https://github.com/bitnami/bitnami-docker-joomla) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by setting the parameters `containerSecurityContext.runAsUser` to `root`. - -Consequences: - -- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. -- Backwards compatibility is not guaranteed. - -To upgrade to `7.0.0`, backup Joomla data and the previous MariaDB databases, install a new Joomla chart and import the backups and data, ensuring the `1001` user has the appropriate permissions on the migrated volume. - -This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information. - -### To 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17299 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is opencart: - -```console -$ kubectl patch deployment joomla-joomla --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl delete statefulset joomla-mariadb --cascade=false -``` diff --git a/bitnami/joomla/templates/NOTES.txt b/bitnami/joomla/templates/NOTES.txt deleted file mode 100644 index f2972ed..0000000 --- a/bitnami/joomla/templates/NOTES.txt +++ /dev/null @@ -1,87 +0,0 @@ - -{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} -** Please be patient while the chart is being deployed ** -{{- if and .Values.ingress.enabled (ne .Values.service.type "ClusterIP") }} -** Notice : Usually with ingress the service.type should be set to ClusterIP, which is not the case to this deployment! ** -{{- end }} - -1. Access you Joomla! instance with: - -{{- if .Values.ingress.enabled }} - {{ if .Values.ingress.tls }} - {{- range .Values.ingress.hosts }} - - https://{{ . }} - {{- end }} - {{- else }} - {{- range .Values.ingress.hosts }} - - http://{{ . }} - {{- end }} - {{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "Joomla! URL: http://$NODE_IP:$NODE_PORT/" - -{{- else if contains "LoadBalancer" .Values.service.type }} - -** Please ensure an external IP is associated to the {{ template "common.names.fullname" . }} service before proceeding ** -** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }} ** - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - -{{- $port:=.Values.service.port | toString }} - echo "Joomla! URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 8080:{{ .Values.service.port }} - echo "Joomla! URL: http://127.0.0.1:8080/" - -{{- end }} - -2. Login with the following credentials - - echo Username: {{ .Values.joomlaUsername }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "joomla.secretName" . }} -o jsonpath="{.data.joomla-password}" | base64 --decode) - -{{- else -}} - -######################################################################################## -### ERROR: You did not provide an external database host in your 'helm install' call ### -######################################################################################## - -This deployment will be incomplete until you configure Joomla! with a resolvable database -host. To configure Joomla! to use and external database host: - -1. Complete your Joomla! deployment by running: - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} --set service.type={{ .Values.service.type }},mariadb.enabled=false,externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST bitnami/joomla - -{{- end }} - -{{- include "joomla.checkRollingTags" . }} - -{{- $passwordValidationErrors := list -}} -{{- $secretName := include "joomla.secretName" . -}} - -{{- if not .Values.existingSecret -}} - {{- $requiredJoomlaPassword := dict "valueKey" "joomlaPassword" "secret" $secretName "field" "joomla-password" "context" $ -}} - {{- $requiredJoomlaPasswordError := include "common.validations.values.single.empty" $requiredJoomlaPassword -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $requiredJoomlaPasswordError -}} -{{- end -}} - -{{- $databaseSecretName := include "joomla.databaseSecretName" . -}} - -{{- if .Values.mariadb.enabled }} - {{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $databaseSecretName "subchart" true "context" $) -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} -{{- end }} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} - -{{- if and (not .Values.mariadb.enabled) .Release.IsUpgrade -}} - {{- $requiredExternalPassword := dict "valueKey" "externalDatabase.password" "secret" $databaseSecretName "field" "mariadb-password" -}} - -WARNING: Review values for the following password in the command, if they are correct please ignore this notice. - {{- include "common.validations.values.multiple.empty" (dict "required" (list $requiredExternalPassword) "context" $) -}} -{{- end -}} diff --git a/bitnami/joomla/templates/_helpers.tpl b/bitnami/joomla/templates/_helpers.tpl deleted file mode 100644 index 9eb9e9d..0000000 --- a/bitnami/joomla/templates/_helpers.tpl +++ /dev/null @@ -1,107 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "joomla.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Joomla! image name -*/}} -{{- define "joomla.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "joomla.metrics.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.metrics.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "joomla.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "joomla.storageClass" -}} -{{- include "common.storage.class" ( dict "persistence" .Values.persistence "global" .Values.global ) -}} -{{- end -}} - -{{/* Joomla! credential secret name */}} -{{- define "joomla.secretName" -}} -{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "joomla.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image -}} -{{- include "common.warnings.rollingTag" .Values.metrics.image -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "joomla.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "joomla.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "joomla.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "joomla.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "joomla.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "joomla.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "joomla.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "joomla.mariadb.fullname" .) -}} -{{- else if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-%s" .Release.Name "externaldb" -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/joomla/templates/deployment.yaml b/bitnami/joomla/templates/deployment.yaml deleted file mode 100644 index 48192f7..0000000 --- a/bitnami/joomla/templates/deployment.yaml +++ /dev/null @@ -1,218 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: joomla - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: joomla - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "joomla.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.podSecurityContext.fsGroup }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - containers: - - name: joomla - image: {{ template "joomla.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.containerSecurityContext.runAsUser }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ .Values.allowEmptyPassword | quote }} - - name: APACHE_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: APACHE_HTTPS_PORT_NUMBER - value: {{ .Values.containerPorts.https | quote }} - - name: JOOMLA_DATABASE_HOST - value: {{ include "joomla.databaseHost" . | quote }} - - name: JOOMLA_DATABASE_PORT_NUMBER - value: {{ include "joomla.databasePort" . | quote }} - - name: JOOMLA_DATABASE_NAME - value: {{ include "joomla.databaseName" . | quote }} - - name: JOOMLA_DATABASE_USER - value: {{ include "joomla.databaseUser" . | quote }} - - name: JOOMLA_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "joomla.databaseSecretName" . }} - key: mariadb-password - - name: JOOMLA_SKIP_BOOTSTRAP - value: {{ default "no" .Values.joomlaSkipInstall | quote }} - - name: JOOMLA_USERNAME - value: {{ default "" .Values.joomlaUsername | quote }} - - name: JOOMLA_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "joomla.secretName" . }} - key: joomla-password - - name: JOOMLA_EMAIL - value: {{ default "" .Values.joomlaEmail | quote }} - - name: SMTP_HOST - value: {{ default "" .Values.smtpHost | quote }} - - name: SMTP_PORT - value: {{ default "" .Values.smtpPort | quote }} - - name: SMTP_USER - value: {{ default "" .Values.smtpUser | quote }} - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "joomla.secretName" . }} - key: smtp-password - - name: SMTP_PROTOCOL - value: {{ default "" .Values.smtpProtocol | quote }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /index.php - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /index.php - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{ toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: joomla-data - mountPath: /bitnami - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "joomla.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:80/server-status/?auto'] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: {{ toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: joomla-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" . ) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/joomla/templates/externaldb-secrets.yaml b/bitnami/joomla/templates/externaldb-secrets.yaml deleted file mode 100644 index bad8569..0000000 --- a/bitnami/joomla/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if (not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret)) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-%s" .Release.Name "externaldb" }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: joomla - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - mariadb-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/joomla/templates/ingress.yaml b/bitnami/joomla/templates/ingress.yaml deleted file mode 100644 index 2978c59..0000000 --- a/bitnami/joomla/templates/ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: joomla - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/joomla/templates/joomla-pvc.yaml b/bitnami/joomla/templates/joomla-pvc.yaml deleted file mode 100644 index 8d2e7f9..0000000 --- a/bitnami/joomla/templates/joomla-pvc.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: joomla - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.persistence.hostPath }} - storageClassName: "" - {{- end }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "joomla.storageClass" . | nindent 2 }} -{{- end -}} diff --git a/bitnami/joomla/templates/secrets.yaml b/bitnami/joomla/templates/secrets.yaml deleted file mode 100644 index a63178f..0000000 --- a/bitnami/joomla/templates/secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: joomla - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.joomlaPassword }} - joomla-password: {{ default "" .Values.joomlaPassword | b64enc | quote }} - {{- else }} - joomla-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - smtp-password: {{ default "" .Values.smtpPassword | b64enc | quote }} -{{- end }} diff --git a/bitnami/joomla/templates/svc.yaml b/bitnami/joomla/templates/svc.yaml deleted file mode 100644 index 91bb89c..0000000 --- a/bitnami/joomla/templates/svc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: joomla - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.http)))}} - nodePort: {{ .Values.service.nodePorts.http }} - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: https - {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.https)))}} - nodePort: {{ .Values.service.nodePorts.https }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/joomla/templates/tls-secrets.yaml b/bitnami/joomla/templates/tls-secrets.yaml deleted file mode 100644 index 5175b2d..0000000 --- a/bitnami/joomla/templates/tls-secrets.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: joomla - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} -{{- end }} -{{- end }} diff --git a/bitnami/joomla/values.schema.json b/bitnami/joomla/values.schema.json deleted file mode 100644 index 07044aa..0000000 --- a/bitnami/joomla/values.schema.json +++ /dev/null @@ -1,188 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "joomlaUsername": { - "type": "string", - "title": "Username", - "form": true - }, - "joomlaPassword": { - "type": "string", - "title": "Password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set" - }, - "joomlaEmail": { - "type": "string", - "title": "Admin email", - "form": true - }, - "persistence": { - "type": "object", - "properties": { - "joomla": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - } - } - }, - "ingress": { - "type": "object", - "form": true, - "title": "Ingress Configuration", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Use a custom hostname", - "description": "Enable the ingress resource that allows you to access the Joomla! installation." - }, - "hostname": { - "type": "string", - "form": true, - "title": "Hostname", - "hidden": { - "value": false, - "path": "ingress/enabled" - } - } - } - }, - "service": { - "type": "object", - "form": true, - "title": "Service Configuration", - "properties": { - "type": { - "type": "string", - "form": true, - "title": "Service Type", - "description": "Allowed values: \"ClusterIP\", \"NodePort\" and \"LoadBalancer\"" - } - } - }, - "mariadb": { - "type": "object", - "title": "MariaDB Details", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Use a new MariaDB database hosted in the cluster", - "form": true, - "description": "Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database switch this off and configure the external database details" - }, - "primary": { - "type": "object", - "properties": { - "persistence": { - "type": "object", - "properties": { - "size": { - "type": "string", - "title": "Volume Size", - "form": true, - "hidden": { - "value": false, - "path": "mariadb/enabled" - }, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi" - } - } - } - } - } - } - }, - "externalDatabase": { - "type": "object", - "title": "External Database Details", - "description": "If MariaDB is disabled. Use this section to specify the external database details", - "form": true, - "hidden": "mariadb/enabled", - "properties": { - "host": { - "type": "string", - "form": true, - "title": "Database Host" - }, - "user": { - "type": "string", - "form": true, - "title": "Database Username" - }, - "password": { - "type": "string", - "form": true, - "title": "Database Password" - }, - "database": { - "type": "string", - "form": true, - "title": "Database Name" - }, - "port": { - "type": "integer", - "form": true, - "title": "Database Port" - } - } - }, - "resources": { - "type": "object", - "title": "Requested Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "metrics": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Metrics", - "description": "Prometheus Exporter / Metrics", - "form": true - } - } - } - } -} diff --git a/bitnami/joomla/values.yaml b/bitnami/joomla/values.yaml deleted file mode 100644 index c9c8a08..0000000 --- a/bitnami/joomla/values.yaml +++ /dev/null @@ -1,542 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param commonAnnotations Common annotations to add to all Harbor resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels Common labels to add to all Harbor resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). -## -extraDeploy: [] - -## @section Joomla! parameters - -## Bitnami Joomla! image version -## ref: https://hub.docker.com/r/bitnami/joomla/tags/ -## @param image.registry Joomla! image registry -## @param image.repository Joomla! Image name -## @param image.tag Joomla! Image tag -## @param image.pullPolicy Joomla! image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/joomla - tag: 3.10.2-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param joomlaSkipInstall Skip Joomla! installation wizard. Useful for migrations and restoring from SQL dump -## ref: https://github.com/bitnami/bitnami-docker-joomla#configuration -## -joomlaSkipInstall: "no" -## @param joomlaUsername User of the application -## ref: https://github.com/bitnami/bitnami-docker-joomla#configuration -## -joomlaUsername: user -## @param joomlaPassword Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-joomla#configuration -## -joomlaPassword: "" -## @param joomlaEmail Admin email -## ref: https://github.com/bitnami/bitnami-docker-joomla#configuration -## -joomlaEmail: user@example.com -## @param allowEmptyPassword Allow DB blank passwords -## ref: https://github.com/bitnami/bitnami-docker-joomla#environment-variables -## -allowEmptyPassword: "no" -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param replicaCount Number of replicas (requires ReadWriteMany PVC support) -## -replicaCount: 1 -## @param hostAliases [array] Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - ## Necessary for apache-exporter to work - ## - - ip: "127.0.0.1" - hostnames: - - "status.localhost" -## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate -## @param extraEnvVars Extra environment variables -## For example: -## - name: BEARER_AUTH -## value: true -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) -## -extraEnvVarsSecret: "" -## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes` -## -extraVolumeMounts: [] -## @param initContainers Add additional init containers to the pod (evaluated as a template) -## -initContainers: [] -## @param sidecars Attach additional containers to the pod (evaluated as a template) -## -sidecars: [] -## @param existingSecret Name of a secret with the application password -## -existingSecret: "" -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-joomla/#smtp-configuration -## @param smtpHost SMTP host -## @param smtpPort SMTP port -## @param smtpUser SMTP user -## @param smtpPassword SMTP password -## @param smtpProtocol SMTP Protocol (options: ssl,tls, nil) -## -smtpHost: "" -smtpPort: "" -smtpUser: "" -smtpPassword: "" -smtpProtocol: "" -## @param containerPorts [object] Container ports -## -containerPorts: - http: 8080 - https: 8443 -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## @param persistence.enabled Enable persistence using PVC -## @param persistence.storageClass PVC Storage Class for Joomla! volume -## @param persistence.accessMode PVC Access Mode for Joomla! volume -## @param persistence.size PVC Storage Request for Joomla! volume -## @param persistence.existingClaim An Existing PVC name -## @param persistence.hostPath Host mount path for Joomla! volume -## -persistence: - enabled: true - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - accessMode: ReadWriteOnce - size: 8Gi - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - ## If defined, the joomla-data volume will mount to the specified hostPath. - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the container -## @param resources.requests [object] The requested resources for the container -## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - requests: - memory: 512Mi - cpu: 300m -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable Joomla! pods' Security Context -## @param podSecurityContext.fsGroup Joomla! pods' group ID -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable Joomla! containers' Security Context -## @param containerSecurityContext.runAsUser Joomla! containers' Security Context -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 600 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 6 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param priorityClassName Define the priority class name to use for the joomla pods here. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template -## -lifecycleHooks: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Add additional labels to the pod (evaluated as a template) -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## @section Traffic Exposure Parameters - -## Kubernetes configuration -## For minikube, set this to NodePort, for ingress ClusterIP, elsewhere use LoadBalancer -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 80 - ## @param service.httpsPort Service HTTPS port - ## - httpsPort: 443 - ## @param service.loadBalancerIP loadBalancerIP for the Joomla Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster -## Configure the ingress resource that allows you to access the -## Joomla! installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: joomla.local - ## @param ingress.path Default path for the ingress resource - ## You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: joomla.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - joomla.local - ## secretName: joomla.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - name: joomla.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Database parameters - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture (`standalone` or `replication`) - ## - architecture: standalone - ## MariaDB Authentication parameters - ## - auth: - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param mariadb.auth.database Database name to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - database: bitnami_joomla - ## @param mariadb.auth.username Database user to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: bn_joomla - ## @param mariadb.auth.password Password for the database - ## - password: "" - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## @param mariadb.primary.persistence.storageClass PVC Storage Class - ## @param mariadb.primary.persistence.accessModes [array] Persistent Volume access modes - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## @param mariadb.primary.persistence.hostPath Host mount path for MariaDB volume - ## @param mariadb.primary.persistence.existingClaim Enable persistence using an existing PVC - ## - primary: - persistence: - enabled: true - ## mariadb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - accessModes: - - ReadWriteOnce - size: 8Gi - ## Set path in case you want to use local host path volumes (not recommended in production) - ## - hostPath: "" - ## Use an existing PVC - ## - existingClaim: "" -## External database configuration -## -externalDatabase: - ## @param externalDatabase.existingSecret Name of the database existing Secret Object - ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored - existingSecret: "" - ## @param externalDatabase.host Host of the existing database - ## - host: "" - ## @param externalDatabase.port Port of the existing database - ## - port: 3306 - ## @param externalDatabase.user Existing username in the external db - ## - user: bn_joomla - ## @param externalDatabase.password Password for the above username - ## - password: "" - ## @param externalDatabase.database Name of the existing database - ## - database: bitnami_joomla - -## @section Metrics parameters - -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Apache exporter image registry - ## @param metrics.image.repository Apache exporter image name - ## @param metrics.image.tag Apache exporter image tag - ## @param metrics.image.pullPolicy Image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.0-debian-10-r46 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.resources Exporter resource requests/limit - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## @param metrics.podAnnotations [object] Additional annotations for Metrics exporter pod - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" diff --git a/bitnami/jupyterhub/templates/proxy/pdb.yaml b/bitnami/jupyterhub/templates/proxy/pdb.yaml deleted file mode 100644 index af426fa..0000000 --- a/bitnami/jupyterhub/templates/proxy/pdb.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.proxy.pdb.create -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: proxy - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "jupyterhub.proxy.name" . }} - namespace: {{ .Release.Namespace | quote }} -spec: - minAvailable: {{ .Values.proxy.pdb.minAvailable }} - maxUnavailable: {{ .Values.proxy.pdb.maxUnavailable }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: proxy -{{- end }} diff --git a/bitnami/kiam/Chart.lock b/bitnami/kiam/Chart.lock deleted file mode 100644 index 1ceda83..0000000 --- a/bitnami/kiam/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-24T02:01:42.388199882Z" diff --git a/bitnami/kiam/Chart.yaml b/bitnami/kiam/Chart.yaml deleted file mode 100644 index 0132ade..0000000 --- a/bitnami/kiam/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 3.6.0 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: kiam is a proxy that captures AWS Metadata API requests. It allows AWS IAM roles to be set for Kubernetes workloads. -engine: gotpl -home: https://github.com/uswitch/kiam -icon: https://bitnami.com/assets/stacks/kiam/img/kiam-stack-220x234.png -keywords: - - aws - - iam - - security -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: kiam -sources: - - https://github.com/bitnami/bitnami-docker-kiam - - https://github.com/uswitch/kiam -version: 0.3.14 diff --git a/bitnami/kiam/README.md b/bitnami/kiam/README.md deleted file mode 100644 index e60cb47..0000000 --- a/bitnami/kiam/README.md +++ /dev/null @@ -1,400 +0,0 @@ -# kiam - -[kiam](https://github.com/uswitch/kiam) is a Kubernetes agent that allows to associate IAM roles to pods. - -## TL;DR - -```console - helm repo add bitnami https://charts.bitnami.com/bitnami - helm install my-release bitnami/kiam -``` - -> NOTE: KIAM has been designed to work on a Kubernetes cluster deployed on top of AWS, although it is possible to deploy it in other environments. - -## Introduction - -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - -This chart bootstraps a [kiam](https://github.com/bitnami/bitnami-docker-kiam) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ in AWS -- Helm 3.1.0 - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/kiam -``` - -These commands deploy a kiam application on the Kubernetes cluster in the default configuration. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------------- | ----- | -| `nameOverride` | Release name override | `""` | -| `fullnameOverride` | Release full name override | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### kiam image parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------------ | ---------------------- | -| `image.registry` | kiam image registry | `docker.io` | -| `image.repository` | kiam image name | `bitnami/kiam` | -| `image.tag` | kiam image tag | `3.6.0-debian-10-r316` | -| `image.pullPolicy` | kiam image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | - - -### kiam server parameters - -| Name | Description | Value | -| ------------------------------------------------ | ----------------------------------------------------------------------------------------------- | ---------------- | -| `server.enabled` | Deploy the kiam server | `true` | -| `server.containerPort` | HTTPS port to expose at container level | `8443` | -| `server.resourceType` | Specify how to deploy the server (allowed values: `daemonset` and `deployment`) | `daemonset` | -| `server.hostAliases` | Add deployment host aliases | `[]` | -| `server.useHostNetwork` | Use host networking (ports will be directly exposed in the host) | `false` | -| `server.replicaCount` | Number of replicas to deploy (when `server.resourceType` is `daemonset`) | `1` | -| `server.logJsonOutput` | Use JSON format for logs | `true` | -| `server.logLevel` | Logging level | `info` | -| `server.sslCertHostPath` | Path to the host system SSL certificates (necessary for contacting the AWS metadata server) | `/etc/ssl/certs` | -| `server.podSecurityPolicy.create` | Create a PodSecurityPolicy resource | `true` | -| `server.podSecurityPolicy.allowedHostPaths` | Extra host paths to allow in the PodSecurityPolicy | `[]` | -| `server.priorityClassName` | Server priorityClassName | `""` | -| `server.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `server.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `server.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `server.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `server.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `server.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `server.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `server.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `server.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | -| `server.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `server.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `server.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `server.extraArgs` | Extra arguments to add to the default kiam command | `{}` | -| `server.command` | Override kiam default command | `[]` | -| `server.args` | Override kiam default args | `[]` | -| `server.tlsFiles` | Base64-encoded PEM values for server's CA certificate(s), certificate and private key | `{}` | -| `server.gatewayTimeoutCreation` | Timeout when creating the kiam gateway | `1s` | -| `server.tlsSecret` | Name of a secret with TLS certificates for the container | `""` | -| `server.dnsPolicy` | Pod DNS policy | `Default` | -| `server.roleBaseArn` | Base ARN for IAM roles. If not set kiam will detect it automatically | `""` | -| `server.cacheSyncInterval` | Cache synchronization interval | `1m` | -| `server.assumeRoleArn` | IAM role for the server to assume | `""` | -| `server.sessionDuration` | Session duration for STS tokens | `15m` | -| `server.tlsCerts` | Agent TLS Certificate filenames | `{}` | -| `server.resources.limits` | The resources limits for the kiam container | `{}` | -| `server.resources.requests` | The requested resources for the kiam container | `{}` | -| `server.containerSecurityContext.enabled` | Enabled kiam server containers' Security Context | `true` | -| `server.containerSecurityContext.runAsUser` | Set kiam server container's Security Context runAsUser | `1001` | -| `server.containerSecurityContext.runAsNonRoot` | Set kiam server container's Security Context runAsNonRoot | `true` | -| `server.containerSecurityContext.seLinuxOptions` | Set kiam server container's Security Context SE Linux options | `{}` | -| `server.podSecurityContext.enabled` | Enabled kiam server pods' Security Context | `true` | -| `server.podSecurityContext.fsGroup` | Set kiam server pod's Security Context fsGroup | `1001` | -| `server.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `server.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `server.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `server.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `server.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `server.affinity` | Affinity for pod assignment | `{}` | -| `server.nodeSelector` | Node labels for pod assignment | `{}` | -| `server.tolerations` | Tolerations for pod assignment | `[]` | -| `server.podLabels` | Extra labels for kiam pods | `{}` | -| `server.podAnnotations` | Annotations for kiam pods | `{}` | -| `server.lifecycleHooks` | lifecycleHooks for the kiam server container to automate configuration before or after startup. | `{}` | -| `server.customLivenessProbe` | Override default liveness probe | `{}` | -| `server.customReadinessProbe` | Override default readiness probe | `{}` | -| `server.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `server.extraEnvVars` | Array containing extra env vars to configure kiam server | `[]` | -| `server.extraEnvVarsCM` | ConfigMap containing extra env vars to configure kiam server | `""` | -| `server.extraEnvVarsSecret` | Secret containing extra env vars to configure kiam server (in case of sensitive data) | `""` | -| `server.extraVolumes` | Optionally specify extra list of additional volumes for kiam pods | `[]` | -| `server.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for kiam container(s) | `[]` | -| `server.initContainers` | Add additional init containers to the kiam pods | `[]` | -| `server.sidecars` | Add additional sidecar containers to the kiam pods | `[]` | - - -### kiam server exposure parameters - -| Name | Description | Value | -| ----------------------------------------- | ---------------------------------------------------------------------------- | ----------- | -| `server.service.type` | Kubernetes service type | `ClusterIP` | -| `server.service.port` | Service HTTPS port | `8443` | -| `server.service.nodePorts` | Specify the nodePort values for the LoadBalancer and NodePort service types. | `{}` | -| `server.service.clusterIP` | kiam service clusterIP IP | `None` | -| `server.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `""` | -| `server.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | -| `server.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `server.service.annotations` | Annotations for kiam service | `{}` | - - -### kiam server Service Account parameters - -| Name | Description | Value | -| ------------------------------ | ----------------------------------------------------- | ------ | -| `server.serviceAccount.create` | Enable the creation of a ServiceAccount for kiam pods | `true` | -| `server.serviceAccount.name` | Name of the created ServiceAccount | `""` | - - -### kiam server metrics parameters - -| Name | Description | Value | -| ------------------------------------------------- | ---------------------------------------------------------------------------- | ------- | -| `server.metrics.enabled` | Enable exposing kiam statistics | `false` | -| `server.metrics.port` | Metrics port | `9621` | -| `server.metrics.syncInterval` | Metrics synchronization interval statistics | `5s` | -| `server.metrics.annotations` | Annotations for enabling prometheus to access the metrics endpoints | `{}` | -| `server.metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `server.metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `server.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `server.metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabellings to add to the scrape endpoint | `[]` | -| `server.metrics.serviceMonitor.relabelings` | Specify Relabelings to add to the scrape endpoint | `[]` | -| `server.metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `server.metrics.serviceMonitor.selector` | metrics service selector | `{}` | - - -### kiam agent parameters - -| Name | Description | Value | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------ | ------------------------- | -| `agent.enabled` | Deploy the kiam agent | `true` | -| `agent.logJsonOutput` | Use JSON format for logs | `true` | -| `agent.logLevel` | Logging level | `info` | -| `agent.priorityClassName` | Server priorityClassName | `""` | -| `agent.allowRouteRegExp` | Regexp with the allowed paths for agents to redirect | `""` | -| `agent.hostAliases` | Add deployment host aliases | `[]` | -| `agent.containerPort` | HTTPS port to expose at container level | `8183` | -| `agent.iptables` | Have the agent modify the host iptables rules | `false` | -| `agent.iptablesRemoveOnShutdown` | Remove iptables rules when shutting down the agent node | `false` | -| `agent.hostInterface` | Interface for agents for redirecting requests | `cali+` | -| `agent.keepaliveParams.permitWithoutStream` | Permit keepalive without stream | `false` | -| `agent.keepaliveParams.time` | Keepalive time | `""` | -| `agent.keepaliveParams.timeout` | Keepalive timeout | `""` | -| `agent.enableDeepProbe` | Use the probes using the `/health` endpoint | `false` | -| `agent.dnsPolicy` | Pod DNS policy | `ClusterFirstWithHostNet` | -| `agent.sslCertHostPath` | Path to the host system SSL certificates (necessary for contacting the AWS metadata agent) | `/etc/ssl/certs` | -| `agent.tlsFiles` | Base64-encoded PEM values for server's CA certificate(s), certificate and private key | `{}` | -| `agent.podSecurityPolicy.create` | Create a PodSecurityPolicy resource | `true` | -| `agent.podSecurityPolicy.allowedHostPaths` | Extra host paths to allow in the PodSecurityPolicy | `[]` | -| `agent.tlsSecret` | Name of a secret with TLS certificates for the container | `""` | -| `agent.useHostNetwork` | Use host networking (ports will be directly exposed in the host) | `true` | -| `agent.tlsCerts` | Agent TLS Certificate filenames | `{}` | -| `agent.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `agent.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `agent.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `agent.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `agent.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `agent.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `agent.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `agent.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `agent.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | -| `agent.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `agent.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `agent.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `agent.extraArgs` | Extra arguments to add to the default kiam command | `{}` | -| `agent.gatewayTimeoutCreation` | Timeout when creating the kiam gateway | `1s` | -| `agent.command` | Override kiam default command | `[]` | -| `agent.args` | Override kiam default args | `[]` | -| `agent.resources.limits` | The resources limits for the kiam container | `{}` | -| `agent.resources.requests` | The requested resources for the kiam container | `{}` | -| `agent.containerSecurityContext.enabled` | Enabled agent containers' Security Context | `true` | -| `agent.containerSecurityContext.runAsUser` | Set agent container's Security Context runAsUser | `1001` | -| `agent.containerSecurityContext.runAsNonRoot` | Set agent container's Security Context runAsNonRoot | `true` | -| `agent.containerSecurityContext.seLinuxOptions` | Set agent container's Security Context SE Linux options | `{}` | -| `agent.podSecurityContext.enabled` | Enabled agent pods' Security Context | `true` | -| `agent.podSecurityContext.fsGroup` | Set agent pod's Security Context fsGroup | `1001` | -| `agent.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `agent.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `agent.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `agent.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `agent.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `agent.affinity` | Affinity for pod assignment | `{}` | -| `agent.nodeSelector` | Node labels for pod assignment | `{}` | -| `agent.tolerations` | Tolerations for pod assignment | `[]` | -| `agent.podLabels` | Extra labels for kiam pods | `{}` | -| `agent.podAnnotations` | Annotations for kiam pods | `{}` | -| `agent.lifecycleHooks` | LifecycleHooks to set additional configuration at startup. | `{}` | -| `agent.customLivenessProbe` | Override default liveness probe | `{}` | -| `agent.customReadinessProbe` | Override default readiness probe | `{}` | -| `agent.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `agent.extraEnvVars` | Array containing extra env vars to configure kiam agent | `[]` | -| `agent.extraEnvVarsCM` | ConfigMap containing extra env vars to configure kiam agent | `""` | -| `agent.extraEnvVarsSecret` | Secret containing extra env vars to configure kiam agent (in case of sensitive data) | `""` | -| `agent.extraVolumes` | Optionally specify extra list of additional volumes for kiam pods | `[]` | -| `agent.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for kiam container(s) | `[]` | -| `agent.initContainers` | Add additional init containers to the kiam pods | `[]` | -| `agent.sidecars` | Add additional sidecar containers to the kiam pods | `[]` | - - -### kiam agent exposure parameters - -| Name | Description | Value | -| ---------------------------------------- | ---------------------------------------------------------------------------- | ----------- | -| `agent.service.type` | Kubernetes service type | `ClusterIP` | -| `agent.service.nodePorts` | Specify the nodePort values for the LoadBalancer and NodePort service types. | `{}` | -| `agent.service.clusterIP` | kiam service clusterIP IP | `""` | -| `agent.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `""` | -| `agent.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | -| `agent.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `agent.service.annotations` | Annotations for kiam service | `{}` | - - -### kiam agent Service Account parameters - -| Name | Description | Value | -| ----------------------------- | ----------------------------------------------------- | ------ | -| `agent.serviceAccount.create` | Enable the creation of a ServiceAccount for kiam pods | `true` | -| `agent.serviceAccount.name` | Name of the created ServiceAccount | `""` | - - -### kiam agent metrics parameters - -| Name | Description | Value | -| ------------------------------------------------ | ---------------------------------------------------------------------------- | ------- | -| `agent.metrics.enabled` | Enable exposing kiam statistics | `false` | -| `agent.metrics.port` | Service HTTP management port | `9620` | -| `agent.metrics.syncInterval` | Metrics synchronization interval statistics | `5s` | -| `agent.metrics.annotations` | Annotations for enabling prometheus to access the metrics endpoints | `{}` | -| `agent.metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `agent.metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | -| `agent.metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `agent.metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` | -| `agent.metrics.serviceMonitor.relabelings` | Specify Relabelings to add to the scrape endpoint | `[]` | -| `agent.metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `agent.metrics.serviceMonitor.selector` | metrics service selector | `{}` | - - -### RBAC parameters - -| Name | Description | Value | -| ------------- | ----------------------------------------------- | ------ | -| `rbac.create` | Whether to create and use RBAC resources or not | `true` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install my-release --set server.resourceType=deployment bitnami/kiam -``` - -The above command sets the server nodes to be deployed as Deployment objects. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/kiam -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Add extra environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `server.extraEnvVars` and `agent.extraEnvVars` property. - -```yaml -server: - extraEnvVars: - - name: LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `server.extraEnvVarsCM`, `agent.extraEnvVarsCM` or the `server.extraEnvVarsSecret` and `agent.extraEnvVarsSecret` values. - -### Configure Sidecars and Init Containers - -If additional containers are needed in the same pod as Kiam (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. Similarly, you can add extra init containers using the `initContainers` parameter. - -[Learn more about configuring and using sidecar and init containers](https://docs.bitnami.com/kubernetes/infrastructure/kiam/configuration/configure-sidecar-init-containers/). - -### Deploy extra resources - -There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. - -### Set Pod affinity - -This chart allows you to set your custom affinity using the `server.affinity` and `agent.affinity` parameters. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `server.podAffinityPreset`, `agent.podAffinityPreset`, `server.podAntiAffinityPreset`, `agent.podAntiAffinityPreset`, or `server.nodeAffinityPreset` and `agent.nodeAffinityPreset` parameters. - -### Configure TLS Secrets - -This chart will facilitate the creation of TLS secrets for use with kiam. There are three common use cases: - -- Helm auto-generates the certificates. -- User specifies the certificates in the values. -- User generates/manages certificates separately. - -By default the first use case will be applied. In the second case, a certificate and a key are needed. - -- The certificate files should look like the example below. There may be more than one certificate if there is a certificate chain. - - ```console - -----BEGIN CERTIFICATE----- - MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV - ... - jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 - -----END CERTIFICATE----- - ``` - -- The certificate keys should look like this: - - ```console - -----BEGIN RSA PRIVATE KEY----- - MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 - ... - wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= - -----END RSA PRIVATE KEY----- - ``` - -If using the values file to manage the certificates, copy the above values into the `server.tlsFiles.cert`, `server.tlsFiles.ca` and `server.tlsFiles.key` or `agent.tlsFiles.cert`, `agent.tlsFiles.ca` and `agent.tlsFiles.key` parameters respectively. - -If managing TLS secrets outside of Helm, it is possible to create a TLS secret (named `kiam.local-tls`, for example) and set it using the `server.tlsSecret` or `agent.tlsSecret` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). diff --git a/bitnami/kiam/templates/NOTES.txt b/bitnami/kiam/templates/NOTES.txt deleted file mode 100644 index 00a09e2..0000000 --- a/bitnami/kiam/templates/NOTES.txt +++ /dev/null @@ -1,31 +0,0 @@ -** Please be patient while the chart is being deployed ** - -In order to associate your pods with AWS IAM roles, follow the steps below: - -* Annotate your namespace with the allowed role ARNs via `iam.amazonaws.com/permitted`: - - kubectl edit namespace my-namespace - - kind: Namespace - metadata: - name: my-namespace - annotations: - iam.amazonaws.com/permitted: "" - -* Annotate your pods with the desired role via `iam.amazonaws.com/role`: - - kubectl edit pod my-pod - - kind: Pod - metadata: - name: my-pod - annotations: - iam.amazonaws.com/role: "" - -* Verify the role by entering your pod and executing the following command - - kubectl exec -ti my-pod bash - curl http://169.254.169.254/latest/meta-data/iam/security-credentials/ - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "kiam.validateValues" . }} diff --git a/bitnami/kiam/templates/_helpers.tpl b/bitnami/kiam/templates/_helpers.tpl deleted file mode 100644 index fbdbbd5..0000000 --- a/bitnami/kiam/templates/_helpers.tpl +++ /dev/null @@ -1,100 +0,0 @@ -{{/* -Return the proper kiam image name -*/}} -{{- define "kiam.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "kiam.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use (server) -*/}} -{{- define "kiam.server.serviceAccountName" -}} -{{- if .Values.server.serviceAccount.create -}} - {{ default (printf "%s-server" (include "common.names.fullname" .)) .Values.server.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.server.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use (agent) -*/}} -{{- define "kiam.agent.serviceAccountName" -}} -{{- if .Values.agent.serviceAccount.create -}} - {{ default (printf "%s-agent" (include "common.names.fullname" .)) .Values.agent.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.agent.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Generate certificates for kiam agent and server -*/}} -{{- define "kiam.agent.gen-certs" -}} -{{- $ca := .ca | default (genCA "kiam-ca" 365) -}} -{{- $_ := set . "ca" $ca -}} -{{- $cert := genSignedCert "Kiam Agent" nil nil 365 $ca -}} -{{ .Values.agent.tlsCerts.caFileName }}: {{ $ca.Cert | b64enc }} -{{ .Values.agent.tlsCerts.certFileName }}: {{ $cert.Cert | b64enc }} -{{ .Values.agent.tlsCerts.keyFileName }}: {{ $cert.Key | b64enc }} -{{- end -}} - -{{- define "kiam.server.gen-certs" -}} -{{- $altNames := list (printf "%s-server" (include "common.names.fullname" .)) (printf "%s-server:%d" (include "common.names.fullname" .) .Values.server.service.port ) (printf "127.0.0.1:%d" .Values.server.containerPort) -}} -{{- $ca := .ca | default (genCA "kiam-ca" 365) -}} -{{- $_ := set . "ca" $ca -}} -{{- $cert := genSignedCert "Kiam Server" (list "127.0.0.1") $altNames 365 $ca -}} -{{ .Values.server.tlsCerts.caFileName }}: {{ $ca.Cert | b64enc }} -{{ .Values.server.tlsCerts.certFileName }}: {{ $cert.Cert | b64enc }} -{{ .Values.server.tlsCerts.keyFileName }}: {{ $cert.Key | b64enc }} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "kiam.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "kiam.validateValues.ports" .) -}} -{{- $messages := append $messages (include "kiam.validateValues.nodeploy" .) -}} -{{- $messages := append $messages (include "kiam.validateValues.resourceType" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Kiam - ports */}} -{{- define "kiam.validateValues.ports" -}} -{{- if and .Values.server.enabled .Values.server.metrics.enabled (eq .Values.server.containerPort .Values.server.metrics.port) -}} -kiam: server-ports-conflict - You enabled the metrics endpoint with the same port as the kiam server port, {{ .Values.server.containerPort }} == {{ .Values.server.metrics.port }}. - Please use a different port by setting server.metrics.port and server.containerPort with different values. -{{- end -}} -{{- end -}} - -{{/* Validate values of Kiam - no deployment */}} -{{- define "kiam.validateValues.nodeploy" -}} -{{- if and (not .Values.server.enabled) (not .Values.agent.enabled) -}} -kiam: nothing-deployed - You did not deploy neither the server nor the agents. Please set at least one of the following values - server.enabled=true - agent.enabled=true -{{- end -}} -{{- end -}} - -{{/* Validate values of Kiam - resource type */}} -{{- define "kiam.validateValues.resourceType" -}} -{{- if and (not (eq .Values.server.resourceType "daemonset")) (not (eq .Values.server.resourceType "deployment")) -}} -kiam: server-resource-type - Server resource type {{ .Values.server.resourceType }} is not valid, only "daemonset" and "deployment" are allowed -{{- end -}} -{{- end -}} diff --git a/bitnami/kiam/templates/agent/agent-daemonset.yaml b/bitnami/kiam/templates/agent/agent-daemonset.yaml deleted file mode 100644 index 0db3528..0000000 --- a/bitnami/kiam/templates/agent/agent-daemonset.yaml +++ /dev/null @@ -1,220 +0,0 @@ -{{- if .Values.agent.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: agent - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-agent - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.agent.updateStrategy }} - updateStrategy: {{- toYaml .Values.agent.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: agent - template: - metadata: - {{- if .Values.agent.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.agent.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: agent - {{- if .Values.agent.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.agent.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "kiam.imagePullSecrets" . | nindent 6 }} - {{- if .Values.agent.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.agent.hostAliases "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "kiam.agent.serviceAccountName" . }} - dnsPolicy: {{ .Values.agent.dnsPolicy }} - hostNetwork: {{ .Values.agent.useHostNetwork }} - {{- if .Values.agent.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.agent.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.agent.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.agent.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.agent.nodeAffinityPreset.type "key" .Values.agent.nodeAffinityPreset.key "values" .Values.agent.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.agent.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.agent.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.agent.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.agent.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.agent.priorityClassName }} - priorityClassName: {{ .Values.agent.priorityClassName | quote }} - {{- end }} - {{- if .Values.agent.podSecurityContext.enabled }} - securityContext: {{- omit .Values.agent.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.agent.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.agent.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: agent - image: {{ template "kiam.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.agent.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.agent.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.agent.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.agent.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.agent.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.agent.command "context" $) | nindent 12 }} - {{- else }} - command: - - kiam - - agent - {{- end }} - {{- if .Values.agent.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.agent.args "context" $) | nindent 12 }} - {{- else }} - args: - {{- if .Values.agent.iptables }} - - --iptables - {{- end }} - {{- if not .Values.agent.iptablesRemoveOnShutdown }} - - --no-iptables-remove - {{- end }} - - --host-interface={{ .Values.agent.hostInterface }} - {{- if .Values.agent.logJsonOutput }} - - --json-log - {{- end }} - - --level={{ .Values.agent.logLevel }} - - --port={{ .Values.agent.containerPort }} - - --cert=/bitnami/kiam/tls/{{ .Values.agent.tlsCerts.certFileName }} - - --key=/bitnami/kiam/tls/{{ .Values.agent.tlsCerts.keyFileName }} - - --ca=/bitnami/kiam/tls/{{ .Values.agent.tlsCerts.caFileName }} - - --server-address={{ template "common.names.fullname" . }}-server:{{ .Values.server.service.port }} - {{- if .Values.agent.metrics.enabled }} - - --prometheus-listen-addr=0.0.0.0:{{ .Values.agent.metrics.port }} - - --prometheus-sync-interval={{ .Values.agent.metrics.syncInterval }} - {{- end }} - {{- if .Values.agent.allowRouteRegExp }} - - --allow-route-regexp={{ .Values.agent.allowRouteRegExp }} - {{- end }} - - --gateway-timeout-creation={{ .Values.agent.gatewayTimeoutCreation }} - {{- if .Values.agent.keepaliveParams.time }} - - --grpc-keepalive-time-ms={{ .Values.agent.keepaliveParams.time }} - {{- end }} - {{- if .Values.agent.keepaliveParams.timeout }} - - --grpc-keepalive-timeout-ms={{ .Values.agent.keepaliveParams.timeout }} - {{- end }} - {{- if .Values.agent.keepaliveParams.permitWithoutStream }} - - --grpc-keepalive-permit-without-stream - {{- end }} - {{- range $key, $value := .Values.agent.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - {{- if .Values.agent.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.agent.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.agent.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.agent.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.agent.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.agent.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - {{- if .Values.agent.metrics.enabled }} - - name: metrics - containerPort: {{ .Values.agent.metrics.port }} - protocol: TCP - {{- end }} - {{- if .Values.agent.resources }} - resources: {{- toYaml .Values.agent.resources | nindent 12 }} - {{- end }} - {{- if .Values.agent.livenessProbe.enabled }} - livenessProbe: - httpGet: - {{- if .Values.agent.enableDeepProbe }} - path: /health?deep=1 - {{- else }} - path: /ping - {{- end }} - port: {{ .Values.agent.containerPort }} - initialDelaySeconds: {{ .Values.agent.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.agent.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.agent.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.agent.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.agent.livenessProbe.failureThreshold }} - {{- else if .Values.agent.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.agent.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.agent.readinessProbe.enabled }} - readinessProbe: - httpGet: - {{- if .Values.agent.enableDeepProbe }} - path: /health?deep=1 - {{- else }} - path: /ping - {{- end }} - port: {{ .Values.agent.containerPort }} - initialDelaySeconds: {{ .Values.agent.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.agent.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.agent.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.agent.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.agent.readinessProbe.failureThreshold }} - {{- else if .Values.agent.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.agent.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /bitnami/kiam/tls - name: tls - {{- if .Values.server.sslCertHostPath }} - - mountPath: /etc/ssl/certs - name: ssl-certs - readOnly: true - {{- end }} - - mountPath: /var/run/xtables.lock - name: xtables - {{- if .Values.agent.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.agent.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.agent.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.agent.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: tls - secret: - {{- if .Values.agent.tlsSecret }} - secretName: {{ .Values.agent.tlsSecret }} - {{else}} - secretName: {{ template "common.names.fullname" . }}-agent - {{- end }} - {{- if .Values.server.sslCertHostPath }} - - name: ssl-certs - hostPath: - path: {{ .Values.server.sslCertHostPath }} - {{- end }} - - name: xtables - hostPath: - path: /run/xtables.lock - type: FileOrCreate - {{- if .Values.agent.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.agent.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/agent/agent-psp-clusterrole.yaml b/bitnami/kiam/templates/agent/agent-psp-clusterrole.yaml deleted file mode 100644 index b7907e0..0000000 --- a/bitnami/kiam/templates/agent/agent-psp-clusterrole.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.agent.enabled .Values.agent.podSecurityPolicy.create }} -{{- if .Values.rbac.create }} -kind: ClusterRole -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: agent - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-agent-psp - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - {{ template "common.names.fullname" . }}-agent - verbs: - - use -{{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/agent/agent-psp-clusterrolebinding.yaml b/bitnami/kiam/templates/agent/agent-psp-clusterrolebinding.yaml deleted file mode 100644 index 41cd06d..0000000 --- a/bitnami/kiam/templates/agent/agent-psp-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.agent.enabled .Values.agent.podSecurityPolicy.create }} -{{- if .Values.rbac.create }} -kind: ClusterRoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: agent - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-agent-psp - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "common.names.fullname" . }}-agent-psp -subjects: - - kind: ServiceAccount - name: {{ template "kiam.agent.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/agent/agent-psp.yaml b/bitnami/kiam/templates/agent/agent-psp.yaml deleted file mode 100644 index 296b3ab..0000000 --- a/bitnami/kiam/templates/agent/agent-psp.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if and .Values.agent.enabled .Values.agent.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: agent - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-agent - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - privileged: false - {{- if .Values.agent.iptables }} - allowedCapabilities: - - "NET_ADMIN" - {{ end }} - allowPrivilegeEscalation: false - volumes: - - 'secret' - - 'hostPath' - allowedHostPaths: - - pathPrefix: "/run/xtables.lock" - - pathPrefix: {{ .Values.agent.sslCertHostPath }} - readOnly: true - {{- if .Values.agent.podSecurityPolicy.allowedHostPaths }} - {{- toYaml .Values.agent.podSecurityPolicy.allowedHostPaths | nindent 4 }} - {{- end }} - hostNetwork: {{ .Values.agent.useHostNetwork }} - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - {{- if .Values.agent.containerSecurityContext.seLinuxOptions }} - rule: 'MustRunAs' - seLinuxOptions: {{- toYaml .Values.agent.containerSecurityContext.seLinuxOptions | nindent 6 }} - {{- else }} - rule: 'RunAsAny' - {{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/bitnami/kiam/templates/agent/agent-secret.yaml b/bitnami/kiam/templates/agent/agent-secret.yaml deleted file mode 100644 index 2447573..0000000 --- a/bitnami/kiam/templates/agent/agent-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.agent.enabled (not .Values.agent.tlsSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: agent - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-agent - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: -{{- if .Values.agent.tlsFiles.ca }} - {{- toYaml .Values.agent.tlsFiles | nindent 2 }} -{{- else }} - {{- include "kiam.agent.gen-certs" . | nindent 2 }} -{{- end -}} -{{- end }} diff --git a/bitnami/kiam/templates/agent/agent-service-account.yaml b/bitnami/kiam/templates/agent/agent-service-account.yaml deleted file mode 100644 index 8fafa94..0000000 --- a/bitnami/kiam/templates/agent/agent-service-account.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.agent.enabled }} -{{- if .Values.rbac.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: agent - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "kiam.agent.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/agent/agent-service.yaml b/bitnami/kiam/templates/agent/agent-service.yaml deleted file mode 100644 index 1f06123..0000000 --- a/bitnami/kiam/templates/agent/agent-service.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if .Values.agent.enabled }} -{{- if .Values.agent.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: agent - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-agent-metrics - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.agent.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.agent.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if and .Values.agent.metrics.enabled .Values.agent.metrics.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.agent.metrics.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.agent.service.type }} - {{- if and .Values.agent.service.clusterIP (eq .Values.agent.service.type "ClusterIP") }} - clusterIP: {{ .Values.agent.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.agent.service.type "LoadBalancer") (eq .Values.agent.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.agent.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.agent.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.agent.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.agent.service.type "LoadBalancer") (not (empty .Values.agent.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.agent.service.loadBalancerIP }} - {{- end }} - ports: - - name: metrics - port: {{ .Values.agent.metrics.port }} - targetPort: metrics - protocol: TCP - {{- if (and (or (eq .Values.agent.service.type "NodePort") (eq .Values.agent.service.type "LoadBalancer")) (not (empty .Values.agent.service.nodePorts.metrics))) }} - nodePort: {{ .Values.agent.service.nodePorts.metrics }} - {{- else if eq .Values.agent.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: agent -{{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/agent/agent-servicemonitor.yaml b/bitnami/kiam/templates/agent/agent-servicemonitor.yaml deleted file mode 100644 index eb50062..0000000 --- a/bitnami/kiam/templates/agent/agent-servicemonitor.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if and .Values.agent.enabled .Values.agent.metrics.enabled .Values.agent.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }}-agent - {{- if .Values.agent.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.agent.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: agent - {{- range $key, $value := .Values.agent.metrics.serviceMonitor.selector }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: agent - endpoints: - - port: metrics - {{- if .Values.agent.metrics.serviceMonitor.interval }} - interval: {{ .Values.agent.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.agent.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.agent.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.agent.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.agent.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.agent.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.agent.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kiam/templates/server/server-daemonset.yaml b/bitnami/kiam/templates/server/server-daemonset.yaml deleted file mode 100644 index 13f6e08..0000000 --- a/bitnami/kiam/templates/server/server-daemonset.yaml +++ /dev/null @@ -1,209 +0,0 @@ -{{- if and .Values.server.enabled (eq .Values.server.resourceType "daemonset") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-server - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.server.updateStrategy }} - updateStrategy: {{- toYaml .Values.server.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: server - template: - metadata: - {{- if .Values.server.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.server.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: server - {{- if .Values.server.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.server.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "kiam.imagePullSecrets" . | nindent 6 }} - {{- if .Values.server.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.server.hostAliases "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "kiam.server.serviceAccountName" . }} - dnsPolicy: {{ .Values.server.dnsPolicy }} - hostNetwork: {{ .Values.server.useHostNetwork }} - {{- if .Values.server.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.server.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.server.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.server.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.server.nodeAffinityPreset.type "key" .Values.server.nodeAffinityPreset.key "values" .Values.server.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.server.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.server.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName | quote }} - {{- end }} - {{- if .Values.server.podSecurityContext.enabled }} - securityContext: {{- omit .Values.server.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.server.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.server.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: server - image: {{ template "kiam.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.server.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.server.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.server.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.server.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.server.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.server.command "context" $) | nindent 12 }} - {{- else }} - command: - - kiam - - server - {{- end }} - {{- if .Values.server.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.server.args "context" $) | nindent 12 }} - {{- else }} - args: - {{- if .Values.server.logJsonOutput }} - - --json-log - {{- end }} - - --level={{ .Values.server.logLevel }} - - --bind=0.0.0.0:{{ .Values.server.containerPort }} - - --cert=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.certFileName }} - - --key=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.keyFileName }} - - --ca=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.caFileName }} - {{- if .Values.server.roleBaseArn }} - - --role-base-arn={{ .Values.server.roleBaseArn }} - {{- else }} - - --role-base-arn-autodetect - {{- end }} - {{- if .Values.server.assumeRoleArn }} - - --assume-role-arn={{ .Values.server.assumeRoleArn }} - {{- end }} - - --session-duration={{ .Values.server.sessionDuration }} - - --sync={{ .Values.server.cacheSyncInterval }} - {{- if .Values.server.metrics.enabled }} - - --prometheus-listen-addr=0.0.0.0:{{ .Values.server.metrics.port }} - - --prometheus-sync-interval={{ .Values.server.metrics.syncInterval }} - {{- end }} - {{- range $key, $value := .Values.server.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- end }} - ports: - - name: grpclb - containerPort: {{ .Values.server.containerPort }} - protocol: TCP - {{- if .Values.server.metrics.enabled }} - - name: metrics - containerPort: {{ .Values.server.metrics.port }} - protocol: TCP - {{- end }} - {{- if .Values.server.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.server.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.server.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.server.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.server.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.server.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.server.resources }} - resources: {{- toYaml .Values.server.resources | nindent 12 }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - kiam - - health - - --cert=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.certFileName }} - - --key=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.keyFileName }} - - --ca=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.caFileName }} - - --server-address=127.0.0.1:{{ .Values.server.containerPort }} - - --server-address-refresh=2s - - --timeout=5s - - --gateway-timeout-creation={{ .Values.server.gatewayTimeoutCreation }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - {{- else if .Values.server.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - kiam - - health - - --cert=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.certFileName }} - - --key=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.keyFileName }} - - --ca=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.caFileName }} - - --server-address=127.0.0.1:{{ .Values.server.containerPort }} - - --server-address-refresh=2s - - --timeout=5s - - --gateway-timeout-creation={{ .Values.server.gatewayTimeoutCreation }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - {{- else if .Values.server.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /bitnami/kiam/tls - name: tls - {{- if .Values.server.sslCertHostPath }} - - mountPath: /etc/ssl/certs - name: ssl-certs - readOnly: true - {{- end }} - {{- if .Values.server.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.server.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.server.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.server.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: tls - secret: - {{- if .Values.server.tlsSecret }} - secretName: {{ .Values.server.tlsSecret }} - {{else}} - secretName: {{ template "common.names.fullname" . }}-server - {{- end }} - {{- if .Values.server.sslCertHostPath }} - - name: ssl-certs - hostPath: - path: {{ .Values.server.sslCertHostPath }} - {{- end }} - {{- if .Values.server.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.server.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/server/server-deployment.yaml b/bitnami/kiam/templates/server/server-deployment.yaml deleted file mode 100644 index 905a8b2..0000000 --- a/bitnami/kiam/templates/server/server-deployment.yaml +++ /dev/null @@ -1,210 +0,0 @@ -{{- if and .Values.server.enabled (eq .Values.server.resourceType "deployment") }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-server - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.server.replicaCount }} - {{- if .Values.server.updateStrategy }} - strategy: {{- toYaml .Values.server.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: server - template: - metadata: - {{- if .Values.server.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.server.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: server - {{- if .Values.server.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.server.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "kiam.imagePullSecrets" . | nindent 6 }} - {{- if .Values.server.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.server.hostAliases "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "kiam.server.serviceAccountName" . }} - dnsPolicy: {{ .Values.server.dnsPolicy }} - hostNetwork: {{ .Values.server.useHostNetwork }} - {{- if .Values.server.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.server.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.server.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.server.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.server.nodeAffinityPreset.type "key" .Values.server.nodeAffinityPreset.key "values" .Values.server.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.server.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.server.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName | quote }} - {{- end }} - {{- if .Values.server.podSecurityContext.enabled }} - securityContext: {{- omit .Values.server.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.server.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.server.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: server - image: {{ template "kiam.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.server.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.server.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.server.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.server.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.server.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.server.command "context" $) | nindent 12 }} - {{- else }} - command: - - kiam - - server - {{- end }} - {{- if .Values.server.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.server.args "context" $) | nindent 12 }} - {{- else }} - args: - {{- if .Values.server.logJsonOutput }} - - --json-log - {{- end }} - - --level={{ .Values.server.logLevel }} - - --bind=0.0.0.0:{{ .Values.server.containerPort }} - - --cert=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.certFileName }} - - --key=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.keyFileName }} - - --ca=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.caFileName }} - {{- if .Values.server.roleBaseArn }} - - --role-base-arn={{ .Values.server.roleBaseArn }} - {{- else }} - - --role-base-arn-autodetect - {{- end }} - {{- if .Values.server.assumeRoleArn }} - - --assume-role-arn={{ .Values.server.assumeRoleArn }} - {{- end }} - - --session-duration={{ .Values.server.sessionDuration }} - - --sync={{ .Values.server.cacheSyncInterval }} - {{- if .Values.server.metrics.enabled }} - - --prometheus-listen-addr=0.0.0.0:{{ .Values.server.metrics.port }} - - --prometheus-sync-interval={{ .Values.server.metrics.syncInterval }} - {{- end }} - {{- range $key, $value := .Values.server.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- end }} - ports: - - name: grpclb - containerPort: {{ .Values.server.containerPort }} - protocol: TCP - {{- if .Values.server.metrics.enabled }} - - name: metrics - containerPort: {{ .Values.server.metrics.port }} - protocol: TCP - {{- end }} - {{- if .Values.server.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.server.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.server.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.server.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.server.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.server.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.server.resources }} - resources: {{- toYaml .Values.server.resources | nindent 12 }} - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - kiam - - health - - --cert=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.certFileName }} - - --key=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.keyFileName }} - - --ca=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.caFileName }} - - --server-address=127.0.0.1:{{ .Values.server.containerPort }} - - --server-address-refresh=2s - - --timeout=5s - - --gateway-timeout-creation={{ .Values.server.gatewayTimeoutCreation }} - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - {{- else if .Values.server.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - kiam - - health - - --cert=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.certFileName }} - - --key=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.keyFileName }} - - --ca=/bitnami/kiam/tls/{{ .Values.server.tlsCerts.caFileName }} - - --server-address=127.0.0.1:{{ .Values.server.containerPort }} - - --server-address-refresh=2s - - --timeout=5s - - --gateway-timeout-creation={{ .Values.server.gatewayTimeoutCreation }} - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - {{- else if .Values.server.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /bitnami/kiam/tls - name: tls - {{- if .Values.server.sslCertHostPath }} - - mountPath: /etc/ssl/certs - name: ssl-certs - readOnly: true - {{- end }} - {{- if .Values.server.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.server.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.server.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.server.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: tls - secret: - {{- if .Values.server.tlsSecret }} - secretName: {{ .Values.server.tlsSecret }} - {{else}} - secretName: {{ template "common.names.fullname" . }}-server - {{- end }} - {{- if .Values.server.sslCertHostPath }} - - name: ssl-certs - hostPath: - path: {{ .Values.server.sslCertHostPath }} - {{- end }} - {{- if .Values.server.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.server.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/server/server-psp-clusterrole.yaml b/bitnami/kiam/templates/server/server-psp-clusterrole.yaml deleted file mode 100644 index d4adbf5..0000000 --- a/bitnami/kiam/templates/server/server-psp-clusterrole.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.podSecurityPolicy.create }} -{{- if .Values.rbac.create }} -kind: ClusterRole -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-server-psp - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - policy - resources: - - podsecuritypolicies - resourceNames: - - {{ template "common.names.fullname" . }}-server - verbs: - - use -{{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/server/server-psp-clusterrolebinding.yaml b/bitnami/kiam/templates/server/server-psp-clusterrolebinding.yaml deleted file mode 100644 index e937f97..0000000 --- a/bitnami/kiam/templates/server/server-psp-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.podSecurityPolicy.create }} -{{- if .Values.rbac.create }} -kind: ClusterRoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-server-psp - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "common.names.fullname" . }}-server-psp -subjects: - - kind: ServiceAccount - name: {{ template "kiam.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/server/server-psp.yaml b/bitnami/kiam/templates/server/server-psp.yaml deleted file mode 100644 index f7db1d4..0000000 --- a/bitnami/kiam/templates/server/server-psp.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-server - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - volumes: - - 'secret' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ .Values.server.sslCertHostPath }} - readOnly: true - {{- if .Values.server.podSecurityPolicy.allowedHostPaths }} - {{- toYaml .Values.server.podSecurityPolicy.allowedHostPaths | nindent 4 }} - {{- end }} - hostNetwork: {{ .Values.server.useHostNetwork }} - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - {{- if .Values.server.containerSecurityContext.seLinuxOptions }} - rule: 'MustRunAs' - seLinuxOptions: {{- toYaml .Values.server.containerSecurityContext.seLinuxOptions | nindent 6 }} - {{- else }} - rule: 'RunAsAny' - {{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/bitnami/kiam/templates/server/server-read-clusterrole.yaml b/bitnami/kiam/templates/server/server-read-clusterrole.yaml deleted file mode 100644 index e4a202a..0000000 --- a/bitnami/kiam/templates/server/server-read-clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.server.enabled }} -{{- if .Values.rbac.create }} -kind: ClusterRole -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-server-read - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - namespaces - - pods - verbs: - - watch - - get - - list -{{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/server/server-read-clusterrolebinding.yaml b/bitnami/kiam/templates/server/server-read-clusterrolebinding.yaml deleted file mode 100644 index 1cea01f..0000000 --- a/bitnami/kiam/templates/server/server-read-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.server.enabled }} -{{- if .Values.rbac.create }} -kind: ClusterRoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-server-read - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "common.names.fullname" . }}-server-read -subjects: - - kind: ServiceAccount - name: {{ template "kiam.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/server/server-secret.yaml b/bitnami/kiam/templates/server/server-secret.yaml deleted file mode 100644 index 31369a6..0000000 --- a/bitnami/kiam/templates/server/server-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and (.Values.server.enabled) (not .Values.server.tlsSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-server - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: -{{- if .Values.server.tlsFiles.ca }} - {{- toYaml .Values.server.tlsFiles | nindent 2 }} -{{- else }} - {{- include "kiam.server.gen-certs" . | nindent 2 }} -{{- end -}} -{{- end }} diff --git a/bitnami/kiam/templates/server/server-service-account.yaml b/bitnami/kiam/templates/server/server-service-account.yaml deleted file mode 100644 index 9841b2f..0000000 --- a/bitnami/kiam/templates/server/server-service-account.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.server.enabled }} -{{- if .Values.rbac.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "kiam.server.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/server/server-service.yaml b/bitnami/kiam/templates/server/server-service.yaml deleted file mode 100644 index 25d3cb8..0000000 --- a/bitnami/kiam/templates/server/server-service.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.server.enabled }} -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-server - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.server.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.server.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if and .Values.server.metrics.enabled .Values.server.metrics.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.server.metrics.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.server.service.type }} - {{- if and .Values.server.service.clusterIP (eq .Values.server.service.type "ClusterIP") }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.server.service.type "LoadBalancer") (eq .Values.server.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.server.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.server.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.server.service.type "LoadBalancer") (not (empty .Values.server.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.server.service.loadBalancerIP }} - {{- end }} - ports: - - name: grpclb - port: {{ .Values.server.service.port }} - targetPort: {{ .Values.server.containerPort }} - protocol: TCP - {{- if (and (or (eq .Values.server.service.type "NodePort") (eq .Values.server.service.type "LoadBalancer")) (not (empty .Values.server.service.nodePorts.http))) }} - nodePort: {{ .Values.server.service.nodePorts.http }} - {{- else if eq .Values.server.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.server.metrics.enabled }} - - name: metrics - port: {{ .Values.server.metrics.port }} - targetPort: metrics - protocol: TCP - {{- if (and (or (eq .Values.server.service.type "NodePort") (eq .Values.server.service.type "LoadBalancer")) (not (empty .Values.server.service.nodePorts.metrics))) }} - nodePort: {{ .Values.server.service.nodePorts.metrics }} - {{- else if eq .Values.server.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: server -{{- end }} diff --git a/bitnami/kiam/templates/server/server-servicemonitor.yaml b/bitnami/kiam/templates/server/server-servicemonitor.yaml deleted file mode 100644 index ff0f5cf..0000000 --- a/bitnami/kiam/templates/server/server-servicemonitor.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if and .Values.server.enabled .Values.server.metrics.enabled .Values.server.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }}-server - {{- if .Values.server.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.server.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- range $key, $value := .Values.server.metrics.serviceMonitor.selector }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: server - endpoints: - - port: metrics - {{- if .Values.server.metrics.serviceMonitor.interval }} - interval: {{ .Values.server.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.server.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.server.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.server.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.server.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.server.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.server.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kiam/templates/server/server-write-clusterrole.yaml b/bitnami/kiam/templates/server/server-write-clusterrole.yaml deleted file mode 100644 index 933cd6d..0000000 --- a/bitnami/kiam/templates/server/server-write-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.server.enabled }} -{{- if .Values.rbac.create }} -kind: ClusterRole -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-server-write - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -{{- end }} -{{- end }} diff --git a/bitnami/kiam/templates/server/server-write-clusterrolebinding.yaml b/bitnami/kiam/templates/server/server-write-clusterrolebinding.yaml deleted file mode 100644 index 8348399..0000000 --- a/bitnami/kiam/templates/server/server-write-clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.server.enabled }} -{{- if .Values.rbac.create }} -kind: ClusterRoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-server-write - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "common.names.fullname" . }}-server-write -subjects: - - kind: ServiceAccount - name: {{ template "kiam.server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} diff --git a/bitnami/kiam/values.yaml b/bitnami/kiam/values.yaml deleted file mode 100644 index c23bf8c..0000000 --- a/bitnami/kiam/values.yaml +++ /dev/null @@ -1,791 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param nameOverride Release name override -## -nameOverride: "" -## @param fullnameOverride Release full name override -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section kiam image parameters - -## @param image.registry kiam image registry -## @param image.repository kiam image name -## @param image.tag kiam image tag -## @param image.pullPolicy kiam image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## -image: - registry: docker.io - repository: bitnami/kiam - tag: 3.6.0-debian-10-r316 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - -## @section kiam server parameters - -## kiam server properties -## -server: - ## @param server.enabled Deploy the kiam server - ## - enabled: true - ## @param server.containerPort HTTPS port to expose at container level - ## - containerPort: 8443 - ## @param server.resourceType Specify how to deploy the server (allowed values: `daemonset` and `deployment`) - ## - resourceType: daemonset - ## @param server.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param server.useHostNetwork Use host networking (ports will be directly exposed in the host) - ## - useHostNetwork: false - ## @param server.replicaCount Number of replicas to deploy (when `server.resourceType` is `daemonset`) - ## - replicaCount: 1 - ## @param server.logJsonOutput Use JSON format for logs - ## - logJsonOutput: true - ## @param server.logLevel Logging level - ## - logLevel: info - ## @param server.sslCertHostPath Path to the host system SSL certificates (necessary for contacting the AWS metadata server) - ## - sslCertHostPath: /etc/ssl/certs - ## @param server.podSecurityPolicy.create Create a PodSecurityPolicy resource - ## @param server.podSecurityPolicy.allowedHostPaths Extra host paths to allow in the PodSecurityPolicy - ## - podSecurityPolicy: - create: true - allowedHostPaths: [] - ## @param server.priorityClassName Server priorityClassName - ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param server.livenessProbe.enabled Enable livenessProbe - ## @param server.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param server.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param server.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param server.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param server.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 30 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param server.readinessProbe.enabled Enable readinessProbe - ## @param server.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param server.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param server.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param server.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param server.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 30 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param server.extraArgs Extra arguments to add to the default kiam command - ## - extraArgs: {} - ## @param server.command Override kiam default command - ## - command: [] - ## @param server.args Override kiam default args - ## - args: [] - ## @param server.tlsFiles [object] Base64-encoded PEM values for server's CA certificate(s), certificate and private key - ## - tlsFiles: - ca: - cert: - key: - ## @param server.gatewayTimeoutCreation Timeout when creating the kiam gateway - ## - gatewayTimeoutCreation: 1s - ## @param server.tlsSecret Name of a secret with TLS certificates for the container - ## - tlsSecret: "" - ## @param server.dnsPolicy Pod DNS policy - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy - ## - dnsPolicy: Default - ## @param server.roleBaseArn Base ARN for IAM roles. If not set kiam will detect it automatically - ## If not specified use EC2 metadata service to detect ARN prefix - ## - roleBaseArn: "" - ## @param server.cacheSyncInterval Cache synchronization interval - ## - cacheSyncInterval: 1m - ## @param server.assumeRoleArn IAM role for the server to assume - ## - assumeRoleArn: "" - ## @param server.sessionDuration Session duration for STS tokens - ## - sessionDuration: 15m - ## @param server.tlsCerts [object] Agent TLS Certificate filenames - ## - tlsCerts: - certFileName: cert.pem - keyFileName: key.pem - caFileName: ca.pem - ## Kiam server resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param server.resources.limits The resources limits for the kiam container - ## @param server.resources.requests The requested resources for the kiam container - ## - resources: - ## Example: - ## limits: - ## cpu: 200m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 200m - ## memory: 10Mi - requests: {} - ## SecurityContext configuration - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param server.containerSecurityContext.enabled Enabled kiam server containers' Security Context - ## @param server.containerSecurityContext.runAsUser Set kiam server container's Security Context runAsUser - ## @param server.containerSecurityContext.runAsNonRoot Set kiam server container's Security Context runAsNonRoot - ## @param server.containerSecurityContext.seLinuxOptions Set kiam server container's Security Context SE Linux options - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - seLinuxOptions: {} - ## @param server.podSecurityContext.enabled Enabled kiam server pods' Security Context - ## @param server.podSecurityContext.fsGroup Set kiam server pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## @param server.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param server.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param server.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param server.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param server.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param server.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## @param server.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param server.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param server.podLabels Extra labels for kiam pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param server.podAnnotations Annotations for kiam pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param server.lifecycleHooks lifecycleHooks for the kiam server container to automate configuration before or after startup. - ## - lifecycleHooks: {} - ## @param server.customLivenessProbe Override default liveness probe - ## - customLivenessProbe: {} - ## @param server.customReadinessProbe Override default readiness probe - ## - customReadinessProbe: {} - ## @param server.updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached - ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the - ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will - ## terminate the single previous pod, so that the new, incoming pod can attach to the PV - ## - updateStrategy: - type: RollingUpdate - ## @param server.extraEnvVars Array containing extra env vars to configure kiam server - ## For example: - ## - name: BEARER_AUTH - ## value: true - ## - extraEnvVars: [] - ## @param server.extraEnvVarsCM ConfigMap containing extra env vars to configure kiam server - ## - extraEnvVarsCM: "" - ## @param server.extraEnvVarsSecret Secret containing extra env vars to configure kiam server (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param server.extraVolumes Optionally specify extra list of additional volumes for kiam pods - ## - extraVolumes: [] - ## @param server.extraVolumeMounts Optionally specify extra list of additional volumeMounts for kiam container(s) - ## - extraVolumeMounts: [] - ## @param server.initContainers Add additional init containers to the kiam pods - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param server.sidecars Add additional sidecar containers to the kiam pods - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - - ## @section kiam server exposure parameters - - ## Service configuration - ## - service: - ## @param server.service.type Kubernetes service type - ## - type: ClusterIP - ## @param server.service.port Service HTTPS port - ## - port: 8443 - ## @param server.service.nodePorts [object] Specify the nodePort values for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - http: - metrics: - ## @param server.service.clusterIP kiam service clusterIP IP - ## - clusterIP: None - ## @param server.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param server.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## Example: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param server.service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param server.service.annotations Annotations for kiam service - ## - annotations: {} - - ## @section kiam server Service Account parameters - - ## Specifies whether a ServiceAccount should be created - ## - serviceAccount: - ## @param server.serviceAccount.create Enable the creation of a ServiceAccount for kiam pods - ## - create: true - ## @param server.serviceAccount.name Name of the created ServiceAccount - ## If not set and create is true, a name is generated using the fullname template - ## - name: "" - - ## @section kiam server metrics parameters - - metrics: - ## @param server.metrics.enabled Enable exposing kiam statistics - ## - enabled: false - ## @param server.metrics.port Metrics port - ## - port: 9621 - ## @param server.metrics.syncInterval Metrics synchronization interval statistics - ## - syncInterval: 5s - ## @param server.metrics.annotations [object] Annotations for enabling prometheus to access the metrics endpoints - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: '{{ .Values.server.metrics.port }}' - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param server.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param server.metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: "" - ## @param server.metrics.serviceMonitor.interval Interval at which metrics should be scraped - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: 30s - ## @param server.metrics.serviceMonitor.metricRelabelings Specify Metric Relabellings to add to the scrape endpoint - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint - ## - metricRelabelings: [] - ## @param server.metrics.serviceMonitor.relabelings Specify Relabelings to add to the scrape endpoint - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint - ## - relabelings: [] - ## @param server.metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - scrapeTimeout: "" - ## @param server.metrics.serviceMonitor.selector metrics service selector - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## - selector: {} - -## @section kiam agent parameters - -## kiam agent properties -## -agent: - ## @param agent.enabled Deploy the kiam agent - ## - enabled: true - ## Logging settings - ## @param agent.logJsonOutput Use JSON format for logs - ## @param agent.logLevel Logging level - ## - logJsonOutput: true - logLevel: info - ## @param agent.priorityClassName Server priorityClassName - ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param agent.allowRouteRegExp Regexp with the allowed paths for agents to redirect - ## - allowRouteRegExp: "" - ## @param agent.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## Host networking settings - ## @param agent.containerPort HTTPS port to expose at container level - ## @param agent.iptables Have the agent modify the host iptables rules - ## @param agent.iptablesRemoveOnShutdown Remove iptables rules when shutting down the agent node - ## @param agent.hostInterface Interface for agents for redirecting requests - ## - containerPort: 8183 - iptables: false - ## Do not remove iptables forwarding rules when kiam-agent terminates - ## needed for RollingUpdate strategy and for security reasons - iptablesRemoveOnShutdown: false - hostInterface: cali+ - ## gRPC keepalive variables - ## @param agent.keepaliveParams.permitWithoutStream Permit keepalive without stream - ## @param agent.keepaliveParams.time Keepalive time - ## @param agent.keepaliveParams.timeout Keepalive timeout - ## - keepaliveParams: - time: "" - timeout: "" - permitWithoutStream: false - ## @param agent.enableDeepProbe Use the probes using the `/health` endpoint - ## able to communicate with servers, which may happen on - ## certificate change - ## - enableDeepProbe: false - ## @param agent.dnsPolicy Pod DNS policy - ## Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods-dns-policy - ## - dnsPolicy: ClusterFirstWithHostNet - ## @param agent.sslCertHostPath Path to the host system SSL certificates (necessary for contacting the AWS metadata agent) - ## - sslCertHostPath: /etc/ssl/certs - ## @param agent.tlsFiles [object] Base64-encoded PEM values for server's CA certificate(s), certificate and private key - ## - tlsFiles: - ca: - cert: - key: - ## @param agent.podSecurityPolicy.create Create a PodSecurityPolicy resource - ## @param agent.podSecurityPolicy.allowedHostPaths Extra host paths to allow in the PodSecurityPolicy - ## - podSecurityPolicy: - create: true - allowedHostPaths: [] - ## @param agent.tlsSecret Name of a secret with TLS certificates for the container - ## - tlsSecret: "" - ## @param agent.useHostNetwork Use host networking (ports will be directly exposed in the host) - ## This is necessary for intercepting the metadata URL for nodes. - ## - useHostNetwork: true - ## @param agent.tlsCerts [object] Agent TLS Certificate filenames - ## - tlsCerts: - certFileName: cert.pem - keyFileName: key.pem - caFileName: ca.pem - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param agent.livenessProbe.enabled Enable livenessProbe - ## @param agent.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param agent.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param agent.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param agent.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param agent.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 30 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param agent.readinessProbe.enabled Enable readinessProbe - ## @param agent.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param agent.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param agent.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param agent.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param agent.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 30 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param agent.extraArgs Extra arguments to add to the default kiam command - ## - extraArgs: {} - ## @param agent.gatewayTimeoutCreation Timeout when creating the kiam gateway - ## - gatewayTimeoutCreation: 1s - ## @param agent.command Override kiam default command - ## - command: [] - ## @param agent.args Override kiam default args - ## - args: [] - ## Container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param agent.resources.limits The resources limits for the kiam container - ## @param agent.resources.requests The requested resources for the kiam container - ## - resources: - ## Example: - ## limits: - ## cpu: 200m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 200m - ## memory: 10Mi - requests: {} - ## SecurityContext configuration - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param agent.containerSecurityContext.enabled Enabled agent containers' Security Context - ## @param agent.containerSecurityContext.runAsUser Set agent container's Security Context runAsUser - ## @param agent.containerSecurityContext.runAsNonRoot Set agent container's Security Context runAsNonRoot - ## @param agent.containerSecurityContext.seLinuxOptions Set agent container's Security Context SE Linux options - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - seLinuxOptions: {} - ## @param agent.podSecurityContext.enabled Enabled agent pods' Security Context - ## @param agent.podSecurityContext.fsGroup Set agent pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## @param agent.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param agent.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param agent.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param agent.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param agent.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param agent.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## @param agent.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param agent.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param agent.podLabels Extra labels for kiam pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param agent.podAnnotations Annotations for kiam pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param agent.lifecycleHooks LifecycleHooks to set additional configuration at startup. - ## - lifecycleHooks: {} - ## @param agent.customLivenessProbe Override default liveness probe - ## - customLivenessProbe: {} - ## @param agent.customReadinessProbe Override default readiness probe - ## - customReadinessProbe: {} - ## @param agent.updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached - ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the - ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will - ## terminate the single previous pod, so that the new, incoming pod can attach to the PV - ## - updateStrategy: - type: RollingUpdate - ## @param agent.extraEnvVars Array containing extra env vars to configure kiam agent - ## For example: - ## - name: BEARER_AUTH - ## value: true - ## - extraEnvVars: [] - ## @param agent.extraEnvVarsCM ConfigMap containing extra env vars to configure kiam agent - ## - extraEnvVarsCM: "" - ## @param agent.extraEnvVarsSecret Secret containing extra env vars to configure kiam agent (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param agent.extraVolumes Optionally specify extra list of additional volumes for kiam pods - ## - extraVolumes: [] - ## @param agent.extraVolumeMounts Optionally specify extra list of additional volumeMounts for kiam container(s) - ## - extraVolumeMounts: [] - ## @param agent.initContainers Add additional init containers to the kiam pods - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param agent.sidecars Add additional sidecar containers to the kiam pods - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - - ## @section kiam agent exposure parameters - - ## Service configuration (essentially for metrics) - ## - service: - ## @param agent.service.type Kubernetes service type - ## - type: ClusterIP - ## @param agent.service.nodePorts [object] Specify the nodePort values for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - metrics: - ## @param agent.service.clusterIP kiam service clusterIP IP - ## - clusterIP: "" - ## @param agent.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param agent.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## Example: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param agent.service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param agent.service.annotations Annotations for kiam service - ## - annotations: {} - - ## @section kiam agent Service Account parameters - - serviceAccount: - ## @param agent.serviceAccount.create Enable the creation of a ServiceAccount for kiam pods - ## - create: true - ## @param agent.serviceAccount.name Name of the created ServiceAccount - ## If not set and create is true, a name is generated using the fullname template - ## - name: "" - - ## @section kiam agent metrics parameters - - metrics: - ## @param agent.metrics.enabled Enable exposing kiam statistics - ## - enabled: false - ## @param agent.metrics.port Service HTTP management port - ## - port: 9620 - ## @param agent.metrics.syncInterval Metrics synchronization interval statistics - ## - syncInterval: 5s - ## @param agent.metrics.annotations [object] Annotations for enabling prometheus to access the metrics endpoints - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: '{{ .Values.agent.metrics.port }}' - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param agent.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param agent.metrics.serviceMonitor.namespace Namespace which Prometheus is running in - ## - namespace: "" - ## @param agent.metrics.serviceMonitor.interval Interval at which metrics should be scraped - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: 30s - ## @param agent.metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint - ## - metricRelabelings: [] - ## @param agent.metrics.serviceMonitor.relabelings Specify Relabelings to add to the scrape endpoint - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#podmetricsendpoint - ## - relabelings: [] - ## @param agent.metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - scrapeTimeout: "" - ## @param agent.metrics.serviceMonitor.selector metrics service selector - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## - selector: {} - -## @section RBAC parameters - -## Specifies whether RBAC resources should be created -## @param rbac.create Whether to create and use RBAC resources or not -## -rbac: - create: true diff --git a/bitnami/kibana/Chart.lock b/bitnami/kibana/Chart.lock deleted file mode 100644 index 8ce52d8..0000000 --- a/bitnami/kibana/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:6d608d323ac01a7950ba64fa7caf4169a5d9d33e442c99e23e123caaf303b6b9 -generated: "2021-09-21T19:15:37.30012108Z" diff --git a/bitnami/kibana/Chart.yaml b/bitnami/kibana/Chart.yaml deleted file mode 100644 index 3b5e82c..0000000 --- a/bitnami/kibana/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - category: Analytics -apiVersion: v2 -appVersion: 7.14.2 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Kibana is an open source, browser based analytics and search dashboard for Elasticsearch. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/kibana -icon: https://bitnami.com/assets/stacks/kibana/img/kibana-stack-220x234.png -keywords: - - kibana - - analytics - - monitoring - - metrics - - logs -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: kibana -sources: - - https://github.com/bitnami/bitnami-docker-kibana - - https://www.elastic.co/products/kibana -version: 9.0.4 diff --git a/bitnami/kibana/README.md b/bitnami/kibana/README.md deleted file mode 100644 index 534abfd..0000000 --- a/bitnami/kibana/README.md +++ /dev/null @@ -1,394 +0,0 @@ -# Kibana - -[Kibana](https://kibana.com/) is an open source, browser based analytics and search dashboard for Elasticsearch. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/kibana --set elasticsearch.hosts[0]= --set elasticsearch.port= -``` - -## Introduction - -This chart bootstraps a [Kibana](https://github.com/bitnami/bitnami-docker-kibana) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -This chart requires an Elasticsearch instance to work. You can use an already existing Elasticsearch instance. - - To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release \ - --set elasticsearch.hosts[0]= \ - --set elasticsearch.port= \ - bitnami/kibana -``` - -These commands deploy Kibana on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` statefulset: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. Use the option `--purge` to delete all history too. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------ | --------------------------------------------------------------------------------------------------------- | ----- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template with a string | `""` | - - -### Kibana parameters - -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `image.registry` | Kibana image registry | `docker.io` | -| `image.repository` | Kibana image repository | `bitnami/kibana` | -| `image.tag` | Kibana image tag (immutable tags are recommended) | `7.14.2-debian-10-r0` | -| `image.pullPolicy` | Kibana image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `replicaCount` | Number of replicas of the Kibana Pod | `1` | -| `updateStrategy.type` | Set up update strategy for Kibana installation. | `RollingUpdate` | -| `schedulerName` | Alternative scheduler | `""` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `plugins` | Array containing the Kibana plugins to be installed in deployment | `[]` | -| `savedObjects.urls` | Array containing links to NDJSON files to be imported during Kibana initialization | `[]` | -| `savedObjects.configmap` | Configmap containing NDJSON files to be imported during Kibana initialization (evaluated as a template) | `""` | -| `extraConfiguration` | Extra settings to be added to the default kibana.yml configmap that the chart creates (unless replaced using `configurationCM`). Evaluated as a template | `{}` | -| `configurationCM` | ConfigMap containing a kibana.yml file that will replace the default one specified in configuration.yaml | `""` | -| `extraEnvVars` | Array containing extra env vars to configure Kibana | `[]` | -| `extraEnvVarsCM` | ConfigMap containing extra env vars to configure Kibana | `""` | -| `extraEnvVarsSecret` | Secret containing extra env vars to configure Kibana (in case of sensitive data) | `""` | -| `extraVolumes` | Array to add extra volumes. Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Array to add extra mounts. Normally used with `extraVolumes` | `[]` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `10-debian-10-r199` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | -| `volumePermissions.resources` | Volume Permissions resources | `{}` | -| `persistence.enabled` | Enable persistence | `true` | -| `persistence.storageClass` | Kibana data Persistent Volume Storage Class | `""` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `""` | -| `persistence.accessMode` | Access mode to the PV | `ReadWriteOnce` | -| `persistence.size` | Size for the PV | `10Gi` | -| `livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | -| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `readinessProbe.enabled` | Enable/disable the Readiness probe | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | -| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `forceInitScripts` | Force execution of init scripts | `false` | -| `initScriptsCM` | Configmap with init scripts to execute | `""` | -| `initScriptsSecret` | Secret with init scripts to execute (for sensitive data) | `""` | -| `service.port` | Kubernetes Service port | `5601` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.annotations` | Annotations for Kibana service (evaluated as a template) | `{}` | -| `service.loadBalancerIP` | loadBalancerIP if Kibana service type is `LoadBalancer` | `""` | -| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource. If specified as "*" no host rule is configured | `kibana.local` | -| `ingress.path` | The Path to Kibana. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Additional arbitrary path/backend objects | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `serviceAccount.create` | Enable creation of ServiceAccount for Kibana | `true` | -| `serviceAccount.name` | Name of serviceAccount | `""` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | -| `containerPort` | Port to expose at container level | `5601` | -| `securityContext.enabled` | Enable securityContext on for Kibana deployment | `true` | -| `securityContext.fsGroup` | Group to configure permissions for volumes | `1001` | -| `securityContext.runAsUser` | User for the security context | `1001` | -| `securityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `resources.limits` | The resources limits for the container | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Extra labels to add to Pod | `{}` | -| `sidecars` | Attach additional containers to the pod | `[]` | -| `initContainers` | Add additional init containers to the pod | `[]` | -| `configuration` | Kibana configuration | `{}` | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.service.annotations` | Prometheus annotations for the Kibana service | `{}` | -| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | - - -### Kibana server TLS configuration - -| Name | Description | Value | -| ---------------------- | ------------------------------------------------------------------------------ | ------- | -| `tls.enabled` | Enable SSL/TLS encryption for Kibana server (HTTPS) | `false` | -| `tls.autoGenerated` | Create self-signed TLS certificates. Currently only supports PEM certificates. | `false` | -| `tls.existingSecret` | Name of the existing secret containing Kibana server certificates | `""` | -| `tls.usePemCerts` | Use this variable if your secrets contain PEM certificates instead of PKCS12 | `false` | -| `tls.keyPassword` | Password to access the PEM key when it is password-protected. | `""` | -| `tls.keystorePassword` | Password to access the PKCS12 keystore when it is password-protected. | `""` | -| `tls.passwordsSecret` | Name of a existing secret containing the Keystore or PEM key password | `""` | - - -### Elasticsearch parameters - -| Name | Description | Value | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------- | -| `elasticsearch.hosts` | List of elasticsearch hosts to connect to. | `[]` | -| `elasticsearch.port` | Elasticsearch port | `""` | -| `elasticsearch.security.auth.enabled` | Set to 'true' if Elasticsearch has authentication enabled | `false` | -| `elasticsearch.security.auth.kibanaUsername` | Kibana server user to authenticate with Elasticsearch | `elastic` | -| `elasticsearch.security.auth.kibanaPassword` | Kibana server password to authenticate with Elasticsearch | `""` | -| `elasticsearch.security.auth.existingSecret` | Name of the existing secret containing the Password for the Kibana user | `""` | -| `elasticsearch.security.tls.enabled` | Set to 'true' if Elasticsearch API uses TLS/SSL (HTTPS) | `false` | -| `elasticsearch.security.tls.verificationMode` | Verification mode for SSL communications. | `full` | -| `elasticsearch.security.tls.existingSecret` | Name of the existing secret containing Elasticsearch Truststore or CA certificate. Required unless verificationMode=none | `""` | -| `elasticsearch.security.tls.usePemCerts` | Set to 'true' to use PEM certificates instead of PKCS12. | `false` | -| `elasticsearch.security.tls.truststorePassword` | Password to access the PKCS12 trustore in case it is password-protected. | `""` | -| `elasticsearch.security.tls.passwordsSecret` | Name of a existing secret containing the Truststore password | `""` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set admin.user=admin-user bitnami/kibana -``` - -The above command sets the Kibana admin user to `admin-user`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/kibana -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Change Kibana version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/apps/kibana/configuration/change-image-version/). - -### Use custom configuration - -The Bitnami Kibana chart supports using custom configuration settings. For example, to mount a custom `kibana.yml` you can create a ConfigMap like the following: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: myconfig -data: - kibana.yml: |- - # Raw text of the file -``` - -And now you need to pass the ConfigMap name, to the corresponding parameter: `configurationCM=myconfig` - -An alternative is to provide extra configuration settings to the default kibana.yml that the chart deploys. This is done using the `extraConfiguration` value: - -```yaml -extraConfiguration: - "server.maxPayloadBytes": 1048576 - "server.pingTimeout": 1500 -``` - -### Add extra environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: ELASTICSEARCH_VERSION - value: 6 -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Use custom initialization scripts - -For advanced operations, the Bitnami Kibana chart allows using custom initialization scripts that will be mounted in `/docker-entrypoint.init-db`. Mount these extra scripts using a ConfigMap or a Secret (in case of sensitive data) and specify them via the `initScriptsCM` and `initScriptsSecret` chart parameters. Refer to the [chart documentation on custom initialization scripts](https://docs.bitnami.com/kubernetes/apps/kibana/administration/use-custom-init-scripts/) for an example. - -### Install plugins - -The Bitnami Kibana chart allows you to install a set of plugins at deployment time using the `plugins` chart parameter. Refer to the [chart documentation on installing plugins](https://docs.bitnami.com/kubernetes/apps/kibana/configuration/install-plugins/) for an example. - -```console -elasticsearch.hosts[0]=elasticsearch-host -elasticsearch.port=9200 -plugins[0]=https://github.com/fbaligand/kibana-enhanced-table/releases/download/v1.5.0/enhanced-table-1.5.0_7.3.2.zip -``` - -> **NOTE** Make sure that the plugin is available for the Kibana version you are deploying - -### Import saved objects - -If you have visualizations and dashboards (in NDJSON format) to import to Kibana, create a ConfigMap that includes them and then install the chart with the `savedObjects.configmap` or `savedObjects.urls` parameters. Refer to the [chart documentation on importing saved objects](https://docs.bitnami.com/kubernetes/apps/kibana/configuration/import-saved-objects/) for an example. - -### Use Sidecars and Init Containers - -If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. - -Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.bitnami.com/kubernetes/apps/kibana/configuration/configure-sidecar-init-containers/). - -#### Add a sample Elasticsearch container as sidecar - -This chart requires an Elasticsearch instance to work. For production, the options are to use an already existing Elasticsearch instance or deploy the [Elasticsearch chart](https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch) with the [`global.kibanaEnabled=true` parameter](https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#enable-bundled-kibana). - -For testing purposes, use a sidecar Elasticsearch container setting the following parameters during the Kibana chart installation: - -``` -elasticsearch.hosts[0]=localhost -elasticsearch.port=9200 -sidecars[0].name=elasticsearch -sidecars[0].image=bitnami/elasticsearch:latest -sidecars[0].imagePullPolicy=IfNotPresent -sidecars[0].ports[0].name=http -sidecars[0].ports[0].containerPort=9200 -``` - -### Set Pod affinity - -This chart allows you to set custom Pod affinity using the `affinity` parameter. Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami Kibana](https://github.com/bitnami/bitnami-docker-kibana) image can persist data. If enabled, the persisted path is `/bitnami/kibana` by default. - -The chart mounts a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. - -### Add extra volumes - -The Bitnami Kibana chart supports mounting extra volumes (either PVCs, secrets or configmaps) by using the `extraVolumes` and `extraVolumeMounts` property. This can be combined with advanced operations like adding extra init containers and sidecars. - -### Adjust permissions of persistent volume mountpoint - -As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. - -By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. -As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. - -You can enable this initContainer by setting `volumePermissions.enabled` to `true`. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 9.0.0 - -This version updates the settings used to communicate Kibana with Elasticsearch, adapting it to Elasticsearch X-Pack Security features. - -Previous setting `elasticsearch.tls` has been replaced with `elasticsearch.security.tls.enabled`. Other settings regarding certificate verification can be found under `elasticsearch.security.tls.*`, such as verification method and custom truststore. - -Additionally, support for the Kibana server using TLS/SSL encryption (HTTPS for port 5601) has been added. - -### To 8.0.0 - -The Kibana container configuration logic was migrated to bash. - -From this version onwards, Kibana container components are now licensed under the [Elastic License](https://www.elastic.co/licensing/elastic-license) that is not currently accepted as an Open Source license by the Open Source Initiative (OSI). - -Also, from now on, the Helm Chart will include the X-Pack plugin installed by default. - -Regular upgrade is compatible from previous versions. - -### To 6.2.0 - -This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 6.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/apps/kibana/administration/upgrade-helm3/). - -### To 5.0.0 - -This version does not include Elasticsearch as a bundled dependency. From now on, you should specify an external Elasticsearch instance using the `elasticsearch.hosts[]` and `elasticsearch.port` [parameters](#parameters). - -### To 3.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In [4dfac075aacf74405e31ae5b27df4369e84eb0b0](https://github.com/bitnami/charts/commit/4dfac075aacf74405e31ae5b27df4369e84eb0b0) the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 2.0.0 - -This version enabled by default an initContainer that modify some kernel settings to meet the Elasticsearch requirements. - -Currently, Elasticsearch requires some changes in the kernel of the host machine to work as expected. If those values are not set in the underlying operating system, the ES containers fail to boot with ERROR messages. More information about these requirements can be found in the links below: - -- [File Descriptor requirements](https://www.elastic.co/guide/en/elasticsearch/reference/current/file-descriptors.html) -- [Virtual memory requirements](https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html) - -You can disable the initContainer using the `elasticsearch.sysctlImage.enabled=false` parameter. diff --git a/bitnami/kibana/ci/values-with-es.yaml b/bitnami/kibana/ci/values-with-es.yaml deleted file mode 100644 index b306e4b..0000000 --- a/bitnami/kibana/ci/values-with-es.yaml +++ /dev/null @@ -1,5 +0,0 @@ -elasticsearch: - hosts: - - elasticsearch-1 - - elasticsearch-2 - port: 9300 diff --git a/bitnami/kibana/templates/NOTES.txt b/bitnami/kibana/templates/NOTES.txt deleted file mode 100644 index 31cc377..0000000 --- a/bitnami/kibana/templates/NOTES.txt +++ /dev/null @@ -1,50 +0,0 @@ -{{- if or (not .Values.elasticsearch.hosts) (not .Values.elasticsearch.port) -}} -###################################################################################################### -### ERROR: You did not provide the Elasticsearch external host or port in your 'helm install' call ### -###################################################################################################### - -Complete your Kibana deployment by running: - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/kibana \ - --set elasticsearch.hosts[0]=YOUR_ES_HOST,elasticsearch.port=YOUR_ES_PORT - -Replacing "YOUR_ES_HOST" and "YOUR_ES_PORT" placeholders by the proper values of your Elasticsearch deployment. - -{{- else -}} -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} - Get the Kibana URL and associate Kibana hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "Kibana URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/" - echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts - -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }} -{{- end }} - -{{- if or .Values.ingress.enabled (contains "NodePort" .Values.service.type) (contains "LoadBalancer" .Values.service.type) }} - -WARNING: Kibana is externally accessible from the cluster but the dashboard does not contain authentication mechanisms. Make sure you follow the authentication guidelines in your Elastic stack. -+info https://www.elastic.co/guide/en/elastic-stack-overview/current/setting-up-authentication.html -{{- end }} - -{{- if .Values.metrics.enabled }} - -WARNING: For Prometheus metrics to work, make sure that the kibana-prometheus-exporter plugin is installed: -+info https://github.com/pjhampton/kibana-prometheus-exporter -{{- end }} - -{{- include "kibana.validateValues" . }} -{{- include "kibana.checkRollingTags" . }} -{{- end }} diff --git a/bitnami/kibana/templates/_helpers.tpl b/bitnami/kibana/templates/_helpers.tpl deleted file mode 100644 index 86edcae..0000000 --- a/bitnami/kibana/templates/_helpers.tpl +++ /dev/null @@ -1,265 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Kibana image name -*/}} -{{- define "kibana.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "kibana.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "kibana.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return true if the deployment should include dashboards -*/}} -{{- define "kibana.importSavedObjects" -}} -{{- if or .Values.savedObjects.configmap .Values.savedObjects.urls }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Set Elasticsearch URL. -*/}} -{{- define "kibana.elasticsearch.url" -}} -{{- if .Values.elasticsearch.hosts -}} -{{- $totalHosts := len .Values.elasticsearch.hosts -}} -{{- $protocol := ternary "https" "http" .Values.elasticsearch.security.tls.enabled -}} -{{- range $i, $hostTemplate := .Values.elasticsearch.hosts -}} -{{- $host := tpl $hostTemplate $ }} -{{- printf "%s://%s:%s" $protocol $host (include "kibana.elasticsearch.port" $) -}} -{{- if (lt ( add1 $i ) $totalHosts ) }}{{- printf "," -}}{{- end }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Set Elasticsearch Port. -*/}} -{{- define "kibana.elasticsearch.port" -}} -{{- .Values.elasticsearch.port -}} -{{- end -}} - -{{/* -Set Elasticsearch PVC. -*/}} -{{- define "kibana.pvc" -}} -{{- .Values.persistence.existingClaim | default (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Get the initialization scripts Secret name. -*/}} -{{- define "kibana.initScriptsSecret" -}} -{{- printf "%s" (tpl .Values.initScriptsSecret $) -}} -{{- end -}} - -{{/* -Get the initialization scripts configmap name. -*/}} -{{- define "kibana.initScriptsCM" -}} -{{- printf "%s" (tpl .Values.initScriptsCM $) -}} -{{- end -}} - -{{/* -Get the saved objects configmap name. -*/}} -{{- define "kibana.savedObjectsCM" -}} -{{- printf "%s" (tpl .Values.savedObjects.configmap $) -}} -{{- end -}} - -{{/* -Set Elasticsearch Port. -*/}} -{{- define "kibana.configurationCM" -}} -{{- .Values.configurationCM | default (printf "%s-conf" (include "common.names.fullname" .)) -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "kibana.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "kibana.validateValues.noElastic" .) -}} -{{- $messages := append $messages (include "kibana.validateValues.configConflict" .) -}} -{{- $messages := append $messages (include "kibana.validateValues.extraVolumes" .) -}} -{{- $messages := append $messages (include "kibana.validateValues.tls" .) -}} -{{- $messages := append $messages (include "kibana.validateValues.elasticsearch.auth" .) -}} -{{- $messages := append $messages (include "kibana.validateValues.elasticsearch.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Kibana - must provide an ElasticSearch */}} -{{- define "kibana.validateValues.noElastic" -}} -{{- if and (not .Values.elasticsearch.hosts) (not .Values.elasticsearch.port) -}} -kibana: no-elasticsearch - You did not specify an external Elasticsearch instance. - Please set elasticsearch.hosts and elasticsearch.port -{{- else if and (not .Values.elasticsearch.hosts) .Values.elasticsearch.port }} -kibana: missing-es-settings-host - You specified the external Elasticsearch port but not the host. Please - set elasticsearch.hosts -{{- else if and .Values.elasticsearch.hosts (not .Values.elasticsearch.port) }} -kibana: missing-es-settings-port - You specified the external Elasticsearch hosts but not the port. Please - set elasticsearch.port -{{- end -}} -{{- end -}} - -{{/* Validate values of Kibana - configuration conflict */}} -{{- define "kibana.validateValues.configConflict" -}} -{{- if and (.Values.extraConfiguration) (.Values.configurationCM) -}} -kibana: conflict-configuration - You specified a ConfigMap with kibana.yml and a set of settings to be added - to the default kibana.yml. Please only set either extraConfiguration or configurationCM -{{- end -}} -{{- end -}} - -{{/* Validate values of Kibana - Incorrect extra volume settings */}} -{{- define "kibana.validateValues.extraVolumes" -}} -{{- if and (.Values.extraVolumes) (not .Values.extraVolumeMounts) -}} -kibana: missing-extra-volume-mounts - You specified extra volumes but not mount points for them. Please set - the extraVolumeMounts value -{{- end -}} -{{- end -}} - -{{/* Validate values of Kibana - No certificates for Kibana server */}} -{{- define "kibana.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) (not .Values.tls.autoGenerated) -}} -kibana: tls.enabled - In order to enable HTTPS for Kibana, you also need to provide an existing secret - containing the TLS certificates (--set tls.existingSecret="my-secret") or enable - auto-generated certificates (--set elasticsearch.security.auth.existingSecret="true"). -{{- end -}} -{{- end -}} - -{{/* Validate values of Kibana - No credentials for Elasticsearch auth */}} -{{- define "kibana.validateValues.elasticsearch.auth" -}} -{{- if and .Values.elasticsearch.security.auth.enabled (not .Values.elasticsearch.security.auth.kibanaPassword) (not .Values.elasticsearch.security.auth.existingSecret) -}} -kibana: missing-kibana-credentials - You enabled Elasticsearch authentication but you didn't provide the required credentials for - Kibana to connect. Please provide them (--set elasticsearch.security.auth.kibanaPassword="XXXXX") - or the name of an existing secret containing them (--set elasticsearch.security.auth.existingSecret="my-secret"). -{{- end -}} -{{- end -}} - -{{/* Validate values of Kibana - Elasticsearch HTTPS no trusted CA */}} -{{- define "kibana.validateValues.elasticsearch.tls" -}} -{{- if and .Values.elasticsearch.security.tls.enabled (ne "none" .Values.elasticsearch.security.tls.verificationMode) (not .Values.elasticsearch.security.tls.existingSecret) -}} -kibana: missing-elasticsearch-trusted-ca - You configured communication with Elasticsearch REST API using HTTPS and - verification enabled but no existing secret containing the Truststore or CA - certificate was provided (--set elasticsearch.security.tls.existingSecret="my-secret"). -{{- end -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "kibana.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- end -}} - -{{/* -Return the secret containing Kibana TLS certificates -*/}} -{{- define "kibana.tlsSecretName" -}} -{{- $secretName := .Values.tls.existingSecret -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s-crt" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "kibana.createTlsSecret" -}} -{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.existingSecret) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -basePath URL in use by the APIs. -*/}} -{{- define "kibana.basePath" -}} -{{- if (.Values.configuration.server.rewriteBasePath) }} -{{- .Values.configuration.server.basePath -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a Passwords secret object should be created -*/}} -{{- define "kibana.createSecret" -}} -{{- $kibanaPassword := and .Values.elasticsearch.security.auth.enabled (not .Values.elasticsearch.security.auth.existingSecret) -}} -{{- $serverTlsPassword := and .Values.tls.enabled (or .Values.tls.keystorePassword .Values.tls.keyPassword) (not .Values.tls.passwordsSecret) -}} -{{- $elasticsearchTlsPassword := and .Values.elasticsearch.security.tls.enabled .Values.elasticsearch.security.tls.truststorePassword (not .Values.elasticsearch.security.tls.passwordsSecret) -}} -{{- if or $kibanaPassword $serverTlsPassword $elasticsearchTlsPassword }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the name of secret containing the Elasticsearch auth credentials -*/}} -{{- define "kibana.elasticsearch.auth.secretName" -}} -{{- if .Values.elasticsearch.security.auth.existingSecret -}} - {{- printf "%s" .Values.elasticsearch.security.auth.existingSecret -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the name of secret containing the Elasticsearch auth credentials -*/}} -{{- define "kibana.elasticsearch.tls.secretName" -}} -{{- if .Values.elasticsearch.security.tls.passwordsSecret -}} - {{- printf "%s" .Values.elasticsearch.security.tls.passwordsSecret -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the name of secret containing the Elasticsearch auth credentials -*/}} -{{- define "kibana.tls.secretName" -}} -{{- if .Values.tls.passwordsSecret -}} - {{- printf "%s" .Values.tls.passwordsSecret -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kibana.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/bitnami/kibana/templates/configmap.yaml b/bitnami/kibana/templates/configmap.yaml deleted file mode 100644 index ec8bde5..0000000 --- a/bitnami/kibana/templates/configmap.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and (not .Values.configurationCM) (and .Values.elasticsearch.hosts .Values.elasticsearch.port) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-conf - labels: {{- include "common.labels.standard" . | nindent 4 }} -data: - kibana.yml: | - pid.file: /opt/bitnami/kibana/tmp/kibana.pid - server.host: "::" - server.port: {{ .Values.containerPort }} - elasticsearch.hosts: [{{ include "kibana.elasticsearch.url" . }}] - {{- if .Values.configuration.server.basePath }} - server.basePath: {{ .Values.configuration.server.basePath | quote }} - {{- end }} - server.rewriteBasePath: {{ .Values.configuration.server.rewriteBasePath }} - {{- if .Values.extraConfiguration }} - {{- tpl (toYaml .Values.extraConfiguration) $ | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/kibana/templates/deployment.yaml b/bitnami/kibana/templates/deployment.yaml deleted file mode 100644 index 91d260a..0000000 --- a/bitnami/kibana/templates/deployment.yaml +++ /dev/null @@ -1,283 +0,0 @@ -{{- if and .Values.elasticsearch.hosts .Values.elasticsearch.port -}} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - {{- if .Values.updateStrategy }} - strategy: {{- tpl (toYaml .Values.updateStrategy) $ | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - template: - metadata: - {{- if or .Values.podAnnotations (include "kibana.createTlsSecret" .) }} - annotations: - {{- if (include "kibana.createTlsSecret" .) }} - checksum/tls: {{ include (print $.Template.BasePath "/tls-secret.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app: kibana - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "kibana.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ include "kibana.serviceAccountName" . }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: "{{ template "kibana.volumePermissions.image" . }}" - imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} - command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "/bitnami/kibana"] - securityContext: - runAsUser: 0 - resources: {{ toYaml .Values.volumePermissions.resources | nindent 12 }} - volumeMounts: - - name: kibana-data - mountPath: /bitnami/kibana - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 10 }} - {{- end }} - {{- end }} - containers: - - name: kibana - image: {{ include "kibana.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - - name: KIBANA_PORT_NUMBER - value: {{ .Values.containerPort | quote }} - - name: KIBANA_ELASTICSEARCH_URL - value: {{ include "kibana.elasticsearch.url" . | quote }} - - name: KIBANA_ELASTICSEARCH_PORT_NUMBER - value: {{ include "kibana.elasticsearch.port" . | quote }} - - name: KIBANA_FORCE_INITSCRIPTS - value: {{ .Values.forceInitScripts | quote }} - - name: KIBANA_SERVER_ENABLE_TLS - value: {{ ternary "true" "false" .Values.tls.enabled | quote }} - {{- if or .Values.tls.usePemCerts (include "kibana.createTlsSecret" . ) }} - - name: KIBANA_SERVER_TLS_USE_PEM - value: "true" - {{- end }} - {{- if and .Values.tls.enabled .Values.tls.usePemCerts (or .Values.tls.keyPassword .Values.tls.passwordsSecret) }} - - name: KIBANA_SERVER_KEY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "kibana.tls.secretName" . }} - key: kibana-key-password - {{- end }} - {{- if and .Values.tls.enabled (not .Values.tls.usePemCerts) (or .Values.tls.keystorePassword .Values.tls.passwordsSecret) }} - - name: KIBANA_SERVER_KEYSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "kibana.tls.secretName" . }} - key: kibana-keystore-password - {{- end }} - {{- if .Values.elasticsearch.security.auth.enabled }} - - name: KIBANA_USERNAME - value: {{ .Values.elasticsearch.security.auth.kibanaUsername | quote }} - - name: KIBANA_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "kibana.elasticsearch.auth.secretName" . }} - key: kibana-password - {{- end }} - - name: KIBANA_ELASTICSEARCH_ENABLE_TLS - value: {{ ternary "true" "false" .Values.elasticsearch.security.tls.enabled | quote }} - - name: KIBANA_ELASTICSEARCH_TLS_USE_PEM - value: {{ ternary "true" "false" .Values.elasticsearch.security.tls.usePemCerts | quote }} - - name: KIBANA_ELASTICSEARCH_TLS_VERIFICATION_MODE - value: {{ .Values.elasticsearch.security.tls.verificationMode | quote }} - {{- if and .Values.elasticsearch.security.tls.enabled (not .Values.elasticsearch.security.tls.usePemCerts) (or .Values.elasticsearch.security.tls.truststorePassword .Values.elasticsearch.security.tls.passwordsSecret) }} - - name: KIBANA_ELASTICSEARCH_TRUSTSTORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "kibana.elasticsearch.tls.secretName" . }} - key: elasticsearch-truststore-password - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.extraEnvVarsCM }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPort }} - protocol: TCP - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - {{- if .Values.configuration.server.rewriteBasePath }} - path: {{ .Values.configuration.server.basePath }}/login - {{- else }} - path: /login - {{- end }} - port: http - scheme: {{ ternary "HTTPS" "HTTP" .Values.tls.enabled }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - {{- if .Values.configuration.server.rewriteBasePath }} - path: {{ .Values.configuration.server.basePath }}/login - {{- else }} - path: /login - {{- end }} - port: http - scheme: {{ ternary "HTTPS" "HTTP" .Values.tls.enabled }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.resources }} - resources: {{- include "common.tplvalues.render" (dict "value" .Values.resources "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: kibana-data - mountPath: /bitnami/kibana - - name: kibana-config - mountPath: /bitnami/kibana/conf - {{- if .Values.tls.enabled }} - - name: kibana-certificates - mountPath: /opt/bitnami/kibana/config/certs/server - readOnly: true - {{- end }} - {{- if and .Values.elasticsearch.security.tls.enabled (not (eq .Values.elasticsearch.security.tls.verificationMode "none" )) }} - - name: elasticsearch-certificates - mountPath: /opt/bitnami/kibana/config/certs/elasticsearch - readOnly: true - {{- end }} - {{- if .Values.plugins }} - - name: plugins-init-scripts - mountPath: /docker-entrypoint-initdb.d/plugin-install - {{- end }} - {{- if (include "kibana.importSavedObjects" .) }} - - name: saved-objects-init-scripts - mountPath: /docker-entrypoint-initdb.d/saved-objects-import - {{- end }} - {{- if .Values.savedObjects.configmap }} - - name: saved-objects-configmap - mountPath: /bitnami/kibana/saved-objects - {{- end }} - {{- if .Values.initScriptsCM }} - - name: custom-init-scripts-cm - mountPath: /docker-entrypoint-initdb.d/cm - {{- end }} - {{- if .Values.initScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: kibana-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "kibana.pvc" . }} - {{- else }} - emptyDir: {} - {{ end }} - {{- if .Values.tls.enabled }} - - name: kibana-certificates - secret: - secretName: {{ include "kibana.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if and .Values.elasticsearch.security.tls.enabled (ne .Values.elasticsearch.security.tls.verificationMode "none" ) }} - - name: elasticsearch-certificates - secret: - secretName: {{ required "A secret containing the Truststore or CA certificate for Elasticsearch is required" .Values.elasticsearch.security.tls.existingSecret }} - defaultMode: 256 - {{- end }} - - name: kibana-config - configMap: - name: {{ include "kibana.configurationCM" . }} - {{- if (include "kibana.importSavedObjects" .) }} - - name: saved-objects-init-scripts - configMap: - name: {{ include "common.names.fullname" . }}-saved-objects - defaultMode: 0755 - {{- end }} - {{- if .Values.plugins }} - - name: plugins-init-scripts - configMap: - name: {{ include "common.names.fullname" . }}-plugins - defaultMode: 0755 - {{- end }} - {{- if .Values.initScriptsCM }} - - name: custom-init-scripts-cm - configMap: - name: {{ template "kibana.initScriptsCM" . }} - defaultMode: 0755 - {{- end }} - {{- if .Values.initScriptsSecret }} - - name: custom-init-scripts-secret - secret: - name: {{ template "kibana.initScriptsSecret" . }} - defaultMode: 0755 - {{- end }} - {{- if .Values.savedObjects.configmap }} - - name: saved-objects-configmap - configMap: - name: {{ template "kibana.savedObjectsCM" . }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/kibana/templates/ingress.yaml b/bitnami/kibana/templates/ingress.yaml deleted file mode 100644 index 17c59be..0000000 --- a/bitnami/kibana/templates/ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - http: - paths: - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- if ne .Values.ingress.hostname "*" }} - host: {{ .Values.ingress.hostname }} - {{- end }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/kibana/templates/plugins-configmap.yaml b/bitnami/kibana/templates/plugins-configmap.yaml deleted file mode 100644 index 3fff719..0000000 --- a/bitnami/kibana/templates/plugins-configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.plugins -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-plugins - labels: {{- include "common.labels.standard" . | nindent 4 }} -data: - install-plugins.sh: | - #!/bin/bash - echo "==> Plugin installation" - {{- $totalPlugins := len .Values.plugins }} - echo "Total plugins defined in chart installation: {{ $totalPlugins }}" - {{- range $i, $plugin := .Values.plugins }} - echo "Installing plugin {{ add $i 1 }} out of {{ $totalPlugins }}: {{ $plugin }}" - kibana-plugin install "{{ $plugin }}" - {{- end }} - echo "==> End of Plugin installation" -{{- end -}} diff --git a/bitnami/kibana/templates/pvc.yaml b/bitnami/kibana/templates/pvc.yaml deleted file mode 100644 index 2a86b70..0000000 --- a/bitnami/kibana/templates/pvc.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} -{{- end -}} diff --git a/bitnami/kibana/templates/saved-objects-configmap.yaml b/bitnami/kibana/templates/saved-objects-configmap.yaml deleted file mode 100644 index 8b64b40..0000000 --- a/bitnami/kibana/templates/saved-objects-configmap.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if (include "kibana.importSavedObjects" .) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-saved-objects - labels: {{- include "common.labels.standard" . | nindent 4 }} -data: - {{- $savedObjectsUrl := printf "localhost:%d%s/api/saved_objects/_import" (int .Values.containerPort) (include "kibana.basePath" .) }} - import-saved-objects.sh: | - #!/bin/bash - echo "==> Saved objects import" - {{- if .Values.savedObjects.urls }} - {{- $totalURLs := len .Values.savedObjects.urls }} - echo "Total saved objects NDJSON URLs to import: {{ $totalURLs }}" - {{- range $i, $url := .Values.savedObjects.urls }} - echo "Importing saved objects from NDJSON in url {{ add $i 1 }} out of {{ $totalURLs }}: {{ $url }}" - download_tmp_file="$(mktemp)" - curl "{{$url}}" > "${download_tmp_file}.ndjson" - curl -s --connect-timeout 60 --max-time 60 -XPOST {{ $savedObjectsUrl }} -H 'kbn-xsrf:true' --form file=@${download_tmp_file}.ndjson - {{- end }} - {{- end }} - {{- if .Values.savedObjects.configmap }} - echo "Searching for dashboard NDJSON files from ConfigMap mounted in /bitnami/kibana/saved-objects" - ndjson_file_list_tmp="$(mktemp)" - find /bitnami/kibana/saved-objects -type f -regex ".*\.ndjson" > $ndjson_file_list_tmp - while read -r f; do - case "$f" in - *.ndjson) - echo "Importing $f" - curl -s --connect-timeout 60 --max-time 60 -XPOST {{ $savedObjectsUrl }} -H 'kbn-xsrf:true' --form file=@${f} - ;; - *) - echo "Ignoring $f" - ;; - esac - done < $ndjson_file_list_tmp - {{- end }} - echo "==> End of Saved objects import" -{{- end -}} diff --git a/bitnami/kibana/templates/secret.yaml b/bitnami/kibana/templates/secret.yaml deleted file mode 100644 index 80b88b1..0000000 --- a/bitnami/kibana/templates/secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if (include "kibana.createSecret" .) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if and .Values.elasticsearch.security.auth.enabled (not .Values.elasticsearch.security.auth.existingSecret) }} - kibana-password: {{ required "A Kibana password is required!" .Values.elasticsearch.security.auth.kibanaPassword | b64enc }} - {{- end }} - {{- if and .Values.tls.enabled (not .Values.tls.passwordsSecret) }} - {{- if .Values.tls.keyPassword }} - kibana-key-password: {{ .Values.tls.keyPassword | b64enc | quote }} - {{- end }} - {{- if .Values.tls.keystorePassword }} - kibana-keystore-password: {{.Values.tls.keystorePassword | b64enc | quote }} - {{- end }} - {{- end }} - {{- if and .Values.elasticsearch.security.tls.enabled .Values.elasticsearch.security.tls.truststorePassword (not .Values.elasticsearch.security.tls.passwordsSecret) }} - elasticsearch-truststore-password: {{ .Values.elasticsearch.security.tls.truststorePassword | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/bitnami/kibana/templates/service.yaml b/bitnami/kibana/templates/service.yaml deleted file mode 100644 index cd37215..0000000 --- a/bitnami/kibana/templates/service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -{{- if or (and .Values.metrics.enabled .Values.metrics.service.annotations) .Values.service.annotations }} - annotations: - {{- if and .Values.metrics.enabled .Values.metrics.service.annotations }} - {{- tpl (toYaml .Values.metrics.service.annotations) $ | nindent 4 }} - {{- end }} - {{- if .Values.service.annotations }} - {{- tpl (toYaml .Values.service.annotations) $ | nindent 4 }} - {{- end }} -{{- end }} - -spec: - type: {{ .Values.service.type }} - {{- if eq .Values.service.type "LoadBalancer" }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort)))}} - nodePort: {{ .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} -{{- if .Values.service.extraPorts }} - {{- tpl (toYaml .Values.service.extraPorts) $ | nindent 4 }} -{{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/kibana/templates/serviceaccount.yaml b/bitnami/kibana/templates/serviceaccount.yaml deleted file mode 100644 index b6c5332..0000000 --- a/bitnami/kibana/templates/serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kibana.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} - annotations: - {{- if or .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/kibana/templates/servicemonitor.yaml b/bitnami/kibana/templates/servicemonitor.yaml deleted file mode 100644 index 15ee89a..0000000 --- a/bitnami/kibana/templates/servicemonitor.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - endpoints: - - port: http - path: "/_prometheus/metrics" - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kibana/templates/tls-secret.yaml b/bitnami/kibana/templates/tls-secret.yaml deleted file mode 100644 index dcd7f22..0000000 --- a/bitnami/kibana/templates/tls-secret.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if (include "kibana.createTlsSecret" .) }} -{{- $ca := genCA "kibana-ca" 365 }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $serviceName := include "common.names.fullname" . }} -{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $serviceName }} -{{- $crt := genSignedCert $serviceName nil $altNames 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-crt" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} -{{- end }} diff --git a/bitnami/kibana/values.yaml b/bitnami/kibana/values.yaml deleted file mode 100644 index 7f67399..0000000 --- a/bitnami/kibana/values.yaml +++ /dev/null @@ -1,557 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname template with a string (will prepend the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template with a string -## -fullnameOverride: "" - -## @section Kibana parameters - -## Bitnami Kibana image version -## ref: https://hub.docker.com/r/bitnami/kibana/tags/ -## @param image.registry Kibana image registry -## @param image.repository Kibana image repository -## @param image.tag Kibana image tag (immutable tags are recommended) -## @param image.pullPolicy Kibana image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## -image: - registry: docker.io - repository: bitnami/kibana - tag: 7.14.2-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param replicaCount Number of replicas of the Kibana Pod -## -replicaCount: 1 -## @param updateStrategy.type Set up update strategy for Kibana installation. -## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods are destroyed first. -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## Example: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate -## @param schedulerName Alternative scheduler -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param plugins Array containing the Kibana plugins to be installed in deployment -## eg: -## plugins: -## - https://github.com/fbaligand/kibana-enhanced-table/releases/download/v1.5.0/enhanced-table-1.5.0_7.3.2.zip -## -plugins: [] -## Saved objects to import (NDJSON format) -## -savedObjects: - ## @param savedObjects.urls Array containing links to NDJSON files to be imported during Kibana initialization - ## e.g: - ## urls: - ## - www.example.com/dashboard.ndjson - ## - urls: [] - ## @param savedObjects.configmap Configmap containing NDJSON files to be imported during Kibana initialization (evaluated as a template) - ## - configmap: "" -## @param extraConfiguration Extra settings to be added to the default kibana.yml configmap that the chart creates (unless replaced using `configurationCM`). Evaluated as a template -## -extraConfiguration: {} -## @param configurationCM ConfigMap containing a kibana.yml file that will replace the default one specified in configuration.yaml -## -configurationCM: "" -## @param extraEnvVars Array containing extra env vars to configure Kibana -## For example: -## extraEnvVars: -## - name: KIBANA_ELASTICSEARCH_URL -## value: test -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap containing extra env vars to configure Kibana -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret containing extra env vars to configure Kibana (in case of sensitive data) -## -extraEnvVarsSecret: "" -## @param extraVolumes Array to add extra volumes. Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Array to add extra mounts. Normally used with `extraVolumes` -## -extraVolumeMounts: [] -## Init containers parameters: -## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image name - ## @param volumePermissions.image.tag Init container volume-permissions image tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r199 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param volumePermissions.resources Volume Permissions resources - ## resources: - ## requests: - ## memory: 128Mi - ## cpu: 100m - resources: {} -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence - ## - enabled: true - ## @param persistence.storageClass Kibana data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` - ## - existingClaim: "" - ## @param persistence.accessMode Access mode to the PV - ## - accessMode: ReadWriteOnce - ## @param persistence.size Size for the PV - ## - size: 10Gi -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -## @param livenessProbe.enabled Enable/disable the Liveness probe -## @param livenessProbe.initialDelaySeconds Delay before liveness probe is initiated -## @param livenessProbe.periodSeconds How often to perform the probe -## @param livenessProbe.timeoutSeconds When the probe times out -## @param livenessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. -## @param livenessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. -## -livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -## @param readinessProbe.enabled Enable/disable the Readiness probe -## @param readinessProbe.initialDelaySeconds Delay before readiness probe is initiated -## @param readinessProbe.periodSeconds How often to perform the probe -## @param readinessProbe.timeoutSeconds When the probe times out -## @param readinessProbe.failureThreshold Minimum consecutive failures for the probe to be considered failed after having succeeded. -## @param readinessProbe.successThreshold Minimum consecutive successes for the probe to be considered successful after having failed. -## -readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param forceInitScripts Force execution of init scripts -## -forceInitScripts: false -## @param initScriptsCM Configmap with init scripts to execute -## -initScriptsCM: "" -## @param initScriptsSecret Secret with init scripts to execute (for sensitive data) -## -initScriptsSecret: "" -## Service configuration -## -service: - ## @param service.port Kubernetes Service port - ## - port: 5601 - ## @param service.type Kubernetes Service type - ## - type: ClusterIP - ## @param service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Annotations for Kibana service (evaluated as a template) - ## This can be used to set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - ## @param service.loadBalancerIP loadBalancerIP if Kibana service type is `LoadBalancer` - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) - ## - extraPorts: [] -## Configure the ingress resource that allows you to access the -## Kibana installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource. If specified as "*" no host rule is configured - ## - hostname: kibana.local - ## @param ingress.path The Path to Kibana. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: kibana.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Additional arbitrary path/backend objects - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - kibana.local - ## secretName: kibana.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: kibana.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @param serviceAccount.create Enable creation of ServiceAccount for Kibana -## @param serviceAccount.name Name of serviceAccount -## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount -serviceAccount: - create: true - name: "" - annotations: {} - -## @param containerPort Port to expose at container level -## -containerPort: 5601 -## @param securityContext.enabled Enable securityContext on for Kibana deployment -## @param securityContext.fsGroup Group to configure permissions for volumes -## @param securityContext.runAsUser User for the security context -## @param securityContext.runAsNonRoot Set container's Security Context runAsNonRoot -## -securityContext: - enabled: true - runAsUser: 1001 - fsGroup: 1001 - runAsNonRoot: true -## Kibana resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the container -## @param resources.requests The requested resources for the container -## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 256Mi - requests: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Extra labels to add to Pod -## -podLabels: {} -## @param sidecars Attach additional containers to the pod -## e.g. -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @param initContainers Add additional init containers to the pod -## e.g. -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param configuration [object] Kibana configuration -## -configuration: - server: - basePath: "" - rewriteBasePath: false -## Prometheus metrics (requires the kibana-prometheus-exporter plugin) -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - service: - ## @param metrics.service.annotations [object] Prometheus annotations for the Kibana service - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "80" - prometheus.io/path: "_prometheus/metrics" - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - # selector: - # prometheus: my-prometheus - selector: {} - -## @section Kibana server TLS configuration -## -tls: - ## @param tls.enabled Enable SSL/TLS encryption for Kibana server (HTTPS) - ## - enabled: false - ## @param tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates. - ## - autoGenerated: false - ## @param tls.existingSecret Name of the existing secret containing Kibana server certificates - ## - existingSecret: "" - ## @param tls.usePemCerts Use this variable if your secrets contain PEM certificates instead of PKCS12 - ## Note: Ignored when using autoGenerated certs. - ## - usePemCerts: false - ## @param tls.keyPassword Password to access the PEM key when it is password-protected. - ## - keyPassword: "" - ## @param tls.keystorePassword Password to access the PKCS12 keystore when it is password-protected. - ## - keystorePassword: "" - ## @param tls.passwordsSecret Name of a existing secret containing the Keystore or PEM key password - ## - passwordsSecret: "" - -## @section Elasticsearch parameters -## -elasticsearch: - ## @param elasticsearch.hosts List of elasticsearch hosts to connect to. - ## e.g: - ## hosts: - ## - elasticsearch-1 - ## - elasticsearch-2 - ## - hosts: [] - ## @param elasticsearch.port Elasticsearch port - ## - port: "" - - security: - auth: - ## @param elasticsearch.security.auth.enabled Set to 'true' if Elasticsearch has authentication enabled - ## - enabled: false - ## @param elasticsearch.security.auth.kibanaUsername Kibana server user to authenticate with Elasticsearch - ## - kibanaUsername: "elastic" - ## @param elasticsearch.security.auth.kibanaPassword Kibana server password to authenticate with Elasticsearch - ## - kibanaPassword: "" - ## @param elasticsearch.security.auth.existingSecret Name of the existing secret containing the Password for the Kibana user - ## - existingSecret: "" - tls: - ## @param elasticsearch.security.tls.enabled Set to 'true' if Elasticsearch API uses TLS/SSL (HTTPS) - ## - enabled: false - ## @param elasticsearch.security.tls.verificationMode Verification mode for SSL communications. - ## Supported values: full, certificate, none. - ## Ref: https://www.elastic.co/guide/en/kibana/7.x/settings.html#elasticsearch-ssl-verificationmode - verificationMode: "full" - ## @param elasticsearch.security.tls.existingSecret Name of the existing secret containing Elasticsearch Truststore or CA certificate. Required unless verificationMode=none - ## - existingSecret: "" - ## @param elasticsearch.security.tls.usePemCerts Set to 'true' to use PEM certificates instead of PKCS12. - ## - usePemCerts: false - ## @param elasticsearch.security.tls.truststorePassword Password to access the PKCS12 trustore in case it is password-protected. - ## - truststorePassword: "" - ## @param elasticsearch.security.tls.passwordsSecret Name of a existing secret containing the Truststore password - ## - passwordsSecret: "" diff --git a/bitnami/kong/Chart.lock b/bitnami/kong/Chart.lock deleted file mode 100644 index a689ba7..0000000 --- a/bitnami/kong/Chart.lock +++ /dev/null @@ -1,12 +0,0 @@ -dependencies: -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 10.10.3 -- name: cassandra - repository: https://charts.bitnami.com/bitnami - version: 8.0.4 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:e3313d4b751935ed6e4c69b41a7cafd7f1a6b415004b879b60251f58255e7e8b -generated: "2021-09-27T16:09:13.920792766Z" diff --git a/bitnami/kong/Chart.yaml b/bitnami/kong/Chart.yaml deleted file mode 100644 index c8f1314..0000000 --- a/bitnami/kong/Chart.yaml +++ /dev/null @@ -1,37 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 2.6.0 -dependencies: - - condition: postgresql.enabled - name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 10.x.x - - condition: cassandra.enabled - name: cassandra - repository: https://charts.bitnami.com/bitnami - version: 8.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - version: 1.x.x -description: Kong is a scalable, open source API layer (aka API gateway or API middleware) that runs in front of any RESTful API. Extra functionalities beyond the core platform are extended through plugins. Kong is built on top of reliable technologies like NGINX and provides an easy-to-use RESTful API to operate and configure the system. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/kong -icon: https://bitnami.com/assets/stacks/kong/img/kong-stack-220x234.png -keywords: - - kong - - ingress - - openresty - - controller - - http - - web - - www - - reverse proxy -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: kong -sources: - - https://github.com/bitnami/bitnami-docker-kong - - https://konghq.com/ -version: 4.1.2 diff --git a/bitnami/kong/README.md b/bitnami/kong/README.md deleted file mode 100644 index afb59d3..0000000 --- a/bitnami/kong/README.md +++ /dev/null @@ -1,535 +0,0 @@ -# Kong - -[Kong](https://konghq.com/kong/) is a scalable, open source API layer (aka API gateway or API middleware) that runs in front of any RESTful API. Extra functionalities beyond the core platform are extended through plugins. Kong is built on top of reliable technologies like NGINX and provides an easy-to-use RESTful API to operate and configure the system. - -## TL;DR - -```console - helm repo add bitnami https://charts.bitnami.com/bitnami - helm install my-release bitnami/kong -``` - -## Introduction - -This chart bootstraps a [kong](https://github.com/bitnami/bitnami-docker-kong) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. It also includes the [kong-ingress-controller](https://github.com/bitnami/bitnami-docker-kong-ingress-controller) container for managing Ingress resources using Kong. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console - helm repo add bitnami https://charts.bitnami.com/bitnami - helm install my-release bitnami/kong -``` - -These commands deploy kong on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console - helm delete my-release -``` - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override kong.fullname template with a string (will prepend the release name) | `""` | -| `fullnameOverride` | String to fully override kong.fullname template with a string | `""` | -| `commonAnnotations` | Common annotations to add to all Kong resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all Kong resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `clusterDomain` | Kubernetes cluster domain | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### Deployment parameters - -| Name | Description | Value | -| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | kong image registry | `docker.io` | -| `image.repository` | kong image repository | `bitnami/kong` | -| `image.tag` | kong image tag (immutable tags are recommended) | `2.6.0-debian-10-r0` | -| `image.pullPolicy` | kong image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `database` | Select which database backend Kong will use. Can be 'postgresql' or 'cassandra' | `postgresql` | -| `replicaCount` | Number of replicas of the kong Pod | `2` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `updateStrategy.type` | Set up update strategy for kong installation. Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first. | `RollingUpdate` | -| `schedulerName` | Alternative scheduler | `""` | -| `useDaemonset` | Use a daemonset instead of a deployment. `replicaCount` will not take effect. | `false` | -| `extraVolumes` | Array of extra volumes to be added to the Kong deployment deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | -| `initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` | -| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | -| `containerSecurityContext.runAsUser` | Set Kong container's Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set Kong container's Security Context runAsNonRoot | `true` | -| `podSecurityContext` | Pod security context | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Pod labels | `{}` | -| `autoscaling.enabled` | Deploy a HorizontalPodAutoscaler object for the Kong deployment | `false` | -| `autoscaling.apiVersion` | API Version of the HPA object (for compatibility with Openshift) | `autoscaling/v2beta1` | -| `autoscaling.minReplicas` | Minimum number of replicas to scale back | `2` | -| `autoscaling.maxReplicas` | Maximum number of replicas to scale out | `5` | -| `autoscaling.metrics` | Metrics to use when deciding to scale the deployment (evaluated as a template) | `[]` | -| `pdb.enabled` | Deploy a pdb object for the Kong pod | `false` | -| `pdb.maxUnavailable` | Maximum unavailable Kong replicas (expressed in percentage) | `50%` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Cluster internal IP of the service | `""` | -| `service.externalTrafficPolicy` | external traffic policy managing client source IP preservation | `""` | -| `service.proxyHttpPort` | kong proxy HTTP service port port | `80` | -| `service.proxyHttpsPort` | kong proxy HTTPS service port port | `443` | -| `service.exposeAdmin` | Add the Kong Admin ports to the service | `false` | -| `service.adminHttpPort` | kong admin HTTPS service port (only if service.exposeAdmin=true) | `8001` | -| `service.adminHttpsPort` | kong admin HTTPS service port (only if service.exposeAdmin=true) | `8444` | -| `service.disableHttpPort` | Disable Kong proxy HTTP and Kong admin HTTP ports | `false` | -| `service.proxyHttpNodePort` | Port to bind to for NodePort service type (proxy HTTP) | `""` | -| `service.proxyHttpsNodePort` | Port to bind to for NodePort service type (proxy HTTPS) | `""` | -| `service.adminHttpNodePort` | Port to bind to for NodePort service type (admin HTTP) | `""` | -| `service.adminHttpsNodePort` | Port to bind to for NodePort service type (admin HTTPS) | `""` | -| `service.loadBalancerIP` | loadBalancerIP if kong service type is `LoadBalancer` | `""` | -| `service.annotations` | Annotations for kong service | `{}` | -| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `kong.local` | -| `ingress.path` | Ingress path | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Create TLS Secret | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Additional arbitrary path/backend objects | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Kong Container Parameters - -| Name | Description | Value | -| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ------ | -| `kong.command` | Override default container command (useful when using custom images) | `[]` | -| `kong.args` | Override default container args (useful when using custom images) | `[]` | -| `kong.initScriptsCM` | Configmap with init scripts to execute | `""` | -| `kong.initScriptsSecret` | Configmap with init scripts to execute | `""` | -| `kong.extraEnvVars` | Array containing extra env vars to configure Kong | `[]` | -| `kong.extraEnvVarsCM` | ConfigMap containing extra env vars to configure Kong | `""` | -| `kong.extraEnvVarsSecret` | Secret containing extra env vars to configure Kong (in case of sensitive data) | `""` | -| `kong.extraVolumeMounts` | Array of extra volume mounts to be added to the Kong Container (evaluated as template). Normally used with `extraVolumes`. | `[]` | -| `kong.customLivenessProbe` | Override default liveness probe (kong container) | `{}` | -| `kong.customReadinessProbe` | Override default readiness probe (kong container) | `{}` | -| `kong.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `kong.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `kong.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `kong.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `kong.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `kong.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `kong.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `kong.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `kong.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `kong.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `kong.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `kong.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `kong.lifecycleHooks` | Lifecycle hooks (kong container) | `{}` | -| `kong.resources.limits` | The resources limits for the container | `{}` | -| `kong.resources.requests` | The requested resources for the container | `{}` | - - -### Kong Migration job Parameters - -| Name | Description | Value | -| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------- | ----- | -| `migration.command` | Override default container command (useful when using custom images) | `[]` | -| `migration.args` | Override default container args (useful when using custom images) | `[]` | -| `migration.hostAliases` | Add deployment host aliases | `[]` | -| `migration.annotations` | Add annotations to the job | `{}` | -| `migration.extraEnvVars` | Array containing extra env vars to configure the Kong migration job | `[]` | -| `migration.extraEnvVarsCM` | ConfigMap containing extra env vars to configure the Kong migration job | `""` | -| `migration.extraEnvVarsSecret` | Secret containing extra env vars to configure the Kong migration job (in case of sensitive data) | `""` | -| `migration.extraVolumeMounts` | Array of extra volume mounts to be added to the Kong Container (evaluated as template). Normally used with `extraVolumes`. | `[]` | -| `migration.resources.limits` | The resources limits for the container | `{}` | -| `migration.resources.requests` | The requested resources for the container | `{}` | - - -### Kong Ingress Controller Container Parameters - -| Name | Description | Value | -| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -| `ingressController.enabled` | Enable/disable the Kong Ingress Controller | `true` | -| `ingressController.customResourceDeletePolicy` | Add custom CRD resource delete policy (for Helm 2 support) | `{}` | -| `ingressController.image.registry` | Kong Ingress Controller image registry | `docker.io` | -| `ingressController.image.repository` | Kong Ingress Controller image name | `bitnami/kong-ingress-controller` | -| `ingressController.image.tag` | Kong Ingress Controller image tag | `1.3.1-debian-10-r103` | -| `ingressController.image.pullPolicy` | kong ingress controller image pull policy | `IfNotPresent` | -| `ingressController.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `ingressController.proxyReadyTimeout` | Maximum time (in seconds) to wait for the Kong container to be ready | `300` | -| `ingressController.rbac.create` | Create the necessary Service Accounts, Roles and Rolebindings for the Ingress Controller to work | `true` | -| `ingressController.rbac.existingServiceAccount` | Use an existing service account for all the RBAC operations | `""` | -| `ingressController.ingressClass` | Name of the class to register Kong Ingress Controller (useful when having other Ingress Controllers in the cluster) | `kong` | -| `ingressController.command` | Override default container command (useful when using custom images) | `[]` | -| `ingressController.args` | Override default container args (useful when using custom images) | `[]` | -| `ingressController.extraEnvVars` | Array containing extra env vars to configure Kong | `[]` | -| `ingressController.extraEnvVarsCM` | ConfigMap containing extra env vars to configure Kong Ingress Controller | `""` | -| `ingressController.extraEnvVarsSecret` | Secret containing extra env vars to configure Kong Ingress Controller (in case of sensitive data) | `""` | -| `ingressController.extraVolumeMounts` | Array of extra volume mounts to be added to the Kong Ingress Controller container (evaluated as template). Normally used with `extraVolumes`. | `[]` | -| `ingressController.customLivenessProbe` | Override default liveness probe (kong ingress controller container) | `{}` | -| `ingressController.customReadinessProbe` | Override default readiness probe (kong ingress controller container) | `{}` | -| `ingressController.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `ingressController.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `ingressController.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `ingressController.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `ingressController.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `ingressController.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `ingressController.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `ingressController.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `ingressController.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `ingressController.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `ingressController.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `ingressController.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `ingressController.resources.limits` | The resources limits for the container | `{}` | -| `ingressController.resources.requests` | The requested resources for the container | `{}` | - - -### PostgreSQL Parameters - -| Name | Description | Value | -| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ------- | -| `postgresql.enabled` | Deploy the PostgreSQL sub-chart | `true` | -| `postgresql.usePasswordFile` | Mount the PostgreSQL secret as a file | `false` | -| `postgresql.external.host` | Host of an external PostgreSQL installation | `""` | -| `postgresql.external.user` | Username of the external PostgreSQL installation | `""` | -| `postgresql.external.password` | Password of the external PostgreSQL installation | `""` | -| `postgresql.existingSecret` | Use an existing secret file with the PostgreSQL password (can be used with the bundled chart or with an existing installation) | `""` | -| `postgresql.postgresqlDatabase` | Database name to be used by Kong | `kong` | -| `postgresql.postgresqlUsername` | Username to be created by the PostgreSQL bundled chart | `kong` | - - -### Cassandra Parameters - -| Name | Description | Value | -| ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------- | -| `cassandra.enabled` | Deploy the Cassandra sub-chart | `false` | -| `cassandra.dbUser.user` | Username to be created by the cassandra bundled chart | `kong` | -| `cassandra.usePasswordFile` | Mount the Cassandra secret as a file | `false` | -| `cassandra.external.hosts` | Hosts of an external cassandra installation | `[]` | -| `cassandra.external.port` | Port of an external cassandra installation | `9042` | -| `cassandra.external.user` | Username of the external cassandra installation | `""` | -| `cassandra.external.password` | Password of the external cassandra installation | `""` | -| `cassandra.existingSecret` | Use an existing secret file with the Cassandra password (can be used with the bundled chart or with an existing installation) | `""` | - - -### Metrics Parameters - -| Name | Description | Value | -| --------------------------------------- | ------------------------------------------------------------------------------------------------------ | ----------- | -| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | -| `metrics.service.annotations` | Annotations for Prometheus metrics service | `{}` | -| `metrics.service.type` | Type of the Prometheus metrics service | `ClusterIP` | -| `metrics.service.port` | Port of the Prometheus metrics service | `9119` | -| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `metrics.serviceMonitor.serviceAccount` | Service account used by Prometheus | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.rbac.enabled` | Whether to enable RBAC | `true` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console - helm install my-release \ - --set service.exposeAdmin=true bitnami/kong -``` - -The above command exposes the Kong admin ports inside the Kong service. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console - helm install my-release -f values.yaml bitnami/kong -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Database backend - -The Bitnami Kong chart allows setting two database backends: PostgreSQL or Cassandra. For each option, there are two extra possibilities: deploy a sub-chart with the database installation or use an existing one. The list below details the different options (replace the placeholders specified between _UNDERSCORES_): - -- Deploy the PostgreSQL sub-chart (default) - -```console - helm install my-release bitnami/kong -``` - -- Use an external PostgreSQL database - -```console - helm install my-release bitnami/kong \ - --set postgresql.enabled=false \ - --set postgresql.external.host=_HOST_OF_YOUR_POSTGRESQL_INSTALLATION_ \ - --set postgresql.external.password=_PASSWORD_OF_YOUR_POSTGRESQL_INSTALLATION_ \ - --set postgresql.external.user=_USER_OF_YOUR_POSTGRESQL_INSTALLATION_ -``` - -- Deploy the Cassandra sub-chart - -```console - helm install my-release bitnami/kong \ - --set database=cassandra \ - --set postgresql.enabled=false \ - --set cassandra.enabled=true -``` - -- Use an existing Cassandra installation - -```console - helm install my-release bitnami/kong \ - --set database=cassandra \ - --set postgresql.enabled=false \ - --set cassandra.enabled=false \ - --set cassandra.external.hosts[0]=_CONTACT_POINT_0_OF_YOUR_CASSANDRA_CLUSTER_ \ - --set cassandra.external.hosts[1]=_CONTACT_POINT_1_OF_YOUR_CASSANDRA_CLUSTER_ \ - ... - --set cassandra.external.user=_USER_OF_YOUR_CASSANDRA_INSTALLATION_ \ - --set cassandra.external.password=_PASSWORD_OF_YOUR_CASSANDRA_INSTALLATION_ -``` - -### DB-less - -Kong 1.1 added the capability to run Kong without a database, using only in-memory storage for entities: we call this DB-less mode. When running Kong DB-less, the configuration of entities is done in a second configuration file, in YAML or JSON, using declarative configuration (ref. [Link](https://docs.konghq.com/gateway-oss/1.1.x/db-less-and-declarative-config/)). -As is said in step 4 of [kong official docker installation](https://docs.konghq.com/install/docker#db-less-mode), just add the env variable "KONG_DATABASE=off". - -#### How to enable it - -1. Set `database` value with any value other than "postgresql" or "cassandra". For example `database: "off"` -2. Use `kong.extraEnvVars` value to set the `KONG_DATABASE` environment variable: -```yaml -kong.extraEnvVars: -- name: KONG_DATABASE - value: "off" -``` - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as Kong (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Adding extra environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `kong.extraEnvVars` property. - -```yaml -kong: - extraEnvVars: - - name: KONG_LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `kong.extraEnvVarsCM` or the `kong.extraEnvVarsSecret` values. - -The Kong Ingress Controller and the Kong Migration job also allow this kind of configuration via the `ingressController.extraEnvVars`, `ingressController.extraEnvVarsCM`, `ingressController.extraEnvVarsSecret`, `migration.extraEnvVars`, `migration.extraEnvVarsCM` and `migration.extraEnvVarsSecret` values. - -### Using custom init scripts - -For advanced operations, the Bitnami Kong charts allows using custom init scripts that will be mounted in `/docker-entrypoint.init-db`. You can use a ConfigMap or a Secret (in case of sensitive data) for mounting these extra scripts. Then use the `kong.initScriptsCM` and `kong.initScriptsSecret` values. - -```console -elasticsearch.hosts[0]=elasticsearch-host -elasticsearch.port=9200 -initScriptsCM=special-scripts -initScriptsSecret=special-scripts-sensitive -``` - -### Deploying extra resources - -There are cases where you may want to deploy extra objects, such as KongPlugins, KongConsumers, amongst others. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. The following example would activate a plugin at deployment time. - -```yaml -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: |- - - apiVersion: configuration.konghq.com/v1 - kind: KongPlugin - metadata: - name: {{ include "common.names.fullname" . }}-plugin-correlation - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 6 }} - config: - header_name: my-request-id - plugin: correlation-id -``` - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -It's necessary to specify the existing passwords while performing a upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresql.postgresqlPassword` or `cassandra.password` parameters when upgrading the chart: - -```bash -$ helm upgrade my-release bitnami/kong \ - --set database=postgresql - --set postgresql.enabled=true - --set - --set postgresql.postgresqlPassword=[POSTGRESQL_PASSWORD] -``` - -> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_ with the values obtained from instructions in the installation notes. - -### To 3.1.0 - -Kong Ingress Controller version was bumped to new major version, `1.x.x`. The associated CRDs were updated accordingly. - -### To 3.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts -- This chart depends on the **PostgreSQL 10** instead of **PostgreSQL 9**. Apart from the same changes that are described in this section, there are also other major changes due to the master/slave nomenclature was replaced by primary/readReplica. [Here](https://github.com/bitnami/charts/pull/4385) you can find more information about the changes introduced. - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 -- If you want to upgrade to this version from a previous one installed with Helm v3, it should be done reusing the PVC used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `kong`): - -> NOTE: Please, create a backup of your database before running any of those actions. - -##### Export secrets and required values to update - -```console -$ export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default kong-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) -$ export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=kong,app.kubernetes.io/name=postgresql,role=master -o jsonpath="{.items[0].metadata.name}") -``` - -##### Delete statefulsets - -Delete PostgreSQL statefulset. Notice the option `--cascade=false`: - -``` -$ kubectl delete statefulsets.apps kong-postgresql --cascade=false -``` - -##### Upgrade the chart release - -```console -$ helm upgrade kong bitnami/kong \ - --set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD \ - --set postgresql.persistence.existingClaim=$POSTGRESQL_PVC -``` - -##### Force new statefulset to create a new pod for postgresql - -```console -$ kubectl delete pod kong-postgresql-0 -``` -Finally, you should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") -... -postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... -... -``` - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 4.0.0 - -This major updates the Cassandra subchart to its newest major, 4.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/cassandra#to-800) you can find more information about the changes introduced in those versions. - -### To 2.0.0 - -PostgreSQL and Cassandra dependencies versions were bumped to new major versions, `9.x.x` and `6.x.x` respectively. Both of these include breaking changes and hence backwards compatibility is no longer guaranteed. - -In order to properly migrate your data to this new version: - -* If you were using PostgreSQL as your database, please refer to the [PostgreSQL Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900). - -* If you were using Cassandra as your database, please refer to the [Cassandra Upgrade Notes](https://github.com/bitnami/charts/tree/master/bitnami/cassandra#to-600). diff --git a/bitnami/kong/ci/values-editing-containers.yaml b/bitnami/kong/ci/values-editing-containers.yaml deleted file mode 100644 index f8a1225..0000000 --- a/bitnami/kong/ci/values-editing-containers.yaml +++ /dev/null @@ -1,116 +0,0 @@ -## Edit kong container -## -kong: - command: - - sleep - args: - - "3600" - initScriptsCM: kong-initscripts - initScriptsSecret: kong-initscripts-secret - extraEnvVars: - - name: KONG_LOG_LEVEL - value: error - extraEnvVarsCM: kong-extraenv-cm - extraEnvVarsSecret: kong-extraenv-secret - extraVolumeMounts: - - name: kong-certs - mountPath: /bitnami/kong/certs - resources: - limits: - cpu: 500m - memory: 1Gi - -## Edit migration container -## -migration: - command: - - echo - args: - - test - extraEnvVars: - - name: KONG_CASSANDRA_USER - value: cassandra - extraEnvVarsCM: kong-migrate-extraenv-cm - extraEnvVarsSecret: kong-migrate-extraenv-secret - extraVolumeMounts: - - name: kong-migrate-credentials - mountPath: /bitnami/kong/credentials - resources: - limits: - cpu: 300m - memory: 2Gi - -## Edit migration container -## -ingressController: - command: - - echo - args: - - hello - extraEnvVars: - - name: CONTROLLER_LOG_LEVEL - value: error - extraEnvVarsCM: kong-controller-extraenv-cm - extraEnvVarsSecret: kong-controller-extraenv-secret - extraVolumeMounts: - - name: kong-controller-credentials - mountPath: /bitnami/kong/credentials - resources: - limits: - cpu: 1000m - memory: 2Gi - -sidecars: |- - - name: test-sidecar - image: bitnami/minideb - command: - - echo - - hi - -initContainers: |- - - name: test-init - image: bitnami/git - command: - - git - - clone - - github.com/bitnami/bitnami-docker-kong" - -volumes: - - name: kong-controller-credentials - hostPath: /tmp/credentials - - name: kong-migrate-credentials - hostPath: /tmp/migrate/credentials - - name: kong-certs - persistentVolumeClaim: - claimName: kong-certs-pvc - -nodeSelector: - disktype: ssd - -tolerations: - - key: "key" - operator: "Equal" - value: "value" - effect: "NoSchedule" - -affinity: |- - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/e2e-az-name - operator: In - values: - - e2e-az1 - - e2e-az2 - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - preference: - matchExpressions: - - key: another-node-label-key - operator: In - values: - - another-node-label-value - -podAnnotations: - k8s/annotation: test diff --git a/bitnami/kong/ci/values-external-cassandra.yaml b/bitnami/kong/ci/values-external-cassandra.yaml deleted file mode 100644 index 22fa2ca..0000000 --- a/bitnami/kong/ci/values-external-cassandra.yaml +++ /dev/null @@ -1,13 +0,0 @@ -database: cassandra - -postgresql: - enabled: false -cassandra: - enabled: false - external: - hosts: - - test-cassandra1 - - test-cassandra2 - - test-cassandra3 - user: test - password: test diff --git a/bitnami/kong/ci/values-external-postgresql.yaml b/bitnami/kong/ci/values-external-postgresql.yaml deleted file mode 100644 index 31de2af..0000000 --- a/bitnami/kong/ci/values-external-postgresql.yaml +++ /dev/null @@ -1,8 +0,0 @@ -database: postgresql - -postgresql: - enabled: false - external: - host: test-postgresql - user: test - password: test diff --git a/bitnami/kong/ci/values-ingress.yaml b/bitnami/kong/ci/values-ingress.yaml deleted file mode 100644 index f6ccc62..0000000 --- a/bitnami/kong/ci/values-ingress.yaml +++ /dev/null @@ -1,2 +0,0 @@ -ingress: - enabled: true diff --git a/bitnami/kong/ci/values-metrics-hpa-pdb.yaml b/bitnami/kong/ci/values-metrics-hpa-pdb.yaml deleted file mode 100644 index b5177a0..0000000 --- a/bitnami/kong/ci/values-metrics-hpa-pdb.yaml +++ /dev/null @@ -1,7 +0,0 @@ -metrics: - enabled: true -autoscaling: - enabled: true - -pdb: - enabled: true diff --git a/bitnami/kong/crds/custom-resource-definitions.yaml b/bitnami/kong/crds/custom-resource-definitions.yaml deleted file mode 100644 index 33ec280..0000000 --- a/bitnami/kong/crds/custom-resource-definitions.yaml +++ /dev/null @@ -1,426 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: kongconsumers.configuration.konghq.com -spec: - group: configuration.konghq.com - version: v1 - scope: Namespaced - names: - kind: KongConsumer - plural: kongconsumers - shortNames: - - kc - additionalPrinterColumns: - - name: Username - type: string - description: Username of a Kong Consumer - JSONPath: .username - - name: Age - type: date - description: Age - JSONPath: .metadata.creationTimestamp - validation: - openAPIV3Schema: - properties: - username: - type: string - custom_id: - type: string - credentials: - type: array - items: - type: string - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: kongplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - version: v1 - scope: Namespaced - names: - kind: KongPlugin - plural: kongplugins - shortNames: - - kp - additionalPrinterColumns: - - name: Plugin-Type - type: string - description: Name of the plugin - JSONPath: .plugin - - name: Age - type: date - description: Age - JSONPath: .metadata.creationTimestamp - - name: Disabled - type: boolean - description: Indicates if the plugin is disabled - JSONPath: .disabled - priority: 1 - - name: Config - type: string - description: Configuration of the plugin - JSONPath: .config - priority: 1 - validation: - openAPIV3Schema: - required: - - plugin - properties: - plugin: - type: string - disabled: - type: boolean - config: - type: object - configFrom: - type: object - properties: - secretKeyRef: - required: - - name - - key - type: object - properties: - name: - type: string - key: - type: string - run_on: - type: string - enum: - - first - - second - - all - protocols: - type: array - items: - type: string - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: kongclusterplugins.configuration.konghq.com -spec: - group: configuration.konghq.com - version: v1 - scope: Cluster - names: - kind: KongClusterPlugin - plural: kongclusterplugins - shortNames: - - kcp - additionalPrinterColumns: - - name: Plugin-Type - type: string - description: Name of the plugin - JSONPath: .plugin - - name: Age - type: date - description: Age - JSONPath: .metadata.creationTimestamp - - name: Disabled - type: boolean - description: Indicates if the plugin is disabled - JSONPath: .disabled - priority: 1 - - name: Config - type: string - description: Configuration of the plugin - JSONPath: .config - priority: 1 - validation: - openAPIV3Schema: - required: - - plugin - properties: - plugin: - type: string - disabled: - type: boolean - config: - type: object - configFrom: - type: object - properties: - secretKeyRef: - required: - - name - - namespace - - key - type: object - properties: - namespace: - type: string - name: - type: string - key: - type: string - run_on: - type: string - enum: - - first - - second - - all - protocols: - type: array - items: - type: string - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: kongingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - version: v1 - scope: Namespaced - names: - kind: KongIngress - plural: kongingresses - shortNames: - - ki - validation: - openAPIV3Schema: - properties: - route: - properties: - methods: - type: array - items: - type: string - headers: - type: object - additionalProperties: - type: array - items: - type: string - regex_priority: - type: integer - strip_path: - type: boolean - preserve_host: - type: boolean - path_handling: - type: string - enum: - - "v0" - - "v1" - protocols: - type: array - items: - type: string - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - https_redirect_status_code: - type: integer - proxy: - type: object - properties: - protocol: - type: string - enum: - - http - - https - - grpc - - grpcs - - tcp - - tls - path: - type: string - pattern: ^/.*$ - retries: - type: integer - minimum: 0 - connect_timeout: - type: integer - minimum: 0 - read_timeout: - type: integer - minimum: 0 - write_timeout: - type: integer - minimum: 0 - upstream: - type: object - properties: - algorithm: - type: string - enum: - - "round-robin" - - "consistent-hashing" - - "least-connections" - host_header: - type: string - hash_on: - type: string - hash_on_cookie: - type: string - hash_on_cookie_path: - type: string - hash_on_header: - type: string - hash_fallback_header: - type: string - hash_fallback: - type: string - slots: - type: integer - minimum: 10 - healthchecks: - type: object - properties: - threshold: - type: integer - active: - type: object - properties: - concurrency: - type: integer - minimum: 1 - timeout: - type: integer - minimum: 0 - http_path: - type: string - pattern: ^/.*$ - healthy: &healthy - type: object - properties: - http_statuses: - type: array - items: - type: integer - interval: - type: integer - minimum: 0 - successes: - type: integer - minimum: 0 - unhealthy: &unhealthy - type: object - properties: - http_failures: - type: integer - minimum: 0 - http_statuses: - type: array - items: - type: integer - interval: - type: integer - minimum: 0 - tcp_failures: - type: integer - minimum: 0 - timeout: - type: integer - minimum: 0 - passive: - type: object - properties: - healthy: *healthy - unhealthy: *unhealthy - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: tcpingresses.configuration.konghq.com -spec: - group: configuration.konghq.com - version: v1beta1 - scope: Namespaced - names: - kind: TCPIngress - plural: tcpingresses - additionalPrinterColumns: - - name: Address - type: string - description: Address of the load balancer - JSONPath: .status.loadBalancer.ingress[*].ip - - name: Age - type: date - description: Age - JSONPath: .metadata.creationTimestamp - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - properties: - tls: - type: array - items: - type: object - properties: - hosts: - type: array - items: - type: string - secretName: - type: string - rules: - type: array - items: - type: object - properties: - host: - type: string - port: - type: integer - format: int32 - backend: - type: object - properties: - serviceName: - type: string - servicePort: - format: int32 - type: integer - status: - type: object - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/kong/templates/NOTES.txt b/bitnami/kong/templates/NOTES.txt deleted file mode 100644 index 7f6ecc1..0000000 --- a/bitnami/kong/templates/NOTES.txt +++ /dev/null @@ -1,116 +0,0 @@ -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/bitnami/scripts/kong/entrypoint.sh /opt/bitnami/scripts/kong/run.sh - -{{- else }} - -{{- if .Values.ingress.enabled }} - Kong URL(s): -{{- if .Values.ingress.hostname }} - - http://{{ .Values.ingress.hostname }} -{{- end }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - - http://{{ $host.name }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - - Get the Kubernetes node IP by using the following command - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - - Access the Kong proxy by using the following commands - - export PROXY_NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) - echo http://$NODE_IP:$PROXY_NODE_PORT - - {{- if .Values.service.exposeAdmin }} - - Access the Kong admin by using the following commands - - export ADMIN_NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[2].nodePort}" services {{ include "common.names.fullname" . }}) - echo http://$NODE_IP:$ADMIN_NODE_PORT - - {{- end }} -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.proxyHttpPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - - Access the Kong proxy by using the following commands - - echo "Browse to http://127.0.0.1:8000" - kubectl port-forward svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.proxyHttpPort }} & - - Access the Kong admin by using the following commands - - echo "Browse to http://127.0.0.1:8001" - {{- if .Values.service.exposeAdmin }} - kubectl port-forward svc/{{ include "common.names.fullname" . }} 8001:{{ .Values.service.adminHttpPort }} & - {{- else }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name:{{ include "common.names.name" . }},app.kubernetes.io/instance:{{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - - kubectl port-forward pod/$POD_NAME 8001:8001 & - {{- end }} -{{- end }} - -{{- if .Values.ingressController.enabled }} - - The Kong Ingress Controller was deployed as part of the Kong pods. The following objects are available in the Kubernetes API: - - kubectl get kongconsumers - kubectl get kongcredentials - kubectl get kongingresses - kubectl get kongplugins - -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- if .Values.ingressController.enabled }} -{{- include "common.warnings.rollingTag" .Values.ingressController.image }} -{{- end }} - -{{- $passwordValidationErrors := list }} - -If you want to upgrade the installation you will need to re-set the database credentials. Execute the following command -{{- if eq .Values.database "postgresql" }} -{{- $dbSecretName := include "kong.postgresql.secretName" . -}} -{{- $dbPasswordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" $dbSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $dbPasswordValidationErrors -}} - - kubectl get secret --namespace {{ .Release.Namespace }} {{ include "kong.postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode -{{- else }} - {{- $dbSecretName := include "kong.cassandra.secretName" . -}} - {{- $dbPasswordValidationErrors := include "common.validations.values.cassandra.passwords" (dict "secret" $dbSecretName "subchart" true "context" $) -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $dbPasswordValidationErrors -}} - - kubectl get secret --namespace {{ .Release.Namespace }} {{ include "kong.cassandra.secretName" . }} -o jsonpath="{.data.cassandra-password}" | base64 --decode -{{- end }} - -{{- if .Values.service.exposeAdmin }} - -WARNING: You made the Kong admin {{ if contains "ClusterIP" .Values.service.type }}accessible from other pods in the cluster{{ else }}externally accessible{{- end }}. We do not recommend this configuration in production. For accessing the admin, using pod port-forwarding or using the Kong Ingress Controller is preferred. -{{- end }} - -{{ include "kong.validateValues" . }} -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} -{{- end }} diff --git a/bitnami/kong/templates/_helpers.tpl b/bitnami/kong/templates/_helpers.tpl deleted file mode 100644 index 67b5ea3..0000000 --- a/bitnami/kong/templates/_helpers.tpl +++ /dev/null @@ -1,217 +0,0 @@ -{{/* -Return the proper kong image name -*/}} -{{- define "kong.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper kong image name -*/}} -{{- define "kong.ingress-controller.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.ingressController.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper kong migration image name -*/}} -{{- define "kong.migration.image" -}} -{{- if .Values.migration.image -}} -{{ include "common.images.image" (dict "imageRoot" .Values.migration.image "global" .Values.global) }} -{{- else -}} -{{- template "kong.image" . -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "kong.postgresql.fullname" -}} -{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "kong.cassandra.fullname" -}} -{{- printf "%s-%s" .Release.Name "cassandra" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Get Cassandra port -*/}} -{{- define "kong.cassandra.port" -}} -{{- if .Values.cassandra.enabled -}} -{{- .Values.cassandra.service.port -}} -{{- else -}} -{{- .Values.cassandra.external.port -}} -{{- end -}} -{{- end -}} - -{{/* -Get Cassandra contact points -*/}} -{{- define "kong.cassandra.contactPoints" -}} -{{- $global := . -}} -{{- if .Values.cassandra.enabled -}} - {{- $replicas := int .Values.cassandra.cluster.replicaCount -}} - {{- $domain := .Values.clusterDomain -}} - {{- range $i, $e := until $replicas }} - {{- include "kong.cassandra.fullname" $global }}-{{ $i }}.{{ include "kong.cassandra.fullname" $global }}-headless.{{ $global.Release.Namespace }}.svc.{{ $domain }} - {{- if (lt ( add1 $i ) $replicas ) -}} - , - {{- end -}} - {{- end -}} -{{- else -}} - {{- $replicas := len .Values.cassandra.external.hosts -}} - {{- range $i, $e := until $replicas }} - {{- index $global.Values.cassandra.external.hosts $i -}} - {{- if (lt ( add1 $i ) $replicas ) -}} - , - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Get PostgreSQL host -*/}} -{{- define "kong.postgresql.host" -}} -{{- if .Values.postgresql.enabled -}} - {{- template "kong.postgresql.fullname" . -}} -{{- else -}} - {{ .Values.postgresql.external.host }} -{{- end -}} -{{- end -}} - -{{/* -Get PostgreSQL user -*/}} -{{- define "kong.postgresql.user" -}} -{{- if .Values.postgresql.enabled -}} - {{- .Values.postgresql.postgresqlUsername -}} -{{- else -}} - {{ .Values.postgresql.external.user }} -{{- end -}} -{{- end -}} - -{{/* -Get Cassandra user -*/}} -{{- define "kong.cassandra.user" -}} -{{- if .Values.postgresql.enabled -}} - {{- .Values.cassandra.dbUser.user -}} -{{- else -}} - {{ .Values.cassandra.external.user }} -{{- end -}} -{{- end -}} - -{{/* -Get Cassandra secret -*/}} -{{- define "kong.cassandra.secretName" -}} -{{- if .Values.cassandra.existingSecret -}} - {{- .Values.cassandra.existingSecret -}} -{{- else if .Values.cassandra.enabled }} - {{- template "kong.cassandra.fullname" . -}} -{{- else -}} - {{- printf "%s-external-secret" ( include "common.names.fullname" . ) -}} -{{- end -}} -{{- end -}} - -{{/* -Get PostgreSQL secret -*/}} -{{- define "kong.postgresql.secretName" -}} -{{- if .Values.postgresql.existingSecret -}} - {{- .Values.postgresql.existingSecret -}} -{{- else if .Values.postgresql.enabled }} - {{- template "kong.postgresql.fullname" . -}} -{{- else -}} - {{- printf "%s-external-secret" ( include "common.names.fullname" . ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "kong.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.ingressController.image) "global" .Values.global) }} -{{- end -}} - -{{/* -Return true if a secret for a external database should be created -*/}} -{{- define "kong.createExternalDBSecret" -}} -{{- if and (not .Values.postgresql.enabled) (not .Values.cassandra.enabled) (not .Values.cassandra.existingSecret) (not .Values.postgresql.existingSecret) -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get proper service account -*/}} -{{- define "kong.serviceAccount" -}} -{{- if .Values.ingressController.rbac.existingServiceAccount -}} -{{ .Values.ingressController.rbac.existingServiceAccount }} -{{- else -}} -{{- include "common.names.fullname" . -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values for kong. -*/}} -{{- define "kong.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "kong.validateValues.database" .) -}} -{{- $messages := append $messages (include "kong.validateValues.rbac" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Function to validate the RBAC -*/}} -{{- define "kong.validateValues.rbac" -}} -{{- if and .Values.ingressController.enabled (not .Values.ingressController.rbac.existingServiceAccount) (not .Values.ingressController.rbac.create) -}} -INVALID RBAC: You enabled the Kong Ingress Controller sidecar without creating RBAC objects and not -specifying an existing Service Account. Specify an existing Service Account in ingressController.rbac.existingServiceAccount -or allow the chart to create the proper RBAC objects with ingressController.rbac.create -{{- end -}} -{{- end -}} -{{/* -Function to validate the external database -*/}} -{{- define "kong.validateValues.database" -}} - -{{- if and (not (eq .Values.database "postgresql")) (not (eq .Values.database "cassandra")) -}} -INVALID DATABASE: The value "{{ .Values.database }}" is not allowed for the "database" value. It -must be one either "postgresql" or "cassandra". -{{- end }} - -{{- if and (eq .Values.database "postgresql") (not .Values.postgresql.enabled) (not .Values.postgresql.external.host) -}} -NO DATABASE: You disabled the Cassandra sub-chart but did not specify external Cassandra hosts. Either deploy the PostgreSQL sub-chart by setting cassandra.enabled=true or set a value for cassandra.external.hosts. -{{- end }} - -{{- if and (eq .Values.database "postgresql") (not .Values.postgresql.enabled) (not .Values.postgresql.external.host) -}} -NO DATABASE: You disabled the PostgreSQL sub-chart but did not specify an external PostgreSQL host. Either deploy the PostgreSQL sub-chart by setting postgresql.enabled=true or set a value for postgresql.external.host. -{{- end }} - - -{{- if and (eq .Values.database "postgresql") .Values.postgresql.enabled .Values.postgresql.external.host -}} -CONFLICT: You specified to deploy the PostgreSQL sub-chart and also specified an external -PostgreSQL instance. Only one of postgresql.enabled (deploy sub-chart) and postgresql.external.host can be set -{{- end }} - -{{- if and (eq .Values.database "cassandra") .Values.cassandra.enabled .Values.cassandra.external.hosts -}} -CONFLICT: You specified to deploy the Cassandra sub-chart and also specified external -Cassandra hosts. Only one of cassandra.enabled (deploy sub-chart) and cassandra.external.hosts can be set -{{- end }} -{{- end -}} diff --git a/bitnami/kong/templates/dep-ds.yaml b/bitnami/kong/templates/dep-ds.yaml deleted file mode 100644 index d33e7b9..0000000 --- a/bitnami/kong/templates/dep-ds.yaml +++ /dev/null @@ -1,373 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -{{- if .Values.useDaemonset }} -kind: DaemonSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if not .Values.useDaemonset }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: server - {{- if .Values.updateStrategy }} - {{- if .Values.useDaemonset }} - updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- else }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: server - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "kong.createExternalDBSecret" .) }} - checksum/secret: {{ include (print $.Template.BasePath "/external-database-secret.yaml") . | sha256sum }} - {{- end }} - checksum/configmap-kong: {{ include (print $.Template.BasePath "/kong-script-configmap.yaml") . | sha256sum }} - {{- if .Values.metrics.enabled }} - checksum/configmap-metrics-plugin: {{ include (print $.Template.BasePath "/metrics-script-configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.ingressController.enabled }} - serviceAccountName: {{ include "kong.serviceAccount" . }} - {{- end }} - {{- if .Values.podSecurityContext }} - securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{- include "kong.imagePullSecrets" . | nindent 6 }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "server" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "server" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: kong - image: {{ template "kong.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.containerSecurityContext }} - securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.kong.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.kong.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.kong.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.kong.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if .Values.service.exposeAdmin }} - - name: KONG_ADMIN_LISTEN_ADDRESS - value: "0.0.0.0" - {{- end }} - {{- if (eq .Values.database "postgresql") }} - - name: KONG_DATABASE - value: "postgres" - {{- if .Values.postgresql.usePasswordFile }} - - name: KONG_POSTGRESQL_PASSWORD_FILE - value: "/bitnami/kong/secrets/postgresql-password" - {{- else }} - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "kong.postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: KONG_PG_HOST - value: {{ include "kong.postgresql.host" . }} - - name: KONG_PG_USER - value: {{ include "kong.postgresql.user" . }} - {{- end }} - {{- if (eq .Values.database "cassandra") }} - - name: KONG_DATABASE - value: "cassandra" - {{- if .Values.cassandra.usePasswordFile }} - - name: KONG_CASSANDRA_PASSWORD_FILE - value: "/bitnami/kong/secrets/cassandra-password" - {{- else }} - - name: KONG_CASSANDRA_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "kong.cassandra.secretName" . }} - key: cassandra-password - {{- end }} - - name: KONG_CASSANDRA_CONTACT_POINTS - value: {{ include "kong.cassandra.contactPoints" . }} - - name: KONG_CASSANDRA_PORT - value: {{ include "kong.cassandra.port" . | quote }} - - name: KONG_CASSANDRA_USER - value: {{ include "kong.cassandra.user" . | quote }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: KONG_NGINX_HTTP_INCLUDE - value: "/bitnami/kong/metrics-exporter/exporter.conf" - {{- end }} - {{- if .Values.kong.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.kong.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.kong.extraEnvVarsCM .Values.kong.extraEnvVarsSecret }} - envFrom: - {{- if .Values.kong.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.kong.extraEnvVarsCM }} - {{- end }} - {{- if .Values.kong.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.kong.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: http-proxy - containerPort: 8000 - protocol: TCP - - name: https-proxy - containerPort: 8443 - protocol: TCP - - name: http-admin - containerPort: 8001 - protocol: TCP - - name: https-admin - containerPort: 8444 - protocol: TCP - {{- if .Values.metrics.enabled }} - - name: http-metrics - containerPort: {{ .Values.metrics.service.port }} - protocol: TCP - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.kong.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - /bin/bash - - -ec - - /health/kong-container-health.sh - initialDelaySeconds: {{ .Values.kong.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.kong.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.kong.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.kong.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.kong.livenessProbe.successThreshold }} - {{- else if .Values.kong.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kong.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.kong.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - /bin/bash - - -ec - - /health/kong-container-health.sh - initialDelaySeconds: {{ .Values.kong.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.kong.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.kong.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.kong.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.kong.readinessProbe.successThreshold }} - {{- else if .Values.kong.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kong.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if not .Values.kong.lifecycleHooks }} - lifecycle: - preStop: - exec: - command: - - /bin/sh - - -c - - kong quit - {{ else }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kong.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.kong.resources }} - resources: {{- toYaml .Values.kong.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: health - mountPath: /health - {{- if .Values.metrics.enabled }} - - name: metrics-init-scripts - mountPath: /docker-entrypoint-initdb.d/metrics-init - - name: metrics-server-block - mountPath: "/bitnami/kong/metrics-exporter" - {{ end }} - {{- if .Values.kong.initScriptsCM }} - - name: custom-init-scripts-cm - mountPath: /docker-entrypoint-initdb.d/cm - {{- end }} - {{- if .Values.kong.initScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/secret - {{- end }} - {{- if .Values.kong.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.kong.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.ingressController.enabled }} - - name: kong-ingress-controller - image: {{ template "kong.ingress-controller.image" . }} - imagePullPolicy: {{ .Values.ingressController.image.pullPolicy }} - {{- if .Values.containerSecurityContext }} - securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.ingressController.args }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.ingressController.command "context" $) | nindent 12 }} - {{- else }} - command: - - bash - - -ec - - /health/ingress-container-start.sh - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.ingressController.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.ingressController.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: CONTROLLER_KONG_ADMIN_URL - value: http://127.0.0.1:8001 - - name: CONTROLLER_PUBLISH_SERVICE - value: {{ printf "%s/%s" .Release.Namespace (include "common.names.fullname" .) | quote }} - - name: CONTROLLER_INGRESS_CLASS - value: {{ .Values.ingressController.ingressClass }} - - name: CONTROLLER_ELECTION_ID - value: {{ printf "kong-ingress-controller-leader-%s" .Values.ingressController.ingressClass }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.ingressController.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingressController.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.ingressController.extraEnvVarsCM .Values.ingressController.extraEnvVarsSecret }} - envFrom: - {{- if .Values.ingressController.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.ingressController.extraEnvVarsCM }} - {{- end }} - {{- if .Values.ingressController.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.ingressController.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: http-health - containerPort: 10254 - protocol: TCP - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.ingressController.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: "/healthz" - port: http-health - scheme: HTTP - initialDelaySeconds: {{ .Values.ingressController.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.ingressController.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.ingressController.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.ingressController.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.ingressController.livenessProbe.successThreshold }} - {{- else if .Values.ingressController.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ingressController.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.ingressController.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: "/healthz" - port: http-health - scheme: HTTP - initialDelaySeconds: {{ .Values.ingressController.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.ingressController.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.ingressController.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.ingressController.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.ingressController.readinessProbe.successThreshold }} - {{- else if .Values.ingressController.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.ingressController.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.ingressController.resources }} - resources: {{- toYaml .Values.ingressController.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: health - mountPath: /health - {{- if .Values.ingressController.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingressController.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: health - configMap: - name: {{ template "common.names.fullname" . }}-scripts - defaultMode: 0755 - {{- if .Values.metrics.enabled }} - - name: metrics-init-scripts - configMap: - name: {{ template "common.names.fullname" . }}-metrics-scripts - defaultMode: 0755 - - name: metrics-server-block - configMap: - name: {{ template "common.names.fullname" . }}-metrics-exporter - {{- end }} - {{- if .Values.kong.initScriptsCM }} - - name: custom-init-scripts-cm - configMap: - name: {{ .Values.kong.initScriptsCM }} - defaultMode: 0755 - {{- end }} - {{- if .Values.kong.initScriptsSecret }} - - name: custom-init-scripts-secret - secret: - secretName: {{ .Values.kong.initScriptsSecret }} - defaultMode: 0755 - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/kong/templates/external-database-secret.yaml b/bitnami/kong/templates/external-database-secret.yaml deleted file mode 100644 index 35755dc..0000000 --- a/bitnami/kong/templates/external-database-secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if (include "kong.createExternalDBSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-external-secret - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.cassandra.external.password }} - cassandra-password: {{ .Values.cassandra.external.password | b64enc | quote }} - {{- end }} - {{- if .Values.postgresql.external.password }} - postgresql-password: {{ .Values.postgresql.external.password | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/bitnami/kong/templates/hpa.yaml b/bitnami/kong/templates/hpa.yaml deleted file mode 100644 index 9b3abb6..0000000 --- a/bitnami/kong/templates/hpa.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: {{ .Values.autoscaling.apiVersion }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ include "common.names.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- include "common.tplvalues.render" (dict "value" .Values.autoscaling.metrics "context" $) | nindent 4 }} -{{- end }} diff --git a/bitnami/kong/templates/ingress-controller-rbac.yaml b/bitnami/kong/templates/ingress-controller-rbac.yaml deleted file mode 100644 index 0ecac22..0000000 --- a/bitnami/kong/templates/ingress-controller-rbac.yaml +++ /dev/null @@ -1,187 +0,0 @@ -{{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - "kong-ingress-controller-leader-{{ .Values.ingressController.ingressClass }}-{{ .Values.ingressController.ingressClass }}" - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kong.serviceAccount" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} -rules: - - apiGroups: - - "" - resources: - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - apiGroups: - - "extensions" - - "networking.k8s.io" - - "networking.internal.knative.dev" - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - "extensions" - - "networking.k8s.io" - - "networking.internal.knative.dev" - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - "configuration.konghq.com" - resources: - - tcpingresses/status - verbs: - - update - - apiGroups: - - "configuration.konghq.com" - resources: - - kongplugins - - kongclusterplugins - - kongcredentials - - kongconsumers - - kongingresses - - tcpingresses - verbs: - - get - - list - - watch ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kong.serviceAccount" . }} - namespace: {{ .Release.Namespace }} ---- -{{- if not .Values.ingressController.rbac.existingServiceAccount }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/bitnami/kong/templates/ingress.yaml b/bitnami/kong/templates/ingress.yaml deleted file mode 100644 index 4a594d3..0000000 --- a/bitnami/kong/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $backendPort := ternary "https-proxy" "http-proxy" .Values.service.disableHttpPort }} -apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" $backendPort "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" $backendPort "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/kong/templates/kong-prometheus-role.yaml b/bitnami/kong/templates/kong-prometheus-role.yaml deleted file mode 100644 index 36e85ef..0000000 --- a/bitnami/kong/templates/kong-prometheus-role.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "common.names.fullname" . }}-prometheus - namespace: {{ .Release.Namespace }} -rules: -- apiGroups: [""] - resources: ["endpoints", "services", "pods"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/bitnami/kong/templates/kong-prometheus-rolebinding.yaml b/bitnami/kong/templates/kong-prometheus-rolebinding.yaml deleted file mode 100644 index ce4cb8b..0000000 --- a/bitnami/kong/templates/kong-prometheus-rolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "common.names.fullname" . }}-prometheus - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "common.names.fullname" . }}-prometheus -subjects: - {{- if .Values.metrics.serviceMonitor.namespace }} - - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- else }} - - namespace: {{ .Release.Namespace }} - {{- end }} - kind: ServiceAccount - name: {{ required "A valid .Values.metrics.serviceMonitor.serviceAccount entry required!" .Values.metrics.serviceMonitor.serviceAccount }} -{{- end }} diff --git a/bitnami/kong/templates/kong-script-configmap.yaml b/bitnami/kong/templates/kong-script-configmap.yaml deleted file mode 100644 index d20d873..0000000 --- a/bitnami/kong/templates/kong-script-configmap.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-scripts - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - kong-container-health.sh: |- - #!/bin/bash - - set -o errexit - set -o nounset - set -o pipefail - - # Load libraries - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/libkong.sh - - # Load Kong environment variables - eval "$(kong_env)" - - is_kong_running - - ingress-container-wait-for-kong.sh: |- - #!/bin/bash - - echo "Waiting for the Kong container to be ready" - if wait-for-port --timeout={{ .Values.ingressController.proxyReadyTimeout }} --host=127.0.0.1 --state=inuse 8000; then - echo "Kong container ready" - else - echo "Kong not ready after {{ .Values.ingressController.proxyReadyTimeout }} seconds" - exit 1 - fi - - ingress-container-start.sh: |- - #!/bin/bash - - . /health/ingress-container-wait-for-kong.sh - - kong-ingress-controller diff --git a/bitnami/kong/templates/metrics-exporter-configmap.yaml b/bitnami/kong/templates/metrics-exporter-configmap.yaml deleted file mode 100644 index fd99ceb..0000000 --- a/bitnami/kong/templates/metrics-exporter-configmap.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.metrics.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-metrics-exporter - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - exporter.conf: |- - # Prometheus metrics - server { - server_name kong_prometheus_exporter; - listen 0.0.0.0:{{ .Values.metrics.service.port }}; - access_log off; - location /metrics { - default_type text/plain; - content_by_lua_block { - local prometheus = require "kong.plugins.prometheus.exporter" - prometheus:collect() - } - } - } -{{- end }} diff --git a/bitnami/kong/templates/metrics-script-configmap.yaml b/bitnami/kong/templates/metrics-script-configmap.yaml deleted file mode 100644 index e38816c..0000000 --- a/bitnami/kong/templates/metrics-script-configmap.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if .Values.metrics.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-metrics-scripts - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - enable-metrics-plugin.sh: |- - #!/bin/bash - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/libkong.sh - - info "Enabling prometheus plugin" - - if curl --silent http://localhost:8001/ | grep -Eo '"prometheus":false' > /dev/null; then - if ! curl --silent http://localhost:8001/plugins -d name=prometheus; then - info "Issue enabling prometheus plugin, this could be due to a race condition with another kong node. Checking status" - fi - if curl http://localhost:8001/ | grep -Eo '"prometheus":true' > /dev/null; then - info "Prometheus metrics plugin enabled" - else - error "Error enabling Prometheus plugin" - exit 1 - fi - else - info "Prometheus plugin already enabled" - fi -{{- end }} diff --git a/bitnami/kong/templates/metrics-service.yaml b/bitnami/kong/templates/metrics-service.yaml deleted file mode 100644 index ea30093..0000000 --- a/bitnami/kong/templates/metrics-service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-metrics - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") (not (empty .Values.metrics.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - port: {{ .Values.metrics.service.port }} - targetPort: http-metrics - protocol: TCP - name: http-metrics - {{- if and (or (eq .Values.metrics.service.type "NodePort") (eq .Values.metrics.service.type "LoadBalancer")) (not (empty .Values.metrics.service.nodePort)) }} - nodePort: {{ .Values.metrics.service.nodePort }} - {{- else if eq .Values.metrics.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: server diff --git a/bitnami/kong/templates/migrate-job.yaml b/bitnami/kong/templates/migrate-job.yaml deleted file mode 100644 index 3fdf2ee..0000000 --- a/bitnami/kong/templates/migrate-job.yaml +++ /dev/null @@ -1,113 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.names.fullname" . }}-migrate - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.migration.annotations "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: migration - annotations: - {{- if .Values.migration.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.migration.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "kong.imagePullSecrets" . | nindent 6 }} - restartPolicy: OnFailure - {{- if .Values.podSecurityContext }} - securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.podSecurityContext "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.migration.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.migration.hostAliases "context" $) | nindent 8 }} - {{- end }} - containers: - - name: kong-migrate - image: {{ template "kong.migration.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.migration.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.migration.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.migration.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.migration.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext }} - securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - env: - - name: KONG_MIGRATE - value: "yes" - - name: KONG_EXIT_AFTER_MIGRATE - value: "yes" - {{- if (eq .Values.database "postgresql") }} - - name: KONG_DATABASE - value: "postgres" - {{- if .Values.postgresql.usePasswordFile }} - - name: KONG_POSTGRESQL_PASSWORD_FILE - value: "/bitnami/kong/secrets/postgresql-password" - {{- else }} - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "kong.postgresql.secretName" . }} - key: postgresql-password - {{- end }} - - name: KONG_PG_HOST - value: {{ include "kong.postgresql.host" . }} - - name: KONG_PG_USER - value: {{ include "kong.postgresql.user" . }} - {{- end }} - {{- if (eq .Values.database "cassandra") }} - - name: KONG_DATABASE - value: "cassandra" - {{- if .Values.cassandra.usePasswordFile }} - - name: KONG_CASSANDRA_PASSWORD_FILE - value: "/bitnami/kong/secrets/cassandra-password" - {{- else }} - - name: KONG_CASSANDRA_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "kong.cassandra.secretName" . }} - key: cassandra-password - {{- end }} - - name: KONG_CASSANDRA_CONTACT_POINTS - value: {{ include "kong.cassandra.contactPoints" . }} - - name: KONG_CASSANDRA_PORT - value: {{ include "kong.cassandra.port" . | quote }} - - name: KONG_CASSANDRA_USER - value: {{ include "kong.cassandra.user" . | quote }} - {{- end }} - {{- if .Values.migration.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.migration.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.migration.extraEnvVarsCM .Values.migration.extraEnvVarsSecret }} - envFrom: - {{- if .Values.migration.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.migration.extraEnvVarsCM }} - {{- end }} - {{- if .Values.migration.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.migration.extraEnvVarsSecret }} - {{- end }} - {{- end }} - {{- if .Values.migration.extraVolumeMounts }} - volumeMounts: - {{- include "common.tplvalues.render" (dict "value" .Values.migration.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.migration.resources }} - resources: {{- toYaml .Values.migration.resources | nindent 12 }} - {{- end }} - {{- if .Values.extraVolumes }} - volumes: - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 6 }} - {{- end }} diff --git a/bitnami/kong/templates/pdb.yaml b/bitnami/kong/templates/pdb.yaml deleted file mode 100644 index 61a43a0..0000000 --- a/bitnami/kong/templates/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.pdb.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/bitnami/kong/templates/service.yaml b/bitnami/kong/templates/service.yaml deleted file mode 100644 index 209af54..0000000 --- a/bitnami/kong/templates/service.yaml +++ /dev/null @@ -1,78 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.externalTrafficPolicy)) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} - {{- end }} - {{- if not (empty .Values.service.clusterIP) }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - {{- if not .Values.service.disableHttpPort }} - - port: {{ .Values.service.proxyHttpPort }} - targetPort: http-proxy - protocol: TCP - name: http-proxy - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.proxyHttpNodePort)) }} - nodePort: {{ .Values.service.proxyHttpNodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- end }} - - port: {{ .Values.service.proxyHttpsPort }} - targetPort: https-proxy - protocol: TCP - name: https-proxy - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.proxyHttpsNodePort)) }} - nodePort: {{ .Values.service.proxyHttpsNodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.exposeAdmin }} - {{- if not .Values.service.disableHttpPort }} - - port: {{ .Values.service.adminHttpPort }} - targetPort: http-admin - protocol: TCP - name: http-admin - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.adminHttpNodePort)) }} - nodePort: {{ .Values.service.adminHttpNodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- end }} - - port: {{ .Values.service.adminHttpsPort }} - targetPort: https-admin - protocol: TCP - name: https-admin - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.adminHttpsNodePort)) }} - nodePort: {{ .Values.service.adminHttpsNodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: server diff --git a/bitnami/kong/templates/servicemonitor.yaml b/bitnami/kong/templates/servicemonitor.yaml deleted file mode 100644 index 66baec8..0000000 --- a/bitnami/kong/templates/servicemonitor.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - endpoints: - - port: metrics - path: "/metrics" - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kong/templates/tls-secrets.yaml b/bitnami/kong/templates/tls-secrets.yaml deleted file mode 100644 index 3c187ea..0000000 --- a/bitnami/kong/templates/tls-secrets.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- else if and .Values.ingress.tls (not .Values.ingress.certManager) }} -{{- $ca := genCA "kong-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/kong/values.yaml b/bitnami/kong/values.yaml deleted file mode 100644 index 8d62a3d..0000000 --- a/bitnami/kong/values.yaml +++ /dev/null @@ -1,776 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override kong.fullname template with a string (will prepend the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override kong.fullname template with a string -## -fullnameOverride: "" -## @param commonAnnotations Common annotations to add to all Kong resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels Common labels to add to all Kong resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param clusterDomain Kubernetes cluster domain -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). -## -extraDeploy: [] - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @section Deployment parameters - -## Bitnami kong image version -## ref: https://hub.docker.com/r/bitnami/kong/tags/ -## @param image.registry kong image registry -## @param image.repository kong image repository -## @param image.tag kong image tag (immutable tags are recommended) -## @param image.pullPolicy kong image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/kong - tag: 2.6.0-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false -## @param database Select which database backend Kong will use. Can be 'postgresql' or 'cassandra' -## -database: postgresql -## @param replicaCount Number of replicas of the kong Pod -## -replicaCount: 2 -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param updateStrategy.type Set up update strategy for kong installation. Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to makesure the pods is destroyed first. -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## Example: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate -## @param schedulerName Alternative scheduler -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param useDaemonset Use a daemonset instead of a deployment. `replicaCount` will not take effect. -## -useDaemonset: false -## @param extraVolumes Array of extra volumes to be added to the Kong deployment deployment (evaluated as template). Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param initContainers Add additional init containers to the pod (evaluated as a template) -## e.g. -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param sidecars Attach additional containers to the pod (evaluated as a template) -## e.g. -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## SecurityContext configuration -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## @param containerSecurityContext.runAsUser Set Kong container's Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set Kong container's Security Context runAsNonRoot -## -containerSecurityContext: - runAsUser: 1001 - runAsNonRoot: true -## @param podSecurityContext Pod security context -## -podSecurityContext: {} -## @param nodeSelector Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Pod labels -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## Add an horizontal pod autoscaler -## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ -## @param autoscaling.enabled Deploy a HorizontalPodAutoscaler object for the Kong deployment -## @param autoscaling.apiVersion API Version of the HPA object (for compatibility with Openshift) -## @param autoscaling.minReplicas Minimum number of replicas to scale back -## @param autoscaling.maxReplicas Maximum number of replicas to scale out -## @param autoscaling.metrics [array] Metrics to use when deciding to scale the deployment (evaluated as a template) -## -autoscaling: - enabled: false - apiVersion: autoscaling/v2beta1 - minReplicas: 2 - maxReplicas: 5 - metrics: - - type: Resource - resource: - name: cpu - targetAverageUtilization: 80 -## Kong Pod Disruption Budget -## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ -## @param pdb.enabled Deploy a pdb object for the Kong pod -## @param pdb.maxUnavailable Maximum unavailable Kong replicas (expressed in percentage) -## -pdb: - enabled: false - maxUnavailable: "50%" - -## @section Traffic Exposure Parameters - -## Service parameters -## -service: - ## @param service.type Kubernetes Service type - ## - type: ClusterIP - ## @param service.clusterIP Cluster internal IP of the service - ## This is the internal IP address of the service and is usually assigned randomly. - ## ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec - ## - clusterIP: "" - ## @param service.externalTrafficPolicy external traffic policy managing client source IP preservation - ## default to "Cluster" - ## set to "Local" in order to preserve the client source IP (only on service of type LoadBalancer or NodePort) - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - ## - externalTrafficPolicy: "" - ## @param service.proxyHttpPort kong proxy HTTP service port port - ## - proxyHttpPort: 80 - ## @param service.proxyHttpsPort kong proxy HTTPS service port port - ## - proxyHttpsPort: 443 - ## @param service.exposeAdmin Add the Kong Admin ports to the service - ## - exposeAdmin: false - ## @param service.adminHttpPort kong admin HTTPS service port (only if service.exposeAdmin=true) - ## - adminHttpPort: 8001 - ## @param service.adminHttpsPort kong admin HTTPS service port (only if service.exposeAdmin=true) - ## - adminHttpsPort: 8444 - ## @param service.disableHttpPort Disable Kong proxy HTTP and Kong admin HTTP ports - ## - disableHttpPort: false - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## @param service.proxyHttpNodePort Port to bind to for NodePort service type (proxy HTTP) - ## @param service.proxyHttpsNodePort Port to bind to for NodePort service type (proxy HTTPS) - ## @param service.adminHttpNodePort Port to bind to for NodePort service type (admin HTTP) - ## @param service.adminHttpsNodePort Port to bind to for NodePort service type (admin HTTPS) - ## - proxyHttpNodePort: "" - proxyHttpsNodePort: "" - adminHttpNodePort: "" - adminHttpsNodePort: "" - ## @param service.loadBalancerIP loadBalancerIP if kong service type is `LoadBalancer` - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.annotations Annotations for kong service - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] -## Configure the ingress resource that allows you to access the -## Kong installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: kong.local - ## @param ingress.path Ingress path - ## with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Create TLS Secret - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: kong.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Additional arbitrary path/backend objects - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - kong.local - ## secretName: kong.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: kong.local-tls - ## key: - ## certificate: - ## - ## - secrets: [] - -## @section Kong Container Parameters - -kong: - ## @param kong.command Override default container command (useful when using custom images) - ## - command: [] - ## @param kong.args Override default container args (useful when using custom images) - ## - args: [] - ## @param kong.initScriptsCM Configmap with init scripts to execute - ## ConfigMap containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time (evaluated as a template) - ## - initScriptsCM: "" - ## @param kong.initScriptsSecret Configmap with init scripts to execute - ## Secret containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time (that contain sensitive data). Evaluated as a template. - ## - initScriptsSecret: "" - ## @param kong.extraEnvVars Array containing extra env vars to configure Kong - ## For example: - ## extraEnvVars: - ## - name: GF_DEFAULT_INSTANCE_NAME - ## value: my-instance - ## - extraEnvVars: [] - ## @param kong.extraEnvVarsCM ConfigMap containing extra env vars to configure Kong - ## - extraEnvVarsCM: "" - ## @param kong.extraEnvVarsSecret Secret containing extra env vars to configure Kong (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param kong.extraVolumeMounts Array of extra volume mounts to be added to the Kong Container (evaluated as template). Normally used with `extraVolumes`. - ## - extraVolumeMounts: [] - ## @param kong.customLivenessProbe Override default liveness probe (kong container) - ## - customLivenessProbe: {} - ## @param kong.customReadinessProbe Override default readiness probe (kong container) - ## - customReadinessProbe: {} - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param kong.livenessProbe.enabled Enable livenessProbe - ## @param kong.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param kong.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param kong.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param kong.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param kong.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param kong.readinessProbe.enabled Enable readinessProbe - ## @param kong.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param kong.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param kong.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param kong.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param kong.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param kong.lifecycleHooks Lifecycle hooks (kong container) - ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ - ## - lifecycleHooks: {} - ## Container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param kong.resources.limits The resources limits for the container - ## @param kong.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - -## @section Kong Migration job Parameters - -migration: - ## In case you want to use a custom image for Kong migration, set this value - ## image: - ## registry: - ## repository: - ## tag: - ## - ## @param migration.command Override default container command (useful when using custom images) - ## - command: [] - ## @param migration.args Override default container args (useful when using custom images) - ## - args: [] - ## @param migration.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param migration.annotations [object] Add annotations to the job - ## - annotations: - helm.sh/hook: post-install, post-upgrade - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - ## @param migration.extraEnvVars Array containing extra env vars to configure the Kong migration job - ## For example: - ## extraEnvVars: - ## - name: GF_DEFAULT_INSTANCE_NAME - ## value: my-instance - ## - extraEnvVars: [] - ## @param migration.extraEnvVarsCM ConfigMap containing extra env vars to configure the Kong migration job - ## - extraEnvVarsCM: "" - ## @param migration.extraEnvVarsSecret Secret containing extra env vars to configure the Kong migration job (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param migration.extraVolumeMounts Array of extra volume mounts to be added to the Kong Container (evaluated as template). Normally used with `extraVolumes`. - ## - extraVolumeMounts: [] - ## Container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param migration.resources.limits The resources limits for the container - ## @param migration.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - -## @section Kong Ingress Controller Container Parameters - -ingressController: - ## @param ingressController.enabled Enable/disable the Kong Ingress Controller - ## - enabled: true - ## @param ingressController.customResourceDeletePolicy Add custom CRD resource delete policy (for Helm 2 support) - ## - customResourceDeletePolicy: {} - ## @param ingressController.image.registry Kong Ingress Controller image registry - ## @param ingressController.image.repository Kong Ingress Controller image name - ## @param ingressController.image.tag Kong Ingress Controller image tag - ## @param ingressController.image.pullPolicy kong ingress controller image pull policy - ## @param ingressController.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/kong-ingress-controller - tag: 1.3.1-debian-10-r103 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param ingressController.proxyReadyTimeout Maximum time (in seconds) to wait for the Kong container to be ready - ## - proxyReadyTimeout: 300 - ## @param ingressController.rbac.create Create the necessary Service Accounts, Roles and Rolebindings for the Ingress Controller to work - ## @param ingressController.rbac.existingServiceAccount Use an existing service account for all the RBAC operations - ## - rbac: - create: true - existingServiceAccount: "" - ## @param ingressController.ingressClass Name of the class to register Kong Ingress Controller (useful when having other Ingress Controllers in the cluster) - ## - ingressClass: kong - ## @param ingressController.command Override default container command (useful when using custom images) - ## - command: [] - ## @param ingressController.args Override default container args (useful when using custom images) - ## - args: [] - ## @param ingressController.extraEnvVars Array containing extra env vars to configure Kong - ## For example: - ## extraEnvVars: - ## - name: GF_DEFAULT_INSTANCE_NAME - ## value: my-instance - ## - extraEnvVars: [] - ## @param ingressController.extraEnvVarsCM ConfigMap containing extra env vars to configure Kong Ingress Controller - ## - extraEnvVarsCM: "" - ## @param ingressController.extraEnvVarsSecret Secret containing extra env vars to configure Kong Ingress Controller (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param ingressController.extraVolumeMounts Array of extra volume mounts to be added to the Kong Ingress Controller container (evaluated as template). Normally used with `extraVolumes`. - ## - extraVolumeMounts: [] - ## @param ingressController.customLivenessProbe Override default liveness probe (kong ingress controller container) - ## - customLivenessProbe: {} - ## @param ingressController.customReadinessProbe Override default readiness probe (kong ingress controller container) - ## - customReadinessProbe: {} - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param ingressController.livenessProbe.enabled Enable livenessProbe - ## @param ingressController.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param ingressController.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param ingressController.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param ingressController.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param ingressController.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param ingressController.readinessProbe.enabled Enable readinessProbe - ## @param ingressController.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param ingressController.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param ingressController.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param ingressController.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param ingressController.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## Container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param ingressController.resources.limits The resources limits for the container - ## @param ingressController.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - -## @section PostgreSQL Parameters - -## PostgreSQL properties -## -postgresql: - ## @param postgresql.enabled Deploy the PostgreSQL sub-chart - ## - enabled: true - ## @param postgresql.usePasswordFile Mount the PostgreSQL secret as a file - ## - usePasswordFile: false - ## Properties for using an existing PostgreSQL installation - ## - external: - ## @param postgresql.external.host Host of an external PostgreSQL installation - ## - host: "" - ## @param postgresql.external.user Username of the external PostgreSQL installation - ## - user: "" - ## @param postgresql.external.password Password of the external PostgreSQL installation - ## - password: "" - ## @param postgresql.existingSecret Use an existing secret file with the PostgreSQL password (can be used with the bundled chart or with an existing installation) - ## - existingSecret: "" - ## @param postgresql.postgresqlDatabase Database name to be used by Kong - ## - postgresqlDatabase: kong - ## @param postgresql.postgresqlUsername Username to be created by the PostgreSQL bundled chart - ## - postgresqlUsername: kong - -## @section Cassandra Parameters - -## Cassandra properties -## -cassandra: - ## @param cassandra.enabled Deploy the Cassandra sub-chart - ## - enabled: false - ## @param cassandra.dbUser.user Username to be created by the cassandra bundled chart - ## - dbUser: - user: kong - ## @param cassandra.usePasswordFile Mount the Cassandra secret as a file - ## - usePasswordFile: false - ## Properties for using an existing Cassandra installation - ## - external: - ## @param cassandra.external.hosts Hosts of an external cassandra installation - ## e.g: - ## hosts: - ## - host1 - ## - host2 - ## - hosts: [] - ## @param cassandra.external.port Port of an external cassandra installation - ## - port: 9042 - ## @param cassandra.external.user Username of the external cassandra installation - ## - user: "" - ## @param cassandra.external.password Password of the external cassandra installation - ## - password: "" - ## @param cassandra.existingSecret Use an existing secret file with the Cassandra password (can be used with the bundled chart or with an existing installation) - ## - existingSecret: "" - -## @section Metrics Parameters - -## Prometheus metrics -## -metrics: - ## @param metrics.enabled Enable the export of Prometheus metrics - ## - enabled: false - ## Kong metrics service configuration - ## @param metrics.service.annotations [object] Annotations for Prometheus metrics service - ## @param metrics.service.type Type of the Prometheus metrics service - ## @param metrics.service.port Port of the Prometheus metrics service - ## - service: - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.port }}" - prometheus.io/path: "/metrics" - type: ClusterIP - port: 9119 - ## Kong ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## e.g: - ## namespace: monitoring - ## - namespace: "" - ## @param metrics.serviceMonitor.serviceAccount Service account used by Prometheus - ## e.g: - ## serviceAccount: prometheus - ## - serviceAccount: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param metrics.serviceMonitor.rbac.enabled Whether to enable RBAC - ## If RBAC is enabled on the cluster, additional resources will be required so Prometheus can reach kong's namespace - ## - rbac: - enabled: true diff --git a/bitnami/kube-prometheus/Chart.lock b/bitnami/kube-prometheus/Chart.lock deleted file mode 100644 index 15e5fc0..0000000 --- a/bitnami/kube-prometheus/Chart.lock +++ /dev/null @@ -1,12 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -- name: node-exporter - repository: https://charts.bitnami.com/bitnami - version: 2.3.8 -- name: kube-state-metrics - repository: https://charts.bitnami.com/bitnami - version: 2.1.8 -digest: sha256:452f0ea8f1ae9ce63732070a3af6dd2ddb16158d98742a521ea71056a5522781 -generated: "2021-09-24T13:02:07.150434015Z" diff --git a/bitnami/kube-prometheus/Chart.yaml b/bitnami/kube-prometheus/Chart.yaml deleted file mode 100644 index cb6afeb..0000000 --- a/bitnami/kube-prometheus/Chart.yaml +++ /dev/null @@ -1,37 +0,0 @@ -annotations: - category: Analytics -apiVersion: v2 -appVersion: 0.51.0 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x - - condition: exporters.enabled,exporters.node-exporter.enabled - name: node-exporter - repository: https://charts.bitnami.com/bitnami - version: 2.x.x - - condition: exporters.enabled,exporters.kube-state-metrics.enabled - name: kube-state-metrics - repository: https://charts.bitnami.com/bitnami - version: 2.x.x -description: kube-prometheus collects Kubernetes manifests to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/kube-prometheus -icon: https://bitnami.com/assets/stacks/prometheus-operator/img/prometheus-operator-stack-220x234.png -keywords: - - prometheus - - alertmanager - - operator - - monitoring -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: kube-prometheus -sources: - - https://github.com/bitnami/bitnami-docker-prometheus-operator - - https://github.com/bitnami/bitnami-docker-prometheus - - https://github.com/bitnami/bitnami-docker-alertmanager - - https://github.com/prometheus-operator/kube-prometheus -version: 6.1.9 diff --git a/bitnami/kube-prometheus/README.md b/bitnami/kube-prometheus/README.md deleted file mode 100644 index 4e44dd2..0000000 --- a/bitnami/kube-prometheus/README.md +++ /dev/null @@ -1,675 +0,0 @@ -# kube-prometheus - -[kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) collects Kubernetes manifests to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. - -## TL;DR - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/kube-prometheus -``` - -## Introduction - -This chart bootstraps [Prometheus Operator](https://github.com/bitnami/bitnami-docker-prometheus-operator) on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager. - -In the default configuration the chart deploys the following components on the Kubernetes cluster: - -- [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) -- [Prometheus](https://github.com/prometheus/prometheus/) -- [Alertmanager](https://github.com/prometheus/alertmanager) - -**IMPORTANT** - -Only one instance of the Prometheus Operator component should be running in the cluster. If you wish to deploy this chart to **manage multiple instances** of Prometheus in your Kubernetes cluster, you **have to disable** the installation of the Prometheus Operator component using the `operator.enabled=false` chart installation argument. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.16+ -- Helm 3.1.0 - -## Installing the Chart - -Add the `bitnami` charts repo to Helm: - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -``` - -To install the chart with the release name `my-release`: - -```bash -$ helm install my-release bitnami/kube-prometheus -``` - -The command deploys kube-prometheus on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` release: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. Use the flag `--purge` to delete all history too. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `global.labels` | Additional labels to apply to all resources | `{}` | - - -### Common parameters - -| Name | Description | Value | -| ------------------ | ---------------------------------------------------------------------------------------------------------- | ----- | -| `nameOverride` | String to partially override `kube-prometheus.name` template with a string (will prepend the release name) | `""` | -| `fullnameOverride` | String to fully override `kube-prometheus.fullname` template with a string | `""` | - - -### Prometheus Operator Parameters - -| Name | Description | Value | -| ------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----------------------------- | -| `operator.enabled` | Deploy Prometheus Operator to the cluster | `true` | -| `operator.image.registry` | Prometheus Operator image registry | `docker.io` | -| `operator.image.repository` | Prometheus Operator image repository | `bitnami/prometheus-operator` | -| `operator.image.tag` | Prometheus Operator Image tag (immutable tags are recommended) | `0.51.0-debian-10-r0` | -| `operator.image.pullPolicy` | Prometheus Operator image pull policy | `IfNotPresent` | -| `operator.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `operator.hostAliases` | Add deployment host aliases | `[]` | -| `operator.serviceAccount.create` | Specify whether to create a ServiceAccount for Prometheus Operator | `true` | -| `operator.serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `operator.schedulerName` | Name of the Kubernetess scheduler (other than default) | `""` | -| `operator.podSecurityContext.enabled` | Enable pod security context | `true` | -| `operator.podSecurityContext.runAsUser` | User ID for the container | `1001` | -| `operator.podSecurityContext.fsGroup` | Group ID for the container filesystem | `1001` | -| `operator.containerSecurityContext.enabled` | Enable container security context | `true` | -| `operator.containerSecurityContext.capabilities.drop` | Linux Kernel capabilities which should be dropped | `[]` | -| `operator.containerSecurityContext.runAsNonRoot` | Force the container to run as a non root user | `true` | -| `operator.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off | `false` | -| `operator.containerSecurityContext.readOnlyRootFilesystem` | Mount / (root) as a readonly filesystem | `false` | -| `operator.service.type` | Kubernetes service type | `ClusterIP` | -| `operator.service.port` | Prometheus Operator service port | `8080` | -| `operator.service.clusterIP` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | `""` | -| `operator.service.nodePort` | Kubernetes Service nodePort | `""` | -| `operator.service.loadBalancerIP` | `loadBalancerIP` if service type is `LoadBalancer` | `""` | -| `operator.service.loadBalancerSourceRanges` | Address that are allowed when svc is `LoadBalancer` | `[]` | -| `operator.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `operator.service.healthCheckNodePort` | Specifies the health check node port (numeric port number) for the service if `externalTrafficPolicy` is set to Local. | `""` | -| `operator.service.annotations` | Additional annotations for Prometheus Operator service | `{}` | -| `operator.serviceMonitor.enabled` | Creates a ServiceMonitor to monitor Prometheus Operator | `true` | -| `operator.serviceMonitor.interval` | Scrape interval (use by default, falling back to Prometheus' default) | `""` | -| `operator.serviceMonitor.metricRelabelings` | Metric relabeling | `[]` | -| `operator.serviceMonitor.relabelings` | Relabel configs | `[]` | -| `operator.resources` | Configure resource requests and limits | `{}` | -| `operator.podAffinityPreset` | Pod affinity preset | `""` | -| `operator.podAntiAffinityPreset` | Prometheus Operator Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `operator.nodeAffinityPreset.type` | Prometheus Operator Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `operator.nodeAffinityPreset.key` | Prometheus Operator Node label key to match Ignored if `affinity` is set. | `""` | -| `operator.nodeAffinityPreset.values` | Prometheus Operator Node label values to match. Ignored if `affinity` is set. | `[]` | -| `operator.affinity` | Prometheus Operator Affinity for pod assignment | `{}` | -| `operator.nodeSelector` | Prometheus Operator Node labels for pod assignment | `{}` | -| `operator.tolerations` | Prometheus Operator Tolerations for pod assignment | `[]` | -| `operator.priorityClassName` | Priority class assigned to the Pods | `""` | -| `operator.livenessProbe.enabled` | Turn on and off liveness probe | `true` | -| `operator.livenessProbe.path` | Path of the HTTP service for checking the healthy state | `/metrics` | -| `operator.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | -| `operator.livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `operator.livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `operator.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `operator.livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `operator.readinessProbe.enabled` | Turn on and off readiness probe | `true` | -| `operator.readinessProbe.path` | Path of the HTTP service for checking the ready state | `/metrics` | -| `operator.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | -| `operator.readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `operator.readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `operator.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `operator.readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `operator.logLevel` | Log level for Prometheus Operator | `info` | -| `operator.logFormat` | Log format for Prometheus Operator | `logfmt` | -| `operator.configReloaderResources` | Set the prometheus config reloader side-car CPU and memory requests and limits. | `{}` | -| `operator.kubeletService.enabled` | If true, the operator will create and maintain a service for scraping kubelets | `true` | -| `operator.kubeletService.namespace` | Namespace to deploy the kubelet service | `kube-system` | -| `operator.prometheusConfigReloader.image` | Prometheus Config Reloader image. If not set, the same as `operator.image.registry` | `{}` | -| `operator.prometheusConfigReloader.containerSecurityContext.enabled` | Enable container security context | `true` | -| `operator.prometheusConfigReloader.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem | `false` | -| `operator.prometheusConfigReloader.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off | `false` | -| `operator.prometheusConfigReloader.containerSecurityContext.runAsNonRoot` | Force the container to run as a non root user | `true` | -| `operator.prometheusConfigReloader.containerSecurityContext.capabilities.drop` | Linux Kernel capabilities which should be dropped | `[]` | -| `operator.prometheusConfigReloader.livenessProbe.enabled` | Turn on and off liveness probe | `true` | -| `operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `10` | -| `operator.prometheusConfigReloader.livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `operator.prometheusConfigReloader.livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `operator.prometheusConfigReloader.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `operator.prometheusConfigReloader.livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `operator.prometheusConfigReloader.readinessProbe.enabled` | Turn on and off readiness probe | `true` | -| `operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `15` | -| `operator.prometheusConfigReloader.readinessProbe.periodSeconds` | How often to perform the probe | `20` | -| `operator.prometheusConfigReloader.readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `operator.prometheusConfigReloader.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `operator.prometheusConfigReloader.readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | - - -### Prometheus Parameters - -| Name | Description | Value | -| --------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------------------ | -| `prometheus.enabled` | Deploy Prometheus to the cluster | `true` | -| `prometheus.image.registry` | Prometheus image registry | `docker.io` | -| `prometheus.image.repository` | Prometheus image repository | `bitnami/prometheus` | -| `prometheus.image.tag` | Prometheus Image tag (immutable tags are recommended) | `2.30.0-debian-10-r9` | -| `prometheus.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `prometheus.serviceAccount.create` | Specify whether to create a ServiceAccount for Prometheus | `true` | -| `prometheus.serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `prometheus.serviceAccount.annotations` | Additional annotations for created Prometheus ServiceAccount | `{}` | -| `prometheus.podSecurityContext.enabled` | Enable security context | `true` | -| `prometheus.podSecurityContext.runAsUser` | User ID for the container | `1001` | -| `prometheus.podSecurityContext.fsGroup` | Group ID for the container filesystem | `1001` | -| `prometheus.containerSecurityContext.enabled` | Enable container security context | `true` | -| `prometheus.containerSecurityContext.readOnlyRootFilesystem` | Mount / (root) as a readonly filesystem | `false` | -| `prometheus.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off | `false` | -| `prometheus.containerSecurityContext.runAsNonRoot` | Force the container to run as a non root user | `true` | -| `prometheus.containerSecurityContext.capabilities.drop` | Linux Kernel capabilities which should be dropped | `[]` | -| `prometheus.podDisruptionBudget.enabled` | Create a pod disruption budget for Prometheus | `false` | -| `prometheus.podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | -| `prometheus.podDisruptionBudget.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `""` | -| `prometheus.service.type` | Kubernetes service type | `ClusterIP` | -| `prometheus.service.port` | Prometheus service port | `9090` | -| `prometheus.service.clusterIP` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | `""` | -| `prometheus.service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types. | `""` | -| `prometheus.service.loadBalancerIP` | `loadBalancerIP` if service type is `LoadBalancer` | `""` | -| `prometheus.service.loadBalancerSourceRanges` | Address that are allowed when service is `LoadBalancer` | `[]` | -| `prometheus.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `prometheus.service.healthCheckNodePort` | Specifies the health check node port | `""` | -| `prometheus.service.stickySessions` | Set stickySessions to `true` to enable Session Affinity | `""` | -| `prometheus.service.annotations` | Additional annotations for Prometheus service (this value is evaluated as a template) | `{}` | -| `prometheus.serviceMonitor.enabled` | Creates a ServiceMonitor to monitor Prometheus itself | `true` | -| `prometheus.serviceMonitor.interval` | Scrape interval (use by default, falling back to Prometheus' default) | `""` | -| `prometheus.serviceMonitor.metricRelabelings` | Metric relabeling | `[]` | -| `prometheus.serviceMonitor.relabelings` | Relabel configs | `[]` | -| `prometheus.ingress.enabled` | Enable ingress controller resource | `false` | -| `prometheus.ingress.certManager` | Add annotations for cert-manager | `false` | -| `prometheus.ingress.pathType` | Ingress Path type | `ImplementationSpecific` | -| `prometheus.ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `prometheus.ingress.hostname` | Default host for the ingress resource | `prometheus.local` | -| `prometheus.ingress.path` | The Path to Prometheus. You may need to set this to '/*' in order to use this with ALB ingress controllers | `/` | -| `prometheus.ingress.annotations` | Ingress annotations | `{}` | -| `prometheus.ingress.tls` | Enable TLS configuration for the hostname defined at prometheus.ingress.hostname parameter | `false` | -| `prometheus.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `prometheus.ingress.extraPaths` | Additional arbitrary path/backend objects | `[]` | -| `prometheus.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `prometheus.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `prometheus.externalUrl` | External URL used to access Prometheus | `""` | -| `prometheus.resources` | CPU/Memory resource requests/limits for node | `{}` | -| `prometheus.podAffinityPreset` | Prometheus Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `prometheus.podAntiAffinityPreset` | Prometheus Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `prometheus.nodeAffinityPreset.type` | Prometheus Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `prometheus.nodeAffinityPreset.key` | Prometheus Node label key to match Ignored if `affinity` is set. | `""` | -| `prometheus.nodeAffinityPreset.values` | Prometheus Node label values to match. Ignored if `affinity` is set. | `[]` | -| `prometheus.affinity` | Prometheus Affinity for pod assignment | `{}` | -| `prometheus.nodeSelector` | Prometheus Node labels for pod assignment | `{}` | -| `prometheus.tolerations` | Prometheus Tolerations for pod assignment | `[]` | -| `prometheus.scrapeInterval` | Interval between consecutive scrapes | `""` | -| `prometheus.evaluationInterval` | Interval between consecutive evaluations | `""` | -| `prometheus.listenLocal` | ListenLocal makes the Prometheus server listen on loopback | `false` | -| `prometheus.livenessProbe.enabled` | Turn on and off liveness probe | `true` | -| `prometheus.livenessProbe.path` | Path of the HTTP service for checking the healthy state | `/-/healthy` | -| `prometheus.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `0` | -| `prometheus.livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `prometheus.livenessProbe.timeoutSeconds` | When the probe times out | `3` | -| `prometheus.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `10` | -| `prometheus.livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `prometheus.readinessProbe.enabled` | Turn on and off readiness probe | `true` | -| `prometheus.readinessProbe.path` | Path of the HTTP service for checking the ready state | `/-/ready` | -| `prometheus.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `0` | -| `prometheus.readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `prometheus.readinessProbe.timeoutSeconds` | When the probe times out | `3` | -| `prometheus.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `10` | -| `prometheus.readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `prometheus.enableAdminAPI` | Enable Prometheus adminitrative API | `false` | -| `prometheus.alertingEndpoints` | Alertmanagers to which alerts will be sent | `[]` | -| `prometheus.externalLabels` | External labels to add to any time series or alerts when communicating with external systems | `{}` | -| `prometheus.replicaExternalLabelName` | Name of the external label used to denote replica name | `""` | -| `prometheus.replicaExternalLabelNameClear` | Clear external label used to denote replica name | `false` | -| `prometheus.routePrefix` | Prefix used to register routes, overriding externalUrl route | `/` | -| `prometheus.prometheusExternalLabelName` | Name of the external label used to denote Prometheus instance name | `""` | -| `prometheus.prometheusExternalLabelNameClear` | Clear external label used to denote Prometheus instance name | `false` | -| `prometheus.secrets` | Secrets that should be mounted into the Prometheus Pods | `[]` | -| `prometheus.configMaps` | ConfigMaps that should be mounted into the Prometheus Pods | `[]` | -| `prometheus.querySpec` | The query command line flags when starting Prometheus | `{}` | -| `prometheus.ruleNamespaceSelector` | Namespaces to be selected for PrometheusRules discovery | `{}` | -| `prometheus.ruleSelector` | PrometheusRules to be selected for target discovery | `{}` | -| `prometheus.serviceMonitorSelector` | ServiceMonitors to be selected for target discovery | `{}` | -| `prometheus.matchLabels` | Matchlabels | `{}` | -| `prometheus.serviceMonitorNamespaceSelector` | Namespaces to be selected for ServiceMonitor discovery | `{}` | -| `prometheus.podMonitorSelector` | PodMonitors to be selected for target discovery. | `{}` | -| `prometheus.podMonitorNamespaceSelector` | Namespaces to be selected for PodMonitor discovery | `{}` | -| `prometheus.probeSelector` | Probes to be selected for target discovery. | `{}` | -| `prometheus.probeNamespaceSelector` | Namespaces to be selected for Probe discovery | `{}` | -| `prometheus.retention` | Metrics retention days | `10d` | -| `prometheus.retentionSize` | Maximum size of metrics | `""` | -| `prometheus.disableCompaction` | Disable the compaction of the Prometheus TSDB | `false` | -| `prometheus.walCompression` | Enable compression of the write-ahead log using Snappy | `false` | -| `prometheus.paused` | If true, the Operator won't process any Prometheus configuration changes | `false` | -| `prometheus.replicaCount` | Number of Prometheus replicas desired | `1` | -| `prometheus.logLevel` | Log level for Prometheus | `info` | -| `prometheus.logFormat` | Log format for Prometheus | `logfmt` | -| `prometheus.podMetadata` | Standard object's metadata | `{}` | -| `prometheus.remoteRead` | The remote_read spec configuration for Prometheus | `[]` | -| `prometheus.remoteWrite` | The remote_write spec configuration for Prometheus | `[]` | -| `prometheus.storageSpec` | Prometheus StorageSpec for persistent data | `{}` | -| `prometheus.persistence.enabled` | Use PVCs to persist data. If the storageSpec is provided this will not take effect. | `false` | -| `prometheus.persistence.storageClass` | Persistent Volume Storage Class | `""` | -| `prometheus.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `prometheus.persistence.size` | Persistent Volume Size | `8Gi` | -| `prometheus.priorityClassName` | Priority class assigned to the Pods | `""` | -| `prometheus.containers` | Containers allows injecting additional containers | `[]` | -| `prometheus.volumes` | Volumes allows configuration of additional volumes | `[]` | -| `prometheus.volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template | `[]` | -| `prometheus.additionalPrometheusRules` | PrometheusRule defines recording and alerting rules for a Prometheus instance. | `[]` | -| `prometheus.additionalScrapeConfigs.enabled` | Enable additional scrape configs | `false` | -| `prometheus.additionalScrapeConfigs.type` | Indicates if the cart should use external additional scrape configs or internal configs | `external` | -| `prometheus.additionalScrapeConfigs.external.name` | Name of the secret that Prometheus should use for the additional external scrape configuration | `""` | -| `prometheus.additionalScrapeConfigs.external.key` | Name of the key inside the secret to be used for the additional external scrape configuration | `""` | -| `prometheus.additionalScrapeConfigs.internal.jobList` | A list of Prometheus scrape jobs | `[]` | -| `prometheus.additionalScrapeConfigsExternal.enabled` | Deprecated: Enable additional scrape configs that are managed externally to this chart | `false` | -| `prometheus.additionalScrapeConfigsExternal.name` | Deprecated: Name of the secret that Prometheus should use for the additional scrape configuration | `""` | -| `prometheus.additionalScrapeConfigsExternal.key` | Deprecated: Name of the key inside the secret to be used for the additional scrape configuration | `""` | -| `prometheus.additionalAlertRelabelConfigsExternal.enabled` | Enable additional Prometheus alert relabel configs that are managed externally to this chart | `false` | -| `prometheus.additionalAlertRelabelConfigsExternal.name` | Name of the secret that Prometheus should use for the additional Prometheus alert relabel configuration | `""` | -| `prometheus.additionalAlertRelabelConfigsExternal.key` | Name of the key inside the secret to be used for the additional Prometheus alert relabel configuration | `""` | -| `prometheus.thanos.create` | Create a Thanos sidecar container | `false` | -| `prometheus.thanos.image.registry` | Thanos image registry | `docker.io` | -| `prometheus.thanos.image.repository` | Thanos image name | `bitnami/thanos` | -| `prometheus.thanos.image.tag` | Thanos image tag | `0.22.0-scratch-r4` | -| `prometheus.thanos.image.pullPolicy` | Thanos image pull policy | `IfNotPresent` | -| `prometheus.thanos.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `prometheus.thanos.containerSecurityContext.enabled` | Enable container security context | `true` | -| `prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem | `false` | -| `prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off | `false` | -| `prometheus.thanos.containerSecurityContext.runAsNonRoot` | Force the container to run as a non root user | `true` | -| `prometheus.thanos.containerSecurityContext.capabilities.drop` | Linux Kernel capabilities which should be dropped | `[]` | -| `prometheus.thanos.prometheusUrl` | Override default prometheus url "http://localhost:9090" | `""` | -| `prometheus.thanos.extraArgs` | Additional arguments passed to the thanos sidecar container | `[]` | -| `prometheus.thanos.objectStorageConfig` | Support mounting a Secret for the objectStorageConfig of the sideCar container. | `{}` | -| `prometheus.thanos.resources.limits` | The resources limits for the Thanos sidecar container | `{}` | -| `prometheus.thanos.resources.requests` | The resources requests for the Thanos sidecar container | `{}` | -| `prometheus.thanos.livenessProbe.enabled` | Turn on and off liveness probe | `true` | -| `prometheus.thanos.livenessProbe.path` | Path of the HTTP service for checking the healthy state | `/-/healthy` | -| `prometheus.thanos.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `0` | -| `prometheus.thanos.livenessProbe.periodSeconds` | How often to perform the probe | `5` | -| `prometheus.thanos.livenessProbe.timeoutSeconds` | When the probe times out | `3` | -| `prometheus.thanos.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `120` | -| `prometheus.thanos.livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `prometheus.thanos.readinessProbe.enabled` | Turn on and off readiness probe | `true` | -| `prometheus.thanos.readinessProbe.path` | Path of the HTTP service for checking the ready state | `/-/ready` | -| `prometheus.thanos.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `0` | -| `prometheus.thanos.readinessProbe.periodSeconds` | How often to perform the probe | `5` | -| `prometheus.thanos.readinessProbe.timeoutSeconds` | When the probe times out | `3` | -| `prometheus.thanos.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `120` | -| `prometheus.thanos.readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `prometheus.thanos.service.type` | Kubernetes service type | `ClusterIP` | -| `prometheus.thanos.service.port` | Thanos service port | `10901` | -| `prometheus.thanos.service.clusterIP` | Specific cluster IP when service type is cluster IP. Use `None` to create headless service by default. | `None` | -| `prometheus.thanos.service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types. | `""` | -| `prometheus.thanos.service.loadBalancerIP` | `loadBalancerIP` if service type is `LoadBalancer` | `""` | -| `prometheus.thanos.service.loadBalancerSourceRanges` | Address that are allowed when svc is `LoadBalancer` | `[]` | -| `prometheus.thanos.service.annotations` | Additional annotations for Prometheus service | `{}` | -| `prometheus.thanos.service.extraPorts` | Additional ports to expose from the Thanos sidecar container | `[]` | -| `prometheus.thanos.ingress.enabled` | Enable ingress controller resource | `false` | -| `prometheus.thanos.ingress.certManager` | Add annotations for cert-manager | `false` | -| `prometheus.thanos.ingress.annotations` | Ingress annotations | `{}` | -| `prometheus.thanos.ingress.hosts` | The list of hostnames to be covered with this ingress record. | `[]` | -| `prometheus.thanos.ingress.tls` | The tls configuration for the ingress | `{}` | -| `prometheus.portName` | Port name used for the pods and governing service. This defaults to web | `web` | - - -### Alertmanager Parameters - -| Name | Description | Value | -| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------ | -| `alertmanager.enabled` | Deploy Alertmanager to the cluster | `true` | -| `alertmanager.image.registry` | Prometheus image registry | `docker.io` | -| `alertmanager.image.repository` | Prometheus Image repository | `bitnami/alertmanager` | -| `alertmanager.image.tag` | Prometheus Image tag (immutable tags are recommended) | `0.23.0-debian-10-r29` | -| `alertmanager.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `alertmanager.serviceAccount.create` | Specify whether to create a ServiceAccount for Alertmanager | `true` | -| `alertmanager.serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `alertmanager.podSecurityContext.enabled` | Enable security context | `true` | -| `alertmanager.podSecurityContext.runAsUser` | User ID for the container | `1001` | -| `alertmanager.podSecurityContext.fsGroup` | Group ID for the container filesystem | `1001` | -| `alertmanager.containerSecurityContext.enabled` | Enable container security context | `true` | -| `alertmanager.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem | `false` | -| `alertmanager.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possibility on or off | `false` | -| `alertmanager.containerSecurityContext.runAsNonRoot` | Force the container to run as a non root user | `true` | -| `alertmanager.containerSecurityContext.capabilities.drop` | Linux Kernel capabilities which should be dropped | `[]` | -| `alertmanager.podDisruptionBudget.enabled` | Create a pod disruption budget for Alertmanager | `false` | -| `alertmanager.podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | -| `alertmanager.podDisruptionBudget.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `""` | -| `alertmanager.service.type` | Kubernetes service type | `ClusterIP` | -| `alertmanager.service.port` | Alertmanager service port | `9093` | -| `alertmanager.service.clusterIP` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | `""` | -| `alertmanager.service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types. | `""` | -| `alertmanager.service.loadBalancerIP` | `loadBalancerIP` if service type is `LoadBalancer` | `""` | -| `alertmanager.service.loadBalancerSourceRanges` | Address that are allowed when svc is `LoadBalancer` | `[]` | -| `alertmanager.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `alertmanager.service.healthCheckNodePort` | Specifies the health check node port | `""` | -| `alertmanager.service.stickySessions` | Set stickySessions to `true` to enable Session Affinity | `""` | -| `alertmanager.service.annotations` | Additional annotations for Alertmanager service (this value is evaluated as a template) | `{}` | -| `alertmanager.serviceMonitor.enabled` | Creates a ServiceMonitor to monitor Alertmanager | `true` | -| `alertmanager.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used. | `""` | -| `alertmanager.serviceMonitor.metricRelabelings` | Metric relabeling | `[]` | -| `alertmanager.serviceMonitor.relabelings` | Relabel configs | `[]` | -| `alertmanager.ingress.enabled` | Enable ingress controller resource | `false` | -| `alertmanager.ingress.certManager` | Add annotations for cert-manager | `false` | -| `alertmanager.ingress.pathType` | Ingress Path type | `ImplementationSpecific` | -| `alertmanager.ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `alertmanager.ingress.hostname` | Default host for the ingress resource | `alertmanager.local` | -| `alertmanager.ingress.path` | The Path to Alert Manager. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `alertmanager.ingress.annotations` | Ingress annotations | `{}` | -| `alertmanager.ingress.tls` | Enable TLS configuration for the hostname defined at alertmanager.ingress.hostname parameter | `false` | -| `alertmanager.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `alertmanager.ingress.extraPaths` | Additional arbitrary path/backend objects | `[]` | -| `alertmanager.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `alertmanager.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `alertmanager.externalUrl` | External URL used to access Alertmanager | `""` | -| `alertmanager.resources` | CPU/Memory resource requests/limits for node | `{}` | -| `alertmanager.podAffinityPreset` | Alertmanager Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `alertmanager.podAntiAffinityPreset` | Alertmanager Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `alertmanager.nodeAffinityPreset.type` | Alertmanager Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `alertmanager.nodeAffinityPreset.key` | Alertmanager Node label key to match Ignored if `affinity` is set. | `""` | -| `alertmanager.nodeAffinityPreset.values` | Alertmanager Node label values to match. Ignored if `affinity` is set. | `[]` | -| `alertmanager.affinity` | Alertmanager Affinity for pod assignment | `{}` | -| `alertmanager.nodeSelector` | Alertmanager Node labels for pod assignment | `{}` | -| `alertmanager.tolerations` | Alertmanager Tolerations for pod assignment | `[]` | -| `alertmanager.config` | Alertmanager configuration directive | `{}` | -| `alertmanager.externalConfig` | Alertmanager configuration is created externally. If true, `alertmanager.config` is ignored, and a secret will not be created. | `false` | -| `alertmanager.replicaCount` | Number of Alertmanager replicas desired | `1` | -| `alertmanager.livenessProbe.enabled` | Turn on and off liveness probe | `true` | -| `alertmanager.livenessProbe.path` | Path of the HTTP service for checking the healthy state | `/-/healthy` | -| `alertmanager.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `0` | -| `alertmanager.livenessProbe.periodSeconds` | How often to perform the probe | `5` | -| `alertmanager.livenessProbe.timeoutSeconds` | When the probe times out | `3` | -| `alertmanager.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `120` | -| `alertmanager.livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `alertmanager.readinessProbe.enabled` | Turn on and off readiness probe | `true` | -| `alertmanager.readinessProbe.path` | Path of the HTTP service for checking the ready state | `/-/ready` | -| `alertmanager.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `0` | -| `alertmanager.readinessProbe.periodSeconds` | How often to perform the probe | `5` | -| `alertmanager.readinessProbe.timeoutSeconds` | When the probe times out | `3` | -| `alertmanager.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `120` | -| `alertmanager.readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `alertmanager.logLevel` | Log level for Alertmanager | `info` | -| `alertmanager.logFormat` | Log format for Alertmanager | `logfmt` | -| `alertmanager.podMetadata` | Standard object's metadata. | `{}` | -| `alertmanager.secrets` | Secrets that should be mounted into the Alertmanager Pods | `[]` | -| `alertmanager.configMaps` | ConfigMaps that should be mounted into the Alertmanager Pods | `[]` | -| `alertmanager.retention` | Metrics retention days | `120h` | -| `alertmanager.storageSpec` | Alertmanager StorageSpec for persistent data | `{}` | -| `alertmanager.persistence.enabled` | Use PVCs to persist data. If the storageSpec is provided this will not take effect. | `false` | -| `alertmanager.persistence.storageClass` | Persistent Volume Storage Class | `""` | -| `alertmanager.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `alertmanager.persistence.size` | Persistent Volume Size | `8Gi` | -| `alertmanager.paused` | If true, the Operator won't process any Alertmanager configuration changes | `false` | -| `alertmanager.listenLocal` | ListenLocal makes the Alertmanager server listen on loopback | `false` | -| `alertmanager.containers` | Containers allows injecting additional containers | `[]` | -| `alertmanager.volumes` | Volumes allows configuration of additional volumes. Evaluated as a template | `[]` | -| `alertmanager.volumeMounts` | VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template | `[]` | -| `alertmanager.priorityClassName` | Priority class assigned to the Pods | `""` | -| `alertmanager.additionalPeers` | AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster | `[]` | -| `alertmanager.routePrefix` | Prefix used to register routes, overriding externalUrl route | `/` | -| `alertmanager.portName` | Port name used for the pods and governing service. This defaults to web | `web` | -| `alertmanager.configNamespaceSelector` | AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. This defaults to {} | `{}` | -| `alertmanager.configSelector` | Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {} | `{}` | - - -### Exporters - -| Name | Description | Value | -| --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------- | ------------- | -| `exporters.node-exporter.enabled` | Enable node-exporter | `true` | -| `exporters.kube-state-metrics.enabled` | Enable kube-state-metrics | `true` | -| `node-exporter` | Node Exporter deployment configuration | `{}` | -| `kube-state-metrics` | Node Exporter deployment configuration | `{}` | -| `kubelet.enabled` | Create a ServiceMonitor to scrape kubelet service | `true` | -| `kubelet.namespace` | Namespace where kubelet service is deployed. Related configuration `operator.kubeletService.namespace` | `kube-system` | -| `kubelet.serviceMonitor.https` | Enable scraping of the kubelet over HTTPS | `true` | -| `kubelet.serviceMonitor.interval` | Scrape interval (use by default, falling back to Prometheus' default) | `""` | -| `kubelet.serviceMonitor.metricRelabelings` | Metric relabeling | `[]` | -| `kubelet.serviceMonitor.relabelings` | Relabel configs | `[]` | -| `kubelet.serviceMonitor.cAdvisorMetricRelabelings` | Metric relabeling for scraping cAdvisor | `[]` | -| `kubelet.serviceMonitor.cAdvisorRelabelings` | Relabel configs for scraping cAdvisor | `[]` | -| `kubeApiServer.enabled` | Create a ServiceMonitor to scrape kube-apiserver service | `true` | -| `kubeApiServer.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used. | `""` | -| `kubeApiServer.serviceMonitor.metricRelabelings` | Metric relabeling | `[]` | -| `kubeApiServer.serviceMonitor.relabelings` | Relabel configs | `[]` | -| `kubeControllerManager.enabled` | Create a ServiceMonitor to scrape kube-controller-manager service | `true` | -| `kubeControllerManager.endpoints` | If your kube controller manager is not deployed as a pod, specify IPs it can be found on | `[]` | -| `kubeControllerManager.namespace` | Namespace where kube-controller-manager service is deployed. | `kube-system` | -| `kubeControllerManager.service.enabled` | Whether or not to create a Service object for kube-controller-manager | `true` | -| `kubeControllerManager.service.port` | Listening port of the kube-controller-manager Service object | `10252` | -| `kubeControllerManager.service.targetPort` | Port to target on the kube-controller-manager Pods. This should be the port that kube-controller-manager is exposing metrics on | `10252` | -| `kubeControllerManager.service.selector` | Optional PODs Label selector for the service | `{}` | -| `kubeControllerManager.serviceMonitor.interval` | Scrape interval (use by default, falling back to Prometheus' default) | `""` | -| `kubeControllerManager.serviceMonitor.https` | Enable scraping kube-controller-manager over https | `false` | -| `kubeControllerManager.serviceMonitor.insecureSkipVerify` | Skip TLS certificate validation when scraping | `""` | -| `kubeControllerManager.serviceMonitor.serverName` | Name of the server to use when validating TLS certificate | `""` | -| `kubeControllerManager.serviceMonitor.metricRelabelings` | Metric relabeling | `[]` | -| `kubeControllerManager.serviceMonitor.relabelings` | Relabel configs | `[]` | -| `kubeScheduler.enabled` | Create a ServiceMonitor to scrape kube-scheduler service | `true` | -| `kubeScheduler.endpoints` | If your kube scheduler is not deployed as a pod, specify IPs it can be found on | `[]` | -| `kubeScheduler.namespace` | Namespace where kube-scheduler service is deployed. | `kube-system` | -| `kubeScheduler.service.enabled` | Whether or not to create a Service object for kube-scheduler | `true` | -| `kubeScheduler.service.port` | Listening port of the kube scheduler Service object | `10251` | -| `kubeScheduler.service.targetPort` | Port to target on the kube scheduler Pods. This should be the port that kube scheduler is exposing metrics on | `10251` | -| `kubeScheduler.service.selector` | Optional PODs Label selector for the service | `{}` | -| `kubeScheduler.serviceMonitor.interval` | Scrape interval (use by default, falling back to Prometheus' default) | `""` | -| `kubeScheduler.serviceMonitor.https` | Enable scraping kube-scheduler over https | `false` | -| `kubeScheduler.serviceMonitor.insecureSkipVerify` | Skip TLS certificate validation when scraping | `""` | -| `kubeScheduler.serviceMonitor.serverName` | Name of the server to use when validating TLS certificate | `""` | -| `kubeScheduler.serviceMonitor.metricRelabelings` | Metric relabeling | `[]` | -| `kubeScheduler.serviceMonitor.relabelings` | Relabel configs | `[]` | -| `coreDns.enabled` | Create a ServiceMonitor to scrape coredns service | `true` | -| `coreDns.namespace` | Namespace where core dns service is deployed. | `kube-system` | -| `coreDns.service.enabled` | Whether or not to create a Service object for coredns | `true` | -| `coreDns.service.port` | Listening port of the coredns Service object | `9153` | -| `coreDns.service.targetPort` | Port to target on the coredns Pods. This should be the port that coredns is exposing metrics on | `9153` | -| `coreDns.service.selector` | Optional PODs Label selector for the service | `{}` | -| `coreDns.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used. | `""` | -| `coreDns.serviceMonitor.metricRelabelings` | Metric relabel configs to apply to samples before ingestion. | `[]` | -| `coreDns.serviceMonitor.relabelings` | Relabel configs to apply to samples before ingestion. | `[]` | -| `kubeProxy.enabled` | Create a ServiceMonitor to scrape the kube-proxy Service | `true` | -| `kubeProxy.endpoints` | If your kube-proxy is not deployed as a pod, specify IPs it can be found on | `[]` | -| `kubeProxy.namespace` | Namespace where cube-proxy service is deployed. | `kube-system` | -| `kubeProxy.service` | Service ports and selector information | `{}` | -| `coreDns.service.enabled` | Whether or not to create a Service object for coredns | `true` | -| `coreDns.service.port` | Listening port of the coredns Service object | `9153` | -| `coreDns.service.targetPort` | Port to target on the coredns Pods. This should be the port that coredns is exposing metrics on | `9153` | -| `coreDns.service.selector` | Optional PODs Label selector for the service | `{}` | -| `kubeProxy.serviceMonitor.https` | Enable scraping kube-proxy over https. | `false` | -| `kubeProxy.serviceMonitor.interval` | Scrape interval (use by default, falling back to Prometheus' default) | `""` | -| `kubeProxy.serviceMonitor.metricRelabelings` | Metric relabeling | `[]` | -| `kubeProxy.serviceMonitor.relabelings` | Relabel configs | `[]` | - - -### RBAC parameters - -| Name | Description | Value | -| ----------------- | ----------------------------------------------- | --------- | -| `rbac.create` | Whether to create and use RBAC resources or not | `true` | -| `rbac.apiVersion` | Version of the RBAC API | `v1beta1` | -| `rbac.pspEnabled` | PodSecurityPolicy | `true` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set operator.logLevel=debug \ - --set prometheus.replicaCount=5 \ - bitnami/kube-prometheus -``` - -The above command sets the Prometheus Operator `logLevel` to `debug`. Additionally it sets the `prometheus.replicaCount` to `5`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/kube-prometheus -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Additional scrape configurations - -The following values have been deprecated. See [Upgrading](#upgrading) below. - -```console -prometheus.additionalScrapeConfigsExternal.enabled -prometheus.additionalScrapeConfigsExternal.name -prometheus.additionalScrapeConfigsExternal.key -``` - -It is possible to inject externally managed scrape configurations via a Secret by setting `prometheus.additionalScrapeConfigs.enabled` to `true` and `prometheus.additionalScrapeConfigs.type` to `external`. The secret must exist in the same namespace as the chart deployment. Set the secret name using the parameter `prometheus.additionalScrapeConfigs.external.name`, and the key containing the additional scrape configuration using the `prometheus.additionalScrapeConfigs.external.key`. - -It is also possible to define scrape configuratios to be managed by the Helm chart by setting `prometheus.additionalScrapeConfigs.enabled` to `true` and `prometheus.additionalScrapeConfigs.type` to `internal`. You can then use `prometheus.additionalScrapeConfigs.internal.jobList` to define a list of additional scrape jobs for Prometheus. - -Refer to the [chart documentation on customizing scrape configurations](https://docs.bitnami.com/kubernetes/apps/prometheus-operator/configuration/customize-scrape-configurations) for an example. - -### Additional alert relabel configurations - -It is possible to inject externally managed Prometheus alert relabel configurations via a Secret by setting `prometheus.additionalAlertRelabelConfigsExternal.enabled` to `true`. The secret must exist in the same namespace as the chart deployment. Set the secret name using the parameter `prometheus.additionalAlertRelabelConfigsExternal.name`, and the key containing the additional alert relabel configuration using the `prometheus.additionalAlertRelabelConfigsExternal.key`. - -Refer to the [chart documentation on customizing alert configurations](https://docs.bitnami.com/kubernetes/apps/prometheus-operator/configuration/customize-alert-configurations) for an example. - -### Set Pod affinity - -This chart allows setting custom Pod affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -```bash -$ helm upgrade my-release bitnami/kube-prometheus -``` -### To 6.0.0 - -This major update changes the `securityContext` interface in the `values.yaml` file. - -Please note if you have changes in the `securityContext` fields those need to be migrated to `podSecurityContext`. - -```diff -# ... -- securityContext: -+ podSecurityContext: -# ... -``` - -Other than that a new `securityContext` interface for containers got introduced `containerSecurityContext`. It's default is enabled so if you do not need it you need to opt out of it. - -If you use [Strategic Merge Patch](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md) for any of the -`Alertmanager` or `Prometheus` kinds you need to actively disable all of those things below. For the resource you want to use Strategic Merge Patch for. - -```yaml -: - containerSecurityContext: - enabled: false - livenessProbe: - enabled: false - readinessProbe: - enabled: false -``` - -### To 5.0.0 - -This major updates the kube-state-metrics subchart to it newest major, 2.0.0, which contains name changes to a few of its values. For more information on this subchart's major, please refer to [kube-state-metrics upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/kube-state-metrics#to-200). - -### To 4.4.0 - -This version replaced the old `configReloaderCpu` and `configReloaderMemory` variables in favor of the new `configReloaderResources` map to define the requests and limits for the config-reloader sidecards. Users who made use of the old variables will need to migrate to the new ones. - -### To 4.0.0 - -This version standardizes the way of defining Ingress rules. -When configuring a single hostname for the Prometheus Ingress rule, set the `prometheus.ingress.hostname` value. When defining more than one, set the `prometheus.ingress.extraHosts` array. -When configuring a single hostname for the Alertmanager Ingress rule, set the `alertmanager.ingress.hostname` value. When defining more than one, set the `alertmanager.ingress.extraHosts` array. - -Apart from this case, no issues are expected to appear when upgrading. - -### To 3.4.0 - -Some parameters disappeared in favor of new ones: - -- `prometheus.additionalScrapeConfigsExternal.enabled` -> deprecated in favor of `prometheus.additionalScrapeConfigs.enabled` and `prometheus.additionalScrapeConfigs.type`. -- `prometheus.additionalScrapeConfigsExternal.name` -> deprecated in favor of `prometheus.additionalScrapeConfigs.external.name`. -- `prometheus.additionalScrapeConfigsExternal.key` -> deprecated in favor of `prometheus.additionalScrapeConfigs.external.key`. - -Adapt you parameters accordingly if you are external scrape configs. - -### To 3.1.0 - -Some parameters disappeared in favor of new ones: - -- `*.podAffinity` -> deprecated in favor of `*.podAffinityPreset`. -- `*.podAntiAffinity` -> deprecated in favor of `*.podAntiAffinityPreset`. -- `*.nodeAffinity` -> deprecated in favor of `*.nodeAffinityPreset.type`, `*.nodeAffinityPreset.key` and `*.nodeAffinityPreset.values`. - -Adapt parameters accordingly if you are setting custom affinity. - -### To 3.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/apps/prometheus-operator/administration/upgrade-helm3/). - -### To 2.1.0 - -> Note: ignore these instructions if you did not enabled the Thanos sidecar on Prometheus pods. - -The Thanos sidecar svc is transformed into a headless service by default so Thanos can discover every available sidecar. You can undo this change by setting the `prometheus.thanos.service.clusterIP` parameter to an empty string `""`. - -To upgrade from version 2.0.0, previously remove the Thanos sidecar svc to avoid issues with immutable fields: - -```bash -$ kubectl delete svc my-relase-kube-prometheus-prometheus-thanos -$ helm upgrade my-release --set prometheus.thanos.create=true bitnami/kube-prometheus -``` - -### To 2.0.0 - -- CRDs were updated to the latest prometheus-operator v0.4.1 release artifacts - - The apiVersion of CRDs was updated from `apiextensions.k8s.io/v1beta1` to `apiextensions.k8s.io/v1` - - Kubernetes 1.16 is required - -### To 1.0.0 - -- The chart was renamed to `kube-prometheus` to be more accurate with the actual capabilities of the chart: it does not just deploy the Prometheus operator, it deploys an entire cluster monitoring stack, that includes other components (e.g. NodeExporter or Kube State metrics). Find more information about the reasons behind this decision at [#3490](https://github.com/bitnami/charts/issues/3490). -- New CRDs were added and some existing ones were updated. -- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -> Note: There is no backwards compatibility due to the above mentioned changes. It's necessary to install a new release of the chart, and migrate the existing TSDB data to the new Prometheus instances. diff --git a/bitnami/kube-prometheus/crds/crd-alertmanager-config.yaml b/bitnami/kube-prometheus/crds/crd-alertmanager-config.yaml deleted file mode 100644 index 5ee63d3..0000000 --- a/bitnami/kube-prometheus/crds/crd-alertmanager-config.yaml +++ /dev/null @@ -1,1869 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: alertmanagerconfigs.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: AlertmanagerConfig - listKind: AlertmanagerConfigList - plural: alertmanagerconfigs - singular: alertmanagerconfig - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: AlertmanagerConfig defines a namespaced AlertmanagerConfig to be aggregated across multiple namespaces configuring one Alertmanager cluster. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: AlertmanagerConfigSpec is a specification of the desired behavior of the Alertmanager configuration. By definition, the Alertmanager configuration only applies to alerts for which the `namespace` label is equal to the namespace of the AlertmanagerConfig resource. - properties: - inhibitRules: - description: List of inhibition rules. The rules will only apply to alerts matching the resource’s namespace. - items: - description: InhibitRule defines an inhibition rule that allows to mute alerts when other alerts are already firing. See https://prometheus.io/docs/alerting/latest/configuration/#inhibit_rule - properties: - equal: - description: Labels that must have an equal value in the source and target alert for the inhibition to take effect. - items: - type: string - type: array - sourceMatch: - description: Matchers for which one or more alerts have to exist for the inhibition to take effect. The operator enforces that the alert matches the resource’s namespace. - items: - description: Matcher defines how to match on alert's labels. - properties: - name: - description: Label to match. - minLength: 1 - type: string - regex: - description: Whether to match on equality (false) or regular-expression (true). - type: boolean - value: - description: Label value to match. - type: string - required: - - name - type: object - type: array - targetMatch: - description: Matchers that have to be fulfilled in the alerts to be muted. The operator enforces that the alert matches the resource’s namespace. - items: - description: Matcher defines how to match on alert's labels. - properties: - name: - description: Label to match. - minLength: 1 - type: string - regex: - description: Whether to match on equality (false) or regular-expression (true). - type: boolean - value: - description: Label value to match. - type: string - required: - - name - type: object - type: array - type: object - type: array - receivers: - description: List of receivers. - items: - description: Receiver defines one or more notification integrations. - properties: - emailConfigs: - description: List of Email configurations. - items: - description: EmailConfig configures notifications via Email. - properties: - authIdentity: - description: The identity to use for authentication. - type: string - authPassword: - description: The secret's key that contains the password to use for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - authSecret: - description: The secret's key that contains the CRAM-MD5 secret. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - authUsername: - description: The username to use for authentication. - type: string - from: - description: The sender address. - type: string - headers: - description: Further headers email header key/value pairs. Overrides any headers previously set by the notification implementation. - items: - description: KeyValue defines a (key, value) tuple. - properties: - key: - description: Key of the tuple. - minLength: 1 - type: string - value: - description: Value of the tuple. - type: string - required: - - key - - value - type: object - type: array - hello: - description: The hostname to identify to the SMTP server. - type: string - html: - description: The HTML body of the email notification. - type: string - requireTLS: - description: The SMTP TLS requirement. Note that Go does not support unencrypted connections to remote SMTP endpoints. - type: boolean - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - smarthost: - description: The SMTP host through which emails are sent. - type: string - text: - description: The text body of the email notification. - type: string - tlsConfig: - description: TLS configuration - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - to: - description: The email address to send notifications to. - type: string - type: object - type: array - name: - description: Name of the receiver. Must be unique across all items from the list. - minLength: 1 - type: string - opsgenieConfigs: - description: List of OpsGenie configurations. - items: - description: OpsGenieConfig configures notifications via OpsGenie. See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config - properties: - apiKey: - description: The secret's key that contains the OpsGenie API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - apiURL: - description: The URL to send OpsGenie API requests to. - type: string - description: - description: Description of the incident. - type: string - details: - description: A set of arbitrary key/value pairs that provide further detail about the incident. - items: - description: KeyValue defines a (key, value) tuple. - properties: - key: - description: Key of the tuple. - minLength: 1 - type: string - value: - description: Value of the tuple. - type: string - required: - - key - - value - type: object - type: array - httpConfig: - description: HTTP client configuration. - properties: - basicAuth: - description: BasicAuth for the client. - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - message: - description: Alert text limited to 130 characters. - type: string - note: - description: Additional alert note. - type: string - priority: - description: Priority level of alert. Possible values are P1, P2, P3, P4, and P5. - type: string - responders: - description: List of responders responsible for notifications. - items: - description: OpsGenieConfigResponder defines a responder to an incident. One of `id`, `name` or `username` has to be defined. - properties: - id: - description: ID of the responder. - type: string - name: - description: Name of the responder. - type: string - type: - description: Type of responder. - minLength: 1 - type: string - username: - description: Username of the responder. - type: string - required: - - type - type: object - type: array - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - source: - description: Backlink to the sender of the notification. - type: string - tags: - description: Comma separated list of tags attached to the notifications. - type: string - type: object - type: array - pagerdutyConfigs: - description: List of PagerDuty configurations. - items: - description: PagerDutyConfig configures notifications via PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config - properties: - class: - description: The class/type of the event. - type: string - client: - description: Client identification. - type: string - clientURL: - description: Backlink to the sender of notification. - type: string - component: - description: The part or component of the affected system that is broken. - type: string - description: - description: Description of the incident. - type: string - details: - description: Arbitrary key/value pairs that provide further detail about the incident. - items: - description: KeyValue defines a (key, value) tuple. - properties: - key: - description: Key of the tuple. - minLength: 1 - type: string - value: - description: Value of the tuple. - type: string - required: - - key - - value - type: object - type: array - group: - description: A cluster or grouping of sources. - type: string - httpConfig: - description: HTTP client configuration. - properties: - basicAuth: - description: BasicAuth for the client. - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - routingKey: - description: The secret's key that contains the PagerDuty integration key (when using Events API v2). Either this field or `serviceKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - serviceKey: - description: The secret's key that contains the PagerDuty service key (when using integration type "Prometheus"). Either this field or `routingKey` needs to be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - severity: - description: Severity of the incident. - type: string - url: - description: The URL to send requests to. - type: string - type: object - type: array - pushoverConfigs: - description: List of Pushover configurations. - items: - description: PushoverConfig configures notifications via Pushover. See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config - properties: - expire: - description: How long your notification will continue to be retried for, unless the user acknowledges the notification. - type: string - html: - description: Whether notification message is HTML or plain text. - type: boolean - httpConfig: - description: HTTP client configuration. - properties: - basicAuth: - description: BasicAuth for the client. - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - message: - description: Notification message. - type: string - priority: - description: Priority, see https://pushover.net/api#priority - type: string - retry: - description: How often the Pushover servers will send the same notification to the user. Must be at least 30 seconds. - type: string - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - sound: - description: The name of one of the sounds supported by device clients to override the user's default sound choice - type: string - title: - description: Notification title. - type: string - token: - description: The secret's key that contains the registered application’s API token, see https://pushover.net/apps. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - url: - description: A supplementary URL shown alongside the message. - type: string - urlTitle: - description: A title for supplementary URL, otherwise just the URL is shown - type: string - userKey: - description: The secret's key that contains the recipient user’s user key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - type: array - slackConfigs: - description: List of Slack configurations. - items: - description: SlackConfig configures notifications via Slack. See https://prometheus.io/docs/alerting/latest/configuration/#slack_config - properties: - actions: - description: A list of Slack actions that are sent with each notification. - items: - description: SlackAction configures a single Slack action that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields and https://api.slack.com/docs/message-buttons for more information. - properties: - confirm: - description: SlackConfirmationField protect users from destructive actions or particularly distinguished decisions by asking them to confirm their button click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields for more information. - properties: - dismissText: - type: string - okText: - type: string - text: - minLength: 1 - type: string - title: - type: string - required: - - text - type: object - name: - type: string - style: - type: string - text: - minLength: 1 - type: string - type: - minLength: 1 - type: string - url: - type: string - value: - type: string - required: - - text - - type - type: object - type: array - apiURL: - description: The secret's key that contains the Slack webhook URL. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - callbackId: - type: string - channel: - description: The channel or user to send notifications to. - type: string - color: - type: string - fallback: - type: string - fields: - description: A list of Slack fields that are sent with each notification. - items: - description: SlackField configures a single Slack field that is sent with each notification. Each field must contain a title, value, and optionally, a boolean value to indicate if the field is short enough to be displayed next to other fields designated as short. See https://api.slack.com/docs/message-attachments#fields for more information. - properties: - short: - type: boolean - title: - minLength: 1 - type: string - value: - minLength: 1 - type: string - required: - - title - - value - type: object - type: array - footer: - type: string - httpConfig: - description: HTTP client configuration. - properties: - basicAuth: - description: BasicAuth for the client. - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - iconEmoji: - type: string - iconURL: - type: string - imageURL: - type: string - linkNames: - type: boolean - mrkdwnIn: - items: - type: string - type: array - pretext: - type: string - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - shortFields: - type: boolean - text: - type: string - thumbURL: - type: string - title: - type: string - titleLink: - type: string - username: - type: string - type: object - type: array - victoropsConfigs: - description: List of VictorOps configurations. - items: - description: VictorOpsConfig configures notifications via VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config - properties: - apiKey: - description: The secret's key that contains the API key to use when talking to the VictorOps API. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - apiUrl: - description: The VictorOps API URL. - type: string - customFields: - description: Additional custom fields for notification. - items: - description: KeyValue defines a (key, value) tuple. - properties: - key: - description: Key of the tuple. - minLength: 1 - type: string - value: - description: Value of the tuple. - type: string - required: - - key - - value - type: object - type: array - entityDisplayName: - description: Contains summary of the alerted problem. - type: string - httpConfig: - description: The HTTP client's configuration. - properties: - basicAuth: - description: BasicAuth for the client. - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - messageType: - description: Describes the behavior of the alert (CRITICAL, WARNING, INFO). - type: string - monitoringTool: - description: The monitoring tool the state message is from. - type: string - routingKey: - description: A key used to map the alert to a team. - type: string - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - stateMessage: - description: Contains long explanation of the alerted problem. - type: string - type: object - type: array - webhookConfigs: - description: List of webhook configurations. - items: - description: WebhookConfig configures notifications via a generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config - properties: - httpConfig: - description: HTTP client configuration. - properties: - basicAuth: - description: BasicAuth for the client. - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - maxAlerts: - description: Maximum number of alerts to be sent per webhook message. When 0, all alerts are included. - format: int32 - minimum: 0 - type: integer - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - url: - description: The URL to send HTTP POST requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. - type: string - urlSecret: - description: The secret's key that contains the webhook URL to send HTTP requests to. `urlSecret` takes precedence over `url`. One of `urlSecret` and `url` should be defined. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - type: array - wechatConfigs: - description: List of WeChat configurations. - items: - description: WeChatConfig configures notifications via WeChat. See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config - properties: - agentID: - type: string - apiSecret: - description: The secret's key that contains the WeChat API key. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - apiURL: - description: The WeChat API URL. - type: string - corpID: - description: The corp id for authentication. - type: string - httpConfig: - description: HTTP client configuration. - properties: - basicAuth: - description: BasicAuth for the client. - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerTokenSecret: - description: The secret's key that contains the bearer token to be used by the client for authentication. The secret needs to be in the same namespace as the AlertmanagerConfig object and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - proxyURL: - description: Optional proxy URL. - type: string - tlsConfig: - description: TLS configuration for the client. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - message: - description: API request data as defined by the WeChat API. - type: string - messageType: - type: string - sendResolved: - description: Whether or not to notify about resolved alerts. - type: boolean - toParty: - type: string - toTag: - type: string - toUser: - type: string - type: object - type: array - required: - - name - type: object - type: array - route: - description: The Alertmanager route definition for alerts matching the resource’s namespace. If present, it will be added to the generated Alertmanager configuration as a first-level route. - properties: - continue: - description: Boolean indicating whether an alert should continue matching subsequent sibling nodes. It will always be overridden to true for the first-level route by the Prometheus operator. - type: boolean - groupBy: - description: List of labels to group by. - items: - type: string - type: array - groupInterval: - description: How long to wait before sending an updated notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). - type: string - groupWait: - description: How long to wait before sending the initial notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). - type: string - matchers: - description: "List of matchers that the alert’s labels should match. For the first level route, the operator removes any existing equality and regexp matcher on the `namespace` label and adds a `namespace: ` matcher." - items: - description: Matcher defines how to match on alert's labels. - properties: - name: - description: Label to match. - minLength: 1 - type: string - regex: - description: Whether to match on equality (false) or regular-expression (true). - type: boolean - value: - description: Label value to match. - type: string - required: - - name - type: object - type: array - receiver: - description: Name of the receiver for this route. If not empty, it should be listed in the `receivers` field. - type: string - repeatInterval: - description: How long to wait before repeating the last notification. Must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). - type: string - routes: - description: Child routes. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/kube-prometheus/crds/crd-alertmanager.yaml b/bitnami/kube-prometheus/crds/crd-alertmanager.yaml deleted file mode 100644 index 38cb614..0000000 --- a/bitnami/kube-prometheus/crds/crd-alertmanager.yaml +++ /dev/null @@ -1,3218 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: alertmanagers.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: Alertmanager - listKind: AlertmanagerList - plural: alertmanagers - singular: alertmanager - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The version of Alertmanager - jsonPath: .spec.version - name: Version - type: string - - description: The desired replicas number of Alertmanagers - jsonPath: .spec.replicas - name: Replicas - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Alertmanager describes an Alertmanager cluster. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: "Specification of the desired behavior of the Alertmanager cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - properties: - additionalPeers: - description: AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. - items: - type: string - type: array - affinity: - description: If specified, the pod's scheduling constraints. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements by node's fields. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. - items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements by node's fields. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - alertmanagerConfigNamespaceSelector: - description: Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - alertmanagerConfigSelector: - description: AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - baseImage: - description: "Base image that is used to deploy pods, without tag. Deprecated: use 'image' instead" - type: string - clusterAdvertiseAddress: - description: "ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918" - type: string - clusterGossipInterval: - description: Interval between gossip attempts. - type: string - clusterPeerTimeout: - description: Timeout for cluster peering. - type: string - clusterPushpullInterval: - description: Interval between pushpull attempts. - type: string - configMaps: - description: ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/. - items: - type: string - type: array - configSecret: - description: ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. - type: string - containers: - description: "Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `alertmanager` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - command: - description: "Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - securityContext: - description: "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - externalUrl: - description: The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. - type: string - forceEnableClusterMode: - description: ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. - type: boolean - image: - description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Alertmanager is being configured. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - type: array - initContainers: - description: "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Alertmanager configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - command: - description: "Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - securityContext: - description: "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - listenLocal: - description: ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. Note this is only for the Alertmanager UI, not the gossip communication. - type: boolean - logFormat: - description: Log format for Alertmanager to be configured with. - type: string - logLevel: - description: Log level for Alertmanager to be configured with. - type: string - nodeSelector: - additionalProperties: - type: string - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: If set to true all actions on the underlying managed objects are not goint to be performed, except for delete actions. - type: boolean - podMetadata: - description: PodMetadata configures Labels and Annotations which are propagated to the alertmanager pods. - properties: - annotations: - additionalProperties: - type: string - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" - type: object - labels: - additionalProperties: - type: string - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" - type: object - name: - description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" - type: string - type: object - portName: - description: Port name used for the pods and governing service. This defaults to web - type: string - priorityClassName: - description: Priority class assigned to the Pods - type: string - replicas: - description: Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the running cluster equal to the expected size. - format: int32 - type: integer - resources: - description: Define resources requests and limits for single Pods. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - retention: - description: Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` (milliseconds seconds minutes hours). - type: string - routePrefix: - description: The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. - items: - type: string - type: array - securityContext: - description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. - type: string - sha: - description: "SHA of Alertmanager container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL." - type: string - storage: - description: Storage is the definition of how storage will be used by the Alertmanager instances. - properties: - disableMountSubPath: - description: "Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts." - type: boolean - emptyDir: - description: "EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir" - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: "Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - volumeClaimTemplate: - description: A PVC spec to be used by the Prometheus StatefulSets. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. - properties: - annotations: - additionalProperties: - type: string - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" - type: object - labels: - additionalProperties: - type: string - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" - type: object - name: - description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" - type: string - type: object - spec: - description: "Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - accessModes: - description: "AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - dataSource: - description: "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change." - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - resources: - description: "Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - selector: - description: A label query over volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - storageClassName: - description: "Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" - type: string - volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. - type: string - type: object - status: - description: "Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - accessModes: - description: "AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Represents the actual resources of the underlying volume. - type: object - conditions: - description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details about state of pvc - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Human-readable message indicating details about last transition. - type: string - reason: - description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - type: object - type: object - type: object - tag: - description: "Tag of Alertmanager container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL." - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: If specified, the pod's topology spread constraints. - items: - description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - maxSkew: - description: "MaxSkew describes the degree to which pods may be unevenly distributed. It's the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It's a required field. Default value is 1 and 0 is not allowed." - format: int32 - type: integer - topologyKey: - description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - version: - description: Version the cluster should be on. - type: string - volumeMounts: - description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the alertmanager container, that are generated as a result of StorageSpec objects. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: "AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: "Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - properties: - cachingMode: - description: "Host Caching mode: None, Read Only, Read Write." - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: "Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime - properties: - monitors: - description: "Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - items: - type: string - type: array - path: - description: "Optional: Used as the mounted root, rather than the full Ceph tree, default is /" - type: string - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: boolean - secretFile: - description: "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - secretRef: - description: "Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - user: - description: "Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - required: - - monitors - type: object - cinder: - description: "Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: boolean - secretRef: - description: "Optional: points to a secret object containing parameters used to connect to OpenStack." - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - volumeID: - description: "volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should populate this volume - properties: - defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). - properties: - driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume - properties: - defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - properties: - fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" - type: string - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: "Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - lun: - description: "Optional: FC target lun number" - format: int32 - type: integer - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: boolean - targetWWNs: - description: "Optional: FC target worldwide names (WWNs)" - items: - type: string - type: array - wwids: - description: "Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." - items: - type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: "Optional: Extra command options if any." - type: object - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: boolean - secretRef: - description: "Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - properties: - datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: "GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: "Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: string - readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: boolean - required: - - pdName - type: object - gitRepo: - description: "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." - properties: - directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: "Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" - properties: - endpoints: - description: "EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - path: - description: "Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - readOnly: - description: "ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: "HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." - properties: - path: - description: "Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: "ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: "Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - nfs: - description: "NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - properties: - path: - description: "Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - readOnly: - description: "ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: boolean - server: - description: "Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - claimName: - description: "ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: Projection that may be projected along with other supported volume types - properties: - configMap: - description: information about the configMap data to project - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - type: object - downwardAPI: - description: information about the downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume file - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - properties: - fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" - type: string - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: information about the secret data to project - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - type: object - serviceAccountToken: - description: information about the serviceAccountToken data to project - properties: - audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to the mount point of the file to project the token into. - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount user - type: string - volume: - description: Volume is a string that references an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: "RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - image: - description: "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - keyring: - description: "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - monitors: - description: "A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - items: - type: string - type: array - pool: - description: "The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: boolean - secretRef: - description: "SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - user: - description: "The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - required: - - image - - monitors - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. - type: string - system: - description: The name of the storage system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: "Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - properties: - defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: Specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: "Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - status: - description: "Most recent observed status of the Alertmanager cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) targeted by this Alertmanager cluster. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Alertmanager cluster (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager cluster. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Alertmanager cluster that have the desired version spec. - format: int32 - type: integer - required: - - availableReplicas - - paused - - replicas - - unavailableReplicas - - updatedReplicas - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/kube-prometheus/crds/crd-podmonitor.yaml b/bitnami/kube-prometheus/crds/crd-podmonitor.yaml deleted file mode 100644 index 0150b5d..0000000 --- a/bitnami/kube-prometheus/crds/crd-podmonitor.yaml +++ /dev/null @@ -1,358 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: podmonitors.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: PodMonitor - listKind: PodMonitorList - plural: podmonitors - singular: podmonitor - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: Specification of desired Pod selection for target discovery by Prometheus. - properties: - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: Selector to select which namespaces the Endpoints objects are discovered from. - properties: - any: - description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - type: object - podMetricsEndpoints: - description: A list of endpoints allowed as part of this PodMonitor. - items: - description: PodMetricsEndpoint defines a scrapeable endpoint of a Kubernetes Pod serving Prometheus metrics. - properties: - basicAuth: - description: "BasicAuth allow an endpoint to authenticate over basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint" - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerTokenSecret: - description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the pod monitor and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - honorLabels: - description: HonorLabels chooses the metric's labels on collisions with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" - properties: - action: - description: Action to perform based on regex matching. Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. - type: string - type: object - type: array - params: - additionalProperties: - items: - type: string - type: array - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the pod port this endpoint refers to. Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. - type: string - relabelings: - description: "RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - items: - description: "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" - properties: - action: - description: Action to perform based on regex matching. Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. - type: string - type: object - type: array - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: "Deprecated: Use 'port' instead." - x-kubernetes-int-or-string: true - tlsConfig: - description: TLS configuration to use when scraping the endpoint. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - type: array - podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. - items: - type: string - type: array - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - format: int64 - type: integer - selector: - description: Selector to select Pod objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - targetLimit: - description: TargetLimit defines a limit on the number of scraped targets that will be accepted. - format: int64 - type: integer - required: - - podMetricsEndpoints - - selector - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/kube-prometheus/crds/crd-probes.yaml b/bitnami/kube-prometheus/crds/crd-probes.yaml deleted file mode 100644 index 926ca55..0000000 --- a/bitnami/kube-prometheus/crds/crd-probes.yaml +++ /dev/null @@ -1,202 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: probes.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: Probe - listKind: ProbeList - plural: probes - singular: probe - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Probe defines monitoring for a set of static targets or ingresses. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: Specification of desired Ingress selection for target discovery by Prometheus. - properties: - interval: - description: Interval at which targets are probed using the configured prober. If not specified Prometheus' global scrape interval is used. - type: string - jobName: - description: The job name assigned to scraped metrics by default. - type: string - module: - description: "The module to use for probing specifying how to probe the target. Example module configuring in the blackbox exporter: https://github.com/prometheus/blackbox_exporter/blob/master/example.yml" - type: string - prober: - description: Specification for the prober to use for probing targets. The prober.URL parameter is required. Targets cannot be probed if left empty. - properties: - path: - description: Path to collect metrics from. Defaults to `/probe`. - type: string - scheme: - description: HTTP scheme to use for scraping. Defaults to `http`. - type: string - url: - description: Mandatory URL of the prober. - type: string - required: - - url - type: object - scrapeTimeout: - description: Timeout for scraping metrics from the Prometheus exporter. - type: string - targets: - description: Targets defines a set of static and/or dynamically discovered targets to be probed using the prober. - properties: - ingress: - description: Ingress defines the set of dynamically discovered ingress objects which hosts are considered for probing. - properties: - namespaceSelector: - description: Select Ingress objects by namespace. - properties: - any: - description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - type: object - relabelingConfigs: - description: "RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - items: - description: "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" - properties: - action: - description: Action to perform based on regex matching. Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. - type: string - type: object - type: array - selector: - description: Select Ingress objects by labels. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - type: object - staticConfig: - description: "StaticConfig defines static targets which are considers for probing. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config." - properties: - labels: - additionalProperties: - type: string - description: Labels assigned to all metrics scraped from the targets. - type: object - relabelingConfigs: - description: "RelabelConfigs to apply to samples before ingestion. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - items: - description: "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" - properties: - action: - description: Action to perform based on regex matching. Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. - type: string - type: object - type: array - static: - description: Targets is a list of URLs to probe using the configured prober. - items: - type: string - type: array - type: object - type: object - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/kube-prometheus/crds/crd-prometheus.yaml b/bitnami/kube-prometheus/crds/crd-prometheus.yaml deleted file mode 100644 index 5453d8c..0000000 --- a/bitnami/kube-prometheus/crds/crd-prometheus.yaml +++ /dev/null @@ -1,4432 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: prometheuses.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: Prometheus - listKind: PrometheusList - plural: prometheuses - singular: prometheus - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The version of Prometheus - jsonPath: .spec.version - name: Version - type: string - - description: The desired replicas number of Prometheuses - jsonPath: .spec.replicas - name: Replicas - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: Prometheus defines a Prometheus deployment. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: "Specification of the desired behavior of the Prometheus cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - properties: - additionalAlertManagerConfigs: - description: "AdditionalAlertManagerConfigs allows specifying a key of a Secret containing additional Prometheus AlertManager configurations. AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config. As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade." - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - additionalAlertRelabelConfigs: - description: "AdditionalAlertRelabelConfigs allows specifying a key of a Secret containing additional Prometheus alert relabel configurations. Alert relabel configurations specified are appended to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel configs are going to break Prometheus after the upgrade." - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - additionalScrapeConfigs: - description: "AdditionalScrapeConfigs allows specifying a key of a Secret containing additional Prometheus scrape configurations. Scrape configurations specified are appended to the configurations generated by the Prometheus Operator. Job configurations specified must have the form as specified in the official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible scrape configs are going to break Prometheus after the upgrade." - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - affinity: - description: If specified, the pod's scheduling constraints. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements by node's fields. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. - items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements by node's fields. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - alerting: - description: Define details regarding alerting. - properties: - alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts against. - items: - description: AlertmanagerEndpoints defines a selection of a single Endpoints object containing alertmanager IPs to fire alerts against. - properties: - apiVersion: - description: Version of the Alertmanager API that Prometheus uses to send alerts. It can be "v1" or "v2". - type: string - bearerTokenFile: - description: BearerTokenFile to read from filesystem to use when authenticating to Alertmanager. - type: string - name: - description: Name of Endpoints object in Namespace. - type: string - namespace: - description: Namespace of Endpoints object. - type: string - pathPrefix: - description: Prefix for the HTTP path alerts are pushed to. - type: string - port: - anyOf: - - type: integer - - type: string - description: Port the Alertmanager API is exposed on. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use when firing alerts. - type: string - timeout: - description: Timeout is a per-target Alertmanager timeout when pushing alerts. - type: string - tlsConfig: - description: TLS Config to use for alertmanager connection. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. - type: string - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - certFile: - description: Path to the client cert file in the Prometheus container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - required: - - name - - namespace - - port - type: object - type: array - required: - - alertmanagers - type: object - allowOverlappingBlocks: - description: AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental in Prometheus so it may change in any upcoming release. - type: boolean - apiserverConfig: - description: APIServerConfig allows specifying a host and auth methods to access apiserver. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. - properties: - basicAuth: - description: BasicAuth allow an endpoint to authenticate over basic authentication - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerToken: - description: Bearer token for accessing apiserver. - type: string - bearerTokenFile: - description: File to read bearer token for accessing apiserver. - type: string - host: - description: Host of apiserver. A valid string consisting of a hostname or IP followed by an optional port number - type: string - tlsConfig: - description: TLS Config to use for accessing apiserver. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. - type: string - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - certFile: - description: Path to the client cert file in the Prometheus container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - required: - - host - type: object - arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files on the file system of the Prometheus container e.g. bearer token files. - properties: - deny: - type: boolean - type: object - baseImage: - description: "Base image to use for a Prometheus deployment. Deprecated: use 'image' instead" - type: string - configMaps: - description: ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The ConfigMaps are mounted into /etc/prometheus/configmaps/. - items: - type: string - type: array - containers: - description: "Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a Prometheus pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `prometheus`, `config-reloader`, and `thanos-sidecar`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - command: - description: "Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - securityContext: - description: "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - disableCompaction: - description: Disable prometheus compaction. - type: boolean - enableAdminAPI: - description: "Enable access to prometheus web admin API. Defaults to the value of `false`. WARNING: Enabling the admin APIs enables mutating endpoints, to delete data, shutdown Prometheus, and more. Enabling this should be done with care and the user is advised to add additional authentication authorization via a proxy to ensure only clients authorized to perform these actions can do so. For more information see https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis" - type: boolean - enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. - type: string - enforcedSampleLimit: - description: EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. - format: int64 - type: integer - enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep overall number of targets under the desired limit. Note that if TargetLimit is higher that value will be taken instead. - format: int64 - type: integer - evaluationInterval: - description: Interval between consecutive evaluations. - type: string - externalLabels: - additionalProperties: - type: string - description: The labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager). - type: object - externalUrl: - description: The external URL the Prometheus instances will be available under. This is necessary to generate correct URLs. This is necessary if Prometheus is not served from root of a DNS name. - type: string - ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor configs, and they will only discover endpoints within their current namespace. Defaults to false. - type: boolean - image: - description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Prometheus is being configured. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace to use for pulling prometheus and alertmanager images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - type: array - initContainers: - description: "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the Prometheus configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - command: - description: "Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - securityContext: - description: "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. - type: boolean - logFormat: - description: Log format for Prometheus to be configured with. - type: string - logLevel: - description: Log level for Prometheus to be configured with. - type: string - nodeSelector: - additionalProperties: - type: string - description: Define which Nodes the Pods are scheduled on. - type: object - overrideHonorLabels: - description: OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor or PodMonitor to true, this overrides honor_labels to false. - type: boolean - overrideHonorTimestamps: - description: OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. - type: boolean - paused: - description: When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. - type: boolean - podMetadata: - description: PodMetadata configures Labels and Annotations which are propagated to the prometheus pods. - properties: - annotations: - additionalProperties: - type: string - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" - type: object - labels: - additionalProperties: - type: string - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" - type: object - name: - description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" - type: string - type: object - podMonitorNamespaceSelector: - description: Namespace's labels to match for PodMonitor discovery. If nil, only check own namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - podMonitorSelector: - description: "*Experimental* PodMonitors to be selected for target discovery. *Deprecated:* if neither this nor serviceMonitorSelector are specified, configuration is unmanaged." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - portName: - description: Port name used for the pods and governing service. This defaults to web - type: string - priorityClassName: - description: Priority class assigned to the Pods - type: string - probeNamespaceSelector: - description: "*Experimental* Namespaces to be selected for Probe discovery. If nil, only check own namespace." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - probeSelector: - description: "*Experimental* Probes to be selected for target discovery." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - prometheusExternalLabelName: - description: Name of Prometheus external label used to denote Prometheus instance name. Defaults to the value of `prometheus`. External label will _not_ be added when value is set to empty string (`""`). - type: string - prometheusRulesExcludedFromEnforce: - description: PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair - items: - description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. - properties: - ruleName: - description: RuleNamespace - name of excluded rule - type: string - ruleNamespace: - description: RuleNamespace - namespace of excluded rule - type: string - required: - - ruleName - - ruleNamespace - type: object - type: array - query: - description: QuerySpec defines the query command line flags when starting Prometheus. - properties: - lookbackDelta: - description: The delta difference allowed for retrieving metrics during expression evaluations. - type: string - maxConcurrency: - description: Number of concurrent queries that can be run at once. - format: int32 - type: integer - maxSamples: - description: Maximum number of samples a single query can load into memory. Note that queries will fail if they would load more samples than this into memory, so this also limits the number of samples a query can return. - format: int32 - type: integer - timeout: - description: Maximum time a query may take before being aborted. - type: string - type: object - queryLogFile: - description: QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such as `/dev/stdout` to log querie information to the default Prometheus log stream. This is only available in versions of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) - type: string - remoteRead: - description: If specified, the remote_read spec. This is an experimental feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteReadSpec defines the remote_read configuration for prometheus. - properties: - basicAuth: - description: BasicAuth for the URL. - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerToken: - description: bearer token for remote read. - type: string - bearerTokenFile: - description: File to read bearer token for remote read. - type: string - name: - description: The name of the remote read queue, must be unique if specified. The name is used in metrics and logging in order to differentiate read configurations. Only valid in Prometheus versions 2.15.0 and newer. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - readRecent: - description: Whether reads should be made for queries for time ranges that the local storage should have complete data for. - type: boolean - remoteTimeout: - description: Timeout for requests to the remote read endpoint. - type: string - requiredMatchers: - additionalProperties: - type: string - description: An optional list of equality matchers which have to be present in a selector to query the remote read endpoint. - type: object - tlsConfig: - description: TLS Config to use for remote read. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. - type: string - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - certFile: - description: Path to the client cert file in the Prometheus container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: The URL of the endpoint to send samples to. - type: string - required: - - url - type: object - type: array - remoteWrite: - description: If specified, the remote_write spec. This is an experimental feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteWriteSpec defines the remote_write configuration for prometheus. - properties: - basicAuth: - description: BasicAuth for the URL. - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerToken: - description: File to read bearer token for remote write. - type: string - bearerTokenFile: - description: File to read bearer token for remote write. - type: string - headers: - additionalProperties: - type: string - description: Custom HTTP headers to be sent along with each remote write request. Be aware that headers that are set by Prometheus itself can't be overwritten. Only valid in Prometheus versions 2.25.0 and newer. - type: object - name: - description: The name of the remote write queue, must be unique if specified. The name is used in metrics and logging in order to differentiate queues. Only valid in Prometheus versions 2.15.0 and newer. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - queueConfig: - description: QueueConfig allows tuning of the remote write queue parameters. - properties: - batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample will wait in buffer. - type: string - capacity: - description: Capacity is the number of samples to buffer per shard before we start dropping them. - type: integer - maxBackoff: - description: MaxBackoff is the maximum retry delay. - type: string - maxRetries: - description: MaxRetries is the maximum number of times to retry a batch on recoverable errors. - type: integer - maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of samples per send. - type: integer - maxShards: - description: MaxShards is the maximum number of shards, i.e. amount of concurrency. - type: integer - minBackoff: - description: MinBackoff is the initial retry delay. Gets doubled for every retry. - type: string - minShards: - description: MinShards is the minimum number of shards, i.e. amount of concurrency. - type: integer - type: object - remoteTimeout: - description: Timeout for requests to the remote write endpoint. - type: string - tlsConfig: - description: TLS Config to use for remote write. - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. - type: string - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - certFile: - description: Path to the client cert file in the Prometheus container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - url: - description: The URL of the endpoint to send samples to. - type: string - writeRelabelConfigs: - description: The list of remote write relabel configurations. - items: - description: "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" - properties: - action: - description: Action to perform based on regex matching. Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. - type: string - type: object - type: array - required: - - url - type: object - type: array - replicaExternalLabelName: - description: Name of Prometheus external label used to denote replica name. Defaults to the value of `prometheus_replica`. External label will _not_ be added when value is set to empty string (`""`). - type: string - replicas: - description: Number of replicas of each shard to deploy for a Prometheus deployment. Number of replicas multiplied by shards is the total number of Pods created. - format: int32 - type: integer - resources: - description: Define resources requests and limits for single Pods. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - retention: - description: Time duration Prometheus shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). - type: string - retentionSize: - description: "Maximum amount of disk space used by blocks. Supported units: B, KB, MB, GB, TB, PB, EB. Ex: `512MB`." - type: string - routePrefix: - description: The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. - type: string - ruleNamespaceSelector: - description: Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - ruleSelector: - description: A selector to select which PrometheusRules to mount for loading alerting/recording rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - rules: - description: /--rules.*/ command-line arguments. - properties: - alert: - description: /--rules.alert.*/ command-line arguments - properties: - forGracePeriod: - description: Minimum duration between alert and restored 'for' state. This is maintained only for alerts with configured 'for' time greater than grace period. - type: string - forOutageTolerance: - description: Max time to tolerate prometheus outage for restoring 'for' state of alert. - type: string - resendDelay: - description: Minimum amount of time to wait before resending an alert to Alertmanager. - type: string - type: object - type: object - scrapeInterval: - description: Interval between consecutive scrapes. - type: string - scrapeTimeout: - description: Number of seconds to wait for target to respond before erroring. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. The Secrets are mounted into /etc/prometheus/secrets/. - items: - type: string - type: array - securityContext: - description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run the Prometheus Pods. - type: string - serviceMonitorNamespaceSelector: - description: Namespace's labels to match for ServiceMonitor discovery. If nil, only check own namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - serviceMonitorSelector: - description: ServiceMonitors to be selected for target discovery. *Deprecated:* if neither this nor podMonitorSelector are specified, configuration is unmanaged. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - sha: - description: "SHA of Prometheus container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL." - type: string - shards: - description: "EXPERIMENTAL: Number of shards to distribute targets onto. Number of replicas multiplied by shards is the total number of Pods created. Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. Increasing shards will not reshard data either but it will continue to be available from the same instances. To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. Sharding is done on the content of the `__address__` target meta-label." - format: int32 - type: integer - storage: - description: Storage spec to specify how storage shall be used. - properties: - disableMountSubPath: - description: "Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts." - type: boolean - emptyDir: - description: "EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir" - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: "Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - volumeClaimTemplate: - description: A PVC spec to be used by the Prometheus StatefulSets. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. - properties: - annotations: - additionalProperties: - type: string - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" - type: object - labels: - additionalProperties: - type: string - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" - type: object - name: - description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" - type: string - type: object - spec: - description: "Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - accessModes: - description: "AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - dataSource: - description: "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change." - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - resources: - description: "Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - selector: - description: A label query over volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - storageClassName: - description: "Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" - type: string - volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. - type: string - type: object - status: - description: "Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - accessModes: - description: "AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Represents the actual resources of the underlying volume. - type: object - conditions: - description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details about state of pvc - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Human-readable message indicating details about last transition. - type: string - reason: - description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - type: object - type: object - type: object - tag: - description: "Tag of Prometheus container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL." - type: string - thanos: - description: "Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. \n This section is experimental, it may change significantly without deprecation notice in any release. \n This is experimental and may change significantly without backward compatibility in any release." - properties: - baseImage: - description: "Thanos base image if other than default. Deprecated: use 'image' instead" - type: string - grpcServerTlsConfig: - description: "GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args." - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. - type: string - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - certFile: - description: Path to the client cert file in the Prometheus container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - image: - description: Image if specified has precedence over baseImage, tag and sha combinations. Specifying the version is still necessary to ensure the Prometheus Operator knows what version of Thanos is being configured. - type: string - listenLocal: - description: ListenLocal makes the Thanos sidecar listen on loopback, so that it does not bind against the Pod IP. - type: boolean - logFormat: - description: LogFormat for Thanos sidecar to be configured with. - type: string - logLevel: - description: LogLevel for Thanos sidecar to be configured with. - type: string - minTime: - description: MinTime for Thanos sidecar to be configured with. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y. - type: string - objectStorageConfig: - description: ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - objectStorageConfigFile: - description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. - type: string - resources: - description: Resources defines the resource requirements for the Thanos sidecar. If not provided, no requests/limits will be set - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - sha: - description: "SHA of Thanos container image to be deployed. Defaults to the value of `version`. Similar to a tag, but the SHA explicitly deploys an immutable container image. Version and Tag are ignored if SHA is set. Deprecated: use 'image' instead. The image digest can be specified as part of the image URL." - type: string - tag: - description: "Tag of Thanos sidecar container image to be deployed. Defaults to the value of `version`. Version is ignored if Tag is set. Deprecated: use 'image' instead. The image tag can be specified as part of the image URL." - type: string - tracingConfig: - description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - tracingConfigFile: - description: TracingConfig specifies the path of the tracing configuration file. When used alongside with TracingConfig, TracingConfigFile takes precedence. - type: string - version: - description: Version describes the version of Thanos to use. - type: string - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: If specified, the pod's topology spread constraints. - items: - description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - maxSkew: - description: "MaxSkew describes the degree to which pods may be unevenly distributed. It's the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It's a required field. Default value is 1 and 0 is not allowed." - format: int32 - type: integer - topologyKey: - description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - version: - description: Version of Prometheus to be deployed. - type: string - volumeMounts: - description: VolumeMounts allows configuration of additional VolumeMounts on the output StatefulSet definition. VolumeMounts specified will be appended to other VolumeMounts in the prometheus container, that are generated as a result of StorageSpec objects. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: "AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: "Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - properties: - cachingMode: - description: "Host Caching mode: None, Read Only, Read Write." - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: "Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime - properties: - monitors: - description: "Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - items: - type: string - type: array - path: - description: "Optional: Used as the mounted root, rather than the full Ceph tree, default is /" - type: string - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: boolean - secretFile: - description: "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - secretRef: - description: "Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - user: - description: "Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - required: - - monitors - type: object - cinder: - description: "Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: boolean - secretRef: - description: "Optional: points to a secret object containing parameters used to connect to OpenStack." - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - volumeID: - description: "volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should populate this volume - properties: - defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). - properties: - driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume - properties: - defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - properties: - fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" - type: string - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: "Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - lun: - description: "Optional: FC target lun number" - format: int32 - type: integer - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: boolean - targetWWNs: - description: "Optional: FC target worldwide names (WWNs)" - items: - type: string - type: array - wwids: - description: "Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." - items: - type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: "Optional: Extra command options if any." - type: object - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: boolean - secretRef: - description: "Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - properties: - datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: "GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: "Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: string - readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: boolean - required: - - pdName - type: object - gitRepo: - description: "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." - properties: - directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: "Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" - properties: - endpoints: - description: "EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - path: - description: "Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - readOnly: - description: "ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: "HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." - properties: - path: - description: "Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: "ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: "Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - nfs: - description: "NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - properties: - path: - description: "Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - readOnly: - description: "ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: boolean - server: - description: "Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - claimName: - description: "ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: Projection that may be projected along with other supported volume types - properties: - configMap: - description: information about the configMap data to project - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - type: object - downwardAPI: - description: information about the downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume file - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - properties: - fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" - type: string - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: information about the secret data to project - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - type: object - serviceAccountToken: - description: information about the serviceAccountToken data to project - properties: - audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to the mount point of the file to project the token into. - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount user - type: string - volume: - description: Volume is a string that references an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: "RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - image: - description: "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - keyring: - description: "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - monitors: - description: "A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - items: - type: string - type: array - pool: - description: "The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: boolean - secretRef: - description: "SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - user: - description: "The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - required: - - image - - monitors - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. - type: string - system: - description: The name of the storage system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: "Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - properties: - defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: Specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: "Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - walCompression: - description: Enable compression of the write-ahead log using Snappy. This flag is only available in versions of Prometheus >= 2.11.0. - type: boolean - web: - description: WebSpec defines the web command line flags when starting Prometheus. - properties: - pageTitle: - description: The prometheus web page title - type: string - type: object - type: object - status: - description: "Most recent observed status of the Prometheus cluster. Read-only. Not included when requesting from the apiserver, only from the Prometheus Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) targeted by this Prometheus deployment. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Prometheus deployment (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Prometheus deployment. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Prometheus deployment that have the desired version spec. - format: int32 - type: integer - required: - - availableReplicas - - paused - - replicas - - unavailableReplicas - - updatedReplicas - type: object - required: - - spec - type: object - served: true - storage: true - subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/kube-prometheus/crds/crd-prometheusrules.yaml b/bitnami/kube-prometheus/crds/crd-prometheusrules.yaml deleted file mode 100644 index abf48ee..0000000 --- a/bitnami/kube-prometheus/crds/crd-prometheusrules.yaml +++ /dev/null @@ -1,90 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: prometheusrules.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - kind: PrometheusRule - listKind: PrometheusRuleList - plural: prometheusrules - singular: prometheusrule - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: PrometheusRule defines recording and alerting rules for a Prometheus instance - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: Specification of desired alerting rule definitions for Prometheus. - properties: - groups: - description: Content of Prometheus rule file - items: - description: "RuleGroup is a list of sequentially evaluated recording and alerting rules. Note: PartialResponseStrategy is only used by ThanosRuler and will be ignored by Prometheus instances. Valid values for this field are 'warn' or 'abort'. More info: https://github.com/thanos-io/thanos/blob/master/docs/components/rule.md#partial-response" - properties: - interval: - type: string - name: - type: string - partial_response_strategy: - type: string - rules: - items: - description: Rule describes an alerting or recording rule. - properties: - alert: - type: string - annotations: - additionalProperties: - type: string - type: object - expr: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - for: - type: string - labels: - additionalProperties: - type: string - type: object - record: - type: string - required: - - expr - type: object - type: array - required: - - name - - rules - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/kube-prometheus/crds/crd-servicemonitor.yaml b/bitnami/kube-prometheus/crds/crd-servicemonitor.yaml deleted file mode 100644 index 6437483..0000000 --- a/bitnami/kube-prometheus/crds/crd-servicemonitor.yaml +++ /dev/null @@ -1,373 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: servicemonitors.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - kind: ServiceMonitor - listKind: ServiceMonitorList - plural: servicemonitors - singular: servicemonitor - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ServiceMonitor defines monitoring for a set of services. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: Specification of desired Service selection for target discovery by Prometheus. - properties: - endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. - items: - description: Endpoint defines a scrapeable endpoint serving Prometheus metrics. - properties: - basicAuth: - description: "BasicAuth allow an endpoint to authenticate over basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints" - properties: - password: - description: The secret in the service monitor namespace that contains the password for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - username: - description: The secret in the service monitor namespace that contains the username for authentication. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - bearerTokenFile: - description: File to read bearer token for scraping targets. - type: string - bearerTokenSecret: - description: Secret to mount to read bearer token for scraping targets. The secret needs to be in the same namespace as the service monitor and accessible by the Prometheus Operator. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - honorLabels: - description: HonorLabels chooses the metric's labels on collisions with target labels. - type: boolean - honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" - properties: - action: - description: Action to perform based on regex matching. Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. - type: string - type: object - type: array - params: - additionalProperties: - items: - type: string - type: array - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the service port this endpoint refers to. Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes to proxy through this endpoint. - type: string - relabelings: - description: "RelabelConfigs to apply to samples before scraping. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config" - items: - description: "RelabelConfig allows dynamic rewriting of the label set, being applied to samples before ingestion. It defines ``-section of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs" - properties: - action: - description: Action to perform based on regex matching. Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted value is matched. Default is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace is performed if the regular expression matches. Regex capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written in a replace action. It is mandatory for replace actions. Regex capture groups are available. - type: string - type: object - type: array - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: Name or number of the target port of the Pod behind the Service, the port must be specified with container port property. Mutually exclusive with port. - x-kubernetes-int-or-string: true - tlsConfig: - description: TLS configuration to use when scraping the endpoint - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. - type: string - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - certFile: - description: Path to the client cert file in the Prometheus container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - type: object - type: array - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: Selector to select which namespaces the Endpoints objects are discovered from. - properties: - any: - description: Boolean describing whether all namespaces are selected in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - type: object - podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod onto the target. - items: - type: string - type: array - sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped samples that will be accepted. - format: int64 - type: integer - selector: - description: Selector to select Endpoints objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - targetLabels: - description: TargetLabels transfers labels on the Kubernetes Service onto the target. - items: - type: string - type: array - targetLimit: - description: TargetLimit defines a limit on the number of scraped targets that will be accepted. - format: int64 - type: integer - required: - - endpoints - - selector - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/kube-prometheus/crds/crd-thanosrulers.yaml b/bitnami/kube-prometheus/crds/crd-thanosrulers.yaml deleted file mode 100644 index 7a06d91..0000000 --- a/bitnami/kube-prometheus/crds/crd-thanosrulers.yaml +++ /dev/null @@ -1,3342 +0,0 @@ -# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml - ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: thanosrulers.monitoring.coreos.com -spec: - group: monitoring.coreos.com - names: - categories: - - prometheus-operator - kind: ThanosRuler - listKind: ThanosRulerList - plural: thanosrulers - singular: thanosruler - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: ThanosRuler defines a ThanosRuler deployment. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - type: object - spec: - description: "Specification of the desired behavior of the ThanosRuler cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - properties: - affinity: - description: If specified, the pod's scheduling constraints. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements by node's fields. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. - items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements by node's fields. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - alertDropLabels: - description: AlertDropLabels configure the label names which should be dropped in ThanosRuler alerts. If `labels` field is not provided, `thanos_ruler_replica` will be dropped in alerts by default. - items: - type: string - type: array - alertQueryUrl: - description: The external Query URL the Thanos Ruler will set in the 'Source' field of all alerts. Maps to the '--alert.query-url' CLI arg. - type: string - alertmanagersConfig: - description: Define configuration for connecting to alertmanager. Only available with thanos v0.10.0 and higher. Maps to the `alertmanagers.config` arg. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - alertmanagersUrl: - description: "Define URLs to send alerts to Alertmanager. For Thanos v0.10.0 and higher, AlertManagersConfig should be used instead. Note: this field will be ignored if AlertManagersConfig is specified. Maps to the `alertmanagers.url` arg." - items: - type: string - type: array - containers: - description: "Containers allows injecting additional containers or modifying operator generated containers. This can be used to allow adding an authentication proxy to a ThanosRuler pod or to change the behavior of an operator generated container. Containers described here modify an operator generated container if they share the same name and modifications are done via a strategic merge patch. The current container names are: `thanos-ruler` and `config-reloader`. Overriding containers is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - command: - description: "Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - securityContext: - description: "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. The label value will always be the namespace of the object that is being created. - type: string - evaluationInterval: - description: Interval between consecutive evaluations. - type: string - externalPrefix: - description: The external URL the Thanos Ruler instances will be available under. This is necessary to generate correct URLs. This is necessary if Thanos Ruler is not served from root of a DNS name. - type: string - grpcServerTlsConfig: - description: "GRPCServerTLSConfig configures the gRPC server from which Thanos Querier reads recorded rule data. Note: Currently only the CAFile, CertFile, and KeyFile fields are supported. Maps to the '--grpc-server-tls-*' CLI args." - properties: - ca: - description: Struct containing the CA cert to use for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - caFile: - description: Path to the CA cert in the Prometheus container to use for the targets. - type: string - cert: - description: Struct containing the client cert file for the targets. - properties: - configMap: - description: ConfigMap containing data to use for the targets. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - secret: - description: Secret containing data to use for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - certFile: - description: Path to the client cert file in the Prometheus container for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: Path to the client key file in the Prometheus container for the targets. - type: string - keySecret: - description: Secret containing the client key file for the targets. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - serverName: - description: Used to verify the hostname for the targets. - type: string - type: object - image: - description: Thanos container image URL. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace to use for pulling thanos images from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - type: array - initContainers: - description: "InitContainers allows adding initContainers to the pod definition. Those can be used to e.g. fetch secrets for injection into the ThanosRuler configuration from external sources. Any errors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ Using initContainers for any use case other then secret fetching is entirely outside the scope of what the maintainers will support and by doing so, you accept that this behaviour may break at any time without notice." - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - command: - description: "Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell" - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - type: object - type: array - image: - description: "Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets." - type: string - imagePullPolicy: - description: "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images" - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod's termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - resources: - description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - securityContext: - description: "Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/" - properties: - allowPrivilegeEscalation: - description: "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN" - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - startupProbe: - description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is a beta feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: "TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook" - properties: - host: - description: "Optional: Host name to connect to, defaults to the pod IP." - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - description: "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes" - format: int32 - type: integer - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated." - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: Labels configure the external label pairs to ThanosRuler. If not provided, default replica label `thanos_ruler_replica` will be added as a label and be dropped in alerts. - type: object - listenLocal: - description: ListenLocal makes the Thanos ruler listen on loopback, so that it does not bind against the Pod IP. - type: boolean - logFormat: - description: Log format for ThanosRuler to be configured with. - type: string - logLevel: - description: Log level for ThanosRuler to be configured with. - type: string - nodeSelector: - additionalProperties: - type: string - description: Define which Nodes the Pods are scheduled on. - type: object - objectStorageConfig: - description: ObjectStorageConfig configures object storage in Thanos. Alternative to ObjectStorageConfigFile, and lower order priority. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - objectStorageConfigFile: - description: ObjectStorageConfigFile specifies the path of the object storage configuration file. When used alongside with ObjectStorageConfig, ObjectStorageConfigFile takes precedence. - type: string - paused: - description: When a ThanosRuler deployment is paused, no actions except for deletion will be performed on the underlying objects. - type: boolean - podMetadata: - description: PodMetadata contains Labels and Annotations gets propagated to the thanos ruler pods. - properties: - annotations: - additionalProperties: - type: string - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" - type: object - labels: - additionalProperties: - type: string - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" - type: object - name: - description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" - type: string - type: object - portName: - description: Port name used for the pods and governing service. This defaults to web - type: string - priorityClassName: - description: Priority class assigned to the Pods - type: string - prometheusRulesExcludedFromEnforce: - description: PrometheusRulesExcludedFromEnforce - list of Prometheus rules to be excluded from enforcing of adding namespace labels. Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair - items: - description: PrometheusRuleExcludeConfig enables users to configure excluded PrometheusRule names and their namespaces to be ignored while enforcing namespace label for alerts and metrics. - properties: - ruleName: - description: RuleNamespace - name of excluded rule - type: string - ruleNamespace: - description: RuleNamespace - namespace of excluded rule - type: string - required: - - ruleName - - ruleNamespace - type: object - type: array - queryConfig: - description: Define configuration for connecting to thanos query instances. If this is defined, the QueryEndpoints field will be ignored. Maps to the `query.config` CLI argument. Only available with thanos v0.11.0 and higher. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - queryEndpoints: - description: QueryEndpoints defines Thanos querier endpoints from which to query metrics. Maps to the --query flag of thanos ruler. - items: - type: string - type: array - replicas: - description: Number of thanos ruler instances to deploy. - format: int32 - type: integer - resources: - description: Resources defines the resource requirements for single Pods. If not provided, no requests/limits will be set - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - retention: - description: Time duration ThanosRuler shall retain data for. Default is '24h', and must match the regular expression `[0-9]+(ms|s|m|h|d|w|y)` (milliseconds seconds minutes hours days weeks years). - type: string - routePrefix: - description: The route prefix ThanosRuler registers HTTP handlers for. This allows thanos UI to be served on a sub-path. - type: string - ruleNamespaceSelector: - description: Namespaces to be selected for Rules discovery. If unspecified, only the same namespace as the ThanosRuler object is in is used. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - ruleSelector: - description: A label selector to select which PrometheusRules to mount for alerting and recording. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - securityContext: - description: SecurityContext holds pod-level security attributes and common container settings. This defaults to the default PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to use to run the Thanos Ruler Pods. - type: string - storage: - description: Storage spec to specify how storage shall be used. - properties: - disableMountSubPath: - description: "Deprecated: subPath usage will be disabled by default in a future release, this option will become unnecessary. DisableMountSubPath allows to remove any subPath usage in volume mounts." - type: boolean - emptyDir: - description: "EmptyDirVolumeSource to be used by the Prometheus StatefulSets. If specified, used in place of any volumeClaimTemplate. More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir" - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: "Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - volumeClaimTemplate: - description: A PVC spec to be used by the Prometheus StatefulSets. - properties: - apiVersion: - description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" - type: string - kind: - description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" - type: string - metadata: - description: EmbeddedMetadata contains metadata relevant to an EmbeddedResource. - properties: - annotations: - additionalProperties: - type: string - description: "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations" - type: object - labels: - additionalProperties: - type: string - description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels" - type: object - name: - description: "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names" - type: string - type: object - spec: - description: "Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - accessModes: - description: "AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - dataSource: - description: "This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - Beta) * An existing PVC (PersistentVolumeClaim) * An existing custom resource/object that implements data population (Alpha) In order to use VolumeSnapshot object types, the appropriate feature gate must be enabled (VolumeSnapshotDataSource or AnyVolumeDataSource) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the specified data source is not supported, the volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change." - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - resources: - description: "Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources" - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/" - type: object - type: object - selector: - description: A label query over volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - storageClassName: - description: "Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1" - type: string - volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. - type: string - type: object - status: - description: "Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - accessModes: - description: "AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1" - items: - type: string - type: array - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Represents the actual resources of the underlying volume. - type: object - conditions: - description: Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details about state of pvc - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - format: date-time - type: string - message: - description: Human-readable message indicating details about last transition. - type: string - reason: - description: Unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - type: object - type: object - type: object - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: If specified, the pod's topology spread constraints. - items: - description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - maxSkew: - description: "MaxSkew describes the degree to which pods may be unevenly distributed. It's the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It's a required field. Default value is 1 and 0 is not allowed." - format: int32 - type: integer - topologyKey: - description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It''s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - tracingConfig: - description: TracingConfig configures tracing in Thanos. This is an experimental feature, it may change in any upcoming release in a breaking way. - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - required: - - key - type: object - volumes: - description: Volumes allows configuration of additional volumes on the output StatefulSet definition. Volumes specified will be appended to other volumes that are generated as a result of StorageSpec objects. - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: "AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: "Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore" - type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - properties: - cachingMode: - description: "Host Caching mode: None, Read Only, Read Write." - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: "Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared" - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime - properties: - monitors: - description: "Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - items: - type: string - type: array - path: - description: "Optional: Used as the mounted root, rather than the full Ceph tree, default is /" - type: string - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: boolean - secretFile: - description: "Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - secretRef: - description: "Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - user: - description: "Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it" - type: string - required: - - monitors - type: object - cinder: - description: "Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: boolean - secretRef: - description: "Optional: points to a secret object containing parameters used to connect to OpenStack." - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - volumeID: - description: "volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md" - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should populate this volume - properties: - defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). - properties: - driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume - properties: - defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - properties: - fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" - type: string - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: "EmptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir" - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: "Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - lun: - description: "Optional: FC target lun number" - format: int32 - type: integer - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: boolean - targetWWNs: - description: "Optional: FC target worldwide names (WWNs)" - items: - type: string - type: array - wwids: - description: "Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously." - items: - type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: "Optional: Extra command options if any." - type: object - readOnly: - description: "Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts." - type: boolean - secretRef: - description: "Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts." - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - properties: - datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: "GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: "Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: string - readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk" - type: boolean - required: - - pdName - type: object - gitRepo: - description: "GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container." - properties: - directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: "Glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md" - properties: - endpoints: - description: "EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - path: - description: "Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: string - readOnly: - description: "ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod" - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: "HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write." - properties: - path: - description: "Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath" - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: "ISCSI represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md" - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: "Volume's name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - type: string - nfs: - description: "NFS represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - properties: - path: - description: "Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - readOnly: - description: "ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: boolean - server: - description: "Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs" - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: "PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - properties: - claimName: - description: "ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims" - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: Projection that may be projected along with other supported volume types - properties: - configMap: - description: information about the configMap data to project - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - type: object - downwardAPI: - description: information about the downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume file - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - properties: - fieldRef: - description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported." - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'" - type: string - resourceFieldRef: - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported." - properties: - containerName: - description: "Container name: required for volumes, optional for env vars" - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: "Required: resource to select" - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: information about the secret data to project - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - type: object - serviceAccountToken: - description: information about the serviceAccountToken data to project - properties: - audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to the mount point of the file to project the token into. - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount user - type: string - volume: - description: Volume is a string that references an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: "RBD represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md" - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - image: - description: "The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - keyring: - description: "Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - monitors: - description: "A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - items: - type: string - type: array - pool: - description: "The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - readOnly: - description: "ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: boolean - secretRef: - description: "SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - user: - description: "The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it" - type: string - required: - - image - - monitors - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. - type: string - system: - description: The name of the storage system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: "Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - properties: - defaultMode: - description: "Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: "Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set." - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: Specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: "Name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret" - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. - properties: - name: - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?" - type: string - type: object - volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - status: - description: "Most recent observed status of the ThanosRuler cluster. Read-only. Not included when requesting from the apiserver, only from the ThanosRuler Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status" - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) targeted by this ThanosRuler deployment. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlying managed objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this ThanosRuler deployment (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this ThanosRuler deployment. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this ThanosRuler deployment that have the desired version spec. - format: int32 - type: integer - required: - - availableReplicas - - paused - - replicas - - unavailableReplicas - - updatedReplicas - type: object - required: - - spec - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/bitnami/kube-prometheus/templates/NOTES.txt b/bitnami/kube-prometheus/templates/NOTES.txt deleted file mode 100644 index e952635..0000000 --- a/bitnami/kube-prometheus/templates/NOTES.txt +++ /dev/null @@ -1,119 +0,0 @@ -** Please be patient while the chart is being deployed ** - -Watch the Prometheus Operator Deployment status using the command: - - kubectl get deploy -w --namespace {{ .Release.Namespace }} -l app.kubernetes.io/name={{ template "kube-prometheus.operator.name" . }},app.kubernetes.io/instance={{ .Release.Name }} - -{{- if .Values.prometheus.enabled }} - -Watch the Prometheus StatefulSet status using the command: - - kubectl get sts -w --namespace {{ .Release.Namespace }} -l app.kubernetes.io/name={{ template "kube-prometheus.prometheus.name" . }},app.kubernetes.io/instance={{ .Release.Name }} - -Prometheus can be accessed via port "{{ .Values.prometheus.service.port }}" on the following DNS name from within your cluster: - - {{ template "kube-prometheus.prometheus.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -To access Prometheus from outside the cluster execute the following commands: - -{{- if .Values.prometheus.ingress.enabled }} - - You should be able to access your new Prometheus installation through - - {{- range .Values.prometheus.ingress.hosts }} - {{ if .tls }}https{{ else }}http{{ end }}://{{ .name }} - {{- end }} - -{{- else if contains "LoadBalancer" .Values.prometheus.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "kube-prometheus.prometheus.fullname" . }}' - -{{- $port:=.Values.prometheus.service.port | toString }} - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "kube-prometheus.prometheus.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo "Prometheus URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.prometheus.service.port }}{{ end }}/" - -{{- else if contains "ClusterIP" .Values.prometheus.service.type }} - - echo "Prometheus URL: http://127.0.0.1:9090/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "kube-prometheus.prometheus.fullname" . }} 9090:{{ .Values.prometheus.service.port }} - -{{- else if contains "NodePort" .Values.prometheus.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "kube-prometheus.prometheus.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "Prometheus URL: http://$NODE_IP:$NODE_PORT/" - -{{- end }} - -{{- if and .Values.prometheus.thanos.create }} - -Thanos Sidecar can be accessed via port "{{ .Values.prometheus.thanos.service.port }}" on the following DNS name from within your cluster: - - {{ template "kube-prometheus.thanos.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{- if .Values.prometheus.thanos.ingress.enabled }} - - You should be able to access your new Thanos Sidecar installation through - - {{- range .Values.prometheus.thanos.ingress.hosts }} - {{ if .tls }}https{{ else }}http{{ end }}://{{ .name }} - {{- end }} - -{{- end }} -{{- end }} -{{- end }} - -{{- if .Values.alertmanager.enabled }} - -Watch the Alertmanager StatefulSet status using the command: - - kubectl get sts -w --namespace {{ .Release.Namespace }} -l app.kubernetes.io/name={{ template "kube-prometheus.alertmanager.name" . }},app.kubernetes.io/instance={{ .Release.Name }} - -Alertmanager can be accessed via port "{{ .Values.alertmanager.service.port }}" on the following DNS name from within your cluster: - - {{ template "kube-prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -To access Alertmanager from outside the cluster execute the following commands: - -{{- if .Values.alertmanager.ingress.enabled }} - - You should be able to access your new Prometheus installation through - - {{- range .Values.alertmanager.ingress.hosts }} - {{ if .tls }}https{{ else }}http{{ end }}://{{ .name }} - {{- end }} - -{{- else if contains "LoadBalancer" .Values.alertmanager.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "kube-prometheus.alertmanager.fullname" . }}' - -{{- $port:=.Values.alertmanager.service.port | toString }} - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "kube-prometheus.alertmanager.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo "Alertmanager URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.alertmanager.service.port }}{{ end }}/" - -{{- else if contains "ClusterIP" .Values.alertmanager.service.type }} - - echo "Alertmanager URL: http://127.0.0.1:9093/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "kube-prometheus.alertmanager.fullname" . }} 9093:{{ .Values.alertmanager.service.port }} - -{{- else if contains "NodePort" .Values.alertmanager.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "kube-prometheus.alertmanager.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "Alertmanager URL: http://$NODE_IP:$NODE_PORT/" - -{{- end }} -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.operator.image }} -{{- if and .Values.operator.prometheusConfigReloader.image.registry (and .Values.operator.prometheusConfigReloader.image.repository .Values.operator.prometheusConfigReloader.image.tag) }} -{{- include "common.warnings.rollingTag" .Values.operator.prometheusConfigReloader.image }} -{{- end }} -{{- include "common.warnings.rollingTag" .Values.prometheus.image }} -{{- include "common.warnings.rollingTag" .Values.prometheus.thanos.image }} -{{- include "common.warnings.rollingTag" .Values.alertmanager.image }} -{{- include "kube-prometheus.validateValues" . }} diff --git a/bitnami/kube-prometheus/templates/_helpers.tpl b/bitnami/kube-prometheus/templates/_helpers.tpl deleted file mode 100644 index a1da83d..0000000 --- a/bitnami/kube-prometheus/templates/_helpers.tpl +++ /dev/null @@ -1,231 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -We need to truncate to 50 characters due to the long names generated for pods -*/}} -{{- define "kube-prometheus.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 26 chars due to the long names generated (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kube-prometheus.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 26 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 26 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 26 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Name suffixed with operator */}} -{{- define "kube-prometheus.operator.name" -}} -{{- printf "%s-operator" (include "kube-prometheus.name" .) -}} -{{- end }} - -{{/* Name suffixed with prometheus */}} -{{- define "kube-prometheus.prometheus.name" -}} -{{- printf "%s-prometheus" (include "kube-prometheus.name" .) -}} -{{- end }} - -{{/* Name suffixed with alertmanager */}} -{{- define "kube-prometheus.alertmanager.name" -}} -{{- printf "%s-alertmanager" (include "kube-prometheus.name" .) -}} -{{- end }} - -{{/* Name suffixed with thanos */}} -{{- define "kube-prometheus.thanos.name" -}} -{{- printf "%s-thanos" (include "kube-prometheus.name" .) -}} -{{- end }} - -{{/* Fullname suffixed with operator */}} -{{- define "kube-prometheus.operator.fullname" -}} -{{- printf "%s-operator" (include "kube-prometheus.fullname" .) -}} -{{- end }} - -{{/* Fullname suffixed with prometheus */}} -{{- define "kube-prometheus.prometheus.fullname" -}} -{{- printf "%s-prometheus" (include "kube-prometheus.fullname" .) -}} -{{- end }} - -{{/* Fullname suffixed with alertmanager */}} -{{- define "kube-prometheus.alertmanager.fullname" -}} -{{- printf "%s-alertmanager" (include "kube-prometheus.fullname" .) -}} -{{- end }} - -{{/* Fullname suffixed with thanos */}} -{{- define "kube-prometheus.thanos.fullname" -}} -{{- printf "%s-thanos" (include "kube-prometheus.prometheus.fullname" .) -}} -{{- end }} - -{{- define "kube-prometheus.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common Labels -*/}} -{{- define "kube-prometheus.labels" -}} -{{ include "common.labels.standard" . }} -{{- if .Values.global.labels }} -{{ toYaml .Values.global.labels }} -{{- end }} -{{- end -}} - -{{/* -Labels for operator -*/}} -{{- define "kube-prometheus.operator.labels" -}} -{{ include "kube-prometheus.labels" . }} -app.kubernetes.io/component: operator -{{- end -}} - -{{/* -Labels for prometheus -*/}} -{{- define "kube-prometheus.prometheus.labels" -}} -{{ include "kube-prometheus.labels" . }} -app.kubernetes.io/component: prometheus -{{- end -}} - -{{/* -Labels for alertmanager -*/}} -{{- define "kube-prometheus.alertmanager.labels" -}} -{{ include "kube-prometheus.labels" . }} -app.kubernetes.io/component: alertmanager -{{- end -}} - -{{/* -matchLabels for operator -*/}} -{{- define "kube-prometheus.operator.matchLabels" -}} -{{ include "common.labels.matchLabels" . }} -app.kubernetes.io/component: operator -{{- end -}} - -{{/* -matchLabels for prometheus -*/}} -{{- define "kube-prometheus.prometheus.matchLabels" -}} -{{ include "common.labels.matchLabels" . }} -app.kubernetes.io/component: prometheus -{{- end -}} - -{{/* -matchLabels for alertmanager -*/}} -{{- define "kube-prometheus.alertmanager.matchLabels" -}} -{{ include "common.labels.matchLabels" . }} -app.kubernetes.io/component: alertmanager -{{- end -}} - -{{/* -Return the proper Prometheus Operator image name -*/}} -{{- define "kube-prometheus.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.operator.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Prometheus Operator Reloader image name -*/}} -{{- define "kube-prometheus.prometheusConfigReloader.image" -}} -{{- if and .Values.operator.prometheusConfigReloader.image.repository .Values.operator.prometheusConfigReloader.image.tag }} -{{- include "common.images.image" (dict "imageRoot" .Values.operator.prometheusConfigReloader.image "global" .Values.global) }} -{{- else -}} -{{- include "kube-prometheus.image" . -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Prometheus Image name -*/}} -{{- define "kube-prometheus.prometheus.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.prometheus.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Thanos Image name -*/}} -{{- define "kube-prometheus.prometheus.thanosImage" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.prometheus.thanos.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Alertmanager Image name -*/}} -{{- define "kube-prometheus.alertmanager.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.alertmanager.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "kube-prometheus.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.operator.image .Values.operator.prometheusConfigReloader.image .Values.prometheus.image .Values.prometheus.thanos.image .Values.alertmanager.image) "global" .Values.global) }} -{{- end -}} - -{{/* -Create the name of the operator service account to use -*/}} -{{- define "kube-prometheus.operator.serviceAccountName" -}} -{{- if .Values.operator.serviceAccount.create -}} - {{ default (include "kube-prometheus.operator.fullname" .) .Values.operator.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.operator.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the prometheus service account to use -*/}} -{{- define "kube-prometheus.prometheus.serviceAccountName" -}} -{{- if .Values.prometheus.serviceAccount.create -}} - {{ default (include "kube-prometheus.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.prometheus.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the alertmanager service account to use -*/}} -{{- define "kube-prometheus.alertmanager.serviceAccountName" -}} -{{- if .Values.alertmanager.serviceAccount.create -}} - {{ default (include "kube-prometheus.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.alertmanager.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiVersion" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "kube-prometheus.validateValues" -}} -{{- $messages := list -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/kube-prometheus/templates/alertmanager/alertmanager.yaml b/bitnami/kube-prometheus/templates/alertmanager/alertmanager.yaml deleted file mode 100644 index ed0cd66..0000000 --- a/bitnami/kube-prometheus/templates/alertmanager/alertmanager.yaml +++ /dev/null @@ -1,180 +0,0 @@ -{{- if .Values.alertmanager.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: Alertmanager -metadata: - name: {{ template "kube-prometheus.alertmanager.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.alertmanager.replicaCount }} - serviceAccountName: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }} - {{- if .Values.alertmanager.image }} - image: {{ template "kube-prometheus.alertmanager.image" . }} - {{- end }} - listenLocal: {{ .Values.alertmanager.listenLocal }} - {{- if index .Values.alertmanager "externalUrl" }} - externalUrl: "{{ .Values.alertmanager.externalUrl }}" - {{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }} - externalUrl: {{ if .Values.alertmanager.ingress.tls }}https{{else}}http{{ end }}://{{ (index .Values.alertmanager.ingress.hosts 0).name }}{{ .Values.alertmanager.routePrefix }} - {{- else }} - externalUrl: http://{{ template "kube-prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.alertmanager.service.port }}{{ .Values.alertmanager.routePrefix }} - {{- end }} - portName: "{{ .Values.alertmanager.portName }}" - paused: {{ .Values.alertmanager.paused }} - logFormat: {{ .Values.alertmanager.logFormat }} - logLevel: {{ .Values.alertmanager.logLevel }} - retention: {{ .Values.alertmanager.retention }} - {{- if .Values.alertmanager.secrets }} - secrets: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.secrets "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.alertmanager.configMaps }} - configMaps: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.configMaps "context" $) | nindent 4 }} - {{- end }} - resources: {{- toYaml .Values.alertmanager.resources | nindent 4 }} - routePrefix: "{{ .Values.alertmanager.routePrefix }}" - {{- if .Values.alertmanager.podSecurityContext.enabled }} - securityContext: {{- omit .Values.alertmanager.podSecurityContext "enabled" | toYaml | nindent 4 }} - {{- end }} - {{- if .Values.alertmanager.storageSpec }} - storage: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.storageSpec "context" $) | nindent 4 }} - {{- else }} - {{- if .Values.alertmanager.persistence.enabled }} - storage: - volumeClaimTemplate: - spec: - accessModes: - {{- range .Values.alertmanager.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.alertmanager.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.alertmanager.persistence "global" .Values.global) | nindent 8 }} - {{- end }} - {{- end }} - {{- if or .Values.alertmanager.podMetadata.labels .Values.alertmanager.podMetadata.annotations (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }} - podMetadata: - labels: - {{- if .Values.alertmanager.podMetadata.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.labels "context" $) | nindent 6 }} - {{- end }} - {{- if or (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }} - {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }} - {{- end }} - {{- if .Values.alertmanager.podMetadata.annotations }} - annotations: - {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.annotations "context" $) | nindent 6 }} - {{- end }} - {{- end }} - {{- if .Values.alertmanager.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.affinity "context" $) | nindent 4 }} - {{- else }} - affinity: - {{- if not (empty .Values.alertmanager.podAffinityPreset) }} - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.alertmanager.podAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }} - {{- end }} - {{- if not (empty .Values.alertmanager.podAntiAffinityPreset) }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.alertmanager.podAntiAffinityPreset "component" "alertmanager" "context" $) | nindent 6 }} - {{- end }} - {{- if not (empty .Values.alertmanager.nodeAffinityPreset.values) }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.alertmanager.nodeAffinityPreset.type "key" .Values.alertmanager.nodeAffinityPreset.key "values" .Values.alertmanager.nodeAffinityPreset.values) | nindent 6 }} - {{- end }} - {{- end }} - {{- if .Values.alertmanager.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.nodeSelector "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.alertmanager.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.tolerations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.alertmanager.volumes }} - volumes: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.volumes "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.alertmanager.volumeMounts }} - volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.volumeMounts "context" $) | nindent 4 }} - {{- end }} -{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }} - {{- if or .Values.alertmanager.containers .Values.alertmanager.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} - containers: - {{- if or .Values.alertmanager.containerSecurityContext.enabled .Values.alertmanager.livenessProbe.enabled .Values.alertmanager.readinessProbe.enabled }} - ## This monkey patching is needed until the securityContexts are - ## directly patchable via the CRD. - ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 - ## currently implemented with strategic merge - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md - - name: alertmanager - {{- if .Values.alertmanager.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.alertmanager.containerSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.alertmanager.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.alertmanager.livenessProbe.path }} - port: web - scheme: HTTP - initialDelaySeconds: {{ .Values.alertmanager.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.alertmanager.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.alertmanager.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.alertmanager.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.alertmanager.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.alertmanager.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.alertmanager.readinessProbe.path }} - port: web - scheme: HTTP - initialDelaySeconds: {{ .Values.alertmanager.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.alertmanager.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.alertmanager.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.alertmanager.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.alertmanager.readinessProbe.successThreshold }} - {{- end }} - {{- end }} - {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} - ## This monkey patching is needed until the securityContexts are - ## directly patchable via the CRD. - ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 - ## currently implemented with strategic merge - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md - - name: config-reloader - {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }} - livenessProbe: - tcpSocket: - port: reloader-web - initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: reloader-web - initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }} - {{- end }} - {{- end }} - {{- if .Values.alertmanager.containers }} - {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.containers "context" $) | nindent 4 }} - {{- end }} - {{- end }} - {{- if .Values.alertmanager.priorityClassName }} - priorityClassName: {{ .Values.alertmanager.priorityClassName }} - {{- end }} - {{- if .Values.alertmanager.additionalPeers }} - additionalPeers: {{ .Values.alertmanager.additionalPeers }} - {{- end }} - {{- if .Values.alertmanager.configNamespaceSelector }} - alertmanagerConfigNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.configNamespaceSelector "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.alertmanager.configSelector }} - alertmanagerConfigSelector: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.configSelector "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/alertmanager/ingress.yaml b/bitnami/kube-prometheus/templates/alertmanager/ingress.yaml deleted file mode 100644 index d74c1ec..0000000 --- a/bitnami/kube-prometheus/templates/alertmanager/ingress.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "kube-prometheus.alertmanager.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} - annotations: - {{- if .Values.alertmanager.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := .Values.alertmanager.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- if .Values.alertmanager.ingress.hostname }} - - host: {{ .Values.alertmanager.ingress.hostname }} - http: - paths: - {{- if .Values.alertmanager.ingress.extraPaths }} - {{- toYaml .Values.alertmanager.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.alertmanager.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.alertmanager.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "kube-prometheus.alertmanager.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.alertmanager.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "kube-prometheus.alertmanager.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.alertmanager.ingress.tls .Values.alertmanager.ingress.extraTls }} - tls: - {{- if .Values.alertmanager.ingress.tls }} - - hosts: - - {{ .Values.alertmanager.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.alertmanager.ingress.hostname }} - {{- end }} - {{- if .Values.alertmanager.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.alertmanager.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/alertmanager/pdb.yaml b/bitnami/kube-prometheus/templates/alertmanager/pdb.yaml deleted file mode 100644 index 9b69a7a..0000000 --- a/bitnami/kube-prometheus/templates/alertmanager/pdb.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "kube-prometheus.alertmanager.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: alertmanager - alertmanager: {{ template "kube-prometheus.alertmanager.fullname" . }} - {{- if .Values.alertmanager.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.alertmanager.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.alertmanager.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/alertmanager/psp-clusterrole.yaml b/bitnami/kube-prometheus/templates/alertmanager/psp-clusterrole.yaml deleted file mode 100644 index ac80941..0000000 --- a/bitnami/kube-prometheus/templates/alertmanager/psp-clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.rbac.pspEnabled }} -kind: ClusterRole -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "kube-prometheus.alertmanager.fullname" . }}-psp - labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} -rules: - - apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus.alertmanager.fullname" . }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/alertmanager/psp-clusterrolebinding.yaml b/bitnami/kube-prometheus/templates/alertmanager/psp-clusterrolebinding.yaml deleted file mode 100644 index 39662c9..0000000 --- a/bitnami/kube-prometheus/templates/alertmanager/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus.alertmanager.fullname" . }}-psp - labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus.alertmanager.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/alertmanager/psp.yaml b/bitnami/kube-prometheus/templates/alertmanager/psp.yaml deleted file mode 100644 index f5336b0..0000000 --- a/bitnami/kube-prometheus/templates/alertmanager/psp.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus.alertmanager.fullname" . }} - labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 -{{- end }} diff --git a/bitnami/kube-prometheus/templates/alertmanager/secrets.yaml b/bitnami/kube-prometheus/templates/alertmanager/secrets.yaml deleted file mode 100644 index 9a6f518..0000000 --- a/bitnami/kube-prometheus/templates/alertmanager/secrets.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if (and .Values.alertmanager.enabled (not .Values.alertmanager.externalConfig) ) }} -apiVersion: v1 -kind: Secret -metadata: - name: alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} -data: - alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }} -{{- range $key, $val := .Values.alertmanager.templateFiles }} - {{ $key }}: {{ $val | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/alertmanager/service.yaml b/bitnami/kube-prometheus/templates/alertmanager/service.yaml deleted file mode 100644 index 5deb78b..0000000 --- a/bitnami/kube-prometheus/templates/alertmanager/service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.alertmanager.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus.alertmanager.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} - {{- with .Values.alertmanager.service.annotations }} - annotations: {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.alertmanager.service.type }} - {{- if index .Values.alertmanager "stickySessions" }} - sessionAffinity: ClientIP - {{- end }} - {{- if and .Values.alertmanager.service.loadBalancerIP (eq .Values.alertmanager.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.alertmanager.service.type "LoadBalancer") .Values.alertmanager.service.loadBalancerSourceRanges }} - {{- with .Values.alertmanager.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} - {{- if and (eq .Values.alertmanager.service.type "LoadBalancer") .Values.alertmanager.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.alertmanager.service.externalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.alertmanager.service.type "LoadBalancer") (eq .Values.alertmanager.service.externalTrafficPolicy "Local") .Values.alertmanager.service.healthCheckNodePort }} - healthCheckNodePort: {{ .Values.alertmanager.service.healthCheckNodePort }} - {{- end }} - {{- if and (eq .Values.alertmanager.service.type "ClusterIP") .Values.alertmanager.service.clusterIP }} - clusterIP: {{ .Values.alertmanager.service.clusterIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.alertmanager.service.port }} - targetPort: 9093 - {{- if and .Values.alertmanager.service.nodePort (or (eq .Values.alertmanager.service.type "NodePort") (eq .Values.alertmanager.service.type "LoadBalancer")) }} - nodePort: {{ .Values.alertmanager.service.nodePort }} - {{- end }} - selector: - app: alertmanager - alertmanager: {{ template "kube-prometheus.alertmanager.fullname" . }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/alertmanager/serviceaccount.yaml b/bitnami/kube-prometheus/templates/alertmanager/serviceaccount.yaml deleted file mode 100644 index 5535583..0000000 --- a/bitnami/kube-prometheus/templates/alertmanager/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} - {{- if index .Values.alertmanager.serviceAccount "annotations" }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.alertmanager.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} -{{- include "kube-prometheus.imagePullSecrets" . }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/alertmanager/servicemonitor.yaml b/bitnami/kube-prometheus/templates/alertmanager/servicemonitor.yaml deleted file mode 100644 index f056e40..0000000 --- a/bitnami/kube-prometheus/templates/alertmanager/servicemonitor.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus.alertmanager.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} -spec: - selector: - matchLabels: {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - {{- if .Values.alertmanager.serviceMonitor.interval }} - interval: {{ .Values.alertmanager.serviceMonitor.interval }} - {{- end }} - path: {{ trimSuffix "/" .Values.alertmanager.routePrefix }}/metrics - {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.alertmanager.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.alertmanager.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/alertmanager/tls-secrets.yaml b/bitnami/kube-prometheus/templates/alertmanager/tls-secrets.yaml deleted file mode 100644 index 6841918..0000000 --- a/bitnami/kube-prometheus/templates/alertmanager/tls-secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }} -{{- if .Values.alertmanager.ingress.secrets }} -{{- range .Values.alertmanager.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "kube-prometheus.alertmanager.labels" $ | nindent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.alertmanager.ingress.tls (not .Values.alertmanager.ingress.certManager) }} -{{- $ca := genCA "alertmanager-ca" 365 }} -{{- $cert := genSignedCert .Values.alertmanager.ingress.hostname nil (list .Values.alertmanager.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.alertmanager.ingress.hostname }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/exporters/core-dns/service.yaml b/bitnami/kube-prometheus/templates/exporters/core-dns/service.yaml deleted file mode 100644 index 359c945..0000000 --- a/bitnami/kube-prometheus/templates/exporters/core-dns/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.coreDns.enabled .Values.coreDns.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus.fullname" . }}-coredns - namespace: {{ .Values.coreDns.namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns -spec: - clusterIP: None - ports: - - name: http-metrics - port: {{ .Values.coreDns.service.port }} - protocol: TCP - targetPort: {{ .Values.coreDns.service.targetPort }} - selector: - {{- if .Values.coreDns.service.selector }} -{{ toYaml .Values.coreDns.service.selector | indent 4 }} - {{- else}} - k8s-app: kube-dns - {{- end}} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/exporters/core-dns/servicemonitor.yaml b/bitnami/kube-prometheus/templates/exporters/core-dns/servicemonitor.yaml deleted file mode 100644 index b75a7ab..0000000 --- a/bitnami/kube-prometheus/templates/exporters/core-dns/servicemonitor.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.coreDns.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus.fullname" . }}-coredns - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns -spec: - jobLabel: k8s-app - selector: - matchLabels: - app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns - namespaceSelector: - matchNames: - - {{ .Values.coreDns.namespace }} - endpoints: - - port: http-metrics - {{- if .Values.coreDns.serviceMonitor.interval}} - interval: {{ .Values.coreDns.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if .Values.coreDns.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} - {{- end }} - {{- if .Values.coreDns.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.relabelings "context" $) | nindent 6 }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/exporters/kube-apiserver/servicemonitor.yaml b/bitnami/kube-prometheus/templates/exporters/kube-apiserver/servicemonitor.yaml deleted file mode 100644 index 31d2af2..0000000 --- a/bitnami/kube-prometheus/templates/exporters/kube-apiserver/servicemonitor.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.kubeApiServer.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus.fullname" . }}-apiserver - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: apiserver -spec: - jobLabel: component - selector: - matchLabels: - component: apiserver - provider: kubernetes - namespaceSelector: - matchNames: - - default - endpoints: - - port: https - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - serverName: kubernetes - insecureSkipVerify: true - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if .Values.kubeApiServer.serviceMonitor.interval }} - interval: {{ .Values.kubeApiServer.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubeApiServer.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubeApiServer.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.kubeApiServer.serviceMonitor.relabelings | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/exporters/kube-controller-manager/endpoints.yaml b/bitnami/kube-prometheus/templates/exporters/kube-controller-manager/endpoints.yaml deleted file mode 100644 index 13aa60e..0000000 --- a/bitnami/kube-prometheus/templates/exporters/kube-controller-manager/endpoints.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager - namespace: {{ .Values.kubeControllerManager.namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: kube-controller-manager -subsets: - - addresses: - {{- range .Values.kubeControllerManager.endpoints }} - - ip: {{ . }} - {{- end }} - ports: - - name: http-metrics - port: {{ .Values.kubeControllerManager.service.port }} - protocol: TCP -{{- end }} diff --git a/bitnami/kube-prometheus/templates/exporters/kube-controller-manager/service.yaml b/bitnami/kube-prometheus/templates/exporters/kube-controller-manager/service.yaml deleted file mode 100644 index 6a45535..0000000 --- a/bitnami/kube-prometheus/templates/exporters/kube-controller-manager/service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager - namespace: {{ .Values.kubeControllerManager.namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager -spec: - clusterIP: None - ports: - - name: http-metrics - port: {{ .Values.kubeControllerManager.service.port }} - protocol: TCP - targetPort: {{ .Values.kubeControllerManager.service.targetPort }} -{{- if .Values.kubeControllerManager.endpoints }}{{- else }} - selector: - {{- if .Values.kubeControllerManager.service.selector }} -{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }} - {{- else}} - component: kube-controller-manager - {{- end}} -{{- end }} - type: ClusterIP -{{- end }} diff --git a/bitnami/kube-prometheus/templates/exporters/kube-controller-manager/servicemonitor.yaml b/bitnami/kube-prometheus/templates/exporters/kube-controller-manager/servicemonitor.yaml deleted file mode 100644 index 3f4a1ab..0000000 --- a/bitnami/kube-prometheus/templates/exporters/kube-controller-manager/servicemonitor.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.kubeControllerManager.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager -spec: - jobLabel: component - selector: - matchLabels: - app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager - namespaceSelector: - matchNames: - - {{ .Values.kubeControllerManager.namespace }} - endpoints: - - port: http-metrics - {{- if .Values.kubeControllerManager.serviceMonitor.interval }} - interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if .Values.kubeControllerManager.serviceMonitor.https }} - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - {{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} - insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} - {{- end }} - {{- if .Values.kubeControllerManager.serviceMonitor.serverName }} - serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }} - {{- end }} - {{- end }} - {{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} - {{- end }} - {{- if .Values.kubeControllerManager.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.relabelings "context" $) | nindent 6 }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/exporters/kube-proxy/endpoints.yaml b/bitnami/kube-prometheus/templates/exporters/kube-proxy/endpoints.yaml deleted file mode 100644 index 4d21cf7..0000000 --- a/bitnami/kube-prometheus/templates/exporters/kube-proxy/endpoints.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "kube-prometheus.fullname" . }}-kube-proxy - namespace: {{ .Values.kubeProxy.namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: kube-proxy -subsets: - - addresses: - {{- range .Values.kubeProxy.endpoints }} - - ip: {{ . }} - {{- end }} - ports: - - name: http-metrics - port: {{ .Values.kubeProxy.service.port }} - protocol: TCP -{{- end }} diff --git a/bitnami/kube-prometheus/templates/exporters/kube-proxy/service.yaml b/bitnami/kube-prometheus/templates/exporters/kube-proxy/service.yaml deleted file mode 100644 index 1b3f5b8..0000000 --- a/bitnami/kube-prometheus/templates/exporters/kube-proxy/service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus.fullname" . }}-kube-proxy - namespace: {{ .Values.kubeProxy.namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: kube-proxy -spec: - clusterIP: None - ports: - - name: http-metrics - port: {{ .Values.kubeProxy.service.port }} - protocol: TCP - targetPort: {{ .Values.kubeProxy.service.targetPort }} -{{- if .Values.kubeProxy.endpoints }}{{- else }} - selector: - {{- if .Values.kubeProxy.service.selector }} - {{ toYaml .Values.kubeProxy.service.selector | nindent 4 }} - {{- else }} - k8s-app: kube-proxy - {{- end }} -{{- end }} - type: ClusterIP -{{- end -}} diff --git a/bitnami/kube-prometheus/templates/exporters/kube-proxy/servicemonitor.yaml b/bitnami/kube-prometheus/templates/exporters/kube-proxy/servicemonitor.yaml deleted file mode 100644 index 0c81dca..0000000 --- a/bitnami/kube-prometheus/templates/exporters/kube-proxy/servicemonitor.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.kubeProxy.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus.fullname" . }}-kube-proxy - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: kube-proxy -spec: - jobLabel: k8s-app - selector: - matchLabels: - app.kubernetes.io/component: kube-proxy - namespaceSelector: - matchNames: - - {{ .Values.kubeProxy.namespace }} - endpoints: - - port: http-metrics - {{- if .Values.kubeProxy.serviceMonitor.interval }} - interval: {{ .Values.kubeProxy.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if .Values.kubeProxy.serviceMonitor.https }} - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - {{- end}} - {{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | nindent 8 }} - {{- end }} - {{- if .Values.kubeProxy.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.kubeProxy.serviceMonitor.relabelings | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/exporters/kube-scheduler/endpoints.yaml b/bitnami/kube-prometheus/templates/exporters/kube-scheduler/endpoints.yaml deleted file mode 100644 index dde3d8b..0000000 --- a/bitnami/kube-prometheus/templates/exporters/kube-scheduler/endpoints.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler - namespace: {{ .Values.kubeScheduler.namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: kube-scheduler -subsets: - - addresses: - {{- range .Values.kubeScheduler.endpoints }} - - ip: {{ . }} - {{- end }} - ports: - - name: http-metrics - port: {{ .Values.kubeScheduler.service.port }} - protocol: TCP -{{- end }} diff --git a/bitnami/kube-prometheus/templates/exporters/kube-scheduler/service.yaml b/bitnami/kube-prometheus/templates/exporters/kube-scheduler/service.yaml deleted file mode 100644 index aad5969..0000000 --- a/bitnami/kube-prometheus/templates/exporters/kube-scheduler/service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler - namespace: {{ .Values.kubeScheduler.namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler -spec: - clusterIP: None - ports: - - name: http-metrics - port: {{ .Values.kubeScheduler.service.port}} - protocol: TCP - targetPort: {{ .Values.kubeScheduler.service.targetPort}} -{{- if .Values.kubeScheduler.endpoints }}{{- else }} - selector: - {{- if .Values.kubeScheduler.service.selector }} -{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }} - {{- else}} - component: kube-scheduler - {{- end}} -{{- end }} - type: ClusterIP -{{- end -}} diff --git a/bitnami/kube-prometheus/templates/exporters/kube-scheduler/servicemonitor.yaml b/bitnami/kube-prometheus/templates/exporters/kube-scheduler/servicemonitor.yaml deleted file mode 100644 index e844a3c..0000000 --- a/bitnami/kube-prometheus/templates/exporters/kube-scheduler/servicemonitor.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.kubeScheduler.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler -spec: - jobLabel: component - selector: - matchLabels: - app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler - namespaceSelector: - matchNames: - - {{ .Values.kubeScheduler.namespace }} - endpoints: - - port: http-metrics - {{- if .Values.kubeScheduler.serviceMonitor.interval }} - interval: {{ .Values.kubeScheduler.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if .Values.kubeScheduler.serviceMonitor.https }} - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - {{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} - insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} - {{- end}} - {{- if .Values.kubeScheduler.serviceMonitor.serverName }} - serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }} - {{- end}} - {{- end}} - {{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} - {{- end }} - {{- if .Values.kubeScheduler.serviceMonitor.relabelings }} - metricRelabelings: {{- include "common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.relabelings "context" $) | nindent 6 }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/exporters/kubelet/servicemonitor.yaml b/bitnami/kube-prometheus/templates/exporters/kubelet/servicemonitor.yaml deleted file mode 100644 index be5f9a9..0000000 --- a/bitnami/kube-prometheus/templates/exporters/kubelet/servicemonitor.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{- if .Values.kubelet.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus.fullname" . }}-kubelet - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.labels" . | nindent 4 }} - app.kubernetes.io/component: kubelet -spec: - jobLabel: k8s-app - selector: - matchLabels: - k8s-app: kubelet - namespaceSelector: - matchNames: - - {{ .Values.kubelet.namespace }} - endpoints: - {{- if .Values.kubelet.serviceMonitor.https }} - - port: https-metrics - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - serverName: kubernetes - insecureSkipVerify: true - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - honorLabels: true - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }} - {{- end }} - - port: https-metrics - path: /metrics/cadvisor - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - serverName: kubernetes - insecureSkipVerify: true - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - honorLabels: true - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} - relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }} - {{- end }} - {{- else }} - - port: http-metrics - scheme: http - tlsConfig: - insecureSkipVerify: false - honorLabels: true - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }} - {{- end }} - - port: http-metrics - path: /metrics/cadvisor - scheme: http - tlsConfig: - insecureSkipVerify: false - honorLabels: true - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} - relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus-operator/clusterrole.yaml b/bitnami/kube-prometheus/templates/prometheus-operator/clusterrole.yaml deleted file mode 100644 index 1071ace..0000000 --- a/bitnami/kube-prometheus/templates/prometheus-operator/clusterrole.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{- if and .Values.operator.enabled .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ template "kube-prometheus.operator.fullname" . }} - labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }} -rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - apiGroups: - - apiextensions.k8s.io - resourceNames: - - alertmanagers.monitoring.coreos.com - - podmonitors.monitoring.coreos.com - - prometheuses.monitoring.coreos.com - - prometheusrules.monitoring.coreos.com - - servicemonitors.monitoring.coreos.com - - thanosrulers.monitoring.coreos.com - - probes.monitoring.coreos.com - resources: - - customresourcedefinitions - verbs: - - get - - update - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - alertmanagers/finalizers - - alertmanagerconfigs - - prometheuses - - prometheuses/finalizers - - thanosrulers - - thanosrulers/finalizers - - servicemonitors - - podmonitors - - probes - - prometheusrules - verbs: - - '*' - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - '*' - - apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete - - apiGroups: - - "" - resources: - - services - - services/finalizers - - endpoints - verbs: - - get - - create - - update - - delete - - apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus-operator/clusterrolebinding.yaml b/bitnami/kube-prometheus/templates/prometheus-operator/clusterrolebinding.yaml deleted file mode 100644 index 729eb5c..0000000 --- a/bitnami/kube-prometheus/templates/prometheus-operator/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.operator.enabled .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus.operator.fullname" . }} - labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus.operator.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus.operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus-operator/configmap.yaml b/bitnami/kube-prometheus/templates/prometheus-operator/configmap.yaml deleted file mode 100644 index c27626c..0000000 --- a/bitnami/kube-prometheus/templates/prometheus-operator/configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.operator.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kube-prometheus.operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }} -data: - prometheus-config-reloader: {{ template "kube-prometheus.prometheusConfigReloader.image" . }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus-operator/deployment.yaml b/bitnami/kube-prometheus/templates/prometheus-operator/deployment.yaml deleted file mode 100644 index d7d5ce7..0000000 --- a/bitnami/kube-prometheus/templates/prometheus-operator/deployment.yaml +++ /dev/null @@ -1,120 +0,0 @@ -{{- if .Values.operator.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "kube-prometheus.operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: {{- include "kube-prometheus.operator.matchLabels" . | nindent 6 }} - template: - metadata: - labels: {{- include "kube-prometheus.operator.labels" . | nindent 8 }} - {{- if .Values.operator.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.operator.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "kube-prometheus.operator.serviceAccountName" . }} - {{- if .Values.operator.schedulerName }} - schedulerName: {{ .Values.operator.schedulerName | quote }} - {{- end }} - {{- if .Values.operator.podSecurityContext.enabled }} - securityContext: {{- omit .Values.operator.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.operator.priorityClassName }} - priorityClassName: {{ .Values.operator.priorityClassName }} - {{- end }} - {{- if .Values.operator.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.operator.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.operator.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.operator.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.operator.podAffinityPreset "component" "operator" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.operator.podAntiAffinityPreset "component" "operator" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.operator.nodeAffinityPreset.type "key" .Values.operator.nodeAffinityPreset.key "values" .Values.operator.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.operator.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.operator.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.operator.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.operator.tolerations "context" $) | nindent 8 }} - {{- end }} - containers: - - name: prometheus-operator - image: {{ template "kube-prometheus.image" . }} - imagePullPolicy: {{ .Values.operator.image.pullPolicy }} - env: - - name: PROMETHEUS_CONFIG_RELOADER - valueFrom: - configMapKeyRef: - name: {{ template "kube-prometheus.operator.fullname" . }} - key: prometheus-config-reloader - args: - {{- if .Values.operator.kubeletService.enabled }} - - --kubelet-service={{ .Values.operator.kubeletService.namespace }}/{{ template "kube-prometheus.fullname" . }}-kubelet - {{- end }} - {{- if .Values.operator.logFormat }} - - --log-format={{ .Values.operator.logFormat }} - {{- end }} - {{- if .Values.operator.logLevel }} - - --log-level={{ .Values.operator.logLevel }} - {{- end }} - - --localhost=127.0.0.1 - - --prometheus-config-reloader=$(PROMETHEUS_CONFIG_RELOADER) - {{- if .Values.operator.configReloaderResources.requests }} - {{- if .Values.operator.configReloaderResources.requests.cpu }} - - --config-reloader-cpu-request={{ .Values.operator.configReloaderResources.requests.cpu }} - {{- end }} - {{- if .Values.operator.configReloaderResources.requests.memory }} - - --config-reloader-memory-request={{ .Values.operator.configReloaderResources.requests.memory }} - {{- end }} - {{- end }} - {{- if .Values.operator.configReloaderResources.limits }} - {{- if .Values.operator.configReloaderResources.limits.cpu }} - - --config-reloader-cpu-limit={{ .Values.operator.configReloaderResources.limits.cpu }} - {{- end }} - {{- if .Values.operator.configReloaderResources.limits.memory }} - - --config-reloader-memory-limit={{ .Values.operator.configReloaderResources.limits.memory }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - {{- if .Values.operator.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.operator.livenessProbe.path }} - port: http - scheme: HTTP - initialDelaySeconds: {{ .Values.operator.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.operator.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.operator.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.operator.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.operator.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.operator.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.operator.readinessProbe.path }} - port: http - scheme: HTTP - initialDelaySeconds: {{ .Values.operator.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.operator.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.operator.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.operator.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.operator.readinessProbe.successThreshold }} - {{- end }} - {{- if .Values.operator.resources }} - resources: {{- toYaml .Values.operator.resources | nindent 12 }} - {{- end }} - {{- if .Values.operator.containerSecurityContext.enabled }} - # yamllint disable rule:indentation - securityContext: {{- omit .Values.operator.containerSecurityContext "enabled" | toYaml | nindent 12 }} - # yamllint enable rule:indentation - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus-operator/psp-clusterrole.yaml b/bitnami/kube-prometheus/templates/prometheus-operator/psp-clusterrole.yaml deleted file mode 100644 index 836b8a9..0000000 --- a/bitnami/kube-prometheus/templates/prometheus-operator/psp-clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.operator.enabled .Values.rbac.create .Values.rbac.pspEnabled }} -kind: ClusterRole -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "kube-prometheus.operator.fullname" . }}-psp - labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }} -rules: - - apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus.operator.fullname" . }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus-operator/psp-clusterrolebinding.yaml b/bitnami/kube-prometheus/templates/prometheus-operator/psp-clusterrolebinding.yaml deleted file mode 100644 index d787f69..0000000 --- a/bitnami/kube-prometheus/templates/prometheus-operator/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.operator.enabled .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus.operator.fullname" . }}-psp - labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus.operator.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus.operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus-operator/psp.yaml b/bitnami/kube-prometheus/templates/prometheus-operator/psp.yaml deleted file mode 100644 index b6daff8..0000000 --- a/bitnami/kube-prometheus/templates/prometheus-operator/psp.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.operator.enabled .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus.operator.fullname" . }} - labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus-operator/service.yaml b/bitnami/kube-prometheus/templates/prometheus-operator/service.yaml deleted file mode 100644 index 6426584..0000000 --- a/bitnami/kube-prometheus/templates/prometheus-operator/service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.operator.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus.operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }} - {{- with .Values.operator.service.annotations }} - annotations: {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.operator.service.type }} - {{- if and .Values.operator.service.loadBalancerIP (eq .Values.operator.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.operator.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.operator.service.type "LoadBalancer") .Values.operator.service.loadBalancerSourceRanges }} - {{- with .Values.operator.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} - {{- if and (eq .Values.operator.service.type "LoadBalancer") .Values.operator.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.operator.service.externalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.operator.service.type "LoadBalancer") (eq .Values.operator.service.externalTrafficPolicy "Local") .Values.operator.service.healthCheckNodePort }} - healthCheckNodePort: {{ .Values.operator.service.healthCheckNodePort }} - {{- end }} - {{- if and (eq .Values.operator.service.type "ClusterIP") .Values.operator.service.clusterIP }} - clusterIP: {{ .Values.operator.service.clusterIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.operator.service.port }} - targetPort: http - {{- if and .Values.operator.service.nodePort (or (eq .Values.operator.service.type "NodePort") (eq .Values.operator.service.type "LoadBalancer")) }} - nodePort: {{ .Values.operator.service.nodePort }} - {{- end }} - selector: {{- include "kube-prometheus.operator.matchLabels" . | nindent 4 }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus-operator/serviceaccount.yaml b/bitnami/kube-prometheus/templates/prometheus-operator/serviceaccount.yaml deleted file mode 100644 index d31a735..0000000 --- a/bitnami/kube-prometheus/templates/prometheus-operator/serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if and .Values.operator.enabled .Values.operator.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-prometheus.operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }} -{{- include "kube-prometheus.imagePullSecrets" . }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus-operator/servicemonitor.yaml b/bitnami/kube-prometheus/templates/prometheus-operator/servicemonitor.yaml deleted file mode 100644 index 9056473..0000000 --- a/bitnami/kube-prometheus/templates/prometheus-operator/servicemonitor.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.operator.enabled .Values.operator.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus.operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.operator.labels" . | nindent 4 }} -spec: - endpoints: - - port: http - honorLabels: true - {{- if .Values.operator.serviceMonitor.interval }} - interval: {{ .Values.operator.serviceMonitor.interval }} - {{- end }} - {{- if .Values.operator.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.operator.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.operator.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.operator.serviceMonitor.relabelings | nindent 8 }} -{{- end }} - selector: - matchLabels: {{- include "kube-prometheus.operator.matchLabels" . | nindent 6 }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/additionalPrometheusRules.yaml b/bitnami/kube-prometheus/templates/prometheus/additionalPrometheusRules.yaml deleted file mode 100644 index 06ef913..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/additionalPrometheusRules.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPrometheusRules}} - {{- range .Values.prometheus.additionalPrometheusRules }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "kube-prometheus.name" $ }}-{{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{ include "kube-prometheus.prometheus.labels" $ | nindent 4 }} -spec: - groups: {{- toYaml .groups | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/additionalScrapeJobs.yaml b/bitnami/kube-prometheus/templates/prometheus/additionalScrapeJobs.yaml deleted file mode 100644 index cb190c6..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/additionalScrapeJobs.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if (and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") ) }} -apiVersion: v1 -kind: Secret -metadata: - name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} -data: - scrape-jobs.yaml: {{ include "common.tplvalues.render" ( dict "value" .Values.prometheus.additionalScrapeConfigs.internal.jobList "context" $ ) | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/bitnami/kube-prometheus/templates/prometheus/clusterrole.yaml b/bitnami/kube-prometheus/templates/prometheus/clusterrole.yaml deleted file mode 100644 index a223447..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/clusterrole.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ template "kube-prometheus.prometheus.fullname" . }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - nodes/metrics - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - - nodes/proxy - - services - - endpoints - - pods - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - extensions - - "networking.k8s.io" - resources: - - ingresses - verbs: - - get - - list - - watch - - nonResourceURLs: - - "/metrics" - verbs: - - "get" -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/clusterrolebinding.yaml b/bitnami/kube-prometheus/templates/prometheus/clusterrolebinding.yaml deleted file mode 100644 index 46de30b..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus.prometheus.fullname" . }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus.prometheus.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/ingress.yaml b/bitnami/kube-prometheus/templates/prometheus/ingress.yaml deleted file mode 100644 index c5fdafa..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/ingress.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "kube-prometheus.prometheus.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} - annotations: - {{- if .Values.prometheus.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := .Values.prometheus.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- if .Values.prometheus.ingress.hostname }} - - host: {{ .Values.prometheus.ingress.hostname }} - http: - paths: - {{- if .Values.prometheus.ingress.extraPaths }} - {{- toYaml .Values.prometheus.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.prometheus.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.prometheus.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "kube-prometheus.prometheus.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.prometheus.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "kube-prometheus.prometheus.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.prometheus.ingress.tls .Values.prometheus.ingress.extraTls }} - tls: - {{- if .Values.prometheus.ingress.tls }} - - hosts: - - {{ .Values.prometheus.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.prometheus.ingress.hostname }} - {{- end }} - {{- if .Values.prometheus.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.prometheus.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/pdb.yaml b/bitnami/kube-prometheus/templates/prometheus/pdb.yaml deleted file mode 100644 index 0f91ada..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/pdb.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.podDisruptionBudget.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "kube-prometheus.prometheus.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: prometheus - prometheus: {{ template "kube-prometheus.prometheus.fullname" . }} - {{- if .Values.prometheus.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/prometheus.yaml b/bitnami/kube-prometheus/templates/prometheus/prometheus.yaml deleted file mode 100644 index c5f9192..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/prometheus.yaml +++ /dev/null @@ -1,349 +0,0 @@ -{{- if .Values.prometheus.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: Prometheus -metadata: - name: {{ template "kube-prometheus.prometheus.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.prometheus.replicaCount }} - serviceAccountName: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} - {{- if .Values.prometheus.serviceMonitorSelector }} - serviceMonitorSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorSelector "context" $) | nindent 4 }} - {{- else }} - serviceMonitorSelector: {} - {{- end }} - {{- if .Values.prometheus.podMonitorSelector }} - podMonitorSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorSelector "context" $) | nindent 4 }} - {{- else }} - podMonitorSelector: {} - {{- end }} - {{- if .Values.prometheus.probeSelector }} - probeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.probeSelector "context" $) | nindent 4 }} - {{- else }} - probeSelector: {} - {{- end }} - alerting: - alertmanagers: - {{- if .Values.prometheus.alertingEndpoints }} - {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.alertingEndpoints "context" $) | nindent 6 }} - {{- else if .Values.alertmanager.enabled }} - - namespace: {{ .Release.Namespace }} - name: {{ template "kube-prometheus.alertmanager.fullname" . }} - port: http - pathPrefix: "{{ .Values.alertmanager.routePrefix }}" - {{- else }} - [] - {{- end }} - {{- if .Values.prometheus.image }} - image: {{ template "kube-prometheus.prometheus.image" . }} - {{- end }} - {{- if .Values.prometheus.externalLabels }} - externalLabels: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.externalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.prometheusExternalLabelNameClear }} - prometheusExternalLabelName: "" - {{- else if .Values.prometheus.prometheusExternalLabelName }} - prometheusExternalLabelName: "{{ .Values.prometheus.prometheusExternalLabelName }}" - {{- end }} - {{- if .Values.prometheus.replicaExternalLabelNameClear }} - replicaExternalLabelName: "" - {{- else if .Values.prometheus.replicaExternalLabelName }} - replicaExternalLabelName: "{{ .Values.prometheus.replicaExternalLabelName }}" - {{- end }} - {{- if index .Values.prometheus "externalUrl" }} - externalUrl: "{{ .Values.prometheus.externalUrl }}" - {{- else if and .Values.prometheus.ingress.enabled .Values.prometheus.ingress.hosts }} - externalUrl: {{ if .Values.prometheus.ingress.tls }}https{{else}}http{{ end }}://{{ (index .Values.prometheus.ingress.hosts 0).name }}{{ .Values.prometheus.routePrefix }} - {{- else }} - externalUrl: http://{{ template "kube-prometheus.prometheus.fullname" . }}.{{ .Release.Namespace }}:9090{{ .Values.prometheus.routePrefix }} - {{- end }} - paused: {{ .Values.prometheus.paused }} - logLevel: {{ .Values.prometheus.logLevel }} - logFormat: {{ .Values.prometheus.logFormat }} - listenLocal: {{ .Values.prometheus.listenLocal }} - enableAdminAPI: {{ .Values.prometheus.enableAdminAPI }} - {{- if .Values.prometheus.scrapeInterval }} - scrapeInterval: {{ .Values.prometheus.scrapeInterval }} - {{- end }} - {{- if .Values.prometheus.evaluationInterval }} - evaluationInterval: {{ .Values.prometheus.evaluationInterval }} - {{- end }} - {{- if .Values.prometheus.resources }} - resources: {{- toYaml .Values.prometheus.resources | nindent 4 }} - {{- end }} - retention: {{ .Values.prometheus.retention }} - {{- if .Values.prometheus.retentionSize }} - retentionSize: {{ .Values.prometheus.retentionSize }} - {{- end }} - {{- if .Values.prometheus.disableCompaction }} - disableCompaction: {{ .Values.prometheus.disableCompaction }} - {{- end }} - {{- if .Values.prometheus.walCompression }} - walCompression: {{ .Values.prometheus.walCompression }} - {{- end }} - portName: "{{ .Values.prometheus.portName }}" - routePrefix: "{{ .Values.prometheus.routePrefix }}" - {{- if .Values.prometheus.secrets }} - secrets: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.secrets "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.configMaps }} - configMaps: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.configMaps "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitorNamespaceSelector }} - serviceMonitorNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorNamespaceSelector "context" $) | nindent 4 }} - {{- else }} - serviceMonitorNamespaceSelector: {} - {{- end }} - {{- if .Values.prometheus.podMonitorNamespaceSelector }} - podMonitorNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorNamespaceSelector "context" $) | nindent 4 }} - {{- else }} - podMonitorNamespaceSelector: {} - {{- end }} - {{- if .Values.prometheus.probeNamespaceSelector }} - probeNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.probeNamespaceSelector "context" $) | nindent 4 }} - {{- else }} - probeNamespaceSelector: {} - {{- end }} - {{- if .Values.prometheus.remoteRead }} - remoteRead: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.remoteWrite }} - remoteWrite: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.remoteWrite "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.podSecurityContext.enabled }} - securityContext: {{- omit .Values.prometheus.podSecurityContext "enabled" | toYaml | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.ruleNamespaceSelector }} - ruleNamespaceSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.ruleNamespaceSelector "context" $) | nindent 4 }} - {{- else }} - ruleNamespaceSelector: {} - {{- end }} - {{- if .Values.prometheus.ruleSelector }} - ruleSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.ruleSelector "context" $) | nindent 4 }} - {{- else }} - ruleSelector: {} - {{- end }} - {{- if .Values.prometheus.storageSpec }} - storage: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.storageSpec "context" $) | nindent 4 }} - {{- else if .Values.prometheus.persistence.enabled }} - storage: - volumeClaimTemplate: - spec: - accessModes: - {{- range .Values.prometheus.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.prometheus.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.prometheus.persistence "global" .Values.global) | nindent 8 }} - {{- end }} - {{- if or .Values.prometheus.podMetadata.labels .Values.prometheus.podMetadata.annotations (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }} - podMetadata: - labels: - {{- if .Values.prometheus.podMetadata.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.labels "context" $) | nindent 6 }} - {{- end }} - {{- if or (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }} - {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }} - {{- end }} - {{- if .Values.prometheus.podMetadata.annotations }} - annotations: - {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.annotations "context" $) | nindent 6 }} - {{- end }} - {{- end }} - {{- if .Values.prometheus.querySpec }} - query: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.querySpec "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.affinity "context" $) | nindent 4 }} - {{- else }} - affinity: - {{- if not (empty .Values.prometheus.podAffinityPreset) }} - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.prometheus.podAffinityPreset "component" "prometheus" "context" $) | nindent 6 }} - {{- end }} - {{- if not (empty .Values.prometheus.podAntiAffinityPreset) }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.prometheus.podAntiAffinityPreset "component" "prometheus" "context" $) | nindent 6 }} - {{- end }} - {{- if not (empty .Values.prometheus.nodeAffinityPreset.values) }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.prometheus.nodeAffinityPreset.type "key" .Values.prometheus.nodeAffinityPreset.key "values" .Values.prometheus.nodeAffinityPreset.values) | nindent 6 }} - {{- end }} - {{- end }} - {{- if .Values.prometheus.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.nodeSelector "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.tolerations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.volumes }} - volumes: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.volumes "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.prometheus.volumeMounts }} - volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.volumeMounts "context" $) | nindent 4 }} - {{- end }} - {{- if or .Values.prometheus.additionalScrapeConfigs.enabled .Values.prometheus.additionalScrapeConfigsExternal.enabled }} - additionalScrapeConfigs: - {{- if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "external") }} - name: {{ .Values.prometheus.additionalScrapeConfigs.external.name }} - key: {{ .Values.prometheus.additionalScrapeConfigs.external.key }} - {{- else if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") }} - name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }} - key: scrape-jobs.yaml - {{- else if and (not .Values.prometheus.additionalScrapeConfigs.enabled) .Values.prometheus.additionalScrapeConfigsExternal.enabled }} - name: {{ .Values.prometheus.additionalScrapeConfigsExternal.name }} - key: {{ .Values.prometheus.additionalScrapeConfigsExternal.key }} - {{- end }} - {{- end }} - {{- if .Values.prometheus.additionalAlertRelabelConfigsExternal.enabled }} - additionalAlertRelabelConfigs: - name: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.name }} - key: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.key }} - {{- end }} -{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }} - {{- if or .Values.prometheus.containers .Values.prometheus.thanos.create .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} - containers: - {{- if .Values.prometheus.thanos.create }} - - name: thanos-sidecar - image: {{ template "kube-prometheus.prometheus.thanosImage" . }} - imagePullPolicy: {{ .Values.prometheus.thanos.image.pullPolicy }} - args: - - sidecar - - --prometheus.url={{ default "http://localhost:9090" .Values.prometheus.thanos.prometheusUrl }} - - --grpc-address=0.0.0.0:10901 - - --http-address=0.0.0.0:10902 - - --tsdb.path=/prometheus/ - {{- if .Values.prometheus.thanos.objectStorageConfig }} - - --objstore.config=$(OBJSTORE_CONFIG) - {{- end }} - {{- if .Values.prometheus.thanos.extraArgs }} - {{ toYaml .Values.prometheus.thanos.extraArgs | indent 8 | trim }} - {{- end }} - {{- if .Values.prometheus.thanos.objectStorageConfig }} - env: - - name: OBJSTORE_CONFIG - valueFrom: - secretKeyRef: - name: {{ .Values.prometheus.thanos.objectStorageConfig.secretName }} - key: {{ .Values.prometheus.thanos.objectStorageConfig.secretKey | default "thanos.yaml" }} - {{- end }} - {{- if .Values.prometheus.thanos.resources }} - resources: {{- toYaml .Values.prometheus.thanos.resources | nindent 8 }} - {{- end }} - ports: - - name: grpc - containerPort: 10901 - protocol: TCP - - name: http - containerPort: 10902 - protocol: TCP - volumeMounts: - - mountPath: /prometheus - name: prometheus-{{ template "kube-prometheus.prometheus.fullname" . }}-db - {{- if not (.Values.prometheus.storageSpec.disableMountSubPath | default (not .Values.prometheus.persistence.enabled)) }} - subPath: prometheus-db - {{- end }} - {{- if .Values.prometheus.thanos.containerSecurityContext.enabled }} - # yamllint disable rule:indentation - securityContext: {{- omit .Values.prometheus.thanos.containerSecurityContext "enabled" | toYaml | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - {{- if .Values.prometheus.thanos.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.prometheus.thanos.livenessProbe.path }} - port: http - scheme: HTTP - initialDelaySeconds: {{ .Values.prometheus.thanos.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.prometheus.thanos.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.prometheus.thanos.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.prometheus.thanos.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.prometheus.thanos.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.prometheus.thanos.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.prometheus.thanos.readinessProbe.path }} - port: http - scheme: HTTP - initialDelaySeconds: {{ .Values.prometheus.thanos.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.prometheus.thanos.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.prometheus.thanos.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.prometheus.thanos.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.prometheus.thanos.readinessProbe.successThreshold }} - {{- end }} - {{- end }} - {{- if or .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.livenessProbe.enabled .Values.prometheus.readinessProbe.enabled }} - ## This monkey patching is needed until the securityContexts are - ## directly patchable via the CRD. - ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 - ## currently implemented with strategic merge - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md - - name: prometheus - {{- if .Values.prometheus.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.prometheus.containerSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.prometheus.livenessProbe.path }} - port: web - scheme: HTTP - initialDelaySeconds: {{ .Values.prometheus.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.prometheus.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.prometheus.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.prometheus.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.prometheus.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.prometheus.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.prometheus.readinessProbe.path }} - port: web - scheme: HTTP - initialDelaySeconds: {{ .Values.prometheus.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.prometheus.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.prometheus.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.prometheus.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.prometheus.readinessProbe.successThreshold }} - {{- end }} - {{- end }} - {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} - ## This monkey patching is needed until the securityContexts are - ## directly patchable via the CRD. - ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 - ## currently implemented with strategic merge - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md - - name: config-reloader - {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }} - livenessProbe: - tcpSocket: - port: reloader-web - initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: reloader-web - initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }} - {{- end }} - {{- end }} - {{- if .Values.prometheus.containers }} - {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.containers "context" $) | nindent 4 }} - {{- end }} - {{- end }} - {{- if .Values.prometheus.priorityClassName }} - priorityClassName: {{ .Values.prometheus.priorityClassName }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/psp-clusterrole.yaml b/bitnami/kube-prometheus/templates/prometheus/psp-clusterrole.yaml deleted file mode 100644 index e5acc1d..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/psp-clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.rbac.create .Values.rbac.pspEnabled }} -kind: ClusterRole -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "kube-prometheus.prometheus.fullname" . }}-psp - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} -rules: - - apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus.prometheus.fullname" . }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/psp-clusterrolebinding.yaml b/bitnami/kube-prometheus/templates/prometheus/psp-clusterrolebinding.yaml deleted file mode 100644 index b4ca2aa..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus.prometheus.fullname" . }}-psp - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus.prometheus.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/psp.yaml b/bitnami/kube-prometheus/templates/prometheus/psp.yaml deleted file mode 100644 index d740654..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/psp.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus.prometheus.fullname" . }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/service.yaml b/bitnami/kube-prometheus/templates/prometheus/service.yaml deleted file mode 100644 index 7ff9c3e..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.prometheus.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus.prometheus.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} - {{- if .Values.prometheus.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.prometheus.service.type }} - {{- if index .Values.prometheus "stickySessions" }} - sessionAffinity: ClientIP - {{- end }} - {{- if and .Values.prometheus.service.loadBalancerIP (eq .Values.prometheus.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.prometheus.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.prometheus.service.type "LoadBalancer") .Values.prometheus.service.loadBalancerSourceRanges }} - {{- with .Values.prometheus.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} - {{- if and (eq .Values.prometheus.service.type "LoadBalancer") .Values.prometheus.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.operator.service.externalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.prometheus.service.type "LoadBalancer") (eq .Values.prometheus.service.externalTrafficPolicy "Local") .Values.prometheus.service.healthCheckNodePort }} - healthCheckNodePort: {{ .Values.prometheus.service.healthCheckNodePort }} - {{- end }} - {{- if and (eq .Values.prometheus.service.type "ClusterIP") .Values.prometheus.service.clusterIP }} - clusterIP: {{ .Values.prometheus.service.clusterIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.prometheus.service.port }} - targetPort: 9090 - protocol: TCP - {{- if and .Values.prometheus.service.nodePort (or (eq .Values.prometheus.service.type "NodePort") (eq .Values.prometheus.service.type "LoadBalancer")) }} - nodePort: {{ .Values.prometheus.service.nodePort }} - {{- end }} - selector: - app: prometheus - prometheus: {{ template "kube-prometheus.prometheus.fullname" . }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/serviceaccount.yaml b/bitnami/kube-prometheus/templates/prometheus/serviceaccount.yaml deleted file mode 100644 index 9dcc43a..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} - {{- if index .Values.prometheus.serviceAccount "annotations" }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} -{{- include "kube-prometheus.imagePullSecrets" . }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/servicemonitor.yaml b/bitnami/kube-prometheus/templates/prometheus/servicemonitor.yaml deleted file mode 100644 index e6eb58e..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/servicemonitor.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus.prometheus.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} -spec: - selector: - matchLabels: {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http - {{- if .Values.prometheus.serviceMonitor.interval }} - interval: {{ .Values.prometheus.serviceMonitor.interval }} - {{- end }} - path: {{ trimSuffix "/" .Values.prometheus.routePrefix }}/metrics - {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.prometheus.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.relabelings }} - relabelings: {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/thanos-ingress.yaml b/bitnami/kube-prometheus/templates/prometheus/thanos-ingress.yaml deleted file mode 100644 index 9c05eae..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/thanos-ingress.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.thanos.create .Values.prometheus.thanos.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "kube-prometheus.thanos.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} - app.kubernetes.io/subcomponent: thanos - annotations: - {{- if .Values.prometheus.thanos.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := .Values.prometheus.thanos.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- range .Values.prometheus.thanos.ingress.hosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "kube-prometheus.thanos.fullname" $) "servicePort" "grpc" "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.prometheus.thanos.ingress.tls }} - tls: -{{ toYaml .Values.prometheus.thanos.ingress.tls | indent 4 }} - {{- end }} -{{- end -}} diff --git a/bitnami/kube-prometheus/templates/prometheus/thanos-service.yaml b/bitnami/kube-prometheus/templates/prometheus/thanos-service.yaml deleted file mode 100644 index 2c5a8cc..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/thanos-service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.thanos.create }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus.prometheus.fullname" . }}-thanos - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} - app.kubernetes.io/subcomponent: thanos - {{- if .Values.prometheus.thanos.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.thanos.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.prometheus.thanos.service.type }} - {{- if and .Values.prometheus.thanos.service.loadBalancerIP (eq .Values.prometheus.thanos.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.prometheus.thanos.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.prometheus.thanos.service.type "LoadBalancer") .Values.prometheus.thanos.service.loadBalancerSourceRanges }} - {{- with .Values.prometheus.thanos.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} - {{- if and (eq .Values.prometheus.thanos.service.type "ClusterIP") .Values.prometheus.thanos.service.clusterIP }} - clusterIP: {{ .Values.prometheus.thanos.service.clusterIP }} - {{- end }} - ports: - - name: grpc - port: {{ .Values.prometheus.thanos.service.port }} - targetPort: grpc - protocol: TCP - {{- if and .Values.prometheus.thanos.service.nodePort (or (eq .Values.prometheus.thanos.service.type "NodePort") (eq .Values.prometheus.thanos.service.type "LoadBalancer")) }} - nodePort: {{ .Values.prometheus.thanos.service.nodePort }} - {{- end }} - {{- if .Values.prometheus.thanos.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.prometheus.thanos.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: - app: prometheus - prometheus: {{ template "kube-prometheus.prometheus.fullname" . }} -{{- end }} diff --git a/bitnami/kube-prometheus/templates/prometheus/tls-secrets.yaml b/bitnami/kube-prometheus/templates/prometheus/tls-secrets.yaml deleted file mode 100644 index ffbdd13..0000000 --- a/bitnami/kube-prometheus/templates/prometheus/tls-secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled }} -{{- if .Values.prometheus.ingress.secrets }} -{{- range .Values.prometheus.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "kube-prometheus.prometheus.labels" $ | nindent 4 }} - type: kubernetes.io/tls - data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.prometheus.ingress.tls (not .Values.prometheus.ingress.certManager) }} -{{- $ca := genCA "prometheus-ca" 365 }} -{{- $cert := genSignedCert .Values.prometheus.ingress.hostname nil (list .Values.prometheus.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.prometheus.ingress.hostname }} - namespace: {{ .Release.Namespace }} - labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/kube-prometheus/values.yaml b/bitnami/kube-prometheus/values.yaml deleted file mode 100644 index 08678a2..0000000 --- a/bitnami/kube-prometheus/values.yaml +++ /dev/null @@ -1,1801 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## @param global.labels Additional labels to apply to all resources -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - labels: {} - -## @section Common parameters - -## @param nameOverride String to partially override `kube-prometheus.name` template with a string (will prepend the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override `kube-prometheus.fullname` template with a string -## -fullnameOverride: "" - -## @section Prometheus Operator Parameters - -operator: - ## @param operator.enabled Deploy Prometheus Operator to the cluster - ## - enabled: true - ## Bitnami Prometheus Operator image version - ## ref: https://hub.docker.com/r/bitnami/prometheus-operator/tags/ - ## @param operator.image.registry Prometheus Operator image registry - ## @param operator.image.repository Prometheus Operator image repository - ## @param operator.image.tag Prometheus Operator Image tag (immutable tags are recommended) - ## @param operator.image.pullPolicy Prometheus Operator image pull policy - ## @param operator.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/prometheus-operator - tag: 0.51.0-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param operator.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## Service account for Prometheus Operator to use. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## - serviceAccount: - ## @param operator.serviceAccount.create Specify whether to create a ServiceAccount for Prometheus Operator - ## - create: true - ## @param operator.serviceAccount.name The name of the ServiceAccount to create - ## If not set and create is true, a name is generated using the kube-prometheus.operator.fullname template - name: "" - ## @param operator.schedulerName Name of the Kubernetess scheduler (other than default) - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## Prometheus Operator pods' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param operator.podSecurityContext.enabled Enable pod security context - ## @param operator.podSecurityContext.runAsUser User ID for the container - ## @param operator.podSecurityContext.fsGroup Group ID for the container filesystem - ## - podSecurityContext: - enabled: true - runAsUser: 1001 - fsGroup: 1001 - ## Prometheus Operator containers' Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param operator.containerSecurityContext.enabled Enable container security context - ## @param operator.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped - ## @param operator.containerSecurityContext.runAsNonRoot Force the container to run as a non root user - ## @param operator.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off - ## @param operator.containerSecurityContext.readOnlyRootFilesystem Mount / (root) as a readonly filesystem - ## - containerSecurityContext: - enabled: true - capabilities: - drop: - - ALL - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - ## Prometheus Operator Service - ## - service: - ## @param operator.service.type Kubernetes service type - ## - type: ClusterIP - ## @param operator.service.port Prometheus Operator service port - ## - port: 8080 - ## @param operator.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` for headless service - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param operator.service.nodePort Kubernetes Service nodePort - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## e.g: - ## nodePort: 30080 - ## - nodePort: "" - ## @param operator.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer` - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param operator.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param operator.service.externalTrafficPolicy Enable client source IP preservation - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## There are two available options: Cluster (default) and Local. - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param operator.service.healthCheckNodePort Specifies the health check node port (numeric port number) for the service if `externalTrafficPolicy` is set to Local. - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - healthCheckNodePort: "" - ## @param operator.service.annotations Additional annotations for Prometheus Operator service - ## - annotations: {} - ## Create a servicemonitor for the operator - ## - serviceMonitor: - ## @param operator.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus Operator - ## - enabled: true - ## @param operator.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: "" - ## @param operator.serviceMonitor.metricRelabelings Metric relabeling - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs - ## - metricRelabelings: [] - ## @param operator.serviceMonitor.relabelings Relabel configs - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - ## - relabelings: [] - ## @param operator.resources Configure resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## @param operator.podAffinityPreset Pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param operator.podAntiAffinityPreset Prometheus Operator Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param operator.nodeAffinityPreset.type Prometheus Operator Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param operator.nodeAffinityPreset.key Prometheus Operator Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param operator.nodeAffinityPreset.values Prometheus Operator Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param operator.affinity Prometheus Operator Affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: operator.podAffinityPreset, operator.podAntiAffinityPreset, and operator.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param operator.nodeSelector Prometheus Operator Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param operator.tolerations Prometheus Operator Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param operator.priorityClassName Priority class assigned to the Pods - ## - priorityClassName: "" - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param operator.livenessProbe.enabled Turn on and off liveness probe - ## @param operator.livenessProbe.path Path of the HTTP service for checking the healthy state - ## @param operator.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated - ## @param operator.livenessProbe.periodSeconds How often to perform the probe - ## @param operator.livenessProbe.timeoutSeconds When the probe times out - ## @param operator.livenessProbe.failureThreshold Minimum consecutive failures for the probe - ## @param operator.livenessProbe.successThreshold Minimum consecutive successes for the probe - ## - livenessProbe: - enabled: true - path: /metrics - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param operator.readinessProbe.enabled Turn on and off readiness probe - ## @param operator.readinessProbe.path Path of the HTTP service for checking the ready state - ## @param operator.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated - ## @param operator.readinessProbe.periodSeconds How often to perform the probe - ## @param operator.readinessProbe.timeoutSeconds When the probe times out - ## @param operator.readinessProbe.failureThreshold Minimum consecutive failures for the probe - ## @param operator.readinessProbe.successThreshold Minimum consecutive successes for the probe - ## - readinessProbe: - enabled: true - path: /metrics - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param operator.logLevel Log level for Prometheus Operator - ## - logLevel: info - ## @param operator.logFormat Log format for Prometheus Operator - ## - logFormat: logfmt - ## @param operator.configReloaderResources Set the prometheus config reloader side-car CPU and memory requests and limits. - ## configReloaderResources: - ## limits: - ## cpu: 200m - ## memory: 100Mi - ## requests: - ## cpu: 100m - ## memory: 50Mi - ## - configReloaderResources: {} - ## @param operator.kubeletService.enabled If true, the operator will create and maintain a service for scraping kubelets - ## @param operator.kubeletService.namespace Namespace to deploy the kubelet service - ## - kubeletService: - enabled: true - namespace: kube-system - ## Prometheus Configmap-reload image to use for reloading configmaps - ## defaults to Bitnami Prometheus Operator (ref: https://hub.docker.com/r/bitnami/prometheus-operator/tags/) - ## - prometheusConfigReloader: - ## @param operator.prometheusConfigReloader.image Prometheus Config Reloader image. If not set, the same as `operator.image.registry` - ## registry: - ## repository: - ## tag: - ## pullSecrets: - ## - image: {} - ## Prometheus config reload container's securityContext - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param operator.prometheusConfigReloader.containerSecurityContext.enabled Enable container security context - ## @param operator.prometheusConfigReloader.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem - ## @param operator.prometheusConfigReloader.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off - ## @param operator.prometheusConfigReloader.containerSecurityContext.runAsNonRoot Force the container to run as a non root user - ## @param operator.prometheusConfigReloader.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped - ## - containerSecurityContext: - enabled: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - ALL - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param operator.prometheusConfigReloader.livenessProbe.enabled Turn on and off liveness probe - ## @param operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated - ## @param operator.prometheusConfigReloader.livenessProbe.periodSeconds How often to perform the probe - ## @param operator.prometheusConfigReloader.livenessProbe.timeoutSeconds When the probe times out - ## @param operator.prometheusConfigReloader.livenessProbe.failureThreshold Minimum consecutive failures for the probe - ## @param operator.prometheusConfigReloader.livenessProbe.successThreshold Minimum consecutive successes for the probe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param operator.prometheusConfigReloader.readinessProbe.enabled Turn on and off readiness probe - ## @param operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated - ## @param operator.prometheusConfigReloader.readinessProbe.periodSeconds How often to perform the probe - ## @param operator.prometheusConfigReloader.readinessProbe.timeoutSeconds When the probe times out - ## @param operator.prometheusConfigReloader.readinessProbe.failureThreshold Minimum consecutive failures for the probe - ## @param operator.prometheusConfigReloader.readinessProbe.successThreshold Minimum consecutive successes for the probe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 20 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## @section Prometheus Parameters - -## Deploy a Prometheus instance -## -prometheus: - ## @param prometheus.enabled Deploy Prometheus to the cluster - ## - enabled: true - ## Bitnami Prometheus image version - ## ref: https://hub.docker.com/r/bitnami/prometheus/tags/ - ## @param prometheus.image.registry Prometheus image registry - ## @param prometheus.image.repository Prometheus image repository - ## @param prometheus.image.tag Prometheus Image tag (immutable tags are recommended) - ## @param prometheus.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/prometheus - tag: 2.30.0-debian-10-r9 - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Service account for Prometheus to use. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## - serviceAccount: - ## @param prometheus.serviceAccount.create Specify whether to create a ServiceAccount for Prometheus - ## - create: true - ## @param prometheus.serviceAccount.name The name of the ServiceAccount to create - ## If not set and create is true, a name is generated using the kube-prometheus.prometheus.fullname template - name: "" - ## @param prometheus.serviceAccount.annotations Additional annotations for created Prometheus ServiceAccount - ## annotations: - ## eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT:role/prometheus - ## - annotations: {} - ## Prometheus pods' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param prometheus.podSecurityContext.enabled Enable security context - ## @param prometheus.podSecurityContext.runAsUser User ID for the container - ## @param prometheus.podSecurityContext.fsGroup Group ID for the container filesystem - ## - podSecurityContext: - enabled: true - runAsUser: 1001 - fsGroup: 1001 - ## Prometheus containers' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param prometheus.containerSecurityContext.enabled Enable container security context - ## @param prometheus.containerSecurityContext.readOnlyRootFilesystem Mount / (root) as a readonly filesystem - ## @param prometheus.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off - ## @param prometheus.containerSecurityContext.runAsNonRoot Force the container to run as a non root user - ## @param prometheus.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped - ## - containerSecurityContext: - enabled: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - ALL - ## Configure pod disruption budgets for Prometheus - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget - ## @param prometheus.podDisruptionBudget.enabled Create a pod disruption budget for Prometheus - ## @param prometheus.podDisruptionBudget.minAvailable Minimum number / percentage of pods that should remain scheduled - ## @param prometheus.podDisruptionBudget.maxUnavailable Maximum number / percentage of pods that may be made unavailable - ## - podDisruptionBudget: - enabled: false - minAvailable: 1 - maxUnavailable: "" - ## Prometheus Service - ## - service: - ## @param prometheus.service.type Kubernetes service type - ## - type: ClusterIP - ## @param prometheus.service.port Prometheus service port - ## - port: 9090 - ## @param prometheus.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` for headless service - ## e.g: clusterIP: None - ## - clusterIP: "" - ## @param prometheus.service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## e.g: - ## nodePort: 30090 - ## - nodePort: "" - ## @param prometheus.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param prometheus.service.loadBalancerSourceRanges Address that are allowed when service is `LoadBalancer` - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param prometheus.service.externalTrafficPolicy Enable client source IP preservation - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## There are two available options: Cluster (default) and Local - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param prometheus.service.healthCheckNodePort Specifies the health check node port - ## if externalTrafficPolicy is set to Local. - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - healthCheckNodePort: "" - ## @param prometheus.service.stickySessions Set stickySessions to `true` to enable Session Affinity - ## - stickySessions: "" - ## @param prometheus.service.annotations Additional annotations for Prometheus service (this value is evaluated as a template) - ## - annotations: {} - serviceMonitor: - ## @param prometheus.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus itself - ## - enabled: true - ## @param prometheus.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: "" - ## @param prometheus.serviceMonitor.metricRelabelings Metric relabeling - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs - ## - metricRelabelings: [] - ## @param prometheus.serviceMonitor.relabelings Relabel configs - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - ## - relabelings: [] - ## Configure the ingress resource that allows you to access the - ## Alertmanager installation. Set up the URL - ## ref: http://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - ## @param prometheus.ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param prometheus.ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param prometheus.ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param prometheus.ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param prometheus.ingress.hostname Default host for the ingress resource - ## - hostname: prometheus.local - ## @param prometheus.ingress.path The Path to Prometheus. You may need to set this to '/*' in order to use this with ALB ingress controllers - ## - path: / - ## @param prometheus.ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## - annotations: {} - ## @param prometheus.ingress.tls Enable TLS configuration for the hostname defined at prometheus.ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.prometheus.ingress.hostname }} - ## You can use the prometheus.ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param prometheus.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: prometheus.local - ## path: / - ## - extraHosts: [] - ## @param prometheus.ingress.extraPaths Additional arbitrary path/backend objects - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param prometheus.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - prometheus.local - ## secretName: prometheus.local-tls - ## - extraTls: [] - ## @param prometheus.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: prometheus.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param prometheus.externalUrl External URL used to access Prometheus - ## If not creating an ingress but still exposing the service some other way (like a proxy) - ## let Prometheus know what its external URL is so that it can properly create links - ## externalUrl: https://prometheus.example.com - ## - externalUrl: "" - ## @param prometheus.resources CPU/Memory resource requests/limits for node - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## @param prometheus.podAffinityPreset Prometheus Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param prometheus.podAntiAffinityPreset Prometheus Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param prometheus.nodeAffinityPreset.type Prometheus Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param prometheus.nodeAffinityPreset.key Prometheus Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param prometheus.nodeAffinityPreset.values Prometheus Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param prometheus.affinity Prometheus Affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: prometheus.podAffinityPreset, prometheus.podAntiAffinityPreset, and prometheus.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param prometheus.nodeSelector Prometheus Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param prometheus.tolerations Prometheus Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param prometheus.scrapeInterval Interval between consecutive scrapes - ## - scrapeInterval: "" - ## @param prometheus.evaluationInterval Interval between consecutive evaluations - ## - evaluationInterval: "" - ## @param prometheus.listenLocal ListenLocal makes the Prometheus server listen on loopback - ## - listenLocal: false - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param prometheus.livenessProbe.enabled Turn on and off liveness probe - ## @param prometheus.livenessProbe.path Path of the HTTP service for checking the healthy state - ## @param prometheus.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated - ## @param prometheus.livenessProbe.periodSeconds How often to perform the probe - ## @param prometheus.livenessProbe.timeoutSeconds When the probe times out - ## @param prometheus.livenessProbe.failureThreshold Minimum consecutive failures for the probe - ## @param prometheus.livenessProbe.successThreshold Minimum consecutive successes for the probe - ## - livenessProbe: - enabled: true - path: /-/healthy - initialDelaySeconds: 0 - failureThreshold: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 3 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param prometheus.readinessProbe.enabled Turn on and off readiness probe - ## @param prometheus.readinessProbe.path Path of the HTTP service for checking the ready state - ## @param prometheus.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated - ## @param prometheus.readinessProbe.periodSeconds How often to perform the probe - ## @param prometheus.readinessProbe.timeoutSeconds When the probe times out - ## @param prometheus.readinessProbe.failureThreshold Minimum consecutive failures for the probe - ## @param prometheus.readinessProbe.successThreshold Minimum consecutive successes for the probe - ## - readinessProbe: - enabled: true - path: /-/ready - initialDelaySeconds: 0 - failureThreshold: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 3 - ## @param prometheus.enableAdminAPI Enable Prometheus adminitrative API - ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis - ## - enableAdminAPI: false - ## @param prometheus.alertingEndpoints Alertmanagers to which alerts will be sent - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints - ## - alertingEndpoints: [] - ## @param prometheus.externalLabels External labels to add to any time series or alerts when communicating with external systems - ## - externalLabels: {} - ## @param prometheus.replicaExternalLabelName Name of the external label used to denote replica name - ## - replicaExternalLabelName: "" - ## @param prometheus.replicaExternalLabelNameClear Clear external label used to denote replica name - ## - replicaExternalLabelNameClear: false - ## @param prometheus.routePrefix Prefix used to register routes, overriding externalUrl route - ## Useful for proxies that rewrite URLs. - ## - routePrefix: / - ## @param prometheus.prometheusExternalLabelName Name of the external label used to denote Prometheus instance name - ## - prometheusExternalLabelName: "" - ## @param prometheus.prometheusExternalLabelNameClear Clear external label used to denote Prometheus instance name - ## - prometheusExternalLabelNameClear: false - ## @param prometheus.secrets Secrets that should be mounted into the Prometheus Pods - ## - secrets: [] - ## @param prometheus.configMaps ConfigMaps that should be mounted into the Prometheus Pods - ## - configMaps: [] - ## @param prometheus.querySpec The query command line flags when starting Prometheus - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#queryspec - ## - querySpec: {} - ## @param prometheus.ruleNamespaceSelector Namespaces to be selected for PrometheusRules discovery - ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage - ## - ruleNamespaceSelector: {} - ## @param prometheus.ruleSelector PrometheusRules to be selected for target discovery - ## If {}, select all ServiceMonitors - ## - ruleSelector: {} - ## @param prometheus.serviceMonitorSelector ServiceMonitors to be selected for target discovery - ## If {}, select all ServiceMonitors - ## - serviceMonitorSelector: {} - ## @param prometheus.matchLabels Matchlabels - ## - matchLabels: {} - ## @param prometheus.serviceMonitorNamespaceSelector Namespaces to be selected for ServiceMonitor discovery - ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage - ## - serviceMonitorNamespaceSelector: {} - ## @param prometheus.podMonitorSelector PodMonitors to be selected for target discovery. - ## If {}, select all PodMonitors - ## - podMonitorSelector: {} - ## @param prometheus.podMonitorNamespaceSelector Namespaces to be selected for PodMonitor discovery - ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage - ## - podMonitorNamespaceSelector: {} - ## @param prometheus.probeSelector Probes to be selected for target discovery. - ## If {}, select all Probes - ## - probeSelector: {} - ## @param prometheus.probeNamespaceSelector Namespaces to be selected for Probe discovery - ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage - ## - probeNamespaceSelector: {} - ## @param prometheus.retention Metrics retention days - ## - retention: 10d - ## @param prometheus.retentionSize Maximum size of metrics - ## - retentionSize: "" - ## @param prometheus.disableCompaction Disable the compaction of the Prometheus TSDB - ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## ref: https://prometheus.io/docs/prometheus/latest/storage/#compaction - ## - disableCompaction: false - ## @param prometheus.walCompression Enable compression of the write-ahead log using Snappy - ## - walCompression: false - ## @param prometheus.paused If true, the Operator won't process any Prometheus configuration changes - ## - paused: false - ## @param prometheus.replicaCount Number of Prometheus replicas desired - ## - replicaCount: 1 - ## @param prometheus.logLevel Log level for Prometheus - ## - logLevel: info - ## @param prometheus.logFormat Log format for Prometheus - ## - logFormat: logfmt - ## @param prometheus.podMetadata [object] Standard object's metadata - ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata - ## - podMetadata: - ## labels: - ## app: prometheus - ## k8s-app: prometheus - ## - labels: {} - annotations: {} - ## @param prometheus.remoteRead The remote_read spec configuration for Prometheus - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec - ## remoteRead: - ## - url: http://remote1/read - ## - remoteRead: [] - ## @param prometheus.remoteWrite The remote_write spec configuration for Prometheus - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec - ## remoteWrite: - ## - url: http://remote1/push - ## - remoteWrite: [] - ## @param prometheus.storageSpec Prometheus StorageSpec for persistent data - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md - ## - storageSpec: {} - ## Prometheus persistence parameters - ## - persistence: - ## @param prometheus.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect. - ## - enabled: false - ## @param prometheus.persistence.storageClass Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param prometheus.persistence.accessModes Persistent Volume Access Modes - ## - accessModes: - - ReadWriteOnce - ## @param prometheus.persistence.size Persistent Volume Size - ## - size: 8Gi - ## @param prometheus.priorityClassName Priority class assigned to the Pods - ## - priorityClassName: "" - ## @param prometheus.containers Containers allows injecting additional containers - ## - containers: [] - ## @param prometheus.volumes Volumes allows configuration of additional volumes - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - volumes: [] - ## @param prometheus.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - volumeMounts: [] - ## @param prometheus.additionalPrometheusRules PrometheusRule defines recording and alerting rules for a Prometheus instance. - ## - name: custom-recording-rules - ## groups: - ## - name: sum_node_by_job - ## rules: - ## - record: job:kube_node_labels:sum - ## expr: sum(kube_node_labels) by (job) - ## - name: sum_prometheus_config_reload_by_pod - ## rules: - ## - record: job:prometheus_config_last_reload_successful:sum - ## expr: sum(prometheus_config_last_reload_successful) by (pod) - ## - name: custom-alerting-rules - ## groups: - ## - name: prometheus-config - ## rules: - ## - alert: PrometheusConfigurationReload - ## expr: prometheus_config_last_reload_successful > 0 - ## for: 1m - ## labels: - ## severity: error - ## annotations: - ## summary: "Prometheus configuration reload (instance {{ $labels.instance }})" - ## description: "Prometheus configuration reload error\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - ## - name: custom-node-exporter-alerting-rules - ## rules: - ## - alert: PhysicalComponentTooHot - ## expr: node_hwmon_temp_celsius > 75 - ## for: 5m - ## labels: - ## severity: warning - ## annotations: - ## summary: "Physical component too hot (instance {{ $labels.instance }})" - ## description: "Physical hardware component too hot\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - ## - alert: NodeOvertemperatureAlarm - ## expr: node_hwmon_temp_alarm == 1 - ## for: 5m - ## labels: - ## severity: critical - ## annotations: - ## summary: "Node overtemperature alarm (instance {{ $labels.instance }})" - ## description: "Physical node temperature alarm triggered\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" - ## - additionalPrometheusRules: [] - ## Note that the prometheus will fail to provision if the correct secret does not exist. - ## @param prometheus.additionalScrapeConfigs.enabled Enable additional scrape configs - ## @param prometheus.additionalScrapeConfigs.type Indicates if the cart should use external additional scrape configs or internal configs - ## @param prometheus.additionalScrapeConfigs.external.name Name of the secret that Prometheus should use for the additional external scrape configuration - ## @param prometheus.additionalScrapeConfigs.external.key Name of the key inside the secret to be used for the additional external scrape configuration - ## @param prometheus.additionalScrapeConfigs.internal.jobList A list of Prometheus scrape jobs - ## - additionalScrapeConfigs: - enabled: false - type: external - external: - ## Name of the secret that Prometheus should use for the additional scrape configuration - ## - name: "" - ## Name of the key inside the secret to be used for the additional scrape configuration. - ## - key: "" - internal: - jobList: [] - ## @param prometheus.additionalScrapeConfigsExternal.enabled Deprecated: Enable additional scrape configs that are managed externally to this chart - ## @param prometheus.additionalScrapeConfigsExternal.name Deprecated: Name of the secret that Prometheus should use for the additional scrape configuration - ## @param prometheus.additionalScrapeConfigsExternal.key Deprecated: Name of the key inside the secret to be used for the additional scrape configuration - ## - additionalScrapeConfigsExternal: - enabled: false - name: "" - key: "" - ## Enable additional Prometheus alert relabel configs that are managed externally to this chart - ## Note that the prometheus will fail to provision if the correct secret does not exist. - ## @param prometheus.additionalAlertRelabelConfigsExternal.enabled Enable additional Prometheus alert relabel configs that are managed externally to this chart - ## @param prometheus.additionalAlertRelabelConfigsExternal.name Name of the secret that Prometheus should use for the additional Prometheus alert relabel configuration - ## @param prometheus.additionalAlertRelabelConfigsExternal.key Name of the key inside the secret to be used for the additional Prometheus alert relabel configuration - ## - additionalAlertRelabelConfigsExternal: - enabled: false - name: "" - key: "" - ## Thanos sidecar container configuration - ## - thanos: - ## @param prometheus.thanos.create Create a Thanos sidecar container - ## - create: false - ## Bitnami Thanos image - ## ref: https://hub.docker.com/r/bitnami/thanos/tags/ - ## @param prometheus.thanos.image.registry Thanos image registry - ## @param prometheus.thanos.image.repository Thanos image name - ## @param prometheus.thanos.image.tag Thanos image tag - ## @param prometheus.thanos.image.pullPolicy Thanos image pull policy - ## @param prometheus.thanos.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/thanos - tag: 0.22.0-scratch-r4 - ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Thanos Sidecar container's securityContext - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param prometheus.thanos.containerSecurityContext.enabled Enable container security context - ## @param prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem - ## @param prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off - ## @param prometheus.thanos.containerSecurityContext.runAsNonRoot Force the container to run as a non root user - ## @param prometheus.thanos.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped - ## - containerSecurityContext: - enabled: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - ALL - ## @param prometheus.thanos.prometheusUrl Override default prometheus url "http://localhost:9090" - ## - prometheusUrl: "" - ## @param prometheus.thanos.extraArgs Additional arguments passed to the thanos sidecar container - ## extraArgs: - ## - --log.level=debug - ## - --tsdb.path=/data/ - ## - extraArgs: [] - ## @param prometheus.thanos.objectStorageConfig Support mounting a Secret for the objectStorageConfig of the sideCar container. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/thanos.md - ## objectStorageConfig: - ## secretName: thanos-objstore-config - ## secretKey: thanos.yaml - ## - objectStorageConfig: {} - ## Thanos sidecar container resource requests and limits. - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param prometheus.thanos.resources.limits The resources limits for the Thanos sidecar container - ## @param prometheus.thanos.resources.requests The resources requests for the Thanos sidecar container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param prometheus.thanos.livenessProbe.enabled Turn on and off liveness probe - ## @param prometheus.thanos.livenessProbe.path Path of the HTTP service for checking the healthy state - ## @param prometheus.thanos.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated - ## @param prometheus.thanos.livenessProbe.periodSeconds How often to perform the probe - ## @param prometheus.thanos.livenessProbe.timeoutSeconds When the probe times out - ## @param prometheus.thanos.livenessProbe.failureThreshold Minimum consecutive failures for the probe - ## @param prometheus.thanos.livenessProbe.successThreshold Minimum consecutive successes for the probe - ## - livenessProbe: - enabled: true - path: /-/healthy - initialDelaySeconds: 0 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 120 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param prometheus.thanos.readinessProbe.enabled Turn on and off readiness probe - ## @param prometheus.thanos.readinessProbe.path Path of the HTTP service for checking the ready state - ## @param prometheus.thanos.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated - ## @param prometheus.thanos.readinessProbe.periodSeconds How often to perform the probe - ## @param prometheus.thanos.readinessProbe.timeoutSeconds When the probe times out - ## @param prometheus.thanos.readinessProbe.failureThreshold Minimum consecutive failures for the probe - ## @param prometheus.thanos.readinessProbe.successThreshold Minimum consecutive successes for the probe - ## - readinessProbe: - enabled: true - path: /-/ready - initialDelaySeconds: 0 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 120 - successThreshold: 1 - ## Thanos Sidecar Service - ## - service: - ## @param prometheus.thanos.service.type Kubernetes service type - ## - type: ClusterIP - ## @param prometheus.thanos.service.port Thanos service port - ## - port: 10901 - ## @param prometheus.thanos.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` to create headless service by default. - ## Use a "headless" service by default so it returns every pod's IP instead of loadbalancing requests. - ## - clusterIP: None - ## @param prometheus.thanos.service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## e.g: - ## nodePort: 30901 - ## - nodePort: "" - ## @param prometheus.thanos.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param prometheus.thanos.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer` - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param prometheus.thanos.service.annotations Additional annotations for Prometheus service - ## - annotations: {} - ## @param prometheus.thanos.service.extraPorts Additional ports to expose from the Thanos sidecar container - ## extraPorts: - ## - name: http - ## port: 10902 - ## targetPort: http - ## protocol: TCP - ## - extraPorts: [] - ## Configure the ingress resource that allows you to access the - ## Thanos Sidecar installation. Set up the URL - ## ref: http://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - ## @param prometheus.thanos.ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param prometheus.thanos.ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param prometheus.thanos.ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## nginx.ingress.kubernetes.io/backend-protocol: "GRPCS" - ## - annotations: {} - ## @param prometheus.thanos.ingress.hosts [array] The list of hostnames to be covered with this ingress record. - ## Most likely this will be just one host, but in the event more hosts are needed, this is an array - ## - hosts: - - name: thanos.prometheus.local - path: / - ## @param prometheus.thanos.ingress.tls The tls configuration for the ingress - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## tls: - ## - hosts: - ## - thanos.prometheus.local - ## secretName: thanos.prometheus.local-tls - ## - tls: {} - ## @param prometheus.portName Port name used for the pods and governing service. This defaults to web - ## - portName: web - -## @section Alertmanager Parameters - -## Configuration for alertmanager -## ref: https://prometheus.io/docs/alerting/alertmanager/ -## -alertmanager: - ## @param alertmanager.enabled Deploy Alertmanager to the cluster - ## - enabled: true - ## Bitnami Alertmanager image version - ## ref: https://hub.docker.com/r/bitnami/prometheus-operator/tags/ - ## @param alertmanager.image.registry Prometheus image registry - ## @param alertmanager.image.repository Prometheus Image repository - ## @param alertmanager.image.tag Prometheus Image tag (immutable tags are recommended) - ## @param alertmanager.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/alertmanager - tag: 0.23.0-debian-10-r29 - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Service account for Alertmanager to use. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## - serviceAccount: - ## @param alertmanager.serviceAccount.create Specify whether to create a ServiceAccount for Alertmanager - ## - create: true - ## @param alertmanager.serviceAccount.name The name of the ServiceAccount to create - ## If not set and create is true, a name is generated using the kube-prometheus.alertmanager.fullname template - name: "" - ## Prometheus Alertmanager pods' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param alertmanager.podSecurityContext.enabled Enable security context - ## @param alertmanager.podSecurityContext.runAsUser User ID for the container - ## @param alertmanager.podSecurityContext.fsGroup Group ID for the container filesystem - ## - podSecurityContext: - enabled: true - runAsUser: 1001 - fsGroup: 1001 - ## Prometheus Alertmanager container's securityContext - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param alertmanager.containerSecurityContext.enabled Enable container security context - ## @param alertmanager.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem - ## @param alertmanager.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off - ## @param alertmanager.containerSecurityContext.runAsNonRoot Force the container to run as a non root user - ## @param alertmanager.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped - ## - containerSecurityContext: - enabled: true - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - runAsNonRoot: true - capabilities: - drop: - - ALL - ## Configure pod disruption budgets for Alertmanager - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget - ## @param alertmanager.podDisruptionBudget.enabled Create a pod disruption budget for Alertmanager - ## @param alertmanager.podDisruptionBudget.minAvailable Minimum number / percentage of pods that should remain scheduled - ## @param alertmanager.podDisruptionBudget.maxUnavailable Maximum number / percentage of pods that may be made unavailable - ## - podDisruptionBudget: - enabled: false - minAvailable: 1 - maxUnavailable: "" - ## Alertmanager Service - ## - service: - ## @param alertmanager.service.type Kubernetes service type - ## - type: ClusterIP - ## @param alertmanager.service.port Alertmanager service port - ## - port: 9093 - ## @param alertmanager.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` for headless service - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param alertmanager.service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## e.g: - ## nodePort: 30903 - ## - nodePort: "" - ## @param alertmanager.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer` - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param alertmanager.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer` - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param alertmanager.service.externalTrafficPolicy Enable client source IP preservation - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## There are two available options: Cluster (default) and Local. - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param alertmanager.service.healthCheckNodePort Specifies the health check node port - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - healthCheckNodePort: "" - ## @param alertmanager.service.stickySessions Set stickySessions to `true` to enable Session Affinity - ## - stickySessions: "" - ## @param alertmanager.service.annotations Additional annotations for Alertmanager service (this value is evaluated as a template) - ## - annotations: {} - ## If true, create a serviceMonitor for alertmanager - ## - serviceMonitor: - ## @param alertmanager.serviceMonitor.enabled Creates a ServiceMonitor to monitor Alertmanager - ## - enabled: true - ## @param alertmanager.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: "" - ## @param alertmanager.serviceMonitor.metricRelabelings Metric relabeling - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs - ## - metricRelabelings: [] - ## @param alertmanager.serviceMonitor.relabelings Relabel configs - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - ## - relabelings: [] - ## Configure the ingress resource that allows you to access the - ## Alertmanager installation. Set up the URL - ## ref: http://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - ## @param alertmanager.ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param alertmanager.ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param alertmanager.ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param alertmanager.ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param alertmanager.ingress.hostname Default host for the ingress resource - ## - hostname: alertmanager.local - ## @param alertmanager.ingress.path The Path to Alert Manager. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param alertmanager.ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## - annotations: {} - ## @param alertmanager.ingress.tls Enable TLS configuration for the hostname defined at alertmanager.ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.alertmanager.ingress.hostname }} - ## You can use the alertmanager.ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param alertmanager.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: alertmanager.local - ## path: / - ## - extraHosts: [] - ## @param alertmanager.ingress.extraPaths Additional arbitrary path/backend objects - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param alertmanager.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - alertmanager.local - ## secretName: alertmanager.local-tls - ## - extraTls: [] - ## @param alertmanager.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## secrets: - ## - name: alertmanager.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param alertmanager.externalUrl External URL used to access Alertmanager - ## e.g: - ## externalUrl: https://alertmanager.example.com - ## - externalUrl: "" - ## @param alertmanager.resources CPU/Memory resource requests/limits for node - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## @param alertmanager.podAffinityPreset Alertmanager Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param alertmanager.podAntiAffinityPreset Alertmanager Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param alertmanager.nodeAffinityPreset.type Alertmanager Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param alertmanager.nodeAffinityPreset.key Alertmanager Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param alertmanager.nodeAffinityPreset.values Alertmanager Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param alertmanager.affinity Alertmanager Affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: alertmanager.podAffinityPreset, alertmanager.podAntiAffinityPreset, and alertmanager.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param alertmanager.nodeSelector Alertmanager Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param alertmanager.tolerations Alertmanager Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## Alertmanager configuration - ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file - ## @param alertmanager.config [object] Alertmanager configuration directive - ## @skip alertmanager.config.route.group_by - ## @skip alertmanager.config.route.routes - ## @skip alertmanager.config.receivers - ## - config: - global: - resolve_timeout: 5m - route: - group_by: ['job'] - group_wait: 30s - group_interval: 5m - repeat_interval: 12h - receiver: 'null' - routes: - - match: - alertname: Watchdog - receiver: 'null' - receivers: - - name: 'null' - ## @param alertmanager.externalConfig Alertmanager configuration is created externally. If true, `alertmanager.config` is ignored, and a secret will not be created. - ## Alertmanager requires a secret named `alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}` - ## It must contain: - ## alertmanager.yaml: - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md#alerting - ## - externalConfig: false - ## @param alertmanager.replicaCount Number of Alertmanager replicas desired - ## - replicaCount: 1 - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param alertmanager.livenessProbe.enabled Turn on and off liveness probe - ## @param alertmanager.livenessProbe.path Path of the HTTP service for checking the healthy state - ## @param alertmanager.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated - ## @param alertmanager.livenessProbe.periodSeconds How often to perform the probe - ## @param alertmanager.livenessProbe.timeoutSeconds When the probe times out - ## @param alertmanager.livenessProbe.failureThreshold Minimum consecutive failures for the probe - ## @param alertmanager.livenessProbe.successThreshold Minimum consecutive successes for the probe - ## - livenessProbe: - enabled: true - path: /-/healthy - initialDelaySeconds: 0 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 120 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param alertmanager.readinessProbe.enabled Turn on and off readiness probe - ## @param alertmanager.readinessProbe.path Path of the HTTP service for checking the ready state - ## @param alertmanager.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated - ## @param alertmanager.readinessProbe.periodSeconds How often to perform the probe - ## @param alertmanager.readinessProbe.timeoutSeconds When the probe times out - ## @param alertmanager.readinessProbe.failureThreshold Minimum consecutive failures for the probe - ## @param alertmanager.readinessProbe.successThreshold Minimum consecutive successes for the probe - ## - readinessProbe: - enabled: true - path: /-/ready - initialDelaySeconds: 0 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 120 - successThreshold: 1 - ## @param alertmanager.logLevel Log level for Alertmanager - ## - logLevel: info - ## @param alertmanager.logFormat Log format for Alertmanager - ## - logFormat: logfmt - ## @param alertmanager.podMetadata [object] Standard object's metadata. - ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata - ## - podMetadata: - labels: {} - annotations: {} - ## @param alertmanager.secrets Secrets that should be mounted into the Alertmanager Pods - ## - secrets: [] - ## @param alertmanager.configMaps ConfigMaps that should be mounted into the Alertmanager Pods - ## - configMaps: [] - ## @param alertmanager.retention Metrics retention days - ## - retention: 120h - ## @param alertmanager.storageSpec Alertmanager StorageSpec for persistent data - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md - ## - storageSpec: {} - ## Alertmanager persistence parameters - ## - persistence: - ## @param alertmanager.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect. - ## If you want to use this configuration make sure the storageSpec is not provided. - ## - enabled: false - ## @param alertmanager.persistence.storageClass Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param alertmanager.persistence.accessModes Persistent Volume Access Modes - ## - accessModes: - - ReadWriteOnce - ## @param alertmanager.persistence.size Persistent Volume Size - ## - size: 8Gi - ## @param alertmanager.paused If true, the Operator won't process any Alertmanager configuration changes - ## - paused: false - ## @param alertmanager.listenLocal ListenLocal makes the Alertmanager server listen on loopback - ## - listenLocal: false - ## @param alertmanager.containers Containers allows injecting additional containers - ## - containers: [] - ## @param alertmanager.volumes Volumes allows configuration of additional volumes. Evaluated as a template - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec - ## - volumes: [] - ## @param alertmanager.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/pi.md#alertmanagerspec - ## - volumeMounts: [] - ## @param alertmanager.priorityClassName Priority class assigned to the Pods - ## - priorityClassName: "" - ## @param alertmanager.additionalPeers AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster - ## - additionalPeers: [] - ## @param alertmanager.routePrefix Prefix used to register routes, overriding externalUrl route - ## Useful for proxies that rewrite URLs. - ## - routePrefix: / - ## @param alertmanager.portName Port name used for the pods and governing service. This defaults to web - ## - portName: web - ## @param alertmanager.configNamespaceSelector AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. This defaults to {} - ## - configNamespaceSelector: {} - ## @param alertmanager.configSelector Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {} - ## - configSelector: {} - -## @section Exporters - -## Exporters -## -exporters: - node-exporter: - ## @param exporters.node-exporter.enabled Enable node-exporter - ## - enabled: true - kube-state-metrics: - ## @param exporters.kube-state-metrics.enabled Enable kube-state-metrics - ## - enabled: true -## @param node-exporter [object] Node Exporter deployment configuration -## -node-exporter: - service: - labels: - jobLabel: node-exporter - serviceMonitor: - enabled: true - jobLabel: jobLabel - extraArgs: - collector.filesystem.ignored-mount-points: "^/(dev|proc|sys|var/lib/docker/.+)($|/)" - collector.filesystem.ignored-fs-types: "^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$" -## @param kube-state-metrics [object] Node Exporter deployment configuration -## -kube-state-metrics: - serviceMonitor: - enabled: true -## Component scraping for kubelet and kubelet hosted cAdvisor -## -kubelet: - ## @param kubelet.enabled Create a ServiceMonitor to scrape kubelet service - ## - enabled: true - ## @param kubelet.namespace Namespace where kubelet service is deployed. Related configuration `operator.kubeletService.namespace` - ## - namespace: kube-system - serviceMonitor: - ## @param kubelet.serviceMonitor.https Enable scraping of the kubelet over HTTPS - ## - https: true - ## @param kubelet.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: "" - ## @param kubelet.serviceMonitor.metricRelabelings Metric relabeling - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs - ## - metricRelabelings: [] - ## @param kubelet.serviceMonitor.relabelings Relabel configs - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - ## - relabelings: [] - ## @param kubelet.serviceMonitor.cAdvisorMetricRelabelings Metric relabeling for scraping cAdvisor - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs - ## - cAdvisorMetricRelabelings: [] - ## @param kubelet.serviceMonitor.cAdvisorRelabelings Relabel configs for scraping cAdvisor - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs - ## - cAdvisorRelabelings: [] -## Component scraping the kube-apiserver -## -kubeApiServer: - ## @param kubeApiServer.enabled Create a ServiceMonitor to scrape kube-apiserver service - ## - enabled: true - serviceMonitor: - ## @param kubeApiServer.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: "" - ## @param kubeApiServer.serviceMonitor.metricRelabelings Metric relabeling - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs - ## - metricRelabelings: [] - ## @param kubeApiServer.serviceMonitor.relabelings Relabel configs - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - ## - relabelings: [] -## Component scraping the kube-controller-manager -## -kubeControllerManager: - ## @param kubeControllerManager.enabled Create a ServiceMonitor to scrape kube-controller-manager service - ## - enabled: true - ## @param kubeControllerManager.endpoints If your kube controller manager is not deployed as a pod, specify IPs it can be found on - ## endpoints: - ## - 10.141.4.22 - ## - 10.141.4.23 - ## - 10.141.4.24 - ## - endpoints: [] - ## @param kubeControllerManager.namespace Namespace where kube-controller-manager service is deployed. - ## - namespace: kube-system - ## Service ports and selector information - ## @param kubeControllerManager.service.enabled Whether or not to create a Service object for kube-controller-manager - ## @param kubeControllerManager.service.port Listening port of the kube-controller-manager Service object - ## @param kubeControllerManager.service.targetPort Port to target on the kube-controller-manager Pods. This should be the port that kube-controller-manager is exposing metrics on - ## @param kubeControllerManager.service.selector Optional PODs Label selector for the service - ## - service: - enabled: true - port: 10252 - targetPort: 10252 - ## selector: - ## component: kube-controller-manager - ## - selector: {} - serviceMonitor: - ## @param kubeControllerManager.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: "" - ## @param kubeControllerManager.serviceMonitor.https Enable scraping kube-controller-manager over https - ## Requires proper certs (not self-signed) and delegated authentication/authorization checks - ## - https: false - ## @param kubeControllerManager.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping - ## - insecureSkipVerify: "" - ## @param kubeControllerManager.serviceMonitor.serverName Name of the server to use when validating TLS certificate - serverName: "" - ## @param kubeControllerManager.serviceMonitor.metricRelabelings Metric relabeling - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs - ## - metricRelabelings: [] - ## @param kubeControllerManager.serviceMonitor.relabelings Relabel configs - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - ## - relabelings: [] -## Component scraping kube scheduler -## -kubeScheduler: - ## @param kubeScheduler.enabled Create a ServiceMonitor to scrape kube-scheduler service - ## - enabled: true - ## @param kubeScheduler.endpoints If your kube scheduler is not deployed as a pod, specify IPs it can be found on - ## endpoints: - ## - 10.141.4.22 - ## - 10.141.4.23 - ## - 10.141.4.24 - ## - endpoints: [] - ## @param kubeScheduler.namespace Namespace where kube-scheduler service is deployed. - ## - namespace: kube-system - ## If using kubeScheduler.endpoints only the port and targetPort are used - ## @param kubeScheduler.service.enabled Whether or not to create a Service object for kube-scheduler - ## @param kubeScheduler.service.port Listening port of the kube scheduler Service object - ## @param kubeScheduler.service.targetPort Port to target on the kube scheduler Pods. This should be the port that kube scheduler is exposing metrics on - ## @param kubeScheduler.service.selector Optional PODs Label selector for the service - ## - service: - enabled: true - port: 10251 - targetPort: 10251 - ## selector: - ## component: kube-scheduler - ## - selector: {} - serviceMonitor: - ## @param kubeScheduler.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) - ## - interval: "" - ## @param kubeScheduler.serviceMonitor.https Enable scraping kube-scheduler over https - ## Requires proper certs (not self-signed) and delegated authentication/authorization checks - ## - https: false - ## @param kubeScheduler.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping - ## - insecureSkipVerify: "" - ## @param kubeScheduler.serviceMonitor.serverName Name of the server to use when validating TLS certificate - ## - serverName: "" - ## @param kubeScheduler.serviceMonitor.metricRelabelings Metric relabeling - ## metricRelabelings: - ## - action: keep - ## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - ## sourceLabels: [__name__] - ## - metricRelabelings: [] - ## @param kubeScheduler.serviceMonitor.relabelings Relabel configs - ## relabelings: - ## - sourceLabels: [__meta_kubernetes_pod_node_name] - ## separator: ; - ## regex: ^(.*)$ - ## targetLabel: nodename - ## replacement: $1 - ## action: replace - ## - relabelings: [] -## Component scraping coreDns -## -coreDns: - ## @param coreDns.enabled Create a ServiceMonitor to scrape coredns service - ## - enabled: true - ## @param coreDns.namespace Namespace where core dns service is deployed. - ## - namespace: kube-system - ## Create a ServiceMonitor to scrape coredns service - ## @param coreDns.service.enabled Whether or not to create a Service object for coredns - ## @param coreDns.service.port Listening port of the coredns Service object - ## @param coreDns.service.targetPort Port to target on the coredns Pods. This should be the port that coredns is exposing metrics on - ## @param coreDns.service.selector Optional PODs Label selector for the service - ## - service: - enabled: true - port: 9153 - targetPort: 9153 - ## selector: - ## component: kube-dns - ## - selector: {} - serviceMonitor: - ## @param coreDns.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - ## @param coreDns.serviceMonitor.metricRelabelings Metric relabel configs to apply to samples before ingestion. - ## metricRelabelings: - ## - action: keep - ## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - ## sourceLabels: [__name__] - ## - metricRelabelings: [] - ## @param coreDns.serviceMonitor.relabelings Relabel configs to apply to samples before ingestion. - ## relabelings: - ## - sourceLabels: [__meta_kubernetes_pod_node_name] - ## separator: ; - ## regex: ^(.*)$ - ## targetLabel: nodename - ## replacement: $1 - ## action: replace - ## - relabelings: [] -## Component scraping the kube-proxy -## -kubeProxy: - ## @param kubeProxy.enabled Create a ServiceMonitor to scrape the kube-proxy Service - ## - enabled: true - ## @param kubeProxy.endpoints If your kube-proxy is not deployed as a pod, specify IPs it can be found on - ## endpoints: - ## - 10.141.4.22 - ## - 10.141.4.23 - ## - 10.141.4.24 - ## - endpoints: [] - ## @param kubeProxy.namespace Namespace where cube-proxy service is deployed. - ## - namespace: kube-system - ## @param kubeProxy.service [object] Service ports and selector information - ## @param coreDns.service.enabled Whether or not to create a Service object for coredns - ## @param coreDns.service.port Listening port of the coredns Service object - ## @param coreDns.service.targetPort Port to target on the coredns Pods. This should be the port that coredns is exposing metrics on - ## @param coreDns.service.selector Optional PODs Label selector for the service - ## - service: - enabled: true - port: 10249 - targetPort: 10249 - ## selector: - ## k8s-app: kube-proxy - ## - selector: {} - serviceMonitor: - ## @param kubeProxy.serviceMonitor.https Enable scraping kube-proxy over https. - ## Requires proper certs (not self-signed) and delegated authentication/authorization checks - ## - https: false - ## @param kubeProxy.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: "" - ## @param kubeProxy.serviceMonitor.metricRelabelings Metric relabeling - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs - ## - metricRelabelings: [] - ## @param kubeProxy.serviceMonitor.relabelings Relabel configs - ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - ## - relabelings: [] - -## @section RBAC parameters - -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## @param rbac.create Whether to create and use RBAC resources or not -## @param rbac.apiVersion Version of the RBAC API -## @param rbac.pspEnabled PodSecurityPolicy -## -rbac: - create: true - apiVersion: v1beta1 - pspEnabled: true diff --git a/bitnami/kube-state-metrics/Chart.lock b/bitnami/kube-state-metrics/Chart.lock deleted file mode 100644 index 6eebce7..0000000 --- a/bitnami/kube-state-metrics/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-24T07:54:23.651413549Z" diff --git a/bitnami/kube-state-metrics/Chart.yaml b/bitnami/kube-state-metrics/Chart.yaml deleted file mode 100644 index 88df775..0000000 --- a/bitnami/kube-state-metrics/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - category: Analytics -apiVersion: v2 -appVersion: 2.2.1 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/kube-state-metrics -icon: https://bitnami.com/assets/stacks/kube-state-metrics/img/kube-state-metrics-stack-220x234.png -keywords: - - prometheus - - kube-state-metrics - - monitoring -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: kube-state-metrics -sources: - - https://github.com/bitnami/bitnami-docker-kube-state-metrics - - https://github.com/kubernetes/kube-state-metrics -version: 2.1.10 diff --git a/bitnami/kube-state-metrics/README.md b/bitnami/kube-state-metrics/README.md deleted file mode 100644 index faa119c..0000000 --- a/bitnami/kube-state-metrics/README.md +++ /dev/null @@ -1,227 +0,0 @@ -# kube-state-metrics - -[kube-state-metrics](https://github.com/kubernetes/kube-state-metrics) is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. - -## TL;DR - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/kube-state-metrics -``` - -## Introduction - -This chart bootstraps [kube-state-metrics](https://github.com/bitnami/bitnami-docker-kube-state-metrics) on [Kubernetes](http://kubernetes.io) using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Installing the Chart - -Add the `bitnami` charts repo to Helm: - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -``` - -To install the chart with the release name `my-release`: - -```bash -$ helm install my-release bitnami/kube-state-metrics -``` - -The command deploys kube-state-metrics on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -## Uninstalling the Chart - -To uninstall/delete the `my-release` release: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------------------------------------------------------------------------- | ----- | -| `nameOverride` | String to partially override `kube-state-metrics.name` template with a string (will prepend the release name) | `""` | -| `fullnameOverride` | String to fully override `kube-state-metrics.fullname` template with a string | `""` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | - - -### kube-state-metrics parameters - -| Name | Description | Value | -| ----------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------------------- | -| `hostAliases` | Add deployment host aliases | `[]` | -| `rbac.create` | Whether to create & use RBAC resources or not | `true` | -| `rbac.apiVersion` | Version of the RBAC API | `v1beta1` | -| `rbac.pspEnabled` | PodSecurityPolicy | `true` | -| `serviceAccount.create` | Specify whether to create a ServiceAccount for kube-state-metrics | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `image.registry` | kube-state-metrics image registry | `docker.io` | -| `image.repository` | kube-state-metrics image repository | `bitnami/kube-state-metrics` | -| `image.tag` | kube-state-metrics Image tag (immutable tags are recommended) | `2.2.1-debian-10-r1` | -| `image.pullPolicy` | kube-state-metrics image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `extraArgs` | Additional command line arguments to pass to kube-state-metrics | `{}` | -| `namespaces` | Comma-separated list of namespaces to be enabled. Defaults to all namespaces | `""` | -| `kubeResources.certificatesigningrequests` | Enable the `certificatesigningrequests` resource | `true` | -| `kubeResources.configmaps` | Enable the `configmaps` resource | `true` | -| `kubeResources.cronjobs` | Enable the `cronjobs` resource | `true` | -| `kubeResources.daemonsets` | Enable the `daemonsets` resource | `true` | -| `kubeResources.deployments` | Enable the `deployments` resource | `true` | -| `kubeResources.endpoints` | Enable the `endpoints` resource | `true` | -| `kubeResources.horizontalpodautoscalers` | Enable the `horizontalpodautoscalers` resource | `true` | -| `kubeResources.ingresses` | Enable the `ingresses` resource | `true` | -| `kubeResources.jobs` | Enable the `jobs` resource | `true` | -| `kubeResources.limitranges` | Enable the `limitranges` resource | `true` | -| `kubeResources.mutatingwebhookconfigurations` | Enable the `mutatingwebhookconfigurations` resource | `true` | -| `kubeResources.namespaces` | Enable the `namespaces` resource | `true` | -| `kubeResources.networkpolicies` | Enable the `networkpolicies` resource | `true` | -| `kubeResources.nodes` | Enable the `nodes` resource | `true` | -| `kubeResources.persistentvolumeclaims` | Enable the `persistentvolumeclaims` resource | `true` | -| `kubeResources.persistentvolumes` | Enable the `persistentvolumes` resource | `true` | -| `kubeResources.poddisruptionbudgets` | Enable the `poddisruptionbudgets` resource | `true` | -| `kubeResources.pods` | Enable the `pods` resource | `true` | -| `kubeResources.replicasets` | Enable the `replicasets` resource | `true` | -| `kubeResources.replicationcontrollers` | Enable the `replicationcontrollers` resource | `true` | -| `kubeResources.resourcequotas` | Enable the `resourcequotas` resource | `true` | -| `kubeResources.secrets` | Enable the `secrets` resource | `true` | -| `kubeResources.services` | Enable the `services` resource | `true` | -| `kubeResources.statefulsets` | Enable the `statefulsets` resource | `true` | -| `kubeResources.storageclasses` | Enable the `storageclasses` resource | `true` | -| `kubeResources.verticalpodautoscalers` | Enable the `verticalpodautoscalers` resource | `false` | -| `kubeResources.validatingwebhookconfigurations` | Enable the `validatingwebhookconfigurations` resource | `false` | -| `kubeResources.volumeattachments` | Enable the `volumeattachments` resource | `true` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container filesystem | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.port` | kube-state-metrics service port | `8080` | -| `service.clusterIP` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | `""` | -| `service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types. | `""` | -| `service.loadBalancerIP` | `loadBalancerIP` if service type is `LoadBalancer` | `""` | -| `service.loadBalancerSourceRanges` | Address that are allowed when svc is `LoadBalancer` | `[]` | -| `service.annotations` | Additional annotations for kube-state-metrics service | `{}` | -| `service.labels` | Additional labels for kube-state-metrics service | `{}` | -| `hostNetwork` | Enable hostNetwork mode | `false` | -| `priorityClassName` | Priority class assigned to the Pods | `""` | -| `resources.limits` | The resources limits for the container | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `replicaCount` | Desired number of controller pods | `1` | -| `podLabels` | Pod labels | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `updateStrategy` | Allows setting of `RollingUpdate` strategy | `{}` | -| `minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `livenessProbe.enabled` | Turn on and off liveness probe | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | -| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `readinessProbe.enabled` | Turn on and off readiness probe | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | -| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe | `6` | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe | `1` | -| `serviceMonitor.enabled` | Creates a ServiceMonitor to monitor kube-state-metrics | `false` | -| `serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `serviceMonitor.interval` | Scrape interval (use by default, falling back to Prometheus' default) | `""` | -| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | -| `serviceMonitor.honorLabels` | Honor metrics labels | `false` | -| `serviceMonitor.relabelings` | ServiceMonitor relabelings | `[]` | -| `serviceMonitor.metricRelabelings` | ServiceMonitor metricRelabelings | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example the following command sets the `replicas` of the kube-state-metrics Pods to `2`. - -```bash -$ helm install my-release --set replicas=2 bitnami/kube-state-metrics -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/kube-state-metrics -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use Sidecars and Init Containers - -If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. - -Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.bitnami.com/kubernetes/apps/kube-state-metrics/configuration/configure-sidecar-init-containers/). - -### Set Pod affinity - -This chart allows you to set custom Pod affinity using the `affinity` parameter. Find more information about Pod's affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -```bash -$ helm upgrade my-release bitnami/kube-state-metrics -``` - -### To 2.0.0 - -This version updates kube-state-metrics to its new major, 2.0.0. There have been some value's name changes to acommodate to the naming used in 2.0.0: - - - `.Values.namespace` -> `.Values.namespaces` - - `.Values.collectors` -> `.Values.kubeResources` - -For more information, please refer to [kube-state-metrics 2 release notes](https://kubernetes.io/blog/2021/04/13/kube-state-metrics-v-2-0/). - -### To 1.1.0 - -This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/apps/kube-state-metrics/administration/upgrade-helm3/). diff --git a/bitnami/kube-state-metrics/templates/NOTES.txt b/bitnami/kube-state-metrics/templates/NOTES.txt deleted file mode 100644 index b38b091..0000000 --- a/bitnami/kube-state-metrics/templates/NOTES.txt +++ /dev/null @@ -1,36 +0,0 @@ -** Please be patient while the chart is being deployed ** - -Watch the kube-state-metrics Deployment status using the command: - - kubectl get deploy -w --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} - -kube-state-metrics can be accessed via port "{{ .Values.service.port }}" on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -To access kube-state-metrics from outside the cluster execute the following commands: - -{{- if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - -{{- $port:=.Values.service.port | toString }} - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo "URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - -{{- else if contains "ClusterIP" .Values.service.type }} - - echo "URL: http://127.0.0.1:9100/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 9100:{{ .Values.service.port }} - -{{- else if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "URL: http://$NODE_IP:$NODE_PORT/" - -{{- end }} - -{{- include "kube-state-metrics.checkRollingTags" . }} diff --git a/bitnami/kube-state-metrics/templates/_helpers.tpl b/bitnami/kube-state-metrics/templates/_helpers.tpl deleted file mode 100644 index be47e22..0000000 --- a/bitnami/kube-state-metrics/templates/_helpers.tpl +++ /dev/null @@ -1,44 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the appropriate apiVersion for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiVersion" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kube-state-metrics.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Return the proper kube-state-metrics image name -*/}} -{{- define "kube-state-metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "kube-state-metrics.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "kube-state-metrics.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- end -}} diff --git a/bitnami/kube-state-metrics/templates/clusterrole.yaml b/bitnami/kube-state-metrics/templates/clusterrole.yaml deleted file mode 100644 index 6d158fa..0000000 --- a/bitnami/kube-state-metrics/templates/clusterrole.yaml +++ /dev/null @@ -1,182 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - {{- if .Values.kubeResources.certificatesigningrequests }} - - apiGroups: ["certificates.k8s.io"] - resources: - - certificatesigningrequests - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.configmaps }} - - apiGroups: [""] - resources: - - configmaps - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.cronjobs }} - - apiGroups: ["batch"] - resources: - - cronjobs - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.daemonsets }} - - apiGroups: ["extensions", "apps"] - resources: - - daemonsets - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.deployments }} - - apiGroups: ["extensions", "apps"] - resources: - - deployments - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.endpoints }} - - apiGroups: [""] - resources: - - endpoints - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.horizontalpodautoscalers }} - - apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.ingresses }} - - apiGroups: ["extensions", "networking.k8s.io"] - resources: - - ingresses - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.jobs }} - - apiGroups: ["batch"] - resources: - - jobs - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.limitranges }} - - apiGroups: [""] - resources: - - limitranges - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.mutatingwebhookconfigurations }} - - apiGroups: ["admissionregistration.k8s.io"] - resources: - - mutatingwebhookconfigurations - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.namespaces }} - - apiGroups: [""] - resources: - - namespaces - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.networkpolicies }} - - apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.nodes }} - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.persistentvolumeclaims }} - - apiGroups: [""] - resources: - - persistentvolumeclaims - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.persistentvolumes }} - - apiGroups: [""] - resources: - - persistentvolumes - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.poddisruptionbudgets }} - - apiGroups: ["policy"] - resources: - - poddisruptionbudgets - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.pods }} - - apiGroups: [""] - resources: - - pods - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.replicasets }} - - apiGroups: ["extensions", "apps"] - resources: - - replicasets - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.replicationcontrollers }} - - apiGroups: [""] - resources: - - replicationcontrollers - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.resourcequotas }} - - apiGroups: [""] - resources: - - resourcequotas - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.secrets }} - - apiGroups: [""] - resources: - - secrets - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.services }} - - apiGroups: [""] - resources: - - services - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.statefulsets }} - - apiGroups: ["apps"] - resources: - - statefulsets - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.storageclasses }} - - apiGroups: ["storage.k8s.io"] - resources: - - storageclasses - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.verticalpodautoscalers }} - - apiGroups: ["autoscaling.k8s.io"] - resources: - - verticalpodautoscalers - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.validatingwebhookconfigurations }} - - apiGroups: ["admissionregistration.k8s.io"] - resources: - - validatingwebhookconfigurations - verbs: ["list", "watch"] - {{- end }} - {{- if .Values.kubeResources.volumeattachments }} - - apiGroups: ["storage.k8s.io"] - resources: - - volumeattachments - verbs: ["list", "watch"] - {{- end }} -{{- end }} diff --git a/bitnami/kube-state-metrics/templates/clusterrolebinding.yaml b/bitnami/kube-state-metrics/templates/clusterrolebinding.yaml deleted file mode 100644 index 9953e1e..0000000 --- a/bitnami/kube-state-metrics/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kube-state-metrics/templates/deployment.yaml b/bitnami/kube-state-metrics/templates/deployment.yaml deleted file mode 100644 index 948178b..0000000 --- a/bitnami/kube-state-metrics/templates/deployment.yaml +++ /dev/null @@ -1,193 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - replicas: {{ .Values.replicaCount }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - minReadySeconds: {{ .Values.minReadySeconds }} - template: - metadata: - {{- if or .Values.podAnnotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podLabels }} - {{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} - spec: - {{- include "kube-state-metrics.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - hostNetwork: {{ .Values.hostNetwork }} - serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - containers: - - name: kube-state-metrics - image: {{ template "kube-state-metrics.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - {{- if .Values.kubeResources.certificatesigningrequests }} - - --resources=certificatesigningrequests - {{- end }} - {{- if .Values.kubeResources.configmaps }} - - --resources=configmaps - {{- end }} - {{- if .Values.kubeResources.cronjobs }} - - --resources=cronjobs - {{- end }} - {{- if .Values.kubeResources.daemonsets }} - - --resources=daemonsets - {{- end }} - {{- if .Values.kubeResources.deployments }} - - --resources=deployments - {{- end }} - {{- if .Values.kubeResources.endpoints }} - - --resources=endpoints - {{- end }} - {{- if .Values.kubeResources.horizontalpodautoscalers }} - - --resources=horizontalpodautoscalers - {{- end }} - {{- if .Values.kubeResources.ingresses }} - - --resources=ingresses - {{- end }} - {{- if .Values.kubeResources.jobs }} - - --resources=jobs - {{- end }} - {{- if .Values.kubeResources.limitranges }} - - --resources=limitranges - {{- end }} - {{- if .Values.kubeResources.mutatingwebhookconfigurations }} - - --resources=mutatingwebhookconfigurations - {{- end }} - {{- if .Values.kubeResources.namespaces }} - - --resources=namespaces - {{- end }} - {{- if .Values.kubeResources.networkpolicies }} - - --resources=networkpolicies - {{- end }} - {{- if .Values.kubeResources.nodes }} - - --resources=nodes - {{- end }} - {{- if .Values.kubeResources.persistentvolumeclaims }} - - --resources=persistentvolumeclaims - {{- end }} - {{- if .Values.kubeResources.persistentvolumes }} - - --resources=persistentvolumes - {{- end }} - {{- if .Values.kubeResources.poddisruptionbudgets }} - - --resources=poddisruptionbudgets - {{- end }} - {{- if .Values.kubeResources.pods }} - - --resources=pods - {{- end }} - {{- if .Values.kubeResources.replicasets }} - - --resources=replicasets - {{- end }} - {{- if .Values.kubeResources.replicationcontrollers }} - - --resources=replicationcontrollers - {{- end }} - {{- if .Values.kubeResources.resourcequotas }} - - --resources=resourcequotas - {{- end }} - {{- if .Values.kubeResources.secrets }} - - --resources=secrets - {{- end }} - {{- if .Values.kubeResources.services }} - - --resources=services - {{- end }} - {{- if .Values.kubeResources.statefulsets }} - - --resources=statefulsets - {{- end }} - {{- if .Values.kubeResources.storageclasses }} - - --resources=storageclasses - {{- end }} - {{- if .Values.kubeResources.verticalpodautoscalers }} - - --resources=verticalpodautoscalers - {{- end }} - {{- if .Values.kubeResources.validatingwebhookconfigurations }} - - --resources=validatingwebhookconfigurations - {{- end }} - {{- if .Values.kubeResources.volumeattachments }} - - --resources=volumeattachments - {{- end }} - {{- if .Values.namespace }} - - --namespaces={{ .Values.namespaces }} - {{- end }} - {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /healthz - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: / - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} diff --git a/bitnami/kube-state-metrics/templates/psp-clusterrole.yaml b/bitnami/kube-state-metrics/templates/psp-clusterrole.yaml deleted file mode 100644 index c7e3e07..0000000 --- a/bitnami/kube-state-metrics/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -kind: ClusterRole -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }}-psp - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "common.names.fullname" . }} -{{- end }} diff --git a/bitnami/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/bitnami/kube-state-metrics/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index 1b5abbb..0000000 --- a/bitnami/kube-state-metrics/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ template "common.names.fullname" . }}-psp - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "common.names.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kube-state-metrics/templates/psp.yaml b/bitnami/kube-state-metrics/templates/psp.yaml deleted file mode 100644 index 330507e..0000000 --- a/bitnami/kube-state-metrics/templates/psp.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.pspEnabled }} -apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - privileged: false - volumes: - - 'secret' - hostNetwork: {{ .Values.hostNetwork }} - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1001 - max: 1001 - readOnlyRootFilesystem: false -{{- end }} diff --git a/bitnami/kube-state-metrics/templates/service.yaml b/bitnami/kube-state-metrics/templates/service.yaml deleted file mode 100644 index bd76fe2..0000000 --- a/bitnami/kube-state-metrics/templates/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - annotations: - {{- if not .Values.serviceMonitor.enabled }} - prometheus.io/scrape: "true" - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.service.labels }} - {{- toYaml .Values.service.labels | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - {{- with .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} - {{- end }} - {{- end }} - {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if and .Values.service.nodePort (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) }} - nodePort: {{ .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/kube-state-metrics/templates/serviceaccount.yaml b/bitnami/kube-state-metrics/templates/serviceaccount.yaml deleted file mode 100644 index 48beecb..0000000 --- a/bitnami/kube-state-metrics/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/kube-state-metrics/templates/servicemonitor.yaml b/bitnami/kube-state-metrics/templates/servicemonitor.yaml deleted file mode 100644 index 0abf480..0000000 --- a/bitnami/kube-state-metrics/templates/servicemonitor.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - {{- if .Values.serviceMonitor.namespace }} - namespace: {{ .Values.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- range $key, $value := .Values.serviceMonitor.selector }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.serviceMonitor.jobLabel }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - endpoints: - - port: http - {{- if .Values.serviceMonitor.interval }} - interval: {{ .Values.serviceMonitor.interval }} - {{- end }} - {{- if .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if hasKey .Values.serviceMonitor "honorLabels" }} - honorLabels: {{ .Values.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kube-state-metrics/values.yaml b/bitnami/kube-state-metrics/values.yaml deleted file mode 100644 index d8b1313..0000000 --- a/bitnami/kube-state-metrics/values.yaml +++ /dev/null @@ -1,365 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters -## - -## @param nameOverride String to partially override `kube-state-metrics.name` template with a string (will prepend the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override `kube-state-metrics.fullname` template with a string -## -fullnameOverride: "" -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param commonAnnotations Add annotations to all the deployed resources -## -commonAnnotations: {} - -## @section kube-state-metrics parameters -## - -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## @param rbac.create Whether to create & use RBAC resources or not - ## - create: true - ## @param rbac.apiVersion Version of the RBAC API - ## - apiVersion: v1beta1 - ## @param rbac.pspEnabled PodSecurityPolicy - ## - pspEnabled: true -## Service account for kube-state-metrics to use. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Specify whether to create a ServiceAccount for kube-state-metrics - ## - create: true - ## @param serviceAccount.name The name of the ServiceAccount to create - ## If not set and create is true, a name is generated using the kube-state-metrics.fullname template - ## - name: "" -## Bitnami kube-state-metrics image version -## ref: https://hub.docker.com/r/bitnami/kube-state-metrics/tags/ -## @param image.registry kube-state-metrics image registry -## @param image.repository kube-state-metrics image repository -## @param image.tag kube-state-metrics Image tag (immutable tags are recommended) -## @param image.pullPolicy kube-state-metrics image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## -image: - registry: docker.io - repository: bitnami/kube-state-metrics - tag: 2.2.1-debian-10-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param extraArgs Additional command line arguments to pass to kube-state-metrics -## -extraArgs: {} -## @param namespaces Comma-separated list of namespaces to be enabled. Defaults to all namespaces -## -namespaces: "" -## kube-state-metrics resources to be enabled -## @param kubeResources.certificatesigningrequests Enable the `certificatesigningrequests` resource -## @param kubeResources.configmaps Enable the `configmaps` resource -## @param kubeResources.cronjobs Enable the `cronjobs` resource -## @param kubeResources.daemonsets Enable the `daemonsets` resource -## @param kubeResources.deployments Enable the `deployments` resource -## @param kubeResources.endpoints Enable the `endpoints` resource -## @param kubeResources.horizontalpodautoscalers Enable the `horizontalpodautoscalers` resource -## @param kubeResources.ingresses Enable the `ingresses` resource -## @param kubeResources.jobs Enable the `jobs` resource -## @param kubeResources.limitranges Enable the `limitranges` resource -## @param kubeResources.mutatingwebhookconfigurations Enable the `mutatingwebhookconfigurations` resource -## @param kubeResources.namespaces Enable the `namespaces` resource -## @param kubeResources.networkpolicies Enable the `networkpolicies` resource -## @param kubeResources.nodes Enable the `nodes` resource -## @param kubeResources.persistentvolumeclaims Enable the `persistentvolumeclaims` resource -## @param kubeResources.persistentvolumes Enable the `persistentvolumes` resource -## @param kubeResources.poddisruptionbudgets Enable the `poddisruptionbudgets` resource -## @param kubeResources.pods Enable the `pods` resource -## @param kubeResources.replicasets Enable the `replicasets` resource -## @param kubeResources.replicationcontrollers Enable the `replicationcontrollers` resource -## @param kubeResources.resourcequotas Enable the `resourcequotas` resource -## @param kubeResources.secrets Enable the `secrets` resource -## @param kubeResources.services Enable the `services` resource -## @param kubeResources.statefulsets Enable the `statefulsets` resource -## @param kubeResources.storageclasses Enable the `storageclasses` resource -## @param kubeResources.verticalpodautoscalers Enable the `verticalpodautoscalers` resource -## @param kubeResources.validatingwebhookconfigurations Enable the `validatingwebhookconfigurations` resource -## @param kubeResources.volumeattachments Enable the `volumeattachments` resource -## -kubeResources: - certificatesigningrequests: true - configmaps: true - cronjobs: true - daemonsets: true - deployments: true - endpoints: true - horizontalpodautoscalers: true - ingresses: true - jobs: true - limitranges: true - mutatingwebhookconfigurations: true - namespaces: true - networkpolicies: true - nodes: true - persistentvolumeclaims: true - persistentvolumes: true - poddisruptionbudgets: true - pods: true - replicasets: true - replicationcontrollers: true - resourcequotas: true - secrets: true - services: true - statefulsets: true - storageclasses: true - verticalpodautoscalers: false - validatingwebhookconfigurations: false - volumeattachments: true -## @param securityContext.enabled Enable security context -## @param securityContext.fsGroup Group ID for the container filesystem -## @param securityContext.runAsUser User ID for the container -## -securityContext: - enabled: true - runAsUser: 1001 - fsGroup: 1001 -## kube-state-metrics Service -## -service: - ## @param service.type Kubernetes service type - ## - type: ClusterIP - ## @param service.port kube-state-metrics service port - ## - port: 8080 - ## @param service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` for headless service - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## e.g: - ## nodePort: 30080 - ## - nodePort: "" - ## @param service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer` - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer` - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.annotations Additional annotations for kube-state-metrics service - ## - annotations: {} - ## @param service.labels Additional labels for kube-state-metrics service - ## - labels: {} -## @param hostNetwork Enable hostNetwork mode -## -hostNetwork: false -## @param priorityClassName Priority class assigned to the Pods -## -priorityClassName: "" -## Resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the container -## @param resources.requests The requested resources for the container -## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} -## @param replicaCount Desired number of controller pods -## -replicaCount: 1 -## @param podLabels Pod labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param updateStrategy Allows setting of `RollingUpdate` strategy -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## -updateStrategy: {} -## @param minReadySeconds How many seconds a pod needs to be ready before killing the next, during update -## -minReadySeconds: 0 -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Turn on and off liveness probe -## @param livenessProbe.initialDelaySeconds Delay before liveness probe is initiated -## @param livenessProbe.periodSeconds How often to perform the probe -## @param livenessProbe.timeoutSeconds When the probe times out -## @param livenessProbe.failureThreshold Minimum consecutive failures for the probe -## @param livenessProbe.successThreshold Minimum consecutive successes for the probe -## -livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Turn on and off readiness probe -## @param readinessProbe.initialDelaySeconds Delay before readiness probe is initiated -## @param readinessProbe.periodSeconds How often to perform the probe -## @param readinessProbe.timeoutSeconds When the probe times out -## @param readinessProbe.failureThreshold Minimum consecutive failures for the probe -## @param readinessProbe.successThreshold Minimum consecutive successes for the probe -## -readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## ServiceMonitor configuration -## -serviceMonitor: - ## @param serviceMonitor.enabled Creates a ServiceMonitor to monitor kube-state-metrics - ## - enabled: false - ## @param serviceMonitor.namespace Namespace in which Prometheus is running - ## e.g: - ## namespace: monitoring - ## - namespace: "" - ## @param serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## @param serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param serviceMonitor.selector ServiceMonitor selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param serviceMonitor.honorLabels Honor metrics labels - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## honorLabels: false - ## - honorLabels: false - ## @param serviceMonitor.relabelings ServiceMonitor relabelings - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - relabelings: [] - ## @param serviceMonitor.metricRelabelings ServiceMonitor metricRelabelings - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] diff --git a/bitnami/kubeapps/.gitignore b/bitnami/kubeapps/.gitignore deleted file mode 100644 index 948259a..0000000 --- a/bitnami/kubeapps/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/*.tgz diff --git a/bitnami/kubeapps/Chart.lock b/bitnami/kubeapps/Chart.lock deleted file mode 100644 index e946177..0000000 --- a/bitnami/kubeapps/Chart.lock +++ /dev/null @@ -1,12 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 10.10.1 -- name: redis - repository: https://charts.bitnami.com/bitnami - version: 15.3.2 -digest: sha256:5d13ba8016e00a50bf270d0724e091197f3bea7941c55bdfd5ed834f7c8a4059 -generated: "2021-09-16T15:55:07.549983274+02:00" diff --git a/bitnami/kubeapps/Chart.yaml b/bitnami/kubeapps/Chart.yaml deleted file mode 100644 index 460287e..0000000 --- a/bitnami/kubeapps/Chart.yaml +++ /dev/null @@ -1,36 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 2.4.0 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x - - name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 10.x.x - # Currently redis is only used for an in-progress plugin for flux support. - # Our upstream bitnami/kubeapps chart should not include redis as a - # dependency yet, and in development we can set redis.enabled if developing - # other plugins only. - - name: redis - repository: https://charts.bitnami.com/bitnami - version: 15.x.x - condition: redis.enabled -description: Kubeapps is a dashboard for your Kubernetes cluster that makes it easy to deploy and manage applications in your cluster using Helm -home: https://kubeapps.com -icon: https://raw.githubusercontent.com/kubeapps/kubeapps/master/docs/img/logo.png -keywords: - - helm - - dashboard - - service catalog - - deployment -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: kubeapps -sources: - - https://github.com/kubeapps/kubeapps -version: 7.5.2 diff --git a/bitnami/kubeapps/README.md b/bitnami/kubeapps/README.md deleted file mode 100644 index 117b0f7..0000000 --- a/bitnami/kubeapps/README.md +++ /dev/null @@ -1,965 +0,0 @@ -# Kubeapps - -[![CircleCI](https://circleci.com/gh/kubeapps/kubeapps/tree/master.svg?style=svg)](https://circleci.com/gh/kubeapps/kubeapps/tree/master) - -[Kubeapps](https://kubeapps.com) is an in-cluster web-based application that enables users with a one-time installation to deploy, manage, and upgrade applications on a Kubernetes cluster. - -With Kubeapps you can: - -- Customize deployments through an intuitive, form-based user interface -- Inspect, upgrade and delete applications installed in the cluster -- Browse and deploy [Helm](https://github.com/helm/helm) charts from public or private chart repositories (including [VMware Marketplace™](https://marketplace.cloud.vmware.com) and [Bitnami Application Catalog](https://bitnami.com/application-catalog)) -- Browse and deploy [Kubernetes Operators](https://operatorhub.io/) -- Secure authentication to Kubeapps using a [standalone OAuth2/OIDC provider](./docs/user/using-an-OIDC-provider.md) or [using Pinniped](./docs/user/using-an-OIDC-provider-with-pinniped.md) -- Secure authorization based on Kubernetes [Role-Based Access Control](./docs/user/access-control.md) - -**_Note:_** Kubeapps 2.0 and onwards supports Helm 3 only. While only the Helm 3 API is supported, in most cases, charts made for Helm 2 will still work. - -## TL;DR - -```bash -helm repo add bitnami https://charts.bitnami.com/bitnami -kubectl create namespace kubeapps -helm install kubeapps --namespace kubeapps bitnami/kubeapps -``` - -> Check out the [getting started](https://github.com/kubeapps/kubeapps/blob/master/docs/user/getting-started.md) to start deploying apps with Kubeapps. - -## Introduction - -This chart bootstraps a [Kubeapps](https://kubeapps.com) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami PostgreSQL chart](https://github.com/bitnami/charts/tree/master/bitnami/postgresql) which is required for bootstrapping a deployment for the database requirements of the Kubeapps application. - -## Prerequisites - -- Kubernetes 1.16+ (tested with both bare-metal and managed clusters, including EKS, AKS, GKE and Tanzu Kubernetes Grid, as well as dev clusters, such as Kind, Minikube and Docker for Desktop Kubernetes) -- Helm 3.0.2+ -- Administrative access to the cluster to create Custom Resource Definitions (CRDs) -- PV provisioner support in the underlying infrastructure (required for PostgreSQL database) - -## Installing the Chart - -To install the chart with the release name `kubeapps`: - -```bash -helm repo add bitnami https://charts.bitnami.com/bitnami -kubectl create namespace kubeapps -helm install kubeapps --namespace kubeapps bitnami/kubeapps -``` - -The command deploys Kubeapps on the Kubernetes cluster in the `kubeapps` namespace. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Caveat**: Only one Kubeapps installation is supported per namespace - -Once you have installed Kubeapps follow the [Getting Started Guide](https://github.com/kubeapps/kubeapps/blob/master/docs/user/getting-started.md) for additional information on how to access and use Kubeapps. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------- | ------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `enableIPv6` | Enable IPv6 configuration | `false` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| --------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ | -| `ingress.enabled` | Enable ingress record generation for Kubeapps | `false` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress record | `kubeapps.local` | -| `ingress.path` | Default path for the ingress record | `/` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` | -| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | -| `ingress.certManager` | Set up the cert-manager integration | `{}` | -| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | -| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | -| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | -| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | -| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | - - -### Frontend parameters - -| Name | Description | Value | -| ------------------------------------------------ | ----------------------------------------------------------------------------------------- | ---------------------- | -| `frontend.image.registry` | NGINX image registry | `docker.io` | -| `frontend.image.repository` | NGINX image repository | `bitnami/nginx` | -| `frontend.image.tag` | NGINX image tag (immutable tags are recommended) | `1.21.3-debian-10-r11` | -| `frontend.image.pullPolicy` | NGINX image pull policy | `IfNotPresent` | -| `frontend.image.pullSecrets` | NGINX image pull secrets | `[]` | -| `frontend.image.debug` | Enable image debug mode | `false` | -| `frontend.proxypassAccessTokenAsBearer` | Use access_token as the Bearer when talking to the k8s api server | `false` | -| `frontend.proxypassExtraSetHeader` | Set an additional proxy header for all requests proxied via NGINX | `""` | -| `frontend.largeClientHeaderBuffers` | Set large_client_header_buffers in NGINX config | `4 32k` | -| `frontend.replicaCount` | Number of frontend replicas to deploy | `2` | -| `frontend.resources.limits.cpu` | The CPU limits for the NGINX container | `250m` | -| `frontend.resources.limits.memory` | The memory limits for the NGINX container | `128Mi` | -| `frontend.resources.requests.cpu` | The requested CPU for the NGINX container | `25m` | -| `frontend.resources.requests.memory` | The requested memory for the NGINX container | `32Mi` | -| `frontend.extraEnvVars` | Array with extra environment variables to add to the NGINX container | `[]` | -| `frontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the NGINX container | `""` | -| `frontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the NGINX container | `""` | -| `frontend.containerPort` | NGINX HTTP container port | `8080` | -| `frontend.podSecurityContext.enabled` | Enabled frontend pods' Security Context | `true` | -| `frontend.podSecurityContext.fsGroup` | Set frontend pod's Security Context fsGroup | `1001` | -| `frontend.containerSecurityContext.enabled` | Enabled NGINX containers' Security Context | `true` | -| `frontend.containerSecurityContext.runAsUser` | Set NGINX container's Security Context runAsUser | `1001` | -| `frontend.containerSecurityContext.runAsNonRoot` | Set NGINX container's Security Context runAsNonRoot | `true` | -| `frontend.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `frontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `frontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `frontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `frontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `frontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `frontend.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `frontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `frontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `frontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `frontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `frontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `frontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `frontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `frontend.lifecycleHooks` | Custom lifecycle hooks for frontend containers | `{}` | -| `frontend.podLabels` | Extra labels for frontend pods | `{}` | -| `frontend.podAnnotations` | Annotations for frontend pods | `{}` | -| `frontend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `frontend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `frontend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `frontend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `frontend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `frontend.affinity` | Affinity for pod assignment | `{}` | -| `frontend.nodeSelector` | Node labels for pod assignment | `{}` | -| `frontend.tolerations` | Tolerations for pod assignment | `[]` | -| `frontend.priorityClassName` | Priority class name for frontend pods | `""` | -| `frontend.hostAliases` | Custom host aliases for frontend pods | `[]` | -| `frontend.extraVolumes` | Optionally specify extra list of additional volumes for frontend pods | `[]` | -| `frontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for frontend container(s) | `[]` | -| `frontend.sidecars` | Add additional sidecar containers to the frontend pod | `[]` | -| `frontend.initContainers` | Add additional init containers to the frontend pods | `[]` | -| `frontend.service.type` | Frontend service type | `ClusterIP` | -| `frontend.service.port` | Frontend service HTTP port | `80` | -| `frontend.service.nodePort` | Node port for HTTP | `""` | -| `frontend.service.clusterIP` | Frontend service Cluster IP | `""` | -| `frontend.service.loadBalancerIP` | Frontend service Load Balancer IP | `""` | -| `frontend.service.loadBalancerSourceRanges` | Frontend service Load Balancer sources | `[]` | -| `frontend.service.externalTrafficPolicy` | Frontend service external traffic policy | `Cluster` | -| `frontend.service.annotations` | Additional custom annotations for frontend service | `{}` | - - -### Dashboard parameters - -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------ | ---------------------------- | -| `dashboard.image.registry` | Dashboard image registry | `docker.io` | -| `dashboard.image.repository` | Dashboard image repository | `bitnami/kubeapps-dashboard` | -| `dashboard.image.tag` | Dashboard image tag (immutable tags are recommended) | `2.4.0-debian-10-r17` | -| `dashboard.image.pullPolicy` | Dashboard image pull policy | `IfNotPresent` | -| `dashboard.image.pullSecrets` | Dashboard image pull secrets | `[]` | -| `dashboard.image.debug` | Enable image debug mode | `false` | -| `dashboard.customStyle` | Custom CSS injected to the Dashboard to customize Kubeapps look and feel | `""` | -| `dashboard.customComponents` | Custom Form components injected into the BasicDeploymentForm | `""` | -| `dashboard.remoteComponentsUrl` | Remote URL that can be used to load custom components vs loading from the local filesystem | `""` | -| `dashboard.customLocale` | Custom translations injected to the Dashboard to customize the strings used in Kubeapps | `""` | -| `dashboard.defaultTheme` | Default theme used in the Dashboard if the user has not selected any theme yet. | `""` | -| `dashboard.replicaCount` | Number of Dashboard replicas to deploy | `2` | -| `dashboard.extraEnvVars` | Array with extra environment variables to add to the Dashboard container | `[]` | -| `dashboard.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Dashboard container | `""` | -| `dashboard.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Dashboard container | `""` | -| `dashboard.containerPort` | Dashboard HTTP container port | `8080` | -| `dashboard.resources.limits.cpu` | The CPU limits for the Dashboard container | `250m` | -| `dashboard.resources.limits.memory` | The memory limits for the Dashboard container | `128Mi` | -| `dashboard.resources.requests.cpu` | The requested CPU for the Dashboard container | `25m` | -| `dashboard.resources.requests.memory` | The requested memory for the Dashboard container | `32Mi` | -| `dashboard.podSecurityContext.enabled` | Enabled Dashboard pods' Security Context | `true` | -| `dashboard.podSecurityContext.fsGroup` | Set Dashboard pod's Security Context fsGroup | `1001` | -| `dashboard.containerSecurityContext.enabled` | Enabled Dashboard containers' Security Context | `true` | -| `dashboard.containerSecurityContext.runAsUser` | Set Dashboard container's Security Context runAsUser | `1001` | -| `dashboard.containerSecurityContext.runAsNonRoot` | Set Dashboard container's Security Context runAsNonRoot | `true` | -| `dashboard.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `dashboard.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `dashboard.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `dashboard.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `dashboard.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `dashboard.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `dashboard.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `dashboard.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `dashboard.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `dashboard.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `dashboard.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `dashboard.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `dashboard.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `dashboard.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `dashboard.lifecycleHooks` | Custom lifecycle hooks for Dashboard containers | `{}` | -| `dashboard.podLabels` | Extra labels for Dasbhoard pods | `{}` | -| `dashboard.podAnnotations` | Annotations for Dasbhoard pods | `{}` | -| `dashboard.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `dashboard.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `dashboard.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `dashboard.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `dashboard.affinity` | Affinity for pod assignment | `{}` | -| `dashboard.nodeSelector` | Node labels for pod assignment | `{}` | -| `dashboard.tolerations` | Tolerations for pod assignment | `[]` | -| `dashboard.priorityClassName` | Priority class name for Dashboard pods | `""` | -| `dashboard.hostAliases` | Custom host aliases for Dashboard pods | `[]` | -| `dashboard.extraVolumes` | Optionally specify extra list of additional volumes for Dasbhoard pods | `[]` | -| `dashboard.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) | `[]` | -| `dashboard.sidecars` | Add additional sidecar containers to the Dasbhoard pod | `[]` | -| `dashboard.initContainers` | Add additional init containers to the Dasbhoard pods | `[]` | -| `dashboard.service.port` | Dasbhoard service HTTP port | `8080` | -| `dashboard.service.annotations` | Additional custom annotations for Dasbhoard service | `{}` | - - -### AppRepository Controller parameters - -| Name | Description | Value | -| ----------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------------- | -| `apprepository.image.registry` | Kubeapps AppRepository Controller image registry | `docker.io` | -| `apprepository.image.repository` | Kubeapps AppRepository Controller image repository | `bitnami/kubeapps-apprepository-controller` | -| `apprepository.image.tag` | Kubeapps AppRepository Controller image tag (immutable tags are recommended) | `2.4.0-scratch-r1` | -| `apprepository.image.pullPolicy` | Kubeapps AppRepository Controller image pull policy | `IfNotPresent` | -| `apprepository.image.pullSecrets` | Kubeapps AppRepository Controller image pull secrets | `[]` | -| `apprepository.syncImage.registry` | Kubeapps Asset Syncer image registry | `docker.io` | -| `apprepository.syncImage.repository` | Kubeapps Asset Syncer image repository | `bitnami/kubeapps-asset-syncer` | -| `apprepository.syncImage.tag` | Kubeapps Asset Syncer image tag (immutable tags are recommended) | `2.4.0-scratch-r1` | -| `apprepository.syncImage.pullPolicy` | Kubeapps Asset Syncer image pull policy | `IfNotPresent` | -| `apprepository.syncImage.pullSecrets` | Kubeapps Asset Syncer image pull secrets | `[]` | -| `apprepository.initialRepos` | Initial chart repositories to configure | `[]` | -| `apprepository.initialReposProxy` | Proxy configuration to access chart repositories | `{}` | -| `apprepository.crontab` | Schedule for syncing App repositories (default to 10 minutes) | `""` | -| `apprepository.watchAllNamespaces` | Watch all namespaces to support separate AppRepositories per namespace | `true` | -| `apprepository.replicaCount` | Number of AppRepository Controller replicas to deploy | `1` | -| `apprepository.resources.limits.cpu` | The CPU limits for the AppRepository Controller container | `250m` | -| `apprepository.resources.limits.memory` | The memory limits for the AppRepository Controller container | `128Mi` | -| `apprepository.resources.requests.cpu` | The requested CPU for the AppRepository Controller container | `25m` | -| `apprepository.resources.requests.memory` | The requested memory for the AppRepository Controller container | `32Mi` | -| `apprepository.podSecurityContext.enabled` | Enabled AppRepository Controller pods' Security Context | `true` | -| `apprepository.podSecurityContext.fsGroup` | Set AppRepository Controller pod's Security Context fsGroup | `1001` | -| `apprepository.containerSecurityContext.enabled` | Enabled AppRepository Controller containers' Security Context | `true` | -| `apprepository.containerSecurityContext.runAsUser` | Set AppRepository Controller container's Security Context runAsUser | `1001` | -| `apprepository.containerSecurityContext.runAsNonRoot` | Set AppRepository Controller container's Security Context runAsNonRoot | `true` | -| `apprepository.lifecycleHooks` | Custom lifecycle hooks for AppRepository Controller containers | `{}` | -| `apprepository.podLabels` | Extra labels for AppRepository Controller pods | `{}` | -| `apprepository.podAnnotations` | Annotations for AppRepository Controller pods | `{}` | -| `apprepository.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `apprepository.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `apprepository.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `apprepository.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `apprepository.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `apprepository.affinity` | Affinity for pod assignment | `{}` | -| `apprepository.nodeSelector` | Node labels for pod assignment | `{}` | -| `apprepository.tolerations` | Tolerations for pod assignment | `[]` | -| `apprepository.priorityClassName` | Priority class name for AppRepository Controller pods | `""` | -| `apprepository.hostAliases` | Custom host aliases for AppRepository Controller pods | `[]` | - - -### Kubeops parameters - -| Name | Description | Value | -| ----------------------------------------------- | ----------------------------------------------------------------------------------------- | -------------------------- | -| `kubeops.image.registry` | Kubeops image registry | `docker.io` | -| `kubeops.image.repository` | Kubeops image repository | `bitnami/kubeapps-kubeops` | -| `kubeops.image.tag` | Kubeops image tag (immutable tags are recommended) | `2.4.0-scratch-r1` | -| `kubeops.image.pullPolicy` | Kubeops image pull policy | `IfNotPresent` | -| `kubeops.image.pullSecrets` | Kubeops image pull secrets | `[]` | -| `kubeops.namespaceHeaderName` | Additional header name for trusted namespaces | `""` | -| `kubeops.namespaceHeaderPattern` | Additional header pattern for trusted namespaces | `""` | -| `kubeops.qps` | Kubeops QPS (queries per second) rate | `""` | -| `kubeops.burst` | Kubeops burst rate | `""` | -| `kubeops.replicaCount` | Number of Kubeops replicas to deploy | `2` | -| `kubeops.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | -| `kubeops.extraEnvVars` | Array with extra environment variables to add to the Kubeops container | `[]` | -| `kubeops.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Kubeops container | `""` | -| `kubeops.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Kubeops container | `""` | -| `kubeops.containerPort` | Kubeops HTTP container port | `8080` | -| `kubeops.resources.limits.cpu` | The CPU limits for the Kubeops container | `250m` | -| `kubeops.resources.limits.memory` | The memory limits for the Kubeops container | `256Mi` | -| `kubeops.resources.requests.cpu` | The requested CPU for the Kubeops container | `25m` | -| `kubeops.resources.requests.memory` | The requested memory for the Kubeops container | `32Mi` | -| `kubeops.podSecurityContext.enabled` | Enabled Kubeops pods' Security Context | `true` | -| `kubeops.podSecurityContext.fsGroup` | Set Kubeops pod's Security Context fsGroup | `1001` | -| `kubeops.containerSecurityContext.enabled` | Enabled Kubeops containers' Security Context | `true` | -| `kubeops.containerSecurityContext.runAsUser` | Set Kubeops container's Security Context runAsUser | `1001` | -| `kubeops.containerSecurityContext.runAsNonRoot` | Set Kubeops container's Security Context runAsNonRoot | `true` | -| `kubeops.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `kubeops.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `kubeops.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `kubeops.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `kubeops.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `kubeops.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `kubeops.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `kubeops.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `kubeops.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `kubeops.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `kubeops.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `kubeops.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `kubeops.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `kubeops.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `kubeops.lifecycleHooks` | Custom lifecycle hooks for Kubeops containers | `{}` | -| `kubeops.podLabels` | Extra labels for Kubeops pods | `{}` | -| `kubeops.podAnnotations` | Annotations for Kubeops pods | `{}` | -| `kubeops.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeops.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `kubeops.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeops.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `kubeops.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `kubeops.affinity` | Affinity for pod assignment | `{}` | -| `kubeops.nodeSelector` | Node labels for pod assignment | `{}` | -| `kubeops.tolerations` | Tolerations for pod assignment | `[]` | -| `kubeops.priorityClassName` | Priority class name for Kubeops pods | `""` | -| `kubeops.hostAliases` | Custom host aliases for Kubeops pods | `[]` | -| `kubeops.service.port` | Kubeops service HTTP port | `8080` | -| `kubeops.service.annotations` | Additional custom annotations for Kubeops service | `{}` | - - -### Assetsvc parameters - -| Name | Description | Value | -| ------------------------------------------------ | ----------------------------------------------------------------------------------------- | --------------------------- | -| `assetsvc.image.registry` | Kubeapps Assetsvc image registry | `docker.io` | -| `assetsvc.image.repository` | Kubeapps Assetsvc image repository | `bitnami/kubeapps-assetsvc` | -| `assetsvc.image.tag` | Kubeapps Assetsvc image tag (immutable tags are recommended) | `2.4.0-scratch-r1` | -| `assetsvc.image.pullPolicy` | Kubeapps Assetsvc image pull policy | `IfNotPresent` | -| `assetsvc.image.pullSecrets` | Kubeapps Assetsvc image pull secrets | `[]` | -| `assetsvc.replicaCount` | Number of Assetsvc replicas to deploy | `2` | -| `assetsvc.extraEnvVars` | Array with extra environment variables to add to the Assetsvc container | `[]` | -| `assetsvc.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the Assetsvc container | `""` | -| `assetsvc.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the Assetsvc container | `""` | -| `assetsvc.containerPort` | Assetsvc HTTP container port | `8080` | -| `assetsvc.resources.limits.cpu` | The CPU limits for the Assetsvc container | `250m` | -| `assetsvc.resources.limits.memory` | The memory limits for the Assetsvc container | `128Mi` | -| `assetsvc.resources.requests.cpu` | The requested CPU for the Assetsvc container | `25m` | -| `assetsvc.resources.requests.memory` | The requested memory for the Assetsvc container | `32Mi` | -| `assetsvc.podSecurityContext.enabled` | Enabled Assetsvc pods' Security Context | `true` | -| `assetsvc.podSecurityContext.fsGroup` | Set Assetsvc pod's Security Context fsGroup | `1001` | -| `assetsvc.containerSecurityContext.enabled` | Enabled Assetsvc containers' Security Context | `true` | -| `assetsvc.containerSecurityContext.runAsUser` | Set Assetsvc container's Security Context runAsUser | `1001` | -| `assetsvc.containerSecurityContext.runAsNonRoot` | Set Assetsvc container's Security Context runAsNonRoot | `true` | -| `assetsvc.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `assetsvc.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `assetsvc.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `assetsvc.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `assetsvc.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `assetsvc.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `assetsvc.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `assetsvc.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `assetsvc.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `assetsvc.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `assetsvc.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `assetsvc.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `assetsvc.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `assetsvc.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `assetsvc.lifecycleHooks` | Custom lifecycle hooks for Assetsvc containers | `{}` | -| `assetsvc.podLabels` | Extra labels for Assetsvc pods | `{}` | -| `assetsvc.podAnnotations` | Annotations for Assetsvc pods | `{}` | -| `assetsvc.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `assetsvc.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `assetsvc.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `assetsvc.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `assetsvc.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `assetsvc.affinity` | Affinity for pod assignment | `{}` | -| `assetsvc.nodeSelector` | Node labels for pod assignment | `{}` | -| `assetsvc.tolerations` | Tolerations for pod assignment | `[]` | -| `assetsvc.priorityClassName` | Priority class name for Assetsvc pods | `""` | -| `assetsvc.hostAliases` | Custom host aliases for Assetsvc pods | `[]` | -| `assetsvc.service.port` | Assetsvc service HTTP port | `8080` | -| `assetsvc.service.annotations` | Additional custom annotations for Assetsvc service | `{}` | - - -### Auth Proxy parameters - -| Name | Description | Value | -| ------------------------------------------------- | ----------------------------------------------------------------------------- | ---------------------- | -| `authProxy.enabled` | Specifies whether Kubeapps should configure OAuth login/logout | `false` | -| `authProxy.image.registry` | OAuth2 Proxy image registry | `docker.io` | -| `authProxy.image.repository` | OAuth2 Proxy image repository | `bitnami/oauth2-proxy` | -| `authProxy.image.tag` | OAuth2 Proxy image tag (immutable tags are recommended) | `7.1.3-debian-10-r124` | -| `authProxy.image.pullPolicy` | OAuth2 Proxy image pull policy | `IfNotPresent` | -| `authProxy.image.pullSecrets` | OAuth2 Proxy image pull secrets | `[]` | -| `authProxy.external` | Use an external Auth Proxy instead of deploying its own one | `false` | -| `authProxy.oauthLoginURI` | OAuth Login URI to which the Kubeapps frontend redirects for authn | `/oauth2/start` | -| `authProxy.oauthLogoutURI` | OAuth Logout URI to which the Kubeapps frontend redirects for authn | `/oauth2/sign_out` | -| `authProxy.skipKubeappsLoginPage` | Skip the Kubeapps login page when using OIDC and directly redirect to the IdP | `false` | -| `authProxy.provider` | OAuth provider | `""` | -| `authProxy.clientID` | OAuth Client ID | `""` | -| `authProxy.clientSecret` | OAuth Client secret | `""` | -| `authProxy.cookieSecret` | Secret used by oauth2-proxy to encrypt any credentials | `""` | -| `authProxy.cookieRefresh` | Duration after which to refresh the cookie | `2m` | -| `authProxy.scope` | OAuth scope specification | `openid email groups` | -| `authProxy.emailDomain` | Allowed email domains | `*` | -| `authProxy.additionalFlags` | Additional flags for oauth2-proxy | `[]` | -| `authProxy.containerPort` | Auth Proxy HTTP container port | `3000` | -| `authProxy.containerSecurityContext.enabled` | Enabled Auth Proxy containers' Security Context | `true` | -| `authProxy.containerSecurityContext.runAsUser` | Set Auth Proxy container's Security Context runAsUser | `1001` | -| `authProxy.containerSecurityContext.runAsNonRoot` | Set Auth Proxy container's Security Context runAsNonRoot | `true` | -| `authProxy.resources.limits.cpu` | The CPU limits for the OAuth2 Proxy container | `250m` | -| `authProxy.resources.limits.memory` | The memory limits for the OAuth2 Proxy container | `128Mi` | -| `authProxy.resources.requests.cpu` | The requested CPU for the OAuth2 Proxy container | `25m` | -| `authProxy.resources.requests.memory` | The requested memory for the OAuth2 Proxy container | `32Mi` | - - -### Pinniped Proxy parameters - -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------ | --------------------------------- | -| `pinnipedProxy.enabled` | Specifies whether Kubeapps should configure Pinniped Proxy | `false` | -| `pinnipedProxy.image.registry` | Pinniped Proxy image registry | `docker.io` | -| `pinnipedProxy.image.repository` | Pinniped Proxy image repository | `bitnami/kubeapps-pinniped-proxy` | -| `pinnipedProxy.image.tag` | Pinniped Proxy image tag (immutable tags are recommended) | `2.4.0-debian-10-r18` | -| `pinnipedProxy.image.pullPolicy` | Pinniped Proxy image pull policy | `IfNotPresent` | -| `pinnipedProxy.image.pullSecrets` | Pinniped Proxy image pull secrets | `[]` | -| `pinnipedProxy.defaultPinnipedNamespace` | Specify the (default) namespace in which pinniped concierge is installed | `pinniped-concierge` | -| `pinnipedProxy.defaultAuthenticatorType` | Specify the (default) authenticator type | `JWTAuthenticator` | -| `pinnipedProxy.defaultAuthenticatorName` | Specify the (default) authenticator name | `jwt-authenticator` | -| `pinnipedProxy.defaultPinnipedAPISuffix` | Specify the (default) API suffix | `pinniped.dev` | -| `pinnipedProxy.containerPort` | Kubeops HTTP container port | `3333` | -| `pinnipedProxy.containerSecurityContext.enabled` | Enabled Pinniped Proxy containers' Security Context | `true` | -| `pinnipedProxy.containerSecurityContext.runAsUser` | Set Pinniped Proxy container's Security Context runAsUser | `1001` | -| `pinnipedProxy.containerSecurityContext.runAsNonRoot` | Set Pinniped Proxy container's Security Context runAsNonRoot | `true` | -| `pinnipedProxy.resources.limits.cpu` | The CPU limits for the Pinniped Proxy container | `250m` | -| `pinnipedProxy.resources.limits.memory` | The memory limits for the Pinniped Proxy container | `128Mi` | -| `pinnipedProxy.resources.requests.cpu` | The requested CPU for the Pinniped Proxy container | `25m` | -| `pinnipedProxy.resources.requests.memory` | The requested memory for the Pinniped Proxy container | `32Mi` | - - -### Other Parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------------------------------------- | ---------------------- | -| `allowNamespaceDiscovery` | Allow users to discover available namespaces (only the ones they have access) | `true` | -| `clusters` | List of clusters that Kubeapps can target for deployments | `[]` | -| `featureFlags` | Feature flags (used to switch on development features) | `{}` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `testImage.registry` | NGINX image registry | `docker.io` | -| `testImage.repository` | NGINX image repository | `bitnami/nginx` | -| `testImage.tag` | NGINX image tag (immutable tags are recommended) | `1.21.3-debian-10-r11` | -| `testImage.pullPolicy` | NGINX image pull policy | `IfNotPresent` | -| `testImage.pullSecrets` | NGINX image pull secrets | `[]` | - - -### Database Parameters - -| Name | Description | Value | -| -------------------------------------- | ---------------------------------------------------------------------------- | -------- | -| `postgresql.enabled` | Deploy a PostgreSQL server to satisfy the applications database requirements | `true` | -| `postgresql.replication.enabled` | Enable replication for high availability | `true` | -| `postgresql.postgresqlDatabase` | Database name for Kubeapps to be created on the first run | `assets` | -| `postgresql.postgresqlPassword` | Password for 'postgres' user | `""` | -| `postgresql.persistence.enabled` | Enable persistence on PostgreSQL using PVC(s) | `false` | -| `postgresql.persistence.size` | Persistent Volume size | `8Gi` | -| `postgresql.securityContext.enabled` | Enabled PostgreSQL replicas pods' Security Context | `false` | -| `postgresql.resources.limits` | The resources limits for the PostreSQL container | `{}` | -| `postgresql.resources.requests.cpu` | The requested CPU for the PostreSQL container | `250m` | -| `postgresql.resources.requests.memory` | The requested memory for the PostreSQL container | `256Mi` | - - -### kubeappsapis parameters - -| Name | Description | Value | -| ---------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `kubeappsapis.unsafeUseDemoSA` | If true, replace the user's credentials by a full-granted demo service account. Just intended for development purposes. | `false` | -| `kubeappsapis.enabledPlugins` | Enabled plugins for the Kubeapps-APIs service | `["helm"]` | -| `kubeappsapis.image.registry` | Kubeapps-APIs image registry | `docker.io` | -| `kubeappsapis.image.repository` | Kubeapps-APIs image repository | `bitnami/kubeapps-apis` | -| `kubeappsapis.image.tag` | Kubeapps-APIs image tag (immutable tags are recommended) | `2.4.0-debian-10-r18` | -| `kubeappsapis.image.pullPolicy` | Kubeapps-APIs image pull policy | `IfNotPresent` | -| `kubeappsapis.image.pullSecrets` | Kubeapps-APIs image pull secrets | `[]` | -| `kubeappsapis.replicaCount` | Number of frontend replicas to deploy | `1` | -| `kubeappsapis.terminationGracePeriodSeconds` | The grace time period for sig term | `300` | -| `kubeappsapis.extraEnvVars` | Array with extra environment variables to add to the KubeappsAPIs container | `[]` | -| `kubeappsapis.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container | `""` | -| `kubeappsapis.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for the KubeappsAPIs container | `""` | -| `kubeappsapis.containerPort` | KubeappsAPIs HTTP container port | `50051` | -| `kubeappsapis.resources.limits.cpu` | The CPU limits for the KubeappsAPIs container | `250m` | -| `kubeappsapis.resources.limits.memory` | The memory limits for the KubeappsAPIs container | `256Mi` | -| `kubeappsapis.resources.requests.cpu` | The requested CPU for the KubeappsAPIs container | `25m` | -| `kubeappsapis.resources.requests.memory` | The requested memory for the KubeappsAPIs container | `32Mi` | -| `kubeappsapis.podSecurityContext.enabled` | Enabled KubeappsAPIs pods' Security Context | `true` | -| `kubeappsapis.podSecurityContext.fsGroup` | Set KubeappsAPIs pod's Security Context fsGroup | `1001` | -| `kubeappsapis.containerSecurityContext.enabled` | Enabled KubeappsAPIs containers' Security Context | `true` | -| `kubeappsapis.containerSecurityContext.runAsUser` | Set KubeappsAPIs container's Security Context runAsUser | `1001` | -| `kubeappsapis.containerSecurityContext.runAsNonRoot` | Set KubeappsAPIs container's Security Context runAsNonRoot | `true` | -| `kubeappsapis.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `kubeappsapis.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `kubeappsapis.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `kubeappsapis.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `kubeappsapis.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `kubeappsapis.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `kubeappsapis.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `kubeappsapis.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `kubeappsapis.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `kubeappsapis.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `kubeappsapis.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `kubeappsapis.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `kubeappsapis.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `kubeappsapis.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `kubeappsapis.lifecycleHooks` | Custom lifecycle hooks for KubeappsAPIs containers | `{}` | -| `kubeappsapis.podLabels` | Extra labels for KubeappsAPIs pods | `{}` | -| `kubeappsapis.podAnnotations` | Annotations for KubeappsAPIs pods | `{}` | -| `kubeappsapis.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeappsapis.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `kubeappsapis.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `kubeappsapis.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `kubeappsapis.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `kubeappsapis.affinity` | Affinity for pod assignment | `{}` | -| `kubeappsapis.nodeSelector` | Node labels for pod assignment | `{}` | -| `kubeappsapis.tolerations` | Tolerations for pod assignment | `[]` | -| `kubeappsapis.priorityClassName` | Priority class name for KubeappsAPIs pods | `""` | -| `kubeappsapis.hostAliases` | Custom host aliases for KubeappsAPIs pods | `[]` | -| `kubeappsapis.service.port` | KubeappsAPIs service HTTP port | `8080` | -| `kubeappsapis.service.annotations` | Additional custom annotations for KubeappsAPIs service | `{}` | - - -### Redis™ chart configuration - -| Name | Description | Value | -| ---------------------------- | ---------------------------------------------------------------- | ------- | -| `redis.redisPassword` | Password used in Redis™ | `""` | -| `redis.enabled` | Enable the Redis™ deployment when deploying Kubeapps APIs. | `false` | -| `redis.replica.replicaCount` | Number of Redis™ replicas to deploy | `0` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install kubeapps --namespace kubeapps \ - --set ingress.enabled=true \ - bitnami/kubeapps -``` - -The above command enables an Ingress Rule to expose Kubeapps. - -Alternatively, a YAML file that specifies the values for parameters can be provided while installing the chart. For example, - -```bash -helm install kubeapps --namespace kubeapps -f custom-values.yaml bitnami/kubeapps -``` - -## Configuration and installation details - -### Configuring Initial Repositories - -By default, Kubeapps will track the [community Helm charts](https://github.com/helm/charts). To change these defaults, override with your desired parameters the `apprepository.initialRepos` object present in the [values.yaml](values.yaml) file. - -### Enabling Operators - -Since v1.9.0 (and by default since v2.0), Kubeapps supports to deploy and manage Operators within its dashboard. More information about how to enable and use this feature can be found in [this guide](https://github.com/kubeapps/kubeapps/blob/master/docs/user/operators.md). - -### Exposing Externally - -> **Note**: The Kubeapps frontend sets up a proxy to the Kubernetes API service which means that when exposing the Kubeapps service to a network external to the Kubernetes cluster (perhaps on an internal or public network), the Kubernetes API will also be exposed for authenticated requests from that network. It is highly recommended that you [use an OAuth2/OIDC provider with Kubeapps](https://github.com/kubeapps/kubeapps/blob/master/docs/user/using-an-OIDC-provider.md) to ensure that your authentication proxy is exposed rather than the Kubeapps frontend. This ensures that only the configured users trusted by your Identity Provider will be able to reach the Kubeapps frontend and therefore the Kubernetes API. Kubernetes service token authentication should only be used for users for demonstration purposes only, not production environments. - -#### LoadBalancer Service - -The simplest way to expose the Kubeapps Dashboard is to assign a LoadBalancer type to the Kubeapps frontend Service. For example, you can use the following parameter: `frontend.service.type=LoadBalancer` - -Wait for your cluster to assign a LoadBalancer IP or Hostname to the `kubeapps` Service and access it on that address: - -```bash -kubectl get services --namespace kubeapps --watch -``` - -#### Ingress - -This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress](https://hub.kubeapps.com/charts/stable/nginx-ingress) or [traefik](https://hub.kubeapps.com/charts/stable/traefik) you can utilize the ingress controller to expose Kubeapps. - -To enable ingress integration, please set `ingress.enabled` to `true` - -##### Hosts - -Most likely you will only want to have one hostname that maps to this Kubeapps installation (use the `ingress.hostname` parameter to set the hostname), however, it is possible to have more than one host. To facilitate this, the `ingress.extraHosts` object is an array. - -##### Annotations - -For annotations, please see [this document](https://github.com/kubeapps/kubeapps/blob/master/docs/user-guide/nginx-configuration/annotations.md). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. Annotations can be set using `ingress.annotations`. - -##### TLS - -This chart will facilitate the creation of TLS secrets for use with the ingress controller, however, this is not required. There are four common use cases: - -- Helm generates/manages certificate secrets based on the parameters. -- User generates/manages certificates separately. -- Helm creates self-signed certificates and generates/manages certificate secrets. -- An additional tool (like [cert-manager](https://github.com/jetstack/cert-manager/)) manages the secrets for the application. - -In the first two cases, it's needed a certificate and a key. We would expect them to look like this: - -- certificate files should look like (and there can be more than one certificate if there is a certificate chain) - - ```console - -----BEGIN CERTIFICATE----- - MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV - ... - jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 - -----END CERTIFICATE----- - ``` - -- keys should look like: - - ```console - -----BEGIN RSA PRIVATE KEY----- - MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 - ... - wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= - -----END RSA PRIVATE KEY----- - ``` - -- If you are going to use Helm to manage the certificates based on the parameters, please copy these values into the `certificate` and `key` values for a given `ingress.secrets` entry. -- In case you are going to manage TLS secrets separately, please know that you must use a TLS secret with name _INGRESS_HOSTNAME-tls_ (where _INGRESS_HOSTNAME_ is a placeholder to be replaced with the hostname you set using the `ingress.hostname` parameter). -- To use self-signed certificates created by Helm, set both `ingress.tls` and `ingress.selfSigned` to `true`. -- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, set `ingress.certManager` boolean to true to enable the corresponding annotations for cert-manager. - -## Upgrading Kubeapps - -You can upgrade Kubeapps from the Kubeapps web interface. Select the namespace in which Kubeapps is installed (`kubeapps` if you followed the instructions in this guide) and click on the "Upgrade" button. Select the new version and confirm. - -You can also use the Helm CLI to upgrade Kubeapps, first ensure you have updated your local chart repository cache: - -```bash -helm repo update -``` - -Now upgrade Kubeapps: - -```bash -export RELEASE_NAME=kubeapps -helm upgrade $RELEASE_NAME bitnami/kubeapps -``` - -If you find issues upgrading Kubeapps, check the [troubleshooting](#error-while-upgrading-the-chart) section. - -## Uninstalling the Chart - -To uninstall/delete the `kubeapps` deployment: - -```bash -helm uninstall -n kubeapps kubeapps - -# Optional: Only if there are no more instances of Kubeapps -kubectl delete crd apprepositories.kubeapps.com -``` - -The first command removes most of the Kubernetes components associated with the chart and deletes the release. After that, if there are no more instances of Kubeapps in the cluster you can manually delete the `apprepositories.kubeapps.com` CRD used by Kubeapps that is shared for the entire cluster. - -> **NOTE**: If you delete the CRD for `apprepositories.kubeapps.com` it will delete the repositories for **all** the installed instances of `kubeapps`. This will break existing installations of `kubeapps` if they exist. - -If you have dedicated a namespace only for Kubeapps you can completely clean the remaining completed/failed jobs or any stale resources by deleting the namespace - -```bash -kubectl delete namespace kubeapps -``` - -## FAQ - -- [How to install Kubeapps for demo purposes?](#how-to-install-kubeapps-for-demo-purposes) -- [How to install Kubeapps in production scenarios?](#how-to-install-kubeapps-in-production-scenarios) -- [How to use Kubeapps?](#how-to-use-kubeapps) -- [How to configure Kubeapps with Ingress](#how-to-configure-kubeapps-with-ingress) - - [Serving Kubeapps in a subpath](#serving-kubeapps-in-a-subpath) -- [Can Kubeapps install apps into more than one cluster?](#can-kubeapps-install-apps-into-more-than-one-cluster) -- [Can Kubeapps be installed without Internet connection?](#can-kubeapps-be-installed-without-internet-connection) -- [Does Kubeapps support private repositories?](#does-kubeapps-support-private-repositories) -- [Is there any API documentation?](#is-there-any-api-documentation) -- [Why can't I configure global private repositories?](#why-cant-i-configure-global-private-repositories) -- [Does Kubeapps support Operators?](#does-kubeapps-support-operators) -- [Slow response when listing namespaces?](#slow-response-when-listing-namespaces) -- [More questions?](#more-questions) - -### How to install Kubeapps for demo purposes? - -Install Kubeapps for exclusively **demo purposes** by simply following the [getting started](https://github.com/kubeapps/kubeapps/blob/master/docs/user/getting-started.md) docs. - -### How to install Kubeapps in production scenarios? - -For any user-facing installation, you should [configure an OAuth2/OIDC provider](https://github.com/kubeapps/kubeapps/blob/master/docs/user/using-an-OIDC-provider.md) to enable secure user authentication with Kubeapps and the cluster. -Please also refer to the [Access Control](https://github.com/kubeapps/kubeapps/blob/master/docs/user/access-control.md) documentation to configure fine-grained access control for users. - -### How to use Kubeapps? - -Have a look at the [dashboard documentation](https://github.com/kubeapps/kubeapps/blob/master/docs/user/dashboard.md) for knowing how to use the Kubeapps dashboard: deploying applications, listing and removing the applications running in your cluster and adding new repositories. - -### How to configure Kubeapps with Ingress - -The example below will match the URL `http://example.com` to the Kubeapps dashboard. For further configuration, please refer to your specific Ingress configuration docs (e.g., [NGINX](https://github.com/kubernetes/ingress-nginx) or [HAProxy](https://github.com/haproxytech/kubernetes-ingress)). - -```bash -helm install kubeapps bitnami/kubeapps \ - --namespace kubeapps \ - --set ingress.enabled=true \ - --set ingress.hostname=example.com \ - --set ingress.annotations."kubernetes\.io/ingress\.class"=nginx # or your preferred ingress controller -``` - -#### Serving Kubeapps in a subpath - -You may want to serve Kubeapps with a subpath, for instance `http://example.com/subpath`, you have to set the proper Ingress configuration. If you are using the ingress configuration provided by the Kubeapps chart, you will have to set the `ingress.hostname` and `path` parameters: - -```bash -helm install kubeapps bitnami/kubeapps \ - --namespace kubeapps \ - --set ingress.enabled=true \ - --set ingress.hostname=example.com \ - --set ingress.path=/subpath \ - --set ingress.annotations."kubernetes\.io/ingress\.class"=nginx # or your preferred ingress controller -``` - -Besides, if you are using the OAuth2/OIDC login (more information at the [using an OIDC provider documentation](https://github.com/kubeapps/kubeapps/blob/master/docs/user/using-an-OIDC-provider.md)), you will need, also, to configure the different URLs: - -```bash -helm install kubeapps bitnami/kubeapps \ - --namespace kubeapps \ - # ... other OIDC and ingress flags - --set authProxy.oauthLoginURI="/subpath/oauth2/login" \ - --set authProxy.oauthLogoutURI="/subpath/oauth2/logout" \ - --set authProxy.additionalFlags="{,--proxy-prefix=/subpath/oauth2}" -``` - -### Can Kubeapps install apps into more than one cluster? - -Yes! Kubeapps 2.0+ supports multicluster environments. Have a look at the [Kubeapps dashboard documentation](https://github.com/kubeapps/kubeapps/blob/master/docs/user/deploying-to-multiple-clusters.md) to know more. - -### Can Kubeapps be installed without Internet connection? - -Yes! Follow the [offline installation documentation](https://github.com/kubeapps/kubeapps/blob/master/docs/user/offline-installation.md) to discover how to perform an installation in an air-gapped scenario. - -### Does Kubeapps support private repositories? - -Of course! Have a look at the [private app repositories documentation](https://github.com/kubeapps/kubeapps/blob/master/docs/user/private-app-repository.md) to learn how to configure a private repository in Kubeapps. - -### Is there any API documentation? - -Yes! But it is not definitive and is still subject to change. Check out the [latest API online documentation](https://app.swaggerhub.com/apis/kubeapps/Kubeapps) or download the Kubeapps [OpenAPI Specification yaml file](./dashboard/public/openapi.yaml) from the repository. - -### Why can't I configure global private repositories? - -You can, but you will need to configure the `imagePullSecrets` manually. - -Kubeapps does not allow you to add `imagePullSecrets` to an AppRepository that is available to the whole cluster because it would require that Kubeapps copies those secrets to the target namespace when a user deploys an app. - -If you create a global AppRepository but the images are on a private registry requiring `imagePullSecrets`, the best way to configure that is to ensure your [Kubernetes nodes are configured with the required `imagePullSecrets`](https://kubernetes.io/docs/concepts/containers/images/#configuring-nodes-to-authenticate-to-a-private-registry) - this allows all users (of those nodes) to use those images in their deployments without ever requiring access to the secrets. - -You could alternatively ensure that the `imagePullSecret` is available in all namespaces in which you want people to deploy, but this unnecessarily compromises the secret. - -### Does Kubeapps support Operators? - -Yes! You can get started by following the [operators documentation](https://github.com/kubeapps/kubeapps/blob/master/docs/user/operators.md). - -### Slow response when listing namespaces - -Kubeapps uses the currently logged-in user credential to retrieve the list of all namespaces. If the user doesn't have permission to list namespaces, the backend will try again with its own service account to list all namespaces and then iterate through each namespace to check if the user has permissions to get secrets for each namespace (to verify if they should be allowed to use that namespace or not and hence whether it is included in the selector). This can lead to a slow response if the number of namespaces on the cluster is large. - -To reduce this time, you can increase the number of checks that Kubeapps will perform in parallel (per connection) setting the value: `kubeops.burst=` and `kubeops.QPS=`. The default value, if not set, is 15 burst requests and 10 QPS afterwards. - -### More questions? - -Feel free to [open an issue](https://github.com/kubeapps/kubeapps/issues/new) if you have any questions! - -## Troubleshooting - -### Nginx Ipv6 error - -When starting the application with the `--set enableIPv6=true` option, the Nginx server present in the services `kubeapps` and `kubeapps-internal-dashboard` may fail with the following: - -```console -nginx: [emerg] socket() [::]:8080 failed (97: Address family not supported by protocol) -``` - -This usually means that your cluster is not compatible with IPv6. To disable it, install kubeapps with the flag: `--set enableIPv6=false`. - -### Forbidden error while installing the Chart - -If during installation you run into an error similar to: - -```console -Error: release kubeapps failed: clusterroles.rbac.authorization.k8s.io "kubeapps-apprepository-controller" is forbidden: attempt to grant extra privileges: [{[get] [batch] [cronjobs] [] []... -``` - -Or: - -```console -Error: namespaces "kubeapps" is forbidden: User "system:serviceaccount:kube-system:default" cannot get namespaces in the namespace "kubeapps" -``` - -It is possible, though uncommon, that your cluster does not have Role-Based Access Control (RBAC) enabled. To check if your cluster has RBAC you can execute: - -```bash -kubectl api-versions -``` - -If the above command does not include entries for `rbac.authorization.k8s.io` you should perform the chart installation by setting `rbac.create=false`: - -```bash -helm install --name kubeapps --namespace kubeapps bitnami/kubeapps --set rbac.create=false -``` - -### Error while upgrading the Chart - -It is possible that when upgrading Kubeapps an error appears. That can be caused by a breaking change in the new chart or because the current chart installation is in an inconsistent state. If you find issues upgrading Kubeapps you can follow these steps: - -> Note: These steps assume that you have installed Kubeapps in the namespace `kubeapps` using the name `kubeapps`. If that is not the case replace the command with your namespace and/or name. -> Note: If you are upgrading from 2.3.1 see the [following section](#upgrading-to-2-3-1). -> Note: If you are upgrading from 2.3.1 see the [following section](#upgrading-to-2-3-1). -> Note: If you are upgrading from 1.X to 2.X see the [following section](#upgrading-to-2-0). - -1. (Optional) Backup your personal repositories (if you have any): - -```bash -kubectl get apprepository -A -o yaml > .yaml -``` - -2. Delete Kubeapps: - -```bash -helm del --purge kubeapps -``` - -3. (Optional) Delete the App Repositories CRD: - -> **Warning**: Don't execute this step if you have more than one Kubeapps installation in your cluster. - -```bash -kubectl delete crd apprepositories.kubeapps.com -``` - -4. (Optional) Clean the Kubeapps namespace: - -> **Warning**: Don't execute this step if you have workloads other than Kubeapps in the `kubeapps` namespace. - -```bash -kubectl delete namespace kubeapps -``` - -5. Install the latest version of Kubeapps (using any custom modifications you need): - -```bash -helm repo update -helm install --name kubeapps --namespace kubeapps bitnami/kubeapps -``` - -6. (Optional) Restore any repositories you backed up in the first step: - -```bash -kubectl apply -f .yaml -``` - -After that you should be able to access the new version of Kubeapps. If the above doesn't work for you or you run into any other issues please open an [issue](https://github.com/kubeapps/kubeapps/issues/new). - -### Upgrading to chart version 7.0.0 - -In this release, no breaking changes were included in Kubeapps (version 2.3.2). However, the chart adopted the standardizations included in the rest of the charts in the Bitnami catalog. - -Most of these standardizations simply add new parameters that allow to add more customizations such as adding custom env. variables, volumes or sidecar containers. That said, some of them include breaking changes: - -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- `securityContext.*` parameters are deprecated in favor of `XXX.podSecurityContext.*` and `XXX.containerSecurityContext.*`, where XXX is placeholder you need to replace with the actual component(s). For instance, to modify the container security context for "kubeops" use `kubeops.podSecurityContext` and `kubeops.containerSecurityContext` parameters. - -### Upgrading to 2.3.1 - -Kubeapps 2.3.1 (Chart version 6.0.0) introduces some breaking changes. Helm specific functionality has been removed in order to support other installation methods (like using YAML manifests, [`kapp`](https://carvel.dev/kapp) or `kustomize`(https://kustomize.io/)). Because of that, there are some steps required before upgrading from a previous version: - -1. Kubeapps will no longer create a database secret for you automatically but rather will rely on the default behavior of the PostgreSQL chart. If you try to upgrade Kubeapps and you installed it without setting a password, you will get the following error: - -```console -Error: UPGRADE FAILED: template: kubeapps/templates/NOTES.txt:73:4: executing "kubeapps/templates/NOTES.txt" at : error calling include: template: kubeapps/charts/common/templates/_errors.tpl:18:48: executing "common.errors.upgrade.passwords.empty" at : error calling fail: -PASSWORDS ERROR: you must provide your current passwords when upgrade the release - 'postgresql.postgresqlPassword' must not be empty, please add '--set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD' to the command. To get the current value: -``` - -The error gives you generic instructions for retrieving the PostgreSQL password, but if you have installed a Kubeapps version prior to 2.3.1, the name of the secret will differ. Execute: - -```console -export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace "kubeapps" kubeapps-db -o jsonpath="{.data.postgresql-password}" | base64 --decode) -``` - -> NOTE: Replace the namespace in the command with the namespace in which you have deployed Kubeapps. - -Make sure that you have stored the password in the variable `$POSTGRESQL_PASSWORD` before continuing with the next issue. - -2. The chart initialRepos are no longer installed using [Helm hooks](https://helm.sh/docs/topics/charts_hooks/) which caused these repos to not be handled by Helm after the first installation. Now they will be tracked for every update but if you don't delete the existing ones, it will fail to update with: - -```console -Error: UPGRADE FAILED: rendered manifests contain a resource that already exists. Unable to continue with update: AppRepository "bitnami" in namespace "kubeapps" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "kubeapps"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "kubeapps" -``` - -To bypass this issue, you will need to before delete all the initialRepos from the chart values (only the `bitnami` repo by default): - -```console -$ kubectl delete apprepositories.kubeapps.com -n kubeapps bitnami -``` - -> NOTE: Replace the namespace in the command with the namespace in which you have deployed Kubeapps. - -After that, you will be able to upgrade Kubeapps to 2.3.1 using the existing database secret: - -> **WARNING**: Make sure that the variable `$POSTGRESQL_PASSWORD` is properly populated. Setting a wrong (or empty) password will corrupt the release. - -```console -$ helm upgrade kubeapps bitnami/kubeapps -n kubeapps --set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD -``` - -### Upgrading to 2.0.1 (Chart 5.0.0) - -[On November 13, 2020, Helm 2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm 3 and to be consistent with the Helm project itself regarding the Helm 2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the _requirements.yaml_ to the _Chart.yaml_ -- After running `helm dependency update`, a _Chart.lock_ file is generated containing the same structure used in the previous _requirements.lock_ -- The different fields present in the _Chart.yaml_ file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts -- In the case of PostgreSQL subchart, apart from the same changes that are described in this section, there are also other major changes due to the master/slave nomenclature was replaced by primary/readReplica. [Here](https://github.com/bitnami/charts/pull/4385) you can find more information about the changes introduced. - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version using Helm 2, this scenario is not supported as this version doesn't support Helm 2 anymore -- If you installed the previous version with Helm 2 and wants to upgrade to this version with Helm 3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm 2 to 3 -- If you want to upgrade to this version from a previous one installed with Helm 3, you shouldn't face any issues related to the new `apiVersion`. Due to the PostgreSQL major version bump, it's necessary to remove the existing statefulsets: - -> Note: The command below assumes that Kubeapps has been deployed in the kubeapps namespace using "kubeapps" as release name, if that's not the case, adapt the command accordingly. - -```console -$ kubectl delete statefulset -n kubeapps kubeapps-postgresql-master kubeapps-postgresql-slave -``` - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### Upgrading to 2.0 - -Kubeapps 2.0 (Chart version 4.0.0) introduces some breaking changes: - -- Helm 2 is no longer supported. If you are still using some Helm 2 charts, [migrate them with the available tools](https://helm.sh/docs/topics/v2_v3_migration/). Note that some charts (but not all of them) may require to be migrated to the [new Chart specification (v2)](https://helm.sh/docs/topics/charts/#the-apiversion-field). If you are facing any issue managing this migration and Kubeapps, please open a new issue! -- MongoDB® is no longer supported. Since 2.0, the only database supported is PostgreSQL. -- PostgreSQL chart dependency has been upgraded to a new major version. - -Due to the last point, it's necessary to run a command before upgrading to Kubeapps 2.0: - -> Note: The command below assumes that Kubeapps has been deployed in the kubeapps namespace using "kubeapps" as release name, if that's not the case, adapt the command accordingly. - -```bash -kubectl delete statefulset -n kubeapps kubeapps-postgresql-master kubeapps-postgresql-slave -``` - -After that you should be able to upgrade Kubeapps as always and the database will be repopulated. diff --git a/bitnami/kubeapps/crds/apprepository-crd.yaml b/bitnami/kubeapps/crds/apprepository-crd.yaml deleted file mode 100644 index 02862a5..0000000 --- a/bitnami/kubeapps/crds/apprepository-crd.yaml +++ /dev/null @@ -1,114 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: apprepositories.kubeapps.com -spec: - group: kubeapps.com - scope: Namespaced - names: - kind: AppRepository - plural: apprepositories - shortNames: - - apprepos - versions: - - name: v1alpha1 - storage: true - served: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - type - - url - properties: - type: - type: string - enum: ["helm", "oci"] - url: - type: string - description: - type: string - auth: - type: object - properties: - header: - type: object - required: - - secretKeyRef - properties: - secretKeyRef: - type: object - required: - - key - - name - properties: - key: - type: string - name: - type: string - customCA: - type: object - required: - - secretKeyRef - properties: - secretKeyRef: - type: object - required: - - key - - name - properties: - key: - type: string - name: - type: string - dockerRegistrySecrets: - type: array - items: - type: string - tlsInsecureSkipVerify: - type: boolean - passCredentials: - type: boolean - filterRule: - type: object - properties: - jq: - type: string - variables: - type: object - additionalProperties: - type: string - ociRepositories: - type: array - items: - type: string - resyncRequests: - type: integer - syncJobPodTemplate: - type: object - properties: - metadata: - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - status: - type: string - additionalPrinterColumns: - - name: Type - type: string - description: The type of this repository. - jsonPath: .spec.type - - name: URL - type: string - description: The URL of this repository. - jsonPath: .spec.url diff --git a/bitnami/kubeapps/templates/NOTES.txt b/bitnami/kubeapps/templates/NOTES.txt deleted file mode 100644 index 6c8d80b..0000000 --- a/bitnami/kubeapps/templates/NOTES.txt +++ /dev/null @@ -1,86 +0,0 @@ -{{- $postgresqlSecretName := include "kubeapps.postgresql.secretName" . -}} - -{{- $redisSecretName := include "kubeapps.redis.secretName" . -}} - -** Please be patient while the chart is being deployed ** - -Tip: - - Watch the deployment status using the command: kubectl get pods -w --namespace {{ .Release.Namespace }} - -Kubeapps can be accessed via port {{ .Values.frontend.service.port }} on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - -{{- $reposWithOrphanSecrets := include "kubeapps.repos-with-orphan-secrets" . }} -{{- if ne $reposWithOrphanSecrets "" }} - -CAVEAT: - Some App Repositories have been installed with a custom CA or authorization header. - This generates secrets that won't be cleaned up if the repository is deleted through the Web application. - You can delete them manually or when uninstalling this chart. - -{{- end }} - -To access Kubeapps from outside your K8s cluster, follow the steps below: - -{{- if .Values.ingress.enabled }} - -1. Get the Kubeapps URL and associate Kubeapps hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "Kubeapps URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/" - echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts - -{{- else }} - -1. Get the Kubeapps URL by running these commands: - -{{- if contains "NodePort" .Values.frontend.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - echo "Kubeapps URL: http://$NODE_IP:$NODE_PORT" - -{{- else if contains "LoadBalancer" .Values.frontend.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo "Kubeapps URL: http://$SERVICE_IP:{{ .Values.frontend.service.port }}" - -{{- else if contains "ClusterIP" .Values.frontend.service.type }} - -{{- $portNumber := include "kubeapps.frontend-port-number" . }} - echo "Kubeapps URL: http://127.0.0.1:{{ $portNumber }}" - kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ template "common.names.fullname" . }} {{ $portNumber }}:{{ .Values.frontend.service.port }} - -{{- end }} -{{- end }} - -2. Open a browser and access Kubeapps using the obtained URL. - -{{ if and (not .Values.postgresql.existingSecret) (empty .Values.postgresql.postgresqlPassword) -}} -########################################################################################################## -### WARNING: You did not provide a value for the postgresqlPassword so one has been generated randomly ### -########################################################################################################## -{{- end }} - -{{ if and (.Values.redis.enabled) (not .Values.redis.existingSecret) (empty .Values.redis.redisPassword) -}} -########################################################################################################## -### WARNING: You did not provide a value for the redisPassword so one has been generated randomly ### -########################################################################################################## -{{- end }} - -{{- $passwordValidationErrors := list -}} - -{{- $postgresqlPasswordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" $postgresqlSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $postgresqlPasswordValidationErrors -}} - -{{- $redisPasswordValidationErrors := include "common.validations.values.redis.passwords" (dict "secret" $redisSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $redisPasswordValidationErrors -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} -{{- include "kubeapps.checkRollingTags" . }} -{{- include "kubeapps.validateValues" . }} diff --git a/bitnami/kubeapps/templates/_helpers.tpl b/bitnami/kubeapps/templates/_helpers.tpl deleted file mode 100644 index 34dd4bf..0000000 --- a/bitnami/kubeapps/templates/_helpers.tpl +++ /dev/null @@ -1,231 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "kubeapps.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.frontend.image .Values.dashboard.image .Values.apprepository.image .Values.apprepository.syncImage .Values.assetsvc.image .Values.kubeops.image .Values.authProxy.image .Values.pinnipedProxy.image .Values.kubeappsapis.image .Values.testImage) "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name for PostgreSQL dependency. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "kubeapps.postgresql.fullname" -}} -{{- $name := default "postgresql" .Values.postgresql.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name for Redis dependency. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "kubeapps.redis.fullname" -}} -{{- $name := default "redis" .Values.redis.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the apprepository-controller based on the fullname -*/}} -{{- define "kubeapps.apprepository.fullname" -}} -{{- printf "%s-internal-apprepository-controller" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the assetsvc based on the fullname -*/}} -{{- define "kubeapps.assetsvc.fullname" -}} -{{- printf "%s-internal-assetsvc" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the dashboard based on the fullname -*/}} -{{- define "kubeapps.dashboard.fullname" -}} -{{- printf "%s-internal-dashboard" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the dashboard config based on the fullname -*/}} -{{- define "kubeapps.dashboard-config.fullname" -}} -{{- printf "%s-internal-dashboard-config" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the frontend config based on the fullname -*/}} -{{- define "kubeapps.frontend-config.fullname" -}} -{{- printf "%s-frontend-config" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for kubeops based on the fullname -*/}} -{{- define "kubeapps.kubeops.fullname" -}} -{{- printf "%s-internal-kubeops" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the clusters config based on the fullname -*/}} -{{- define "kubeapps.clusters-config.fullname" -}} -{{- printf "%s-clusters-config" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create proxy_pass for the frontend config -*/}} -{{- define "kubeapps.frontend-config.proxy_pass" -}} -http://{{ include "kubeapps.kubeops.fullname" . }}:{{ .Values.kubeops.service.port }} -{{- end -}} - -{{/* -Create proxy_pass for the kubeappsapis -*/}} -{{- define "kubeapps.kubeappsapis.proxy_pass" -}} -http://{{ include "kubeapps.kubeappsapis.fullname" . }}:{{ .Values.kubeappsapis.service.port }} -{{- end -}} - -{{/* -Create name for kubeappsapis based on the fullname -*/}} -{{- define "kubeapps.kubeappsapis.fullname" -}} -{{- printf "%s-internal-kubeappsapis" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for the secrets related to oauth2_proxy -*/}} -{{- define "kubeapps.oauth2_proxy-secret.name" -}} -{{- printf "%s-oauth2" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create name for pinniped-proxy based on the fullname. -Currently used for a service name only. -*/}} -{{- define "kubeapps.pinniped-proxy.fullname" -}} -{{- printf "%s-internal-pinniped-proxy" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Repositories that include a caCert or an authorizationHeader -*/}} -{{- define "kubeapps.repos-with-orphan-secrets" -}} -{{- range .Values.apprepository.initialRepos }} -{{- if or .caCert .authorizationHeader }} -.name -{{- end }} -{{- end }} -{{- end -}} - -{{/* -Frontend service port number -*/}} -{{- define "kubeapps.frontend-port-number" -}} -{{- if .Values.authProxy.enabled -}} -{{ .Values.authProxy.containerPort | int }} -{{- else -}} -{{ .Values.frontend.containerPort | int }} -{{- end -}} -{{- end -}} - -{{/* -Returns the kubeappsCluster based on the configured clusters by finding the cluster without -a defined apiServiceURL. -*/}} -{{- define "kubeapps.kubeappsCluster" -}} - {{- $kubeappsCluster := "" }} - {{- if eq (len .Values.clusters) 0 }} - {{- fail "At least one cluster must be defined." }} - {{- end }} - {{- range .Values.clusters }} - {{- if or .isKubeappsCluster ( eq (.apiServiceURL | toString) "") }} - {{- if eq $kubeappsCluster "" }} - {{- $kubeappsCluster = .name }} - {{- else }} - {{- fail "Only one cluster can be configured using either 'isKubeappsCluster: true' or without an apiServiceURL to refer to the cluster on which Kubeapps is installed. Please check the provided 'clusters' configuration." }} - {{- end }} - {{- end }} - {{- end }} - {{- $kubeappsCluster }} -{{- end -}} - -{{/* -Returns a JSON list of cluster names only (without sensitive tokens etc.) -*/}} -{{- define "kubeapps.clusterNames" -}} - {{- $sanitizedClusters := list }} - {{- range .Values.clusters }} - {{- $sanitizedClusters = append $sanitizedClusters .name }} - {{- end }} - {{- $sanitizedClusters | toJson }} -{{- end -}} - -{{/* -Return the Postgresql secret name -*/}} -{{- define "kubeapps.postgresql.secretName" -}} - {{- if .Values.postgresql.existingSecret }} - {{- printf "%s" .Values.postgresql.existingSecret -}} - {{- else -}} - {{- printf "%s" (include "kubeapps.postgresql.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Return the Redis secret name -*/}} -{{- define "kubeapps.redis.secretName" -}} - {{- if .Values.redis.existingSecret }} - {{- printf "%s" .Values.redis.existingSecret -}} - {{- else -}} - {{- printf "%s" (include "kubeapps.redis.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "kubeapps.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "kubeapps.validateValues.ingress.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of Kubeapps - TLS configuration for Ingress -*/}} -{{- define "kubeapps.validateValues.ingress.tls" -}} -{{- if and .Values.ingress.enabled .Values.ingress.tls (not .Values.ingress.certManager) (not .Values.ingress.selfSigned) (empty .Values.ingress.extraTls) }} -kubeapps: ingress.tls - You enabled the TLS configuration for the default ingress hostname but - you did not enable any of the available mechanisms to create the TLS secret - to be used by the Ingress Controller. - Please use any of these alternatives: - - Use the `ingress.extraTls` and `ingress.secrets` parameters to provide your custom TLS certificates. - - Relay on cert-manager to create it by configuring `ingress.certManager.clusterIssuer` - - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` -{{- end -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "kubeapps.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.frontend.image }} -{{- include "common.warnings.rollingTag" .Values.dashboard.image }} -{{- include "common.warnings.rollingTag" .Values.apprepository.image }} -{{- include "common.warnings.rollingTag" .Values.assetsvc.image }} -{{- include "common.warnings.rollingTag" .Values.kubeops.image }} -{{- include "common.warnings.rollingTag" .Values.authProxy.image }} -{{- include "common.warnings.rollingTag" .Values.pinnipedProxy.image }} -{{- include "common.warnings.rollingTag" .Values.kubeappsapis.image }} -{{- end -}} diff --git a/bitnami/kubeapps/templates/apprepository/apprepositories-secret.yaml b/bitnami/kubeapps/templates/apprepository/apprepositories-secret.yaml deleted file mode 100644 index b902ded..0000000 --- a/bitnami/kubeapps/templates/apprepository/apprepositories-secret.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- range .Values.apprepository.initialRepos }} -{{- if or .caCert .authorizationHeader .basicAuth }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "apprepo-%s-secrets" .name }} - {{- if .namespace }} - namespace: {{ .namespace | quote }} - {{- else }} - namespace: {{ $.Release.Namespace | quote }} - {{- end }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - {{- if .caCert }} - ca.crt: |- - {{ .caCert | b64enc }} - {{- end }} - {{- $authorizationHeader := "" }} - {{- if .authorizationHeader }} - {{- $authorizationHeader = .authorizationHeader }} - {{- else if .basicAuth }} - {{- $authorizationHeader = printf "Basic %s" (printf "%s:%s" .basicAuth.user .basicAuth.password | b64enc) }} - {{- end }} - {{- if $authorizationHeader }} - authorizationHeader: |- - {{ $authorizationHeader | b64enc }} - {{- end }} ---- -{{/* credentials are required in the release namespace for syncer jobs */}} -{{- if .namespace }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-apprepo-%s" .namespace .name }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - {{- if .caCert }} - ca.crt: |- - {{ .caCert | b64enc }} - {{- end }} - {{- if $authorizationHeader }} - authorizationHeader: |- - {{ $authorizationHeader | b64enc }} - {{- end }} ---- -{{- end }} -{{- end }} -{{- end }} diff --git a/bitnami/kubeapps/templates/apprepository/apprepositories.yaml b/bitnami/kubeapps/templates/apprepository/apprepositories.yaml deleted file mode 100644 index b603da5..0000000 --- a/bitnami/kubeapps/templates/apprepository/apprepositories.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{- range .Values.apprepository.initialRepos }} -apiVersion: kubeapps.com/v1alpha1 -kind: AppRepository -metadata: - name: {{ .name }} - {{- if .namespace }} - namespace: {{ .namespace | quote }} - {{- else }} - namespace: {{ $.Release.Namespace | quote }} - {{- end }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ default "helm" .type }} - url: {{ .url }} - {{- if .ociRepositories }} - ociRepositories: - {{- range .ociRepositories }} - - {{ . }} - {{- end }} - {{- end }} - {{- if or $.Values.apprepository.containerSecurityContext.enabled $.Values.apprepository.initialReposProxy.enabled .nodeSelector }} - syncJobPodTemplate: - spec: - {{- if $.Values.apprepository.initialReposProxy.enabled }} - containers: - - env: - - name: https_proxy - value: {{ $.Values.apprepository.initialReposProxy.httpsProxy }} - - name: http_proxy - value: {{ $.Values.apprepository.initialReposProxy.httpProxy }} - - name: no_proxy - value: {{ $.Values.apprepository.initialReposProxy.noProxy }} - {{- end }} - {{- if $.Values.apprepository.containerSecurityContext.enabled }} - securityContext: - runAsUser: {{ $.Values.apprepository.containerSecurityContext.runAsUser }} - {{- end }} - {{- if .nodeSelector }} - nodeSelector: {{- toYaml .nodeSelector | nindent 8 }} - {{- end }} - {{- end }} - {{- if or .caCert .authorizationHeader .basicAuth }} - auth: - {{- if .caCert }} - customCA: - secretKeyRef: - key: ca.crt - name: {{ printf "apprepo-%s-secrets" .name }} - {{- end }} - {{- if or .authorizationHeader .basicAuth }} - header: - secretKeyRef: - key: authorizationHeader - name: {{ printf "apprepo-%s-secrets" .name }} - {{- end }} - {{- end }} ---- -{{ end -}} diff --git a/bitnami/kubeapps/templates/apprepository/deployment.yaml b/bitnami/kubeapps/templates/apprepository/deployment.yaml deleted file mode 100644 index f522438..0000000 --- a/bitnami/kubeapps/templates/apprepository/deployment.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "kubeapps.apprepository.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.apprepository.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: apprepository - template: - metadata: - {{- if .Values.apprepository.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: apprepository - {{- if .Values.apprepository.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "kubeapps.imagePullSecrets" . | indent 6 }} - serviceAccountName: {{ template "kubeapps.apprepository.fullname" . }} - {{- if .Values.apprepository.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.apprepository.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.apprepository.podAffinityPreset "component" "apprepository" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.apprepository.podAntiAffinityPreset "component" "apprepository" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.apprepository.nodeAffinityPreset.type "key" .Values.apprepository.nodeAffinityPreset.key "values" .Values.apprepository.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.apprepository.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.apprepository.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.apprepository.priorityClassName }} - priorityClassName: {{ .Values.apprepository.priorityClassName | quote }} - {{- end }} - {{- if .Values.apprepository.podSecurityContext.enabled }} - securityContext: {{- omit .Values.apprepository.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: controller - image: {{ include "common.images.image" (dict "imageRoot" .Values.apprepository.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.apprepository.image.pullPolicy | quote }} - {{- if .Values.apprepository.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.apprepository.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.apprepository.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.apprepository.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - command: - - /apprepository-controller - args: - - --user-agent-comment=kubeapps/{{ .Chart.AppVersion }} - - --repo-sync-image=$(REPO_SYNC_IMAGE) - {{- if .Values.global }} - {{- if.Values.global.imagePullSecrets }} - {{- range $key, $value := .Values.global.imagePullSecrets }} - - --repo-sync-image-pullsecrets={{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - - --repo-sync-cmd=/asset-syncer - - --namespace={{ .Release.Namespace }} - {{- if .Values.postgresql.existingSecret }} - - --database-secret-name={{ .Values.postgresql.existingSecret }} - {{- else }} - - --database-secret-name={{ template "kubeapps.postgresql.fullname" . }} - {{- end }} - - --database-secret-key=postgresql-password - - --database-url={{ template "kubeapps.postgresql.fullname" . }}:{{ default "5432" .Values.postgresql.service.port }} - - --database-user=postgres - - --database-name={{ .Values.postgresql.postgresqlDatabase }} - {{- if .Values.apprepository.crontab }} - - --crontab={{ .Values.apprepository.crontab }} - {{- end }} - - --repos-per-namespace={{ .Values.apprepository.watchAllNamespaces }} - env: - - name: REPO_SYNC_IMAGE - value: {{ include "common.images.image" (dict "imageRoot" .Values.apprepository.syncImage "global" .Values.global) }} - {{- if .Values.apprepository.resources }} - resources: {{- toYaml .Values.apprepository.resources | nindent 12 }} - {{- end }} diff --git a/bitnami/kubeapps/templates/apprepository/rbac.yaml b/bitnami/kubeapps/templates/apprepository/rbac.yaml deleted file mode 100644 index b82d303..0000000 --- a/bitnami/kubeapps/templates/apprepository/rbac.yaml +++ /dev/null @@ -1,217 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "kubeapps.apprepository.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - batch - resources: - - cronjobs - verbs: - - create - - get - - list - - update - - watch - - delete - - apiGroups: - - batch - resources: - - jobs - verbs: - - create - - apiGroups: - - kubeapps.com - resources: - - apprepositories - - apprepositories/finalizers - verbs: - - get - - list - - update - - watch ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "kubeapps.apprepository.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubeapps.apprepository.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.apprepository.fullname" . }} - namespace: {{ .Release.Namespace }} ---- -# Define role, but no binding, so users can be bound to this role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ .Release.Name }}-repositories-read - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - kubeapps.com - resources: - - apprepositories - verbs: - - list - - get ---- -# Define role, but no binding, so users can be bound to this role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ .Release.Name }}-repositories-write - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - kubeapps.com - resources: - - apprepositories - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - create ---- -# The Kubeapps app repository controller can read and watch its own -# AppRepository resources cluster-wide. The read and write cluster-roles can -# also be bound to users in specific namespaces as required. -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: "kubeapps:{{ .Release.Namespace }}:apprepositories-read" - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - kubeapps.com - resources: - - apprepositories - - apprepositories/finalizers - verbs: - - get - - list - - watch ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: "kubeapps:controller:{{ .Release.Namespace }}:apprepositories-read" - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "kubeapps:{{ .Release.Namespace }}:apprepositories-read" -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.apprepository.fullname" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: "kubeapps:{{ .Release.Namespace }}:apprepositories-write" - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - kubeapps.com - resources: - - apprepositories - verbs: - - '*' - - apiGroups: - - "" - resources: - - secrets - verbs: - - '*' ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: "kubeapps:{{ .Release.Namespace }}:apprepositories-refresh" - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - kubeapps.com - resources: - - apprepositories - verbs: - - get - - update -{{- end -}} diff --git a/bitnami/kubeapps/templates/apprepository/serviceaccount.yaml b/bitnami/kubeapps/templates/apprepository/serviceaccount.yaml deleted file mode 100644 index 43c5833..0000000 --- a/bitnami/kubeapps/templates/apprepository/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubeapps.apprepository.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: apprepository - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} diff --git a/bitnami/kubeapps/templates/assetsvc/deployment.yaml b/bitnami/kubeapps/templates/assetsvc/deployment.yaml deleted file mode 100644 index bf2654e..0000000 --- a/bitnami/kubeapps/templates/assetsvc/deployment.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "kubeapps.assetsvc.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: assetsvc - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.assetsvc.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: assetsvc - template: - metadata: - {{- if .Values.assetsvc.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: assetsvc - {{- if .Values.assetsvc.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "kubeapps.imagePullSecrets" . | indent 6 }} - {{- if .Values.assetsvc.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.assetsvc.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.assetsvc.podAffinityPreset "component" "assetsvc" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.assetsvc.podAntiAffinityPreset "component" "assetsvc" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.assetsvc.nodeAffinityPreset.type "key" .Values.assetsvc.nodeAffinityPreset.key "values" .Values.assetsvc.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.assetsvc.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.assetsvc.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.assetsvc.priorityClassName }} - priorityClassName: {{ .Values.assetsvc.priorityClassName | quote }} - {{- end }} - {{- if .Values.assetsvc.podSecurityContext.enabled }} - securityContext: {{- omit .Values.assetsvc.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: assetsvc - image: {{ include "common.images.image" (dict "imageRoot" .Values.assetsvc.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.assetsvc.image.pullPolicy | quote }} - {{- if .Values.assetsvc.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.assetsvc.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.assetsvc.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - command: - - /assetsvc - args: - - --database-user=postgres - - --database-name={{ .Values.postgresql.postgresqlDatabase }} - - --database-url={{ template "kubeapps.postgresql.fullname" . }}-headless:{{ default "5432" .Values.postgresql.service.port }} - env: - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - key: postgresql-password - name: {{ include "kubeapps.postgresql.secretName" . }} - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PORT - value: {{ .Values.assetsvc.containerPort | quote }} - ports: - - name: http - containerPort: {{ .Values.assetsvc.containerPort }} - {{- if .Values.assetsvc.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.assetsvc.livenessProbe "enabled" | toYaml | nindent 12 }} - {{- else if .Values.assetsvc.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.assetsvc.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.assetsvc.readinessProbe "enabled" | toYaml | nindent 12 }} - {{- else if .Values.assetsvc.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.assetsvc.resource }} - resources: {{- toYaml .Values.assetsvc.resources | nindent 12 }} - {{- end }} diff --git a/bitnami/kubeapps/templates/assetsvc/service.yaml b/bitnami/kubeapps/templates/assetsvc/service.yaml deleted file mode 100644 index 90e7c0e..0000000 --- a/bitnami/kubeapps/templates/assetsvc/service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubeapps.assetsvc.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: assetsvc - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if or .Values.assetsvc.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.assetsvc.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.assetsvc.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.assetsvc.service.port }} - targetPort: http - protocol: TCP - name: http - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: assetsvc diff --git a/bitnami/kubeapps/templates/dashboard/configmap.yaml b/bitnami/kubeapps/templates/dashboard/configmap.yaml deleted file mode 100644 index 16a94b2..0000000 --- a/bitnami/kubeapps/templates/dashboard/configmap.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dashboard - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - vhost.conf: |- - server { - listen {{ .Values.dashboard.containerPort }}; - {{- if .Values.frontend.largeClientHeaderBuffers }} - large_client_header_buffers {{ .Values.frontend.largeClientHeaderBuffers }}; - {{- end }} - {{- if .Values.enableIPv6 }} - listen [::]:{{ .Values.dashboard.containerPort }}; - {{- end}} - server_name _; - - gzip on; - gzip_static on; - - location /custom_style.css { - root /app/custom-css/; - } - - location /custom_locale.json { - root /app/custom-locale/; - } - - location /custom_components.js { - root /app/custom-components/; - } - - location / { - # Redirects are required to be relative otherwise the internal hostname will be exposed - absolute_redirect off; - - # Trailing / is required in the path for the React app to be loaded correctly - # The rewrite rule adds a trailing "/" to any path that does not contain "." neither "/". - # i.e kubeapps => kubeapps/ - rewrite ^([^.]*[^/])$ $1/ permanent; - - # Support for ingress prefixes maintaining compatibility with the default / - # 1 - Exactly two fragment URLs for files existing inside of the public/ dir - # i.e /[prefix]/config.json => /config.json - rewrite ^/[^/]+/([^/]+)$ /$1 break; - - # 2 - Any static files bundled by webpack referenced by 3 or more URL segments - # i.e /[prefix]/static/main.js => static/main.js - rewrite ^/[^/]+/static/(.*) /static/$1 break; - - try_files $uri /index.html; - } - } - custom_style.css: |- -{{- .Values.dashboard.customStyle | nindent 4 }} - custom_components.js: |- -{{- .Values.dashboard.customComponents | nindent 4 }} - custom_locale.json: |- -{{- .Values.dashboard.customLocale | toJson | nindent 4 }} - config.json: |- - { - "kubeappsCluster": "{{ template "kubeapps.kubeappsCluster" . -}}", - "kubeappsNamespace": "{{ .Release.Namespace }}", - "appVersion": "v{{ .Chart.AppVersion }}", - "authProxyEnabled": {{ .Values.authProxy.enabled }}, - "oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }}, - "oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }}, - "authProxySkipLoginPage": {{ .Values.authProxy.skipKubeappsLoginPage }}, - "featureFlags": {{ .Values.featureFlags | toJson }}, - "clusters": {{ template "kubeapps.clusterNames" . }}, - "theme": "{{ .Values.dashboard.defaultTheme }}", - "remoteComponentsUrl": "{{ .Values.dashboard.remoteComponentsUrl }}" - } diff --git a/bitnami/kubeapps/templates/dashboard/deployment.yaml b/bitnami/kubeapps/templates/dashboard/deployment.yaml deleted file mode 100644 index 350fb99..0000000 --- a/bitnami/kubeapps/templates/dashboard/deployment.yaml +++ /dev/null @@ -1,153 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "kubeapps.dashboard.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dashboard - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.dashboard.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: dashboard - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/dashboard/configmap.yaml") . | sha256sum }} - {{- if .Values.dashboard.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: dashboard - {{- if .Values.dashboard.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "kubeapps.imagePullSecrets" . | indent 6 }} - {{- if .Values.dashboard.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dashboard.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dashboard.podAffinityPreset "component" "dashboard" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.dashboard.podAntiAffinityPreset "component" "dashboard" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.dashboard.nodeAffinityPreset.type "key" .Values.dashboard.nodeAffinityPreset.key "values" .Values.dashboard.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.dashboard.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dashboard.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.dashboard.priorityClassName }} - priorityClassName: {{ .Values.dashboard.priorityClassName | quote }} - {{- end }} - {{- if .Values.dashboard.podSecurityContext.enabled }} - securityContext: {{- omit .Values.dashboard.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.dashboard.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: dashboard - image: {{ include "common.images.image" (dict "imageRoot" .Values.dashboard.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.dashboard.image.pullPolicy | quote }} - {{- if .Values.dashboard.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.dashboard.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.dashboard.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.dashboard.image.debug | quote }} - {{- if .Values.dashboard.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.dashboard.extraEnvVarsCM .Values.dashboard.extraEnvVarsSecret }} - envFrom: - {{- if .Values.dashboard.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.dashboard.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.dashboard.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - {{- if .Values.dashboard.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.dashboard.livenessProbe "enabled" | toYaml | nindent 12 }} - {{- else if .Values.dashboard.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dashboard.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.dashboard.readinessProbe "enabled" | toYaml | nindent 12 }} - {{- else if .Values.dashboard.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.dashboard.containerPort }} - {{- if .Values.dashboard.resources }} - resources: {{- toYaml .Values.dashboard.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: vhost - mountPath: /opt/bitnami/nginx/conf/server_blocks - - name: config - mountPath: /app/config.json - subPath: config.json - - mountPath: /app/custom-css - name: custom-css - - mountPath: /app/custom-locale - name: custom-locale - - mountPath: /app/custom-components - name: custom-components - {{- if .Values.dashboard.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.dashboard.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: vhost - configMap: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - items: - - key: vhost.conf - path: vhost.conf - - name: config - configMap: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - items: - - key: config.json - path: config.json - - name: custom-css - configMap: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - items: - - key: custom_style.css - path: custom_style.css - - name: custom-locale - configMap: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - items: - - key: custom_locale.json - path: custom_locale.json - - name: custom-components - configMap: - name: {{ template "kubeapps.dashboard-config.fullname" . }} - items: - - key: custom_components.js - path: custom_components.js - {{- if .Values.dashboard.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/kubeapps/templates/dashboard/service.yaml b/bitnami/kubeapps/templates/dashboard/service.yaml deleted file mode 100644 index 71bec5d..0000000 --- a/bitnami/kubeapps/templates/dashboard/service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubeapps.dashboard.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: dashboard - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if or .Values.dashboard.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.dashboard.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.dashboard.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.dashboard.service.port }} - targetPort: http - protocol: TCP - name: http - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: dashboard diff --git a/bitnami/kubeapps/templates/frontend/configmap.yaml b/bitnami/kubeapps/templates/frontend/configmap.yaml deleted file mode 100644 index 4840caf..0000000 --- a/bitnami/kubeapps/templates/frontend/configmap.yaml +++ /dev/null @@ -1,187 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kubeapps.frontend-config.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - k8s-api-proxy.conf: |- - # Disable buffering for log streaming - proxy_buffering off; - # Hide Www-Authenticate to prevent it triggering a basic auth prompt in - # the browser with some clusters - proxy_hide_header Www-Authenticate; - - # Keep the connection open with the API server even if idle (the default is 60 seconds) - # Setting it to 1 hour which should be enough for our current use case of deploying/upgrading apps - # If we enable other use-cases in the future we might need to bump this value - # More info here https://github.com/kubeapps/kubeapps/issues/766 - proxy_read_timeout 1h; - - {{- if .Values.frontend.proxypassAccessTokenAsBearer }} - # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server. - proxy_set_header Authorization "Bearer $http_x_forwarded_access_token"; - {{- end }} -{{- range .Values.clusters }} - {{- if .certificateAuthorityData }} - {{ .name }}-ca.pem: {{ .certificateAuthorityData }} - {{- end }} -{{- end}} - vhost.conf: |- - # Retain the default nginx handling of requests without a "Connection" header - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - # Allow websocket connections - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - server { - listen {{ .Values.frontend.containerPort }}; - {{- if .Values.frontend.largeClientHeaderBuffers }} - large_client_header_buffers {{ .Values.frontend.largeClientHeaderBuffers }}; - {{- end }} - {{- if .Values.enableIPv6 }} - listen [::]:{{ .Values.frontend.containerPort }}; - {{- end}} - server_name _; - - location /healthz { - access_log off; - default_type text/plain; - return 200 "healthy\n"; - } - - # Ensure each cluster can be reached (should only be - # used with an auth-proxy where k8s credentials never leave - # the cluster). See clusters option. - {{- range .Values.clusters }} - location ~* /api/clusters/{{ .name }} { - {{/* We need to split the API service URL(s) into the base url and the path segment so - those configurations using a path can be appropriately rewritten below while - ensuring the proxy_pass statement is given the base URL only. */}} - {{- $parsed := urlParse (default "https://kubernetes.default" .apiServiceURL) }} - {{- $apiServiceBaseURL := urlJoin (pick $parsed "scheme" "host") }} - {{- $apiServiceURLPath := $parsed.path }} - rewrite /api/clusters/{{ .name }}/(.*) {{ $apiServiceURLPath }}/$1 break; - rewrite /api/clusters/{{ .name }} {{ $apiServiceURLPath }}/ break; - - {{/* Helm returns a nil pointer error when accessing foo.bar if foo doesn't - exist, even with the `default` function. - See https://github.com/helm/helm/issues/8026#issuecomment-756538254 */}} - {{- $pinnipedConfig := .pinnipedConfig | default dict }} - {{- if and $.Values.pinnipedProxy.enabled $pinnipedConfig.enable }} - # If pinniped proxy is enabled *and* the current cluster is configured - # to exchange credentials then we route via pinnipedProxy to exchange - # credentials for client certificates. - {{- if .apiServiceURL }} - proxy_set_header PINNIPED_PROXY_API_SERVER_URL {{ .apiServiceURL }}; - {{- end }} - {{- if .certificateAuthorityData }} - proxy_set_header PINNIPED_PROXY_API_SERVER_CERT {{ .certificateAuthorityData }}; - {{- end }} - proxy_pass http://{{ template "kubeapps.pinniped-proxy.fullname" $ }}.{{ $.Release.Namespace }}:{{ $.Values.pinnipedProxy.containerPort }}; - {{- else }} - # Otherwise we route directly through to the clusters with existing credentials. - proxy_pass {{ $apiServiceBaseURL }}; - {{- if .certificateAuthorityData }} - proxy_ssl_trusted_certificate "./server_blocks/{{ .name }}-ca.pem"; - {{- end }} - {{- end }} - include "./server_blocks/k8s-api-proxy.conf"; - } - {{- end }} - - # Forward '/api/assetsvc' to '/assetsvc' - # but preserving the encoding (eg. '%2F' is not converted to '/') - # see https://serverfault.com/a/906479 - # Ex: from "/api/assetsvc/what$2Fever?param=value" - # it matches as $1="/what$2Fever" and $args="param=value" - # downstream services will receive "/assetsvc/what$2Fever?param=value" - location ~* /api/assetsvc { - rewrite ^ $request_uri; # pass the encoded url downstream as is, - rewrite /api/assetsvc([^?]*) /assetsvc$1?$args break; - - {{- if .Values.frontend.proxypassExtraSetHeader }} - proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }}; - {{- end }} - - {{- if .Values.frontend.proxypassAccessTokenAsBearer }} - # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server. - proxy_set_header Authorization "Bearer $http_x_forwarded_access_token"; - {{- end }} - - proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}}; - } - - location ~* /api/kubeops { - # Keep the connection open with the API server even if idle (the default is 60 seconds) - # Setting it to 10 minutes which should be enough for our current use case of deploying/upgrading/deleting apps - proxy_read_timeout 10m; - rewrite /api/kubeops/(.*) /$1 break; - rewrite /api/kubeops / break; - - {{- if .Values.frontend.proxypassExtraSetHeader }} - proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }}; - {{- end }} - - {{- if .Values.frontend.proxypassAccessTokenAsBearer }} - # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server. - proxy_set_header Authorization "Bearer $http_x_forwarded_access_token"; - {{- end }} - - proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}}; - } - - {{- if .Values.featureFlags.kubeappsAPIsServer }} - location ~* /apis { - rewrite ^ $request_uri; # pass the encoded url downstream as is, - rewrite /apis/([^?]*) /$1 break; - rewrite /apis / break; - - {{- if .Values.frontend.proxypassExtraSetHeader }} - proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }}; - {{- end }} - - {{- if .Values.frontend.proxypassAccessTokenAsBearer }} - # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server. - proxy_set_header Authorization "Bearer $http_x_forwarded_access_token"; - {{- end }} - - proxy_pass {{ include "kubeapps.kubeappsapis.proxy_pass" . -}}; - } - {{- end }} - - # The route for the Kubeapps backend API is not prefixed. - location ~* /api/ { - rewrite /api/(.*) /backend/$1 break; - rewrite /api/ /backend break; - - {{- if .Values.frontend.proxypassExtraSetHeader }} - proxy_set_header {{ .Values.frontend.proxypassExtraSetHeader }}; - {{- end }} - - {{- if .Values.frontend.proxypassAccessTokenAsBearer }} - # Google Kubernetes Engine requires the access_token as the Bearer when talking to the k8s api server. - proxy_set_header Authorization "Bearer $http_x_forwarded_access_token"; - {{- end }} - - proxy_pass {{ include "kubeapps.frontend-config.proxy_pass" . -}}; - } - - location / { - # Add the Authorization header if exists - add_header Authorization $http_authorization; - - proxy_pass http://{{ template "kubeapps.dashboard.fullname" . }}:{{ .Values.dashboard.service.port }}; - } - } diff --git a/bitnami/kubeapps/templates/frontend/deployment.yaml b/bitnami/kubeapps/templates/frontend/deployment.yaml deleted file mode 100644 index cbba8ba..0000000 --- a/bitnami/kubeapps/templates/frontend/deployment.yaml +++ /dev/null @@ -1,200 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.frontend.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: frontend - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/frontend/configmap.yaml") . | sha256sum }} - {{- if .Values.frontend.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: frontend - {{- if .Values.frontend.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "kubeapps.imagePullSecrets" . | indent 6 }} - {{- if .Values.frontend.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.frontend.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.frontend.podAffinityPreset "component" "frontend" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.frontend.podAntiAffinityPreset "component" "frontend" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.frontend.nodeAffinityPreset.type "key" .Values.frontend.nodeAffinityPreset.key "values" .Values.frontend.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.frontend.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.frontend.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.frontend.priorityClassName }} - priorityClassName: {{ .Values.frontend.priorityClassName | quote }} - {{- end }} - {{- if .Values.frontend.podSecurityContext.enabled }} - securityContext: {{- omit .Values.frontend.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.frontend.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: nginx - image: {{ include "common.images.image" (dict "imageRoot" .Values.frontend.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.frontend.image.pullPolicy | quote }} - {{- if .Values.frontend.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.frontend.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.frontend.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.frontend.image.debug | quote }} - {{- if .Values.frontend.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.frontend.extraEnvVarsCM .Values.frontend.extraEnvVarsSecret }} - envFrom: - {{- if .Values.frontend.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.frontend.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.frontend.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.frontend.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - {{- if .Values.frontend.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.frontend.livenessProbe "enabled" | toYaml | nindent 12 }} - {{- else if .Values.dashboard.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.frontend.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.frontend.readinessProbe "enabled" | toYaml | nindent 12 }} - {{- else if .Values.frontend.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.frontend.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.frontend.containerPort }} - {{- if .Values.frontend.resources }} - resources: {{- toYaml .Values.frontend.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: vhost - mountPath: /opt/bitnami/nginx/conf/server_blocks - {{- if .Values.frontend.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }} - - name: auth-proxy - image: {{ include "common.images.image" (dict "imageRoot" .Values.authProxy.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.authProxy.image.pullPolicy | quote }} - {{- if .Values.authProxy.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.authProxy.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - - --provider={{ required "You must fill \".Values.authProxy.provider\" with the provider. Valid values at https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview" .Values.authProxy.provider }} - - --upstream=http://localhost:{{ .Values.frontend.containerPort }}/ - - --http-address=0.0.0.0:{{ .Values.authProxy.containerPort }} - - --email-domain={{ .Values.authProxy.emailDomain }} - - --pass-basic-auth=false - - --pass-access-token=true - - --pass-authorization-header=true - - --skip-auth-regex=^\/config\.json$ - - --skip-auth-regex=^\/manifest\.json$ - - --skip-auth-regex=^\/custom_style\.css$ - - --skip-auth-regex=^\/clr-ui.min\.css$ - - --skip-auth-regex=^\/clr-ui-dark.min\.css$ - - --skip-auth-regex=^\/custom_locale\.json$ - - --skip-auth-regex=^\/favicon.*\.png$ - - --skip-auth-regex=^\/favicon.*\.ico$ - - --skip-auth-regex=^\/static\/ - - --skip-auth-regex=^\/$ - - --scope={{ .Values.authProxy.scope }} - - --cookie-refresh={{ .Values.authProxy.cookieRefresh }} - {{- range .Values.authProxy.additionalFlags }} - - {{ . }} - {{- end }} - env: - - name: OAUTH2_PROXY_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ template "kubeapps.oauth2_proxy-secret.name" . }} - key: clientID - - name: OAUTH2_PROXY_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ template "kubeapps.oauth2_proxy-secret.name" . }} - key: clientSecret - - name: OAUTH2_PROXY_COOKIE_SECRET - valueFrom: - secretKeyRef: - name: {{ template "kubeapps.oauth2_proxy-secret.name" . }} - key: cookieSecret - ports: - - name: proxy - containerPort: {{ .Values.authProxy.containerPort }} - {{- if .Values.authProxy.resources }} - resources: {{- toYaml .Values.authProxy.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if and (gt (len .Values.clusters) 1) (not .Values.authProxy.enabled) }} - {{ fail "clusters can be configured only when using an auth proxy for cluster oidc authentication."}} - {{- end }} - {{- if and .Values.pinnipedProxy.enabled }} - - name: pinniped-proxy - image: {{ include "common.images.image" (dict "imageRoot" .Values.pinnipedProxy.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.pinnipedProxy.image.pullPolicy | quote }} - {{- if .Values.pinnipedProxy.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.pinnipedProxy.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - command: - - pinniped-proxy - env: - - name: DEFAULT_PINNIPED_NAMESPACE - value: {{ .Values.pinnipedProxy.defaultPinnipedNamespace }} - - name: DEFAULT_PINNIPED_AUTHENTICATOR_TYPE - value: {{ .Values.pinnipedProxy.defaultAuthenticatorType }} - - name: DEFAULT_PINNIPED_AUTHENTICATOR_NAME - value: {{ .Values.pinnipedProxy.defaultAuthenticatorName }} - - name: DEFAULT_PINNIPED_API_SUFFIX - value: {{ .Values.pinnipedProxy.defaultPinnipedAPISuffix }} - - name: RUST_LOG - value: info - ports: - - name: pinniped-proxy - containerPort: {{ .Values.pinnipedProxy.containerPort }} - {{- if .Values.pinnipedProxy.resources }} - resources: {{- toYaml .Values.pinnipedProxy.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.pinnipedProxy.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.pinnipedProxy.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: vhost - configMap: - name: {{ template "kubeapps.frontend-config.fullname" . }} - {{- if .Values.frontend.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/kubeapps/templates/frontend/oauth2-secret.yaml b/bitnami/kubeapps/templates/frontend/oauth2-secret.yaml deleted file mode 100644 index 42d47f6..0000000 --- a/bitnami/kubeapps/templates/frontend/oauth2-secret.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kubeapps.oauth2_proxy-secret.name" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - clientID: {{ required "You must fill \".Values.authProxy.clientID\" with the Client ID of the provider" .Values.authProxy.clientID | b64enc }} - clientSecret: {{ required "You must fill \".Values.authProxy.clientSecret\" with the Client Secret of the provider" .Values.authProxy.clientSecret | b64enc }} - cookieSecret: {{ required "You must fill \".Values.authProxy.cookieSecret\". More info at https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview/#generating-a-cookie-secret" .Values.authProxy.cookieSecret | b64enc }} ---- -{{- end }} diff --git a/bitnami/kubeapps/templates/frontend/service.yaml b/bitnami/kubeapps/templates/frontend/service.yaml deleted file mode 100644 index 3d79b9e..0000000 --- a/bitnami/kubeapps/templates/frontend/service.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if or .Values.frontend.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.frontend.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.frontend.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.frontend.service.type }} - {{- if and .Values.frontend.service.clusterIP (eq .Values.frontend.service.type "ClusterIP") }} - clusterIP: {{ .Values.frontend.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.frontend.service.type "LoadBalancer") (eq .Values.frontend.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.frontend.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (and (eq .Values.frontend.service.type "LoadBalancer") .Values.frontend.service.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: {{- toYaml .Values.frontend.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and (eq .Values.frontend.service.type "LoadBalancer") (not (empty .Values.frontend.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.frontend.service.loadBalancerIP }} - {{- end }} - ports: - - port: {{ .Values.frontend.service.port }} - {{- if and .Values.authProxy.enabled (not .Values.authProxy.external) }} - targetPort: proxy - {{- else }} - targetPort: http - {{- end }} - {{- if and (or (eq .Values.frontend.service.type "NodePort") (eq .Values.frontend.service.type "LoadBalancer")) (not (empty .Values.frontend.service.nodePort)) }} - nodePort: {{ .Values.frontend.service.nodePort }} - {{- else if eq .Values.frontend.service.type "ClusterIP" }} - nodePort: null - {{- end }} - protocol: TCP - name: http - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: frontend -{{- if .Values.pinnipedProxy.enabled }} ---- -# Include an additional ClusterIP service for the pinniped-proxy as some configurations -# require the normal frontend service to use NodePort. -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubeapps.pinniped-proxy.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.pinnipedProxy.containerPort }} - targetPort: pinniped-proxy - protocol: TCP - name: pinniped-proxy - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: frontend -{{- end }} diff --git a/bitnami/kubeapps/templates/ingress.yaml b/bitnami/kubeapps/templates/ingress.yaml deleted file mode 100644 index 6cefcce..0000000 --- a/bitnami/kubeapps/templates/ingress.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.ingress.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.certManager.clusterIssuer }} - cert-manager.io/cluster-issuer: {{ .Values.ingress.certManager.clusterIssuer }} - {{- end }} - {{- if .Values.ingress.certManager.httpIngressClass }} - acme.cert-manager.io/http01-ingress-class: {{ .Values.ingress.certManager.httpIngressClass }} - {{- end }} - {{- if .Values.ingress.certManager.commonName }} - cert-manager.io/common-name: {{ .Values.ingress.certManager.commonName }} - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" . ) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ $.Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ $.Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned) }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml b/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml deleted file mode 100644 index 59a845a..0000000 --- a/bitnami/kubeapps/templates/kubeappsapis/deployment.yaml +++ /dev/null @@ -1,167 +0,0 @@ -{{- if .Values.featureFlags.kubeappsAPIsServer }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "kubeapps.kubeappsapis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.kubeappsapis.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: kubeappsapis - template: - metadata: - {{- if .Values.kubeappsapis.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.kubeappsapis.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "kubeapps.imagePullSecrets" . | indent 6 }} - {{- if .Values.kubeappsapis.unsafeUseDemoSA }} - serviceAccountName: {{ template "kubeapps.kubeappsapis.fullname" . }} - {{- end }} - {{- if .Values.kubeappsapis.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.hostAliases "context" $) | nindent 8 }} - {{- end }} - # Increase termination timeout to let remaining operations to finish before killing the pods - # This is because new releases/upgrades/deletions are synchronous operations - {{- if .Values.kubeappsapis.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeappsapis.podAffinityPreset "component" "kubeappsapis" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeappsapis.podAntiAffinityPreset "component" "kubeappsapis" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.kubeappsapis.nodeAffinityPreset.type "key" .Values.kubeappsapis.nodeAffinityPreset.key "values" .Values.kubeappsapis.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.kubeappsapis.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubeappsapis.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubeappsapis.priorityClassName }} - priorityClassName: {{ .Values.kubeappsapis.priorityClassName | quote }} - {{- end }} - {{- if .Values.kubeappsapis.podSecurityContext.enabled }} - securityContext: {{- omit .Values.kubeappsapis.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.kubeappsapis.terminationGracePeriodSeconds }} - containers: - - name: kubeappsapis - image: {{ include "common.images.image" (dict "imageRoot" .Values.kubeappsapis.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.kubeappsapis.image.pullPolicy | quote }} - {{- if .Values.kubeappsapis.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.kubeappsapis.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.kubeappsapis.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - command: - - /kubeapps-apis - args: - {{- range .Values.kubeappsapis.enabledPlugins }} - - --plugin-dir - - /plugins/{{ . }} - {{- end }} - {{- if .Values.clusters }} - - --clusters-config-path=/config/clusters.conf - {{- end }} - {{- if .Values.pinnipedProxy.enabled }} - - --pinniped-proxy-url=http://{{ template "kubeapps.pinniped-proxy.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.pinnipedProxy.containerPort }} - {{- end }} - {{- if .Values.kubeappsapis.unsafeUseDemoSA }} - - --unsafe-use-demo-sa=true - {{- end }} - env: - - name: PORT - value: {{ .Values.kubeappsapis.containerPort | quote }} - {{- if .Values.redis.enabled }} - # REDIS-* vars are required by the plugins for caching functionality - # TODO (gfichtenolt) this as required by the kubeapps apis service (which will - # longer-term pass something to the plugins so that the plugins won't need to - # know these details). Currently they're used directly by the flux plugin - - name: REDIS_ADDR - value: kubeapps-redis-master.{{ .Release.Namespace }}.svc.cluster.local:6379 - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - key: redis-password - name: {{ include "kubeapps.redis.secretName" . }} - - name: REDIS_DB - value: "0" - {{- end }} - # TODO(agamez): pass this configuration using a separated config file - # These env vars are currently (and temporarily) required by the 'helm' plugin - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ASSET_SYNCER_DB_URL - value: {{ template "kubeapps.postgresql.fullname" . }}-headless:{{ default "5432" .Values.postgresql.service.port }} - - name: ASSET_SYNCER_DB_NAME - value: {{ .Values.postgresql.postgresqlDatabase }} - - name: ASSET_SYNCER_DB_USERNAME - value: postgres - - name: ASSET_SYNCER_DB_USERPASSWORD - valueFrom: - secretKeyRef: - key: postgresql-password - name: {{ include "kubeapps.postgresql.secretName" . }} - {{- if .Values.kubeappsapis.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.kubeappsapis.extraEnvVarsCM .Values.kubeappsapis.extraEnvVarsSecret }} - envFrom: - {{- if .Values.kubeappsapis.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.kubeappsapis.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: grpc-http - containerPort: {{ .Values.kubeappsapis.containerPort }} - {{- if .Values.kubeappsapis.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.kubeappsapis.livenessProbe "enabled" | toYaml | nindent 12 }} - {{- else if .Values.kubeappsapis.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.kubeappsapis.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.kubeappsapis.readinessProbe "enabled" | toYaml | nindent 12 }} - {{- else if .Values.kubeappsapis.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.kubeappsapis.resources }} - resources: {{- toYaml .Values.kubeappsapis.resources | nindent 12 }} - {{- end }} - {{- if .Values.clusters }} - volumeMounts: - - name: clusters-config - mountPath: /config - - name: ca-certs - mountPath: /etc/additional-clusters-cafiles - {{- end }} - {{- if .Values.clusters }} - volumes: - - name: clusters-config - configMap: - name: {{ template "kubeapps.clusters-config.fullname" . }} - - name: ca-certs - emptyDir: {} - {{- end }} -{{- end }} diff --git a/bitnami/kubeapps/templates/kubeappsapis/rbac.yaml b/bitnami/kubeapps/templates/kubeappsapis/rbac.yaml deleted file mode 100644 index 5a4072f..0000000 --- a/bitnami/kubeapps/templates/kubeappsapis/rbac.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- if .Values.featureFlags.kubeappsAPIsServer }} -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "packageinstalls.packaging.carvel.dev" - - "packagerepositories.packaging.carvel.dev" - - "source.toolkit.fluxcd.io" - - "helm.toolkit.fluxcd.io" - resources: ['*'] - verbs: ['*'] - # So that our dev user is seen as having access to a namespace. - # We'll need to add rbac for our dev user to install later as well. - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] -{{- if .Values.kubeappsapis.unsafeUseDemoSA }} -# Dev-only ClusterRoleBinding to the ServiceAccount ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "kubeapps:controller:kubeapps-apis-dev-{{ .Release.Namespace }}" -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.kubeappsapis.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end }} -{{- end }} -{{- end }} diff --git a/bitnami/kubeapps/templates/kubeappsapis/service.yaml b/bitnami/kubeapps/templates/kubeappsapis/service.yaml deleted file mode 100644 index 8fc422f..0000000 --- a/bitnami/kubeapps/templates/kubeappsapis/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.featureFlags.kubeappsAPIsServer }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubeapps.kubeappsapis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if or .Values.kubeappsapis.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.kubeappsapis.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.kubeappsapis.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.kubeappsapis.service.port }} - targetPort: grpc-http - protocol: TCP - name: grpc-http - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: kubeappsapis -{{- end }} diff --git a/bitnami/kubeapps/templates/kubeappsapis/serviceaccount.yaml b/bitnami/kubeapps/templates/kubeappsapis/serviceaccount.yaml deleted file mode 100644 index 5dc5e3a..0000000 --- a/bitnami/kubeapps/templates/kubeappsapis/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.featureFlags.kubeappsAPIsServer }} - {{- if .Values.kubeappsapis.unsafeUseDemoSA }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubeapps.kubeappsapis.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeappsapis - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/kubeapps/templates/kubeops/deployment.yaml b/bitnami/kubeapps/templates/kubeops/deployment.yaml deleted file mode 100644 index 825b7df..0000000 --- a/bitnami/kubeapps/templates/kubeops/deployment.yaml +++ /dev/null @@ -1,142 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "kubeapps.kubeops.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/component: kubeops - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.kubeops.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: kubeops - template: - metadata: - {{- if .Values.kubeops.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: kubeops - {{- if .Values.kubeops.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "kubeapps.imagePullSecrets" . | indent 6 }} - serviceAccountName: {{ template "kubeapps.kubeops.fullname" . }} - {{- if .Values.kubeops.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.hostAliases "context" $) | nindent 8 }} - {{- end }} - # Increase termination timeout to let remaining operations to finish before killing the pods - # This is because new releases/upgrades/deletions are synchronous operations - {{- if .Values.kubeops.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeops.podAffinityPreset "component" "kubeops" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.kubeops.podAntiAffinityPreset "component" "kubeops" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.kubeops.nodeAffinityPreset.type "key" .Values.kubeops.nodeAffinityPreset.key "values" .Values.kubeops.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.kubeops.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubeops.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.kubeops.priorityClassName }} - priorityClassName: {{ .Values.kubeops.priorityClassName | quote }} - {{- end }} - {{- if .Values.kubeops.podSecurityContext.enabled }} - securityContext: {{- omit .Values.kubeops.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.kubeops.terminationGracePeriodSeconds }} - containers: - - name: kubeops - image: {{ include "common.images.image" (dict "imageRoot" .Values.kubeops.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.kubeops.image.pullPolicy | quote }} - {{- if .Values.kubeops.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.kubeops.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.kubeops.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - command: - - /kubeops - args: - - --user-agent-comment=kubeapps/{{ .Chart.AppVersion }} - - --assetsvc-url=http://{{ template "kubeapps.assetsvc.fullname" . }}:{{ .Values.assetsvc.service.port }} - {{- if .Values.clusters }} - - --clusters-config-path=/config/clusters.conf - {{- end }} - {{- if .Values.pinnipedProxy.enabled }} - - --pinniped-proxy-url=http://{{ template "kubeapps.pinniped-proxy.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.pinnipedProxy.containerPort }} - {{- end }} - {{- if .Values.kubeops.burst }} - - --burst={{ .Values.kubeops.burst }} - {{- end }} - {{- if .Values.kubeops.QPS }} - - --qps={{ .Values.kubeops.QPS }} - {{- end }} - {{- if .Values.kubeops.namespaceHeaderName }} - - --namespace-header-name={{ .Values.kubeops.namespaceHeaderName }} - {{- end }} - {{- if .Values.kubeops.namespaceHeaderPattern }} - - --namespace-header-pattern={{ .Values.kubeops.namespaceHeaderPattern }} - {{- end }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PORT - value: {{ .Values.kubeops.containerPort | quote }} - {{- if .Values.kubeops.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.kubeops.extraEnvVarsCM .Values.kubeops.extraEnvVarsSecret }} - envFrom: - {{- if .Values.kubeops.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeops.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.kubeops.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.kubeops.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.kubeops.containerPort }} - {{- if .Values.kubeops.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.kubeops.livenessProbe "enabled" | toYaml | nindent 12 }} - {{- else if .Values.kubeops.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.kubeops.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.kubeops.readinessProbe "enabled" | toYaml | nindent 12 }} - {{- else if .Values.kubeops.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.kubeops.resources }} - resources: {{- toYaml .Values.kubeops.resources | nindent 12 }} - {{- end }} - {{- if .Values.clusters }} - volumeMounts: - - name: clusters-config - mountPath: /config - - name: ca-certs - mountPath: /etc/additional-clusters-cafiles - {{- end }} - {{- if .Values.clusters }} - volumes: - - name: clusters-config - configMap: - name: {{ template "kubeapps.clusters-config.fullname" . }} - - name: ca-certs - emptyDir: {} - {{- end }} diff --git a/bitnami/kubeapps/templates/kubeops/rbac.yaml b/bitnami/kubeapps/templates/kubeops/rbac.yaml deleted file mode 100644 index 90dd59b..0000000 --- a/bitnami/kubeapps/templates/kubeops/rbac.yaml +++ /dev/null @@ -1,141 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "kubeapps.kubeops.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeops - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create - - delete - - apiGroups: - - "kubeapps.com" - resources: - - apprepositories - verbs: - - get - - list ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "kubeapps.kubeops.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeops - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubeapps.kubeops.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.kubeops.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- if .Values.allowNamespaceDiscovery }} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeops - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - list ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeops - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "kubeapps:controller:kubeops-ns-discovery-{{ .Release.Namespace }}" -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.kubeops.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end }} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeops - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - packages.operators.coreos.com - resources: - - packagemanifests/icon - verbs: - - get ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}" - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeops - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: "kubeapps:controller:kubeops-operators-{{ .Release.Namespace }}" -subjects: - - kind: ServiceAccount - name: {{ template "kubeapps.kubeops.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/kubeapps/templates/kubeops/service.yaml b/bitnami/kubeapps/templates/kubeops/service.yaml deleted file mode 100644 index e57f210..0000000 --- a/bitnami/kubeapps/templates/kubeops/service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubeapps.kubeops.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeops - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if or .Values.kubeops.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.kubeops.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.kubeops.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - ports: - - port: {{ .Values.kubeops.service.port }} - targetPort: http - protocol: TCP - name: http - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: kubeops diff --git a/bitnami/kubeapps/templates/kubeops/serviceaccount.yaml b/bitnami/kubeapps/templates/kubeops/serviceaccount.yaml deleted file mode 100644 index 7408e4a..0000000 --- a/bitnami/kubeapps/templates/kubeops/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kubeapps.kubeops.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: kubeops - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} diff --git a/bitnami/kubeapps/templates/shared/config.yaml b/bitnami/kubeapps/templates/shared/config.yaml deleted file mode 100644 index b8af8c9..0000000 --- a/bitnami/kubeapps/templates/shared/config.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if gt (len .Values.clusters) 0 }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kubeapps.clusters-config.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - clusters.conf: |- -{{ .Values.clusters | toPrettyJson | indent 4 }} -{{- end }} diff --git a/bitnami/kubeapps/templates/tls-secrets.yaml b/bitnami/kubeapps/templates/tls-secrets.yaml deleted file mode 100644 index fbb967d..0000000 --- a/bitnami/kubeapps/templates/tls-secrets.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} -{{- $ca := genCA "kubeapps-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" . ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/kubeapps/values.schema.json b/bitnami/kubeapps/values.schema.json deleted file mode 100644 index 564e4e9..0000000 --- a/bitnami/kubeapps/values.schema.json +++ /dev/null @@ -1,142 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "frontend": { - "type": "object", - "title": "Frontend configuration", - "form": true, - "properties": { - "replicaCount": { - "type": "integer", - "title": "Number of replicas", - "form": true - } - } - }, - "dashboard": { - "type": "object", - "title": "Dashboard configuration", - "form": true, - "properties": { - "replicaCount": { - "type": "integer", - "title": "Number of replicas", - "form": true - } - } - }, - "assetsvc": { - "type": "object", - "title": "Assetsvc configuration", - "form": true, - "properties": { - "replicaCount": { - "type": "integer", - "title": "Number of replicas", - "form": true - } - } - }, - "ingress": { - "type": "object", - "form": true, - "title": "Ingress configuration", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Use a custom hostname", - "description": "Enable the ingress resource that allows you to access the Kubeapps dashboard." - }, - "hostname": { - "type": "string", - "form": true, - "title": "Hostname", - "hidden": { - "value": false, - "path": "ingress/enabled" - } - }, - "tls": { - "type": "boolean", - "form": true, - "title": "Enable TLS configuration", - "hidden": { - "value": false, - "path": "ingress/enabled" - } - }, - "certManager": { - "type": "object", - "form": true, - "title": "Use cert-manager to auto-generate the TLS certificate", - "description": "Add the corresponding annotations for cert-manager to auto-generate the TLS certificate", - "hidden": { - "value": false, - "path": "ingress/enabled" - }, - "properties": { - "clusterIssuer": { - "type": "string", - "title": "Cert-manager cluster issuer", - "form": true - } - } - } - } - }, - "authProxy": { - "type": "object", - "title": "OIDC Proxy configuration", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable OIDC proxy", - "description": "Use an OIDC provider in order to manage accounts, groups and roles with a single application" - }, - "provider": { - "type": "string", - "form": true, - "title": "Identity Provider name", - "description": "See https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#generating-a-cookie-secret to find available providers", - "hidden": { - "value": false, - "path": "authProxy/enabled" - } - }, - "clientID": { - "type": "string", - "form": true, - "title": "Client ID:", - "description": "Client ID of the Identity Provider", - "hidden": { - "value": false, - "path": "authProxy/enabled" - } - }, - "clientSecret": { - "type": "string", - "form": true, - "title": "Client Secret", - "description": "Secret used to validate the Client ID", - "hidden": { - "value": false, - "path": "authProxy/enabled" - } - }, - "cookieSecret": { - "type": "string", - "form": true, - "title": "Cookie Secret", - "description": "Used by OAuth2 Proxy to encrypt any credentials", - "hidden": { - "value": false, - "path": "authProxy/enabled" - } - } - } - } - } -} diff --git a/bitnami/kubeapps/values.yaml b/bitnami/kubeapps/values.yaml deleted file mode 100644 index bc107ae..0000000 --- a/bitnami/kubeapps/values.yaml +++ /dev/null @@ -1,1773 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] -## @param enableIPv6 Enable IPv6 configuration -## -enableIPv6: false - -## @section Traffic Exposure Parameters - -## Configure the ingress resource that allows you to access the Kubeapps installation -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress record generation for Kubeapps - ## - enabled: false - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress record - ## - hostname: kubeapps.local - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers - ## - path: / - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.annotations [object] Additional custom annotations for the ingress record - ## NOTE: The `ingress.certManager` values are intended to be used for managing the cert-manager annotations - ## - annotations: - nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by configuring `ingress.certManager.clusterIssuer` - ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## - tls: false - ## @param ingress.certManager Set up the cert-manager integration - ## For more information, see: https://cert-manager.io/docs/usage/ingress/#optional-configuration - ## e.g.: - ## certManager: - ## clusterIssuer: - ## httpIngressClass: - ## commonName: - certManager: {} - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: kubeapps.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - kubeapps.local - ## secretName: kubeapps.local-tls - ## - extraTls: [] - ## @param ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: kubeapps.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] - -## @section Frontend parameters - -## Frontend parameters -## -frontend: - ## Bitnami NGINX image - ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ - ## @param frontend.image.registry NGINX image registry - ## @param frontend.image.repository NGINX image repository - ## @param frontend.image.tag NGINX image tag (immutable tags are recommended) - ## @param frontend.image.pullPolicy NGINX image pull policy - ## @param frontend.image.pullSecrets NGINX image pull secrets - ## @param frontend.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/nginx - tag: 1.21.3-debian-10-r11 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - ## @param frontend.proxypassAccessTokenAsBearer Use access_token as the Bearer when talking to the k8s api server - ## NOTE: Some K8s distributions such as GKE requires it - ## - proxypassAccessTokenAsBearer: false - ## @param frontend.proxypassExtraSetHeader Set an additional proxy header for all requests proxied via NGINX - ## Authorization header(s) set in this way will be included with the request from kubeops to the k8s service API URL. - ## ref: https://github.com/kubeapps/kubeapps/blob/7e31d0e7241f826aa365856c134cf901d40890e7/pkg/http-handler/http-handler.go#L247 - ## e.g: - ## proxypassExtraSetHeader: Authorization "Bearer $cookie_sessionid"; - ## - proxypassExtraSetHeader: "" - ## @param frontend.largeClientHeaderBuffers Set large_client_header_buffers in NGINX config - ## NOTE: Can be required when using OIDC or LDAP due to large cookies - ## - largeClientHeaderBuffers: "4 32k" - ## @param frontend.replicaCount Number of frontend replicas to deploy - ## - replicaCount: 2 - ## Frontend containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param frontend.resources.limits.cpu The CPU limits for the NGINX container - ## @param frontend.resources.limits.memory The memory limits for the NGINX container - ## @param frontend.resources.requests.cpu The requested CPU for the NGINX container - ## @param frontend.resources.requests.memory The requested memory for the NGINX container - ## - resources: - limits: - cpu: 250m - memory: 128Mi - requests: - cpu: 25m - memory: 32Mi - ## @param frontend.extraEnvVars Array with extra environment variables to add to the NGINX container - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param frontend.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the NGINX container - ## - extraEnvVarsCM: "" - ## @param frontend.extraEnvVarsSecret Name of existing Secret containing extra env vars for the NGINX container - ## - extraEnvVarsSecret: "" - ## @param frontend.containerPort NGINX HTTP container port - ## - containerPort: 8080 - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param frontend.podSecurityContext.enabled Enabled frontend pods' Security Context - ## @param frontend.podSecurityContext.fsGroup Set frontend pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param frontend.containerSecurityContext.enabled Enabled NGINX containers' Security Context - ## @param frontend.containerSecurityContext.runAsUser Set NGINX container's Security Context runAsUser - ## @param frontend.containerSecurityContext.runAsNonRoot Set NGINX container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## Configure extra options for frontend containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param frontend.livenessProbe.enabled Enable livenessProbe - ## @skip frontend.livenessProbe.httpGet - ## @param frontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param frontend.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param frontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param frontend.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param frontend.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param frontend.readinessProbe.enabled Enable readinessProbe - ## @skip frontend.readinessProbe.httpGet - ## @param frontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param frontend.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param frontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param frontend.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param frontend.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - httpGet: - path: / - port: 8080 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param frontend.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param frontend.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param frontend.lifecycleHooks Custom lifecycle hooks for frontend containers - ## - lifecycleHooks: {} - ## @param frontend.podLabels Extra labels for frontend pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param frontend.podAnnotations Annotations for frontend pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param frontend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param frontend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## nodeAffinityPreset Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param frontend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param frontend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param frontend.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param frontend.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: frontend.podAffinityPreset, frontend.podAntiAffinityPreset, and frontend.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param frontend.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param frontend.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param frontend.priorityClassName Priority class name for frontend pods - ## - priorityClassName: "" - ## @param frontend.hostAliases Custom host aliases for frontend pods - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param frontend.extraVolumes Optionally specify extra list of additional volumes for frontend pods - ## - extraVolumes: [] - ## @param frontend.extraVolumeMounts Optionally specify extra list of additional volumeMounts for frontend container(s) - ## - extraVolumeMounts: [] - ## @param frontend.sidecars Add additional sidecar containers to the frontend pod - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param frontend.initContainers Add additional init containers to the frontend pods - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Frontend service parameters - ## - service: - ## @param frontend.service.type Frontend service type - ## - type: ClusterIP - ## @param frontend.service.port Frontend service HTTP port - ## - port: 80 - ## @param frontend.service.nodePort Node port for HTTP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport - ## - nodePort: "" - ## @param frontend.service.clusterIP Frontend service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param frontend.service.loadBalancerIP Frontend service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param frontend.service.loadBalancerSourceRanges Frontend service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param frontend.service.externalTrafficPolicy Frontend service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param frontend.service.annotations Additional custom annotations for frontend service - ## - annotations: {} - -## @section Dashboard parameters - -## Dashboard parameters -## -dashboard: - ## Bitnami Kubeapps Dashboard image - ## ref: https://hub.docker.com/r/bitnami/kubeops/tags/ - ## @param dashboard.image.registry Dashboard image registry - ## @param dashboard.image.repository Dashboard image repository - ## @param dashboard.image.tag Dashboard image tag (immutable tags are recommended) - ## @param dashboard.image.pullPolicy Dashboard image pull policy - ## @param dashboard.image.pullSecrets Dashboard image pull secrets - ## @param dashboard.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/kubeapps-dashboard - tag: 2.4.0-debian-10-r17 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - ## @param dashboard.customStyle Custom CSS injected to the Dashboard to customize Kubeapps look and feel - ## e.g: - ## customStyle: |- - ## .header.header-7 { - ## background-color: #991700; - ## } - ## - customStyle: "" - ## @param dashboard.customComponents Custom Form components injected into the BasicDeploymentForm - ## ref: https://github.com/kubeapps/kubeapps/blob/master/docs/developer/custom-form-component-support.md - ## - customComponents: "" - ## @param dashboard.remoteComponentsUrl Remote URL that can be used to load custom components vs loading from the local filesystem - ## - remoteComponentsUrl: "" - ## @param dashboard.customLocale Custom translations injected to the Dashboard to customize the strings used in Kubeapps - ## ref: https://github.com/kubeapps/kubeapps/blob/master/docs/developer/translate-kubeapps.md - ## e.g: - ## customLocale: - ## "Kubeapps": "My Dashboard" - ## "login-oidc": "Login with my company SSO" - ## - customLocale: "" - ## @param dashboard.defaultTheme Default theme used in the Dashboard if the user has not selected any theme yet. - ## enum: [ "light", "dark" ] - ## e.g: - ## defaultTheme: dark - ## - defaultTheme: "" - ## @param dashboard.replicaCount Number of Dashboard replicas to deploy - ## - replicaCount: 2 - ## @param dashboard.extraEnvVars Array with extra environment variables to add to the Dashboard container - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param dashboard.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the Dashboard container - ## - extraEnvVarsCM: "" - ## @param dashboard.extraEnvVarsSecret Name of existing Secret containing extra env vars for the Dashboard container - ## - extraEnvVarsSecret: "" - ## @param dashboard.containerPort Dashboard HTTP container port - ## - containerPort: 8080 - ## Dashboard containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param dashboard.resources.limits.cpu The CPU limits for the Dashboard container - ## @param dashboard.resources.limits.memory The memory limits for the Dashboard container - ## @param dashboard.resources.requests.cpu The requested CPU for the Dashboard container - ## @param dashboard.resources.requests.memory The requested memory for the Dashboard container - ## - resources: - limits: - cpu: 250m - memory: 128Mi - requests: - cpu: 25m - memory: 32Mi - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param dashboard.podSecurityContext.enabled Enabled Dashboard pods' Security Context - ## @param dashboard.podSecurityContext.fsGroup Set Dashboard pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param dashboard.containerSecurityContext.enabled Enabled Dashboard containers' Security Context - ## @param dashboard.containerSecurityContext.runAsUser Set Dashboard container's Security Context runAsUser - ## @param dashboard.containerSecurityContext.runAsNonRoot Set Dashboard container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## Configure extra options for Dashboard containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param dashboard.livenessProbe.enabled Enable livenessProbe - ## @skip dashboard.livenessProbe.httpGet - ## @param dashboard.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param dashboard.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param dashboard.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param dashboard.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param dashboard.livenessProbe.successThreshold Success threshold for livenessProbe - ## Dashboard containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - enabled: true - httpGet: - path: / - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param dashboard.readinessProbe.enabled Enable readinessProbe - ## @skip dashboard.readinessProbe.httpGet - ## @param dashboard.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param dashboard.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param dashboard.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param dashboard.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param dashboard.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - httpGet: - path: / - port: 8080 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param dashboard.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param dashboard.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param dashboard.lifecycleHooks Custom lifecycle hooks for Dashboard containers - ## - lifecycleHooks: {} - ## @param dashboard.podLabels Extra labels for Dasbhoard pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param dashboard.podAnnotations Annotations for Dasbhoard pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param dashboard.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param dashboard.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param dashboard.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param dashboard.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param dashboard.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param dashboard.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: dashboard.podAffinityPreset, dashboard.podAntiAffinityPreset, and dashboard.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param dashboard.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param dashboard.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param dashboard.priorityClassName Priority class name for Dashboard pods - ## - priorityClassName: "" - ## @param dashboard.hostAliases Custom host aliases for Dashboard pods - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param dashboard.extraVolumes Optionally specify extra list of additional volumes for Dasbhoard pods - ## - extraVolumes: [] - ## @param dashboard.extraVolumeMounts Optionally specify extra list of additional volumeMounts for Dasbhoard container(s) - ## - extraVolumeMounts: [] - ## @param dashboard.sidecars Add additional sidecar containers to the Dasbhoard pod - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param dashboard.initContainers Add additional init containers to the Dasbhoard pods - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Dasbhoard service parameters - ## - service: - ## @param dashboard.service.port Dasbhoard service HTTP port - ## - port: 8080 - ## @param dashboard.service.annotations Additional custom annotations for Dasbhoard service - ## - annotations: {} - -## @section AppRepository Controller parameters - -## AppRepository Controller parameters -## -apprepository: - ## Bitnami Kubeapps AppRepository Controller image - ## ref: https://hub.docker.com/r/bitnami/kubeapps-apprepository-controller/tags/ - ## @param apprepository.image.registry Kubeapps AppRepository Controller image registry - ## @param apprepository.image.repository Kubeapps AppRepository Controller image repository - ## @param apprepository.image.tag Kubeapps AppRepository Controller image tag (immutable tags are recommended) - ## @param apprepository.image.pullPolicy Kubeapps AppRepository Controller image pull policy - ## @param apprepository.image.pullSecrets Kubeapps AppRepository Controller image pull secrets - ## - image: - registry: docker.io - repository: bitnami/kubeapps-apprepository-controller - tag: 2.4.0-scratch-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Bitnami Kubeapps Asset Syncer image - ## ref: https://hub.docker.com/r/bitnami/kubeapps-asset-syncer/tags/ - ## @param apprepository.syncImage.registry Kubeapps Asset Syncer image registry - ## @param apprepository.syncImage.repository Kubeapps Asset Syncer image repository - ## @param apprepository.syncImage.tag Kubeapps Asset Syncer image tag (immutable tags are recommended) - ## @param apprepository.syncImage.pullPolicy Kubeapps Asset Syncer image pull policy - ## @param apprepository.syncImage.pullSecrets Kubeapps Asset Syncer image pull secrets - ## - syncImage: - registry: docker.io - repository: bitnami/kubeapps-asset-syncer - tag: 2.4.0-scratch-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param apprepository.initialRepos [array] Initial chart repositories to configure - ## e.g: - ## initialRepos: - ## - name: chartmuseum - ## url: https://chartmuseum.default:8080 - ## nodeSelector: - ## somelabel: somevalue - ## # Specify an Authorization Header if you are using an authentication method: - ## authorizationHeader: "Bearer xrxNC..." - ## # Specify the credentials if you are using a basic authentication method: - ## basicAuth: - ## user: - ## password: - ## # If you're providing your own certificates, please use this to add the certificates as secrets. - ## # It should start with -----BEGIN CERTIFICATE----- or - ## # -----BEGIN RSA PRIVATE KEY----- - ## caCert: - ## # Create this apprepository in a custom namespace - ## namespace: - ## # In case of an OCI registry, specify the type - ## type: oci - ## # And specify the list of repositories - ## ociRepositories: - ## - nginx - ## - jenkins - ## - initialRepos: - - name: bitnami - url: https://charts.bitnami.com/bitnami - ## @param apprepository.initialReposProxy [object] Proxy configuration to access chart repositories - ## - initialReposProxy: - enabled: false - httpProxy: "" - httpsProxy: "" - noProxy: "" - ## @param apprepository.crontab Schedule for syncing App repositories (default to 10 minutes) - ## e.g: - ## crontab: "*/10 * * * *" - ## - crontab: "" - ## @param apprepository.watchAllNamespaces Watch all namespaces to support separate AppRepositories per namespace - ## Switch this off only if you require running multiple instances of Kubeapps in different namespaces - ## without each instance watching AppRepositories of each other - ## - watchAllNamespaces: true - ## @param apprepository.replicaCount Number of AppRepository Controller replicas to deploy - ## Running a single controller replica to avoid sync job duplication - ## - replicaCount: 1 - ## AppRepository Controller containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param apprepository.resources.limits.cpu The CPU limits for the AppRepository Controller container - ## @param apprepository.resources.limits.memory The memory limits for the AppRepository Controller container - ## @param apprepository.resources.requests.cpu The requested CPU for the AppRepository Controller container - ## @param apprepository.resources.requests.memory The requested memory for the AppRepository Controller container - ## - resources: - limits: - cpu: 250m - memory: 128Mi - requests: - cpu: 25m - memory: 32Mi - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param apprepository.podSecurityContext.enabled Enabled AppRepository Controller pods' Security Context - ## @param apprepository.podSecurityContext.fsGroup Set AppRepository Controller pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param apprepository.containerSecurityContext.enabled Enabled AppRepository Controller containers' Security Context - ## @param apprepository.containerSecurityContext.runAsUser Set AppRepository Controller container's Security Context runAsUser - ## @param apprepository.containerSecurityContext.runAsNonRoot Set AppRepository Controller container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## @param apprepository.lifecycleHooks Custom lifecycle hooks for AppRepository Controller containers - ## - lifecycleHooks: {} - ## @param apprepository.podLabels Extra labels for AppRepository Controller pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param apprepository.podAnnotations Annotations for AppRepository Controller pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param apprepository.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param apprepository.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## nodeAffinityPreset Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param apprepository.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param apprepository.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param apprepository.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param apprepository.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: apprepository.podAffinityPreset, apprepository.podAntiAffinityPreset, and apprepository.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param apprepository.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param apprepository.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param apprepository.priorityClassName Priority class name for AppRepository Controller pods - ## - priorityClassName: "" - ## @param apprepository.hostAliases Custom host aliases for AppRepository Controller pods - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - -## @section Kubeops parameters - -## Kubeops parameters -## -kubeops: - ## Bitnami Kubeops image - ## ref: https://hub.docker.com/r/bitnami/kubeops/tags/ - ## @param kubeops.image.registry Kubeops image registry - ## @param kubeops.image.repository Kubeops image repository - ## @param kubeops.image.tag Kubeops image tag (immutable tags are recommended) - ## @param kubeops.image.pullPolicy Kubeops image pull policy - ## @param kubeops.image.pullSecrets Kubeops image pull secrets - ## - image: - registry: docker.io - repository: bitnami/kubeapps-kubeops - tag: 2.4.0-scratch-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param kubeops.namespaceHeaderName Additional header name for trusted namespaces - ## e.g: - ## namespaceHeaderName: X-Consumer-Groups - ## - namespaceHeaderName: "" - ## @param kubeops.namespaceHeaderPattern Additional header pattern for trusted namespaces - ## e.g: - ## namespaceHeaderPattern: namespace:^([\w-]+):\w+$ - ## - namespaceHeaderPattern: "" - ## @param kubeops.qps Kubeops QPS (queries per second) rate - ## - qps: "" - ## @param kubeops.burst Kubeops burst rate - ## - burst: "" - ## @param kubeops.replicaCount Number of Kubeops replicas to deploy - ## - replicaCount: 2 - ## @param kubeops.terminationGracePeriodSeconds The grace time period for sig term - ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution - ## - terminationGracePeriodSeconds: 300 - ## @param kubeops.extraEnvVars Array with extra environment variables to add to the Kubeops container - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param kubeops.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the Kubeops container - ## - extraEnvVarsCM: "" - ## @param kubeops.extraEnvVarsSecret Name of existing Secret containing extra env vars for the Kubeops container - ## - extraEnvVarsSecret: "" - ## @param kubeops.containerPort Kubeops HTTP container port - ## - containerPort: 8080 - ## Kubeops containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param kubeops.resources.limits.cpu The CPU limits for the Kubeops container - ## @param kubeops.resources.limits.memory The memory limits for the Kubeops container - ## @param kubeops.resources.requests.cpu The requested CPU for the Kubeops container - ## @param kubeops.resources.requests.memory The requested memory for the Kubeops container - ## - resources: - limits: - cpu: 250m - memory: 256Mi - requests: - cpu: 25m - memory: 32Mi - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param kubeops.podSecurityContext.enabled Enabled Kubeops pods' Security Context - ## @param kubeops.podSecurityContext.fsGroup Set Kubeops pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param kubeops.containerSecurityContext.enabled Enabled Kubeops containers' Security Context - ## @param kubeops.containerSecurityContext.runAsUser Set Kubeops container's Security Context runAsUser - ## @param kubeops.containerSecurityContext.runAsNonRoot Set Kubeops container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## Configure extra options for Kubeops containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param kubeops.livenessProbe.enabled Enable livenessProbe - ## @skip kubeops.livenessProbe.httpGet - ## @param kubeops.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param kubeops.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param kubeops.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param kubeops.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param kubeops.livenessProbe.successThreshold Success threshold for livenessProbe - ## Kubeops containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - enabled: true - httpGet: - path: /live - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param kubeops.readinessProbe.enabled Enable readinessProbe - ## @skip kubeops.readinessProbe.httpGet - ## @param kubeops.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param kubeops.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param kubeops.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param kubeops.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param kubeops.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param kubeops.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param kubeops.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param kubeops.lifecycleHooks Custom lifecycle hooks for Kubeops containers - ## - lifecycleHooks: {} - ## @param kubeops.podLabels Extra labels for Kubeops pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param kubeops.podAnnotations Annotations for Kubeops pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param kubeops.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param kubeops.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## nodeAffinityPreset Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param kubeops.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param kubeops.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param kubeops.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param kubeops.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: kubeops.podAffinityPreset, kubeops.podAntiAffinityPreset, and kubeops.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param kubeops.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param kubeops.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param kubeops.priorityClassName Priority class name for Kubeops pods - ## - priorityClassName: "" - ## @param kubeops.hostAliases Custom host aliases for Kubeops pods - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## Kubeops service parameters - ## - service: - ## @param kubeops.service.port Kubeops service HTTP port - ## - port: 8080 - ## @param kubeops.service.annotations Additional custom annotations for Kubeops service - ## - annotations: {} - -## @section Assetsvc parameters - -## Assetsvc parameters -## -assetsvc: - ## Bitnami Kubeapps Assetsvc image - ## ref: https://hub.docker.com/r/bitnami/kubeapps-assetsvc/tags/ - ## @param assetsvc.image.registry Kubeapps Assetsvc image registry - ## @param assetsvc.image.repository Kubeapps Assetsvc image repository - ## @param assetsvc.image.tag Kubeapps Assetsvc image tag (immutable tags are recommended) - ## @param assetsvc.image.pullPolicy Kubeapps Assetsvc image pull policy - ## @param assetsvc.image.pullSecrets Kubeapps Assetsvc image pull secrets - ## - image: - registry: docker.io - repository: bitnami/kubeapps-assetsvc - tag: 2.4.0-scratch-r1 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param assetsvc.replicaCount Number of Assetsvc replicas to deploy - ## - replicaCount: 2 - ## @param assetsvc.extraEnvVars Array with extra environment variables to add to the Assetsvc container - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param assetsvc.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the Assetsvc container - ## - extraEnvVarsCM: "" - ## @param assetsvc.extraEnvVarsSecret Name of existing Secret containing extra env vars for the Assetsvc container - ## - extraEnvVarsSecret: "" - ## @param assetsvc.containerPort Assetsvc HTTP container port - ## - containerPort: 8080 - ## Assetsvc containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param assetsvc.resources.limits.cpu The CPU limits for the Assetsvc container - ## @param assetsvc.resources.limits.memory The memory limits for the Assetsvc container - ## @param assetsvc.resources.requests.cpu The requested CPU for the Assetsvc container - ## @param assetsvc.resources.requests.memory The requested memory for the Assetsvc container - ## - resources: - limits: - cpu: 250m - memory: 128Mi - requests: - cpu: 25m - memory: 32Mi - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param assetsvc.podSecurityContext.enabled Enabled Assetsvc pods' Security Context - ## @param assetsvc.podSecurityContext.fsGroup Set Assetsvc pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param assetsvc.containerSecurityContext.enabled Enabled Assetsvc containers' Security Context - ## @param assetsvc.containerSecurityContext.runAsUser Set Assetsvc container's Security Context runAsUser - ## @param assetsvc.containerSecurityContext.runAsNonRoot Set Assetsvc container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## Configure extra options for Assetsvc containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param assetsvc.livenessProbe.enabled Enable livenessProbe - ## @skip assetsvc.livenessProbe.httpGet - ## @param assetsvc.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param assetsvc.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param assetsvc.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param assetsvc.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param assetsvc.livenessProbe.successThreshold Success threshold for livenessProbe - ## Assetsvc containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - enabled: true - httpGet: - path: /live - port: 8080 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param assetsvc.readinessProbe.enabled Enable readinessProbe - ## @skip assetsvc.readinessProbe.httpGet - ## @param assetsvc.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param assetsvc.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param assetsvc.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param assetsvc.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param assetsvc.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param assetsvc.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param assetsvc.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param assetsvc.lifecycleHooks Custom lifecycle hooks for Assetsvc containers - ## - lifecycleHooks: {} - ## @param assetsvc.podLabels Extra labels for Assetsvc pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param assetsvc.podAnnotations Annotations for Assetsvc pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param assetsvc.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param assetsvc.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## nodeAffinityPreset Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param assetsvc.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param assetsvc.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param assetsvc.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param assetsvc.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: assetsvc.podAffinityPreset, assetsvc.podAntiAffinityPreset, and assetsvc.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param assetsvc.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param assetsvc.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param assetsvc.priorityClassName Priority class name for Assetsvc pods - ## - priorityClassName: "" - ## @param assetsvc.hostAliases Custom host aliases for Assetsvc pods - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## Assetsvc service parameters - ## - service: - ## @param assetsvc.service.port Assetsvc service HTTP port - ## - port: 8080 - ## @param assetsvc.service.annotations Additional custom annotations for Assetsvc service - ## - annotations: {} - -## @section Auth Proxy parameters - -## Auth Proxy configuration for OIDC support -## ref: https://github.com/kubeapps/kubeapps/blob/master/docs/user/using-an-OIDC-provider.md -## -authProxy: - ## @param authProxy.enabled Specifies whether Kubeapps should configure OAuth login/logout - ## - enabled: false - ## Bitnami OAuth2 Proxy image - ## ref: https://hub.docker.com/r/bitnami/oauth2-proxy/tags/ - ## @param authProxy.image.registry OAuth2 Proxy image registry - ## @param authProxy.image.repository OAuth2 Proxy image repository - ## @param authProxy.image.tag OAuth2 Proxy image tag (immutable tags are recommended) - ## @param authProxy.image.pullPolicy OAuth2 Proxy image pull policy - ## @param authProxy.image.pullSecrets OAuth2 Proxy image pull secrets - ## - image: - registry: docker.io - repository: bitnami/oauth2-proxy - tag: 7.1.3-debian-10-r124 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param authProxy.external Use an external Auth Proxy instead of deploying its own one - ## - external: false - ## @param authProxy.oauthLoginURI OAuth Login URI to which the Kubeapps frontend redirects for authn - ## @param authProxy.oauthLogoutURI OAuth Logout URI to which the Kubeapps frontend redirects for authn - ## - oauthLoginURI: /oauth2/start - oauthLogoutURI: /oauth2/sign_out - ## @param authProxy.skipKubeappsLoginPage Skip the Kubeapps login page when using OIDC and directly redirect to the IdP - ## - skipKubeappsLoginPage: false - ## @param authProxy.provider OAuth provider - ## @param authProxy.clientID OAuth Client ID - ## @param authProxy.clientSecret OAuth Client secret - ## NOTE: Mandatory parameters for the internal auth-proxy - ## - provider: "" - clientID: "" - clientSecret: "" - ## @param authProxy.cookieSecret Secret used by oauth2-proxy to encrypt any credentials - ## NOTE: It must be a particular number of bytes. It's recommended using the following - ## script to generate a cookieSecret: - ## python -c 'import os,base64; print base64.urlsafe_b64encode(os.urandom(16))' - ## ref: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#generating-a-cookie-secret - ## - cookieSecret: "" - ## @param authProxy.cookieRefresh Duration after which to refresh the cookie - ## - cookieRefresh: 2m - ## @param authProxy.scope OAuth scope specification - ## - scope: "openid email groups" - ## @param authProxy.emailDomain Allowed email domains - ## Use "example.com" to restrict logins to emails from example.com - ## - emailDomain: "*" - ## @param authProxy.additionalFlags Additional flags for oauth2-proxy - ## ref: https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview - ## e.g: - ## additionalFlags: - ## - --ssl-insecure-skip-verify - ## - --cookie-secure=false - ## - --oidc-issuer-url=https://accounts.google.com # Only needed if provider is oidc - ## - additionalFlags: [] - ## @param authProxy.containerPort Auth Proxy HTTP container port - ## - containerPort: 3000 - ## Configure Container Security Context for Auth Proxy - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param authProxy.containerSecurityContext.enabled Enabled Auth Proxy containers' Security Context - ## @param authProxy.containerSecurityContext.runAsUser Set Auth Proxy container's Security Context runAsUser - ## @param authProxy.containerSecurityContext.runAsNonRoot Set Auth Proxy container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## OAuth2 Proxy containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param authProxy.resources.limits.cpu The CPU limits for the OAuth2 Proxy container - ## @param authProxy.resources.limits.memory The memory limits for the OAuth2 Proxy container - ## @param authProxy.resources.requests.cpu The requested CPU for the OAuth2 Proxy container - ## @param authProxy.resources.requests.memory The requested memory for the OAuth2 Proxy container - ## - resources: - limits: - cpu: 250m - memory: 128Mi - requests: - cpu: 25m - memory: 32Mi - -## @section Pinniped Proxy parameters - -## Pinniped Proxy configuration for converting user OIDC tokens to k8s client authorization certs -## NOTE: This component is alpha functionality in Kubeapps until we complete testing and documentation. -## -pinnipedProxy: - ## @param pinnipedProxy.enabled Specifies whether Kubeapps should configure Pinniped Proxy - ## - enabled: false - ## Bitnami Pinniped Proxy image - ## ref: https://hub.docker.com/r/bitnami/kubeapps-pinniped-proxy/tags/ - ## @param pinnipedProxy.image.registry Pinniped Proxy image registry - ## @param pinnipedProxy.image.repository Pinniped Proxy image repository - ## @param pinnipedProxy.image.tag Pinniped Proxy image tag (immutable tags are recommended) - ## @param pinnipedProxy.image.pullPolicy Pinniped Proxy image pull policy - ## @param pinnipedProxy.image.pullSecrets Pinniped Proxy image pull secrets - ## - image: - registry: docker.io - repository: bitnami/kubeapps-pinniped-proxy - tag: 2.4.0-debian-10-r18 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param pinnipedProxy.defaultPinnipedNamespace Specify the (default) namespace in which pinniped concierge is installed - ## - defaultPinnipedNamespace: pinniped-concierge - ## @param pinnipedProxy.defaultAuthenticatorType Specify the (default) authenticator type - ## - defaultAuthenticatorType: JWTAuthenticator - ## @param pinnipedProxy.defaultAuthenticatorName Specify the (default) authenticator name - ## - defaultAuthenticatorName: jwt-authenticator - ## @param pinnipedProxy.defaultPinnipedAPISuffix Specify the (default) API suffix - ## - defaultPinnipedAPISuffix: pinniped.dev - ## @param pinnipedProxy.containerPort Kubeops HTTP container port - ## - containerPort: 3333 - ## Configure Container Security Context for Pinniped Proxy - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param pinnipedProxy.containerSecurityContext.enabled Enabled Pinniped Proxy containers' Security Context - ## @param pinnipedProxy.containerSecurityContext.runAsUser Set Pinniped Proxy container's Security Context runAsUser - ## @param pinnipedProxy.containerSecurityContext.runAsNonRoot Set Pinniped Proxy container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## Pinniped Proxy containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param pinnipedProxy.resources.limits.cpu The CPU limits for the Pinniped Proxy container - ## @param pinnipedProxy.resources.limits.memory The memory limits for the Pinniped Proxy container - ## @param pinnipedProxy.resources.requests.cpu The requested CPU for the Pinniped Proxy container - ## @param pinnipedProxy.resources.requests.memory The requested memory for the Pinniped Proxy container - ## - resources: - limits: - cpu: 250m - memory: 128Mi - requests: - cpu: 25m - memory: 32Mi - -## @section Other Parameters - -## @param allowNamespaceDiscovery Allow users to discover available namespaces (only the ones they have access) -## NOTE: When set to true, Kubeapps creates a ClusterRole to be able to list namespaces. -## -allowNamespaceDiscovery: true -## @param clusters [array] List of clusters that Kubeapps can target for deployments -## When populated with a single cluster (as it is by default), Kubeapps will not allow users to -## change the target cluster. When populated with multiple clusters, Kubeapps will present the clusters to -## the user as potential targets for install or browsing. -## - Note that you can define a single cluster without an apiServiceURL and the chart will assume this is -## the name you are assigning to the cluster on which Kubeapps is itself installed. Specifying more than -## one cluster without an apiServiceURL will cause the chart display an error. -## - The base64-encoded certificateAuthorityData can be obtained from the additional cluster's kube config -## file, for example, to get the ca data for the 0th cluster in your config (adjust the index 0 as necessary): -## kubectl --kubeconfig ~/.kube/kind-config-kubeapps-additional config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}' -## - serviceToken is an optional token configured to allow LIST namespaces and package manifests (operators) only on the additional cluster -## so that the UI can present a list of (only) those namespaces to which the user has access and the available operators. -## - isKubeappsCluster is an optional parameter that allows defining the cluster in which Kubeapps is installed; -## this param is useful when every cluster is using an apiServiceURL (e.g., when using the Pinniped Impersonation Proxy) -## as the chart cannot infer the cluster on which Kubeapps is installed in that case. -## e.g.: -## clusters: -## - name: default -## domain: cluster.local -## - name: second-cluster -## domain: cluster.local -## apiServiceURL: https://second-cluster:6443 -## certificateAuthorityData: LS0tLS1CRUdJ... -## serviceToken: ... -## isKubeappsCluster: true -## -clusters: - - name: default - domain: cluster.local -## @param featureFlags [object] Feature flags (used to switch on development features) -## -featureFlags: - invalidateCache: true - kubeappsAPIsServer: true -## RBAC configuration -## -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - ## - create: true -## Image used for the tests -## Bitnami NGINX image -## ref: https://hub.docker.com/r/bitnami/nginx/tags/ -## @param testImage.registry NGINX image registry -## @param testImage.repository NGINX image repository -## @param testImage.tag NGINX image tag (immutable tags are recommended) -## @param testImage.pullPolicy NGINX image pull policy -## @param testImage.pullSecrets NGINX image pull secrets -## -testImage: - registry: docker.io - repository: bitnami/nginx - tag: 1.21.3-debian-10-r11 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - -## @section Database Parameters - -## PostgreSQL chart configuration -## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml -## -postgresql: - ## @param postgresql.enabled Deploy a PostgreSQL server to satisfy the applications database requirements - ## - enabled: true - ## @param postgresql.replication.enabled Enable replication for high availability - ## - replication: - enabled: true - ## @param postgresql.postgresqlDatabase Database name for Kubeapps to be created on the first run - ## - postgresqlDatabase: assets - ## @param postgresql.postgresqlPassword Password for 'postgres' user - ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run - ## - postgresqlPassword: "" - ## PostgreSQL Persistence parameters - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## @param postgresql.persistence.enabled Enable persistence on PostgreSQL using PVC(s) - ## @param postgresql.persistence.size Persistent Volume size - ## - persistence: - enabled: false - size: 8Gi - ## @param postgresql.securityContext.enabled Enabled PostgreSQL replicas pods' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - enabled: false - ## PostreSQL containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param postgresql.resources.limits The resources limits for the PostreSQL container - ## @param postgresql.resources.requests.cpu The requested CPU for the PostreSQL container - ## @param postgresql.resources.requests.memory The requested memory for the PostreSQL container - ## - resources: - limits: {} - requests: - memory: 256Mi - cpu: 250m - -## @section kubeappsapis parameters -kubeappsapis: - ## @param kubeappsapis.unsafeUseDemoSA If true, replace the user's credentials by a full-granted demo service account. Just intended for development purposes. - unsafeUseDemoSA: false - ## @param kubeappsapis.enabledPlugins Enabled plugins for the Kubeapps-APIs service - ## e.g: - ## enabledPlugins: - ## - helm - ## - fluxv2 - ## - kapp_controller - ## - enabledPlugins: - - helm - ## Bitnami Kubeapps-APIs image - ## ref: https://hub.docker.com/r/bitnami/kubeapps-apis/tags/ - ## @param kubeappsapis.image.registry Kubeapps-APIs image registry - ## @param kubeappsapis.image.repository Kubeapps-APIs image repository - ## @param kubeappsapis.image.tag Kubeapps-APIs image tag (immutable tags are recommended) - ## @param kubeappsapis.image.pullPolicy Kubeapps-APIs image pull policy - ## @param kubeappsapis.image.pullSecrets Kubeapps-APIs image pull secrets - ## - image: - registry: docker.io - repository: bitnami/kubeapps-apis - tag: 2.4.0-debian-10-r18 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param kubeappsapis.replicaCount Number of frontend replicas to deploy - ## - replicaCount: 1 - ## @param kubeappsapis.terminationGracePeriodSeconds The grace time period for sig term - ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution - ## - terminationGracePeriodSeconds: 300 - ## @param kubeappsapis.extraEnvVars Array with extra environment variables to add to the KubeappsAPIs container - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param kubeappsapis.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for the KubeappsAPIs container - ## - extraEnvVarsCM: "" - ## @param kubeappsapis.extraEnvVarsSecret Name of existing Secret containing extra env vars for the KubeappsAPIs container - ## - extraEnvVarsSecret: "" - ## @param kubeappsapis.containerPort KubeappsAPIs HTTP container port - ## - containerPort: 50051 - ## KubeappsAPIs containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param kubeappsapis.resources.limits.cpu The CPU limits for the KubeappsAPIs container - ## @param kubeappsapis.resources.limits.memory The memory limits for the KubeappsAPIs container - ## @param kubeappsapis.resources.requests.cpu The requested CPU for the KubeappsAPIs container - ## @param kubeappsapis.resources.requests.memory The requested memory for the KubeappsAPIs container - ## - resources: - limits: - cpu: 250m - memory: 256Mi - requests: - cpu: 25m - memory: 32Mi - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param kubeappsapis.podSecurityContext.enabled Enabled KubeappsAPIs pods' Security Context - ## @param kubeappsapis.podSecurityContext.fsGroup Set KubeappsAPIs pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param kubeappsapis.containerSecurityContext.enabled Enabled KubeappsAPIs containers' Security Context - ## @param kubeappsapis.containerSecurityContext.runAsUser Set KubeappsAPIs container's Security Context runAsUser - ## @param kubeappsapis.containerSecurityContext.runAsNonRoot Set KubeappsAPIs container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## Configure extra options for KubeappsAPIs containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param kubeappsapis.livenessProbe.enabled Enable livenessProbe - ## @skip kubeappsapis.livenessProbe.httpGet - ## @param kubeappsapis.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param kubeappsapis.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param kubeappsapis.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param kubeappsapis.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param kubeappsapis.livenessProbe.successThreshold Success threshold for livenessProbe - ## KubeappsAPIs containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## - livenessProbe: - enabled: true - httpGet: - path: /core/plugins/v1alpha1/configured-plugins - port: 50051 - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param kubeappsapis.readinessProbe.enabled Enable readinessProbe - ## @skip kubeappsapis.readinessProbe.httpGet - ## @param kubeappsapis.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param kubeappsapis.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param kubeappsapis.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param kubeappsapis.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param kubeappsapis.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - httpGet: - path: /core/plugins/v1alpha1/configured-plugins - port: 50051 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - ## @param kubeappsapis.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param kubeappsapis.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## @param kubeappsapis.lifecycleHooks Custom lifecycle hooks for KubeappsAPIs containers - ## - lifecycleHooks: {} - ## @param kubeappsapis.podLabels Extra labels for KubeappsAPIs pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param kubeappsapis.podAnnotations Annotations for KubeappsAPIs pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param kubeappsapis.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param kubeappsapis.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## nodeAffinityPreset Node affinity preset - ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param kubeappsapis.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param kubeappsapis.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param kubeappsapis.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param kubeappsapis.affinity Affinity for pod assignment - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: kubeappsapis.podAffinityPreset, kubeappsapis.podAntiAffinityPreset, and kubeappsapis.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param kubeappsapis.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param kubeappsapis.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param kubeappsapis.priorityClassName Priority class name for KubeappsAPIs pods - ## - priorityClassName: "" - ## @param kubeappsapis.hostAliases Custom host aliases for KubeappsAPIs pods - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## kubeappsapis service parameters - ## - service: - ## @param kubeappsapis.service.port KubeappsAPIs service HTTP port - ## - port: 8080 - ## @param kubeappsapis.service.annotations Additional custom annotations for KubeappsAPIs service - ## - annotations: {} - -## @section Redis™ chart configuration -## ref: https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml -## -redis: - ## @param redis.redisPassword Password used in Redis™ - ## ref: https://github.com/bitnami/bitnami-docker-redis/blob/master/README.md#setting-the-server-password-on-first-run - ## - redisPassword: "" - ## @param redis.enabled Enable the Redis™ deployment when deploying Kubeapps APIs. - ## We currently have the situation that Redis is required for the fluxv2 plugin only. - ## Until such a point that we're releasing with the fluxv2 plugin enabled, or the - ## plugin cache support has been generalised so all plugins use Redis, we'll need - ## to manually enable this in dev while ensuring it is false for releases (as it - ## is a conditional dependency in the Chart.yaml). - enabled: false - replica: - ## @param redis.replica.replicaCount Number of Redis™ replicas to deploy - replicaCount: 0 diff --git a/bitnami/kubernetes-event-exporter/.helmignore b/bitnami/kubernetes-event-exporter/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/bitnami/kubernetes-event-exporter/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/bitnami/logstash/.helmignore b/bitnami/logstash/.helmignore deleted file mode 100644 index ff5fca4..0000000 --- a/bitnami/logstash/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -files/conf/README.md \ No newline at end of file diff --git a/bitnami/logstash/Chart.lock b/bitnami/logstash/Chart.lock deleted file mode 100644 index 9a19191..0000000 --- a/bitnami/logstash/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:6d608d323ac01a7950ba64fa7caf4169a5d9d33e442c99e23e123caaf303b6b9 -generated: "2021-09-21T18:58:35.840847044Z" diff --git a/bitnami/logstash/Chart.yaml b/bitnami/logstash/Chart.yaml deleted file mode 100644 index 136122e..0000000 --- a/bitnami/logstash/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - category: LogManagement -apiVersion: v2 -appVersion: 7.15.0 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite "stash". -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/logstash -icon: https://bitnami.com/assets/stacks/logstash/img/logstash-stack-220x234.png -keywords: - - logstash - - logging - - elk -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: logstash -sources: - - https://github.com/bitnami/bitnami-docker-logstash - - https://www.elastic.co/products/logstash -version: 3.6.7 diff --git a/bitnami/logstash/README.md b/bitnami/logstash/README.md deleted file mode 100644 index 88364f8..0000000 --- a/bitnami/logstash/README.md +++ /dev/null @@ -1,310 +0,0 @@ -# Logstash - -[Logstash](https://www.elastic.co/products/logstash) is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite "stash". - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/logstash -``` - -## Introduction - -This chart bootstraps a [logstash](https://github.com/bitnami/bitnami-docker-logstash) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/logstash -``` - -These commands deploy logstash on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` statefulset: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. Use the option `--purge` to delete all history too. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | ---------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override logstash.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override logstash.fullname template | `""` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### Logstash parameters - -| Name | Description | Value | -| --------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | --------------------------- | -| `image.registry` | Logstash image registry | `docker.io` | -| `image.repository` | Logstash image repository | `bitnami/logstash` | -| `image.tag` | Logstash image tag (immutable tags are recommended) | `7.15.0-debian-10-r0` | -| `image.pullPolicy` | Logstash image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `configFileName` | Logstash configuration file name. It must match the name of the configuration file mounted as a configmap. | `logstash.conf` | -| `enableMonitoringAPI` | Whether to enable the Logstash Monitoring API or not Kubernetes cluster domain | `true` | -| `monitoringAPIPort` | Logstash Monitoring API Port | `9600` | -| `extraEnvVars` | Array containing extra env vars to configure Logstash | `[]` | -| `extraEnvVarsSecret` | To add secrets to environment | `""` | -| `extraEnvVarsCM` | To add configmaps to environment | `""` | -| `input` | Input Plugins configuration | `""` | -| `filter` | Filter Plugins configuration | `""` | -| `output` | Output Plugins configuration | `""` | -| `existingConfiguration` | Name of existing ConfigMap object with the Logstash configuration (`input`, `filter`, and `output` will be ignored). | `""` | -| `enableMultiplePipelines` | Allows user to use multiple pipelines | `false` | -| `extraVolumes` | Array to add extra volumes (evaluated as a template) | `[]` | -| `extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes, evaluated as a template) | `[]` | -| `containerPorts` | Array containing the ports to open in the Logstash container | `[]` | -| `replicaCount` | Number of Logstash replicas to deploy | `1` | -| `updateStrategy` | Update strategy (`RollingUpdate`, or `OnDelete`) | `RollingUpdate` | -| `podManagementPolicy` | Pod management policy | `OrderedReady` | -| `podAnnotations` | Pod annotations | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `priorityClassName` | Pod priority | `""` | -| `securityContext.enabled` | Enable security context for Logstash | `true` | -| `securityContext.fsGroup` | Group ID for the Logstash filesystem | `1001` | -| `securityContext.runAsUser` | User ID for the Logstash container | `1001` | -| `resources.limits` | The resources limits for the Logstash container | `{}` | -| `resources.requests` | The requested resources for the Logstash container | `{}` | -| `livenessProbe.httpGet.path` | Request path for livenessProbe | `/` | -| `livenessProbe.httpGet.port` | Port for livenessProbe | `monitoring` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.httpGet.path` | Request path for readinessProbe | `/` | -| `readinessProbe.httpGet.port` | Port for readinessProbe | `monitoring` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `lifecycle` | Logstash pods' lifecycle hooks | `{}` | -| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) | `ClusterIP` | -| `service.ports.http` | Logstash svc ports | `{}` | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `""` | -| `service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `service.externalTrafficPolicy` | External traffic policy, configure to Local to preserve client source IP when using an external loadBalancer | `""` | -| `service.clusterIP` | Static clusterIP or None for headless services | `""` | -| `service.annotations` | Annotations for Logstash service | `{}` | -| `persistence.enabled` | Enable Logstash data persistence using PVC | `false` | -| `persistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` | -| `persistence.storageClass` | PVC Storage Class for Logstash data volume | `""` | -| `persistence.accessModes` | PVC Access Mode for Logstash data volume | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for Logstash data volume | `2Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `persistence.mountPath` | Mount path of the Logstash data volume | `/bitnami/logstash/data` | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions init container | `0` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r200` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | -| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `logstash.local` | -| `ingress.path` | The Path to Logstash. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | -| `metrics.image.registry` | Logstash Relay image registry | `docker.io` | -| `metrics.image.repository` | Logstash Relay image repository | `bitnami/logstash-exporter` | -| `metrics.image.tag` | Logstash Relay image tag (immutable tags are recommended) | `7.3.0-debian-10-r306` | -| `metrics.image.pullPolicy` | Logstash Relay image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources.limits` | The resources limits for the Logstash Prometheus Exporter container | `{}` | -| `metrics.resources.requests` | The requested resources for the Logstash Prometheus Exporter container | `{}` | -| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | -| `metrics.livenessProbe.httpGet.path` | Request path for livenessProbe | `/metrics` | -| `metrics.livenessProbe.httpGet.port` | Port for livenessProbe | `metrics` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `metrics.livenessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.readinessProbe.httpGet.path` | Request path for readinessProbe | `/metrics` | -| `metrics.readinessProbe.httpGet.port` | Port for readinessProbe | `metrics` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.service.type` | Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) | `ClusterIP` | -| `metrics.service.port` | Logstash Prometheus port | `9198` | -| `metrics.service.nodePort` | Kubernetes HTTP node port | `""` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `""` | -| `metrics.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `None` | -| `metrics.service.annotations` | Annotations for the Prometheus metrics service | `{}` | -| `podDisruptionBudget.create` | If true, create a pod disruption budget for pods. | `false` | -| `podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | -| `podDisruptionBudget.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `""` | -| `initContainers` | Extra containers to run before logstash for initialization purposes like custom plugin install. | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set enableMonitoringAPI=false bitnami/logstash -``` - -The above command disables the Logstash Monitoring API. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/logstash -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Expose the Logstash service - -The service(s) created by the deployment can be exposed within or outside the cluster using any of the following approaches: - -- **Ingress**: Set `ingress.enabled=true` to expose Logstash through Ingress. -- **ClusterIP**: Set `service.type=ClusterIP` to choose this service type. -- **NodePort**: Set `service.type=NodePort` to choose this service type. -- **LoadBalancer**: Set `service.type=LoadBalancer` to choose this service type. - -For more information, refer to the [chart documentation on exposing the Logstash service](https://docs.bitnami.com/kubernetes/apps/logstash/get-started/expose-service/). - -### Use custom configuration - -By default, this Helm chart provides a basic configuration for Logstash: listening to HTTP requests on port 8080 and writing them to the standard output. - -This Logstash configuration can be adjusted using the *input*, *filter*, and *output* parameters, which allow specification of the input, filter and output plugins configuration respectively. In addition to these options, the chart also supports reading configuration from an external ConfigMap via the *existingConfiguration* parameter. - -Refer to the [chart documentation for more information on customizing the Logstash deployment](https://docs.bitnami.com/kubernetes/apps/logstash/configuration/customize-deployment/). - -### Create and use multiple pipelines - -The chart supports the use of [multiple pipelines](https://www.elastic.co/guide/en/logstash/master/multiple-pipelines.html) by setting the *enableMultiplePipelines* parameter to *true*. - -To do this, place the *pipelines.yml* file in the *files/conf* directory, together with the rest of the desired configuration files. If the *enableMultiplePipelines* parameter is set to *true* but the *pipelines.yml* file does not exist in the mounted volume, a dummy file is created using the default configuration (a single pipeline). - -The chart also supports setting an external ConfigMap with all the configuration files via the *existingConfiguration* parameter. - -For more information and an example, refer to the chart documentation on [using multiple pipelines](https://docs.bitnami.com/kubernetes/apps/logstash/configuration/use-multiple-pipelines/). - -### Add extra environment variables - -To add extra environment variables, use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: ELASTICSEARCH_HOST - value: "x.y.z" -``` - -To add extra environment variables from an external ConfigMap or secret, use the `extraEnvVarsCM` and `extraEnvVarsSecret` properties. Note that the secret and ConfigMap should be already available in the namespace. - -```yaml -extraEnvVarsSecret: logstash-secrets -extraEnvVarsCM: logstash-configmap -``` - -### Set Pod affinity - -This chart allows you to set custom Pod affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami Logstash](https://github.com/bitnami/bitnami-docker-logstash) image stores the Logstash data at the `/bitnami/logstash/data` path of the container. - -Persistent Volume Claims (PVCs) are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. - -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 3.0.0 - -This version standardizes the way of defining Ingress rules. When configuring a single hostname for the Ingress rule, set the `ingress.hostname` value. When defining more than one, set the `ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading. - -### To 2.0.0 - -This version drops support of including files in the `files/` folder, as it was working only under certain circumstances and the chart already provides alternative mechanisms like the `input` , `output` and `filter`, the `existingConfiguration` or the `extraDeploy` values. - -### To 1.2.0 - -This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). Subsequently, a major version of the chart was released to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/apps/logstash/administration/upgrade-helm3/). diff --git a/bitnami/logstash/ci/values-with-metrics-and-ingress.yaml b/bitnami/logstash/ci/values-with-metrics-and-ingress.yaml deleted file mode 100644 index d2d2e04..0000000 --- a/bitnami/logstash/ci/values-with-metrics-and-ingress.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct - -ingress: - enabled: true - tls: [] - -podDisruptionBudget: - create: true - -metrics: - enabled: true diff --git a/bitnami/logstash/templates/NOTES.txt b/bitnami/logstash/templates/NOTES.txt deleted file mode 100644 index 0af8755..0000000 --- a/bitnami/logstash/templates/NOTES.txt +++ /dev/null @@ -1,62 +0,0 @@ -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/bitnami/scripts/logstash/entrypoint.sh /opt/bitnami/scripts/logstash/run.sh - -{{- else }} - -Logstash can be accessed through following DNS names from within your cluster: - - Logstash: {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - {{- if .Values.metrics.enabled }} - Logstash Prometheus Metrics: {{ include "common.names.fullname" . }}-metrics.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.metrics.service.port }}) - {{- end }} - -To access Logstash from outside the cluster execute the following commands: - -{{- if .Values.ingress.enabled }} - - You should be able to access your new Logstash server(s) through: - - curl {{ if .Values.ingress.tls }}https{{- else }}http{{ end }}://{{ .Values.ingress.hostname }} - -{{- else if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "http://${NODE_IP}:${NODE_PORT}" - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}' - export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}) - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo "http://${SERVICE_IP}:${SERVICE_PORT}" - -{{- else if contains "ClusterIP" .Values.service.type }} - - export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}) - kubectl port-forward svc/{{ include "common.names.fullname" . }} ${SERVICE_PORT}:${SERVICE_PORT} & - echo "http://127.0.0.1:${SERVICE_PORT}" - -{{- end }} -{{- end }} - -{{- include "logstash.validateValues" . }} -{{- include "logstash.checkRollingTags" . }} diff --git a/bitnami/logstash/templates/_helpers.tpl b/bitnami/logstash/templates/_helpers.tpl deleted file mode 100644 index 6a737c6..0000000 --- a/bitnami/logstash/templates/_helpers.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Logstash image name -*/}} -{{- define "logstash.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Prometheus metrics image name -*/}} -{{- define "logstash.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "logstash.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the Logstash configuration configmap. -*/}} -{{- define "logstash.configmapName" -}} -{{- if .Values.existingConfiguration -}} - {{- printf "%s" (tpl .Values.existingConfiguration $) -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "logstash.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "logstash.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "logstash.validateValues.metrics" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Logstash - Monitoring API must be enabled when metrics are enabled */}} -{{- define "logstash.validateValues.metrics" -}} -{{- if and .Values.metrics.enabled (not .Values.enableMonitoringAPI) -}} -logstash: metrics - The Logstash Monitoring API must be enabled when metrics are enabled (metrics.enabled=true). - Please enable the Montoring API (--set enableMonitoringAPI="true") -{{- end -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "logstash.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} diff --git a/bitnami/logstash/templates/configuration-cm.yaml b/bitnami/logstash/templates/configuration-cm.yaml deleted file mode 100644 index 1157f55..0000000 --- a/bitnami/logstash/templates/configuration-cm.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{ if and (or .Values.input .Values.filter .Values.output) (not .Values.existingConfiguration) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -data: -{{- if (or .Values.input .Values.filter .Values.output) }} - logstash.conf: |- -{{- if .Values.input }} - input { - {{- include "common.tplvalues.render" (dict "value" .Values.input "context" $) | nindent 6 }} - } -{{- end }} -{{- if .Values.filter }} - filter { - {{- include "common.tplvalues.render" (dict "value" .Values.filter "context" $) | nindent 6 }} - } -{{- end }} -{{- if .Values.output }} - output { - {{- include "common.tplvalues.render" (dict "value" .Values.output "context" $) | nindent 6 }} - } -{{- end }} -{{ end }} -{{ end }} diff --git a/bitnami/logstash/templates/headless-svc.yaml b/bitnami/logstash/templates/headless-svc.yaml deleted file mode 100644 index b320726..0000000 --- a/bitnami/logstash/templates/headless-svc.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-headless" (include "common.names.fullname" .) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - type: ClusterIP - clusterIP: None - ports: - {{- range $key, $value := .Values.service.ports }} - - name: {{ $key }} -{{ toYaml $value | indent 6 }} - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/logstash/templates/ingress.yaml b/bitnami/logstash/templates/ingress.yaml deleted file mode 100644 index 38315c3..0000000 --- a/bitnami/logstash/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - {{- range .Values.ingress.extraHosts }} - - {{ .name }} - {{- end }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/logstash/templates/metrics-svc.yaml b/bitnami/logstash/templates/metrics-svc.yaml deleted file mode 100644 index 3ae614e..0000000 --- a/bitnami/logstash/templates/metrics-svc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - labels: {{ include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if and .Values.metrics.service.loadBalancerIP (eq .Values.metrics.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "ClusterIP") .Values.metrics.service.clusterIP }} - clusterIP: {{ .Values.metrics.service.clusterIP }} - {{- end }} - ports: - - port: {{ .Values.metrics.service.port }} - targetPort: metrics - protocol: TCP - name: metrics - {{- if (and (or (eq .Values.metrics.service.type "NodePort") (eq .Values.metrics.service.type "LoadBalancer")) (not (empty .Values.metrics.service.nodePort)))}} - nodePort: {{ .Values.metrics.service.nodePort }} - {{- else if eq .Values.metrics.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} -{{- end }} diff --git a/bitnami/logstash/templates/pdb.yaml b/bitnami/logstash/templates/pdb.yaml deleted file mode 100644 index a52baf0..0000000 --- a/bitnami/logstash/templates/pdb.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.podDisruptionBudget.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - {{- if .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/bitnami/logstash/templates/servicemonitor.yaml b/bitnami/logstash/templates/servicemonitor.yaml deleted file mode 100644 index 3a552e6..0000000 --- a/bitnami/logstash/templates/servicemonitor.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - endpoints: - - port: metrics - path: "/metrics" - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/logstash/templates/sts.yaml b/bitnami/logstash/templates/sts.yaml deleted file mode 100644 index 84cddf6..0000000 --- a/bitnami/logstash/templates/sts.yaml +++ /dev/null @@ -1,202 +0,0 @@ -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - replicas: {{ .Values.replicaCount }} - podManagementPolicy: {{ .Values.podManagementPolicy }} - updateStrategy: - type: {{ .Values.updateStrategy }} - {{- if (eq "OnDelete" .Values.updateStrategy) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - annotations: - checksum/configuration: {{ include (print $.Template.BasePath "/configuration-cm.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "logstash.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if or (and .Values.securityContext.enabled .Values.volumePermissions.enabled .Values.persistence.enabled) (.Values.initContainers) }} - initContainers: - {{- if and .Values.securityContext.enabled .Values.volumePermissions.enabled }} - - name: volume-permissions - image: {{ include "logstash.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} "{{ .Values.persistence.mountPath }}" - securityContext: {{ .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: logstash - image: {{ include "logstash.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if .Values.configFileName }} - - name: LOGSTASH_CONF_FILENAME - value: {{ .Values.configFileName | quote }} - {{- end }} - - name: LOGSTASH_ENABLE_MULTIPLE_PIPELINES - value: {{ ternary "true" "false" .Values.enableMultiplePipelines | quote }} - - name: LOGSTASH_EXPOSE_API - value: {{ ternary "yes" "no" .Values.enableMonitoringAPI | quote }} - - name: LOGSTASH_API_PORT_NUMBER - value: {{ .Values.monitoringAPIPort | quote }} - {{- if .Values.persistence.enabled }} - - name: LOGSTASH_DATA_DIR - value: {{ .Values.persistence.mountPath }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.extraEnvVarsCM }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.extraEnvVarsSecret }} - {{- end }} - {{- if .Values.containerPorts }} - ports: {{ toYaml .Values.containerPorts | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.livenessProbe }} - livenessProbe: {{- toYaml .Values.livenessProbe | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe }} - readinessProbe: {{- toYaml .Values.readinessProbe | nindent 12 }} - {{- end }} - {{- if .Values.lifecycle }} - lifecycle: {{- include "common.tplvalues.render" ( dict "value" .Values.lifecycle "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.persistence.enabled }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- if or .Values.input .Values.filter .Values.output .Values.existingConfiguration }} - - name: configurations - mountPath: /bitnami/logstash/config - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "logstash.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else }} - command: - - bash - - -c - - | - sleep 60 - exec logstash_exporter --logstash.endpoint=http://127.0.0.1:{{ .Values.monitoringAPIPort }} --web.listen-address=:9198 - {{- end }} - ports: - - name: metrics - containerPort: 9198 - protocol: TCP - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.livenessProbe }} - livenessProbe: {{- toYaml .Values.metrics.livenessProbe | nindent 12 }} - {{- end }} - {{- if .Values.metrics.readinessProbe }} - readinessProbe: {{- toYaml .Values.metrics.readinessProbe | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- end }} - volumes: - {{- if or .Values.input .Values.filter .Values.output .Values.existingConfiguration }} - - name: configurations - configMap: - name: {{ include "logstash.configmapName" . }} - {{- end }} - {{- if and .Values.persistence.enabled }} - - name: data - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - {{- if .Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - {{- end }} diff --git a/bitnami/logstash/templates/svc.yaml b/bitnami/logstash/templates/svc.yaml deleted file mode 100644 index 70f18ad..0000000 --- a/bitnami/logstash/templates/svc.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and .Values.service.externalTrafficPolicy (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - {{- range $key, $value := .Values.service.ports }} - - name: {{ $key }} -{{ toYaml $value | indent 6 }} - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/logstash/templates/tls-secret.yaml b/bitnami/logstash/templates/tls-secret.yaml deleted file mode 100644 index 35b4b82..0000000 --- a/bitnami/logstash/templates/tls-secret.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- else if and .Values.ingress.tls (not .Values.ingress.certManager) }} -{{- $ca := genCA "logstash-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/logstash/values.yaml b/bitnami/logstash/values.yaml deleted file mode 100644 index d777cf7..0000000 --- a/bitnami/logstash/values.yaml +++ /dev/null @@ -1,687 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override logstash.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override logstash.fullname template -## -fullnameOverride: "" -## @param clusterDomain Default Kubernetes cluster domain -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). -## -extraDeploy: [] - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @section Logstash parameters - -## Bitnami Logstash image -## ref: https://hub.docker.com/r/bitnami/logstash/tags/ -## @param image.registry Logstash image registry -## @param image.repository Logstash image repository -## @param image.tag Logstash image tag (immutable tags are recommended) -## @param image.pullPolicy Logstash image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/logstash - tag: 7.15.0-debian-10-r0 - ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param configFileName Logstash configuration file name. It must match the name of the configuration file mounted as a configmap. -## -configFileName: logstash.conf -## @param enableMonitoringAPI Whether to enable the Logstash Monitoring API or not Kubernetes cluster domain -## -enableMonitoringAPI: true -## @param monitoringAPIPort Logstash Monitoring API Port -## -monitoringAPIPort: 9600 -## @param extraEnvVars Array containing extra env vars to configure Logstash -## For example: -## extraEnvVars: -## - name: ELASTICSEARCH_HOST -## value: "x.y.z" -## -extraEnvVars: [] -## @param extraEnvVarsSecret To add secrets to environment -## -extraEnvVarsSecret: "" -## @param extraEnvVarsCM To add configmaps to environment -## -extraEnvVarsCM: "" -## @param input [string] Input Plugins configuration -## ref: https://www.elastic.co/guide/en/logstash/current/input-plugins.html -## -input: |- - # udp { - # port => 1514 - # type => syslog - # } - # tcp { - # port => 1514 - # type => syslog - # } - http { port => 8080 } -## @param filter Filter Plugins configuration -## ref: https://www.elastic.co/guide/en/logstash/current/filter-plugins.html -## e.g: -## filter: |- -## grok { -## match => { "message" => "%{COMBINEDAPACHELOG}" } -## } -## date { -## match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] -## } -## -filter: "" -## @param output [string] Output Plugins configuration -## ref: https://www.elastic.co/guide/en/logstash/current/output-plugins.html -## -output: |- - # elasticsearch { - # hosts => ["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] - # manage_template => false - # index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" - # } - # gelf { - # host => "${GRAYLOG_HOST}" - # port => ${GRAYLOG_PORT} - # } - stdout {} -## @param existingConfiguration Name of existing ConfigMap object with the Logstash configuration (`input`, `filter`, and `output` will be ignored). -## -existingConfiguration: "" -## @param enableMultiplePipelines Allows user to use multiple pipelines -## ref: https://www.elastic.co/guide/en/logstash/master/multiple-pipelines.html -## -enableMultiplePipelines: false -## @param extraVolumes Array to add extra volumes (evaluated as a template) -## extraVolumes: -## - name: myvolume -## configMap: -## name: myconfigmap -## -extraVolumes: [] -## @param extraVolumeMounts Array to add extra mounts (normally used with extraVolumes, evaluated as a template) -## extraVolumeMounts: -## - mountPath: /opt/bitnami/desired-path -## name: myvolume -## readOnly: true -## -extraVolumeMounts: [] -## @param containerPorts [array] Array containing the ports to open in the Logstash container -## -containerPorts: - ## - name: syslog-udp - ## containerPort: 1514 - ## protocol: UDP - ## - name: syslog-tcp - ## containerPort: 1514 - ## protocol: TCP - ## - - name: http - containerPort: 8080 - protocol: TCP - - name: monitoring - containerPort: 9600 - protocol: TCP -## @param replicaCount Number of Logstash replicas to deploy -## -replicaCount: 1 -## @param updateStrategy Update strategy (`RollingUpdate`, or `OnDelete`) -## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets -## -updateStrategy: RollingUpdate -## @param podManagementPolicy Pod management policy -## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies -## -podManagementPolicy: OrderedReady -## @param podAnnotations Pod annotations -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param priorityClassName Pod priority -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## K8s Security Context for Logstash pods -## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## @param securityContext.enabled Enable security context for Logstash -## @param securityContext.fsGroup Group ID for the Logstash filesystem -## @param securityContext.runAsUser User ID for the Logstash container -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 -## Logstash containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the Logstash container -## @param resources.requests The requested resources for the Logstash container -## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} -## Logstash pods' liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.httpGet.path Request path for livenessProbe -## @param livenessProbe.httpGet.port Port for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - httpGet: - path: / - port: monitoring - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 -## Logstash pods' readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.httpGet.path Request path for readinessProbe -## @param readinessProbe.httpGet.port Port for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - httpGet: - path: / - port: monitoring - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 -## @param lifecycle Logstash pods' lifecycle hooks -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/ -## e.g: -## preStop: -## exec: -## command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] -## postStart: -## exec: -## command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] -## -lifecycle: {} -## Service parameters -## -service: - ## @param service.type Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) - ## - type: ClusterIP - ## @param service.ports.http [object] Logstash svc ports - ## - ports: - ## syslog-udp: - ## port: 1514 - ## targetPort: syslog-udp - ## protocol: UDP - ## syslog-tcp: - ## port: 1514 - ## targetPort: syslog-tcp - ## protocol: TCP - ## - http: - port: 8080 - targetPort: http - protocol: TCP - ## @param service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy External traffic policy, configure to Local to preserve client source IP when using an external loadBalancer - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: "" - ## @param service.clusterIP Static clusterIP or None for headless services - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.annotations Annotations for Logstash service - ## - annotations: {} -## Persistence parameters -## -persistence: - ## @param persistence.enabled Enable Logstash data persistence using PVC - ## - enabled: false - ## @param persistence.existingClaim A manually managed Persistent Volume and Claim - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template - ## - existingClaim: "" - ## @param persistence.storageClass PVC Storage Class for Logstash data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param persistence.accessModes PVC Access Mode for Logstash data volume - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for Logstash data volume - ## - size: 2Gi - ## @param persistence.annotations Annotations for the PVC - ## - annotations: {} - ## @param persistence.mountPath Mount path of the Logstash data volume - ## - mountPath: /bitnami/logstash/data -## Init Container parameters -## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component -## values from the securityContext section of the component -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` - ## - enabled: false - ## The security context for the volumePermissions init container - ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions init container - ## - securityContext: - runAsUser: 0 - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r200 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init Container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits Init container volume-permissions resource limits - ## @param volumePermissions.resources.requests Init container volume-permissions resource requests - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} -## Configure the ingress resource that allows you to access the -## Logstash installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: logstash.local - ## @param ingress.path The Path to Logstash. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: logstash.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - logstash.local - ## secretName: logstash.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - secrets: [] - ## - name: logstash.local-tls - ## key: - ## certificate: - ## -## Prometheus metrics -## -metrics: - ## @param metrics.enabled Enable the export of Prometheus metrics - ## - enabled: false - ## Bitnami Logstash Promtheus Exporter image - ## ref: https://hub.docker.com/r/bitnami/logstash-exporter/tags/ - ## @param metrics.image.registry Logstash Relay image registry - ## @param metrics.image.repository Logstash Relay image repository - ## @param metrics.image.tag Logstash Relay image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Logstash Relay image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/logstash-exporter - tag: 7.3.0-debian-10-r306 - ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Logstash Prometheus Exporter containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for the Logstash Prometheus Exporter container - ## @param metrics.resources.requests The requested resources for the Logstash Prometheus Exporter container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## e.g: - ## namespace: monitoring - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.selector ServiceMonitor selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## Logstash Prometheus Exporter containers' liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param metrics.livenessProbe.httpGet.path Request path for livenessProbe - ## @param metrics.livenessProbe.httpGet.port Port for livenessProbe - ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param metrics.livenessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.livenessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.livenessProbe.successThreshold Success threshold for readinessProbe - ## - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - ## Logstash Prometheus Exporter containers' readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param metrics.readinessProbe.httpGet.path Request path for readinessProbe - ## @param metrics.readinessProbe.httpGet.port Port for readinessProbe - ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 6 - service: - ## @param metrics.service.type Kubernetes service type (`ClusterIP`, `NodePort` or `LoadBalancer`) - ## - type: ClusterIP - ## @param metrics.service.port Logstash Prometheus port - ## - port: 9198 - ## @param metrics.service.nodePort Kubernetes HTTP node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param metrics.service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param metrics.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - loadBalancerSourceRanges: [] - ## @param metrics.service.clusterIP Static clusterIP or None for headless services - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address - ## - clusterIP: None - ## @param metrics.service.annotations [object] Annotations for the Prometheus metrics service - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9198" - prometheus.io/path: "/metrics" -## Pod disruption budget configuration -## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ -## @param podDisruptionBudget.create If true, create a pod disruption budget for pods. -## @param podDisruptionBudget.minAvailable Minimum number / percentage of pods that should remain scheduled -## @param podDisruptionBudget.maxUnavailable Maximum number / percentage of pods that may be made unavailable -## -podDisruptionBudget: - create: false - minAvailable: 1 - maxUnavailable: "" -## @param initContainers Extra containers to run before logstash for initialization purposes like custom plugin install. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## -initContainers: [] diff --git a/bitnami/magento/Chart.lock b/bitnami/magento/Chart.lock deleted file mode 100644 index 457f17d..0000000 --- a/bitnami/magento/Chart.lock +++ /dev/null @@ -1,12 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.6.0 -- name: elasticsearch - repository: https://charts.bitnami.com/bitnami - version: 17.0.3 -digest: sha256:4ed5778a4a5bf64af885c52701cdb73fe66f3f16553c8665779bde951cc51701 -generated: "2021-09-25T12:37:37.81411378Z" diff --git a/bitnami/magento/Chart.yaml b/bitnami/magento/Chart.yaml deleted file mode 100644 index 060db54..0000000 --- a/bitnami/magento/Chart.yaml +++ /dev/null @@ -1,38 +0,0 @@ -annotations: - category: E-Commerce -apiVersion: v2 -appVersion: 2.4.3 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - tags: - - magento-database - version: 9.x.x - - condition: elasticsearch.enabled - name: elasticsearch - repository: https://charts.bitnami.com/bitnami - version: 17.x.x -description: A feature-rich flexible e-commerce solution. It includes transaction options, multi-store functionality, loyalty programs, product categorization and shopper filtering, promotion rules, and more. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/magento -icon: https://bitnami.com/assets/stacks/magento/img/magento-stack-220x234.png -keywords: - - magento - - e-commerce - - http - - web - - php -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: magento -sources: - - https://github.com/bitnami/bitnami-docker-magento - - https://magento.com/ -version: 19.0.1 diff --git a/bitnami/magento/README.md b/bitnami/magento/README.md deleted file mode 100644 index d67e9e8..0000000 --- a/bitnami/magento/README.md +++ /dev/null @@ -1,743 +0,0 @@ -# Magento - -[Magento](https://magento.org/) is a feature-rich flexible e-commerce solution. It includes transaction options, multi-store functionality, loyalty programs, product categorization and shopper filtering, promotion rules, and more. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/magento -``` - -## Introduction - -This chart bootstraps a [Magento](https://github.com/bitnami/bitnami-docker-magento) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment as a database for the Magento application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/magento -``` - -The command deploys Magento on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ---------------------------------------------------------------------------- | ----- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override magento.fullname template | `""` | -| `fullnameOverride` | String to fully override magento.fullname template | `""` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `[]` | - - -### Magento parameters - -| Name | Description | Value | -| ------------------------------------ | -------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | Magento image registry | `docker.io` | -| `image.repository` | Magento image repository | `bitnami/magento` | -| `image.tag` | Magento image tag (immutable tags are recommended) | `2.4.3-debian-10-r27` | -| `image.pullPolicy` | Magento image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `replicaCount` | Number of Magento Pods to run | `1` | -| `magentoSkipInstall` | Skip Magento installation wizard. Useful for migrations and restoring from SQL dump | `false` | -| `magentoHost` | Magento host to create application URLs | `""` | -| `magentoUsername` | User of the application | `user` | -| `magentoPassword` | Application password | `""` | -| `magentoEmail` | Admin email | `user@example.com` | -| `magentoFirstName` | Magento Admin First Name | `""` | -| `magentoLastName` | Magento Admin Last Name | `""` | -| `magentoAdminUri` | Magento prefix to access Magento Admin | `""` | -| `magentoMode` | Magento mode | `""` | -| `magentoExtraInstallArgs` | Magento extra install args | `""` | -| `magentoDeployStaticContent` | Deploy static content during the first deployment, to optimize page load time | `false` | -| `magentoUseHttps` | Use SSL to access the Magento Store. Valid values: `true`, `false` | `false` | -| `magentoUseSecureAdmin` | Use SSL to access the Magento Admin. Valid values: `true`, `false` | `false` | -| `magentoSkipReindex` | Skip Magento Indexer reindex step during the initialization. Valid values: `true`, `false` | `false` | -| `allowEmptyPassword` | Allow DB blank passwords | `false` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `extraEnvVars` | Extra environment variables | `[]` | -| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | -| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes` | `[]` | -| `extraContainerPorts` | Array of additional container ports for the Magento container | `[]` | -| `initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` | -| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `existingSecret` | Name of a secret with the application password | `""` | -| `containerPorts` | Container ports | `{}` | -| `sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `resources.limits` | The resources limits for the Magento container | `{}` | -| `resources.requests` | The requested resourcesc for the Magento container | `{}` | -| `podSecurityContext.enabled` | Enable Magento pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Magento pods' group ID | `1001` | -| `containerSecurityContext.enabled` | Enable Magento containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Magento containers' Security Context | `1001` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Request path for livenessProbe | `/index.php` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `300` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Request path for readinessProbe | `/index.php` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.path` | Request path for startupProbe | `/index.php` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` | - - -### Database parameters - -| Name | Description | Value | -| ------------------------------------------- | ---------------------------------------------------------------------------------------- | ----------------------- | -| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements. | `true` | -| `mariadb.image.registry` | MariaDB image registry | `docker.io` | -| `mariadb.image.repository` | MariaDB image repository | `bitnami/mariadb` | -| `mariadb.image.tag` | MariaDB image tag (immutable tags are recommended) | `10.3.31-debian-10-r49` | -| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_magento` | -| `mariadb.auth.username` | Database user to create | `bn_magento` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | -| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` | -| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `externalDatabase.host` | Host of the existing database | `""` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.user` | Existing username in the external db | `bn_magento` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_magento` | - - -### Elasticsearch parameters - -| Name | Description | Value | -| ------------------------------------- | -------------------------------------------------------------------------- | ------ | -| `elasticsearch.enabled` | Whether to deploy a elasticsearch server to use as magento's search engine | `true` | -| `elasticsearch.sysctlImage.enabled` | Enable kernel settings modifier image for Elasticsearch | `true` | -| `elasticsearch.master.replicas` | Desired number of Elasticsearch master-eligible nodes | `1` | -| `elasticsearch.coordinating.replicas` | Desired number of Elasticsearch coordinating-only nodes | `1` | -| `elasticsearch.data.replicas` | Desired number of Elasticsearch data nodes | `1` | -| `externalElasticsearch.host` | Host of the external elasticsearch server | `""` | -| `externalElasticsearch.port` | Port of the external elasticsearch server | `""` | - - -### Persistence parameters - -| Name | Description | Value | -| --------------------------- | --------------------------------------- | --------------- | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for Magento volume | `""` | -| `persistence.accessMode` | PVC Access Mode for Magento volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for Magento volume | `8Gi` | -| `persistence.existingClaim` | An Existing PVC name for Magento volume | `""` | -| `persistence.hostPath` | Host mount path for Magento volume | `""` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r203` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | -| `volumePermissions.resources.requests` | The requested resourcesc for the init container | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `8080` | -| `service.httpsPort` | Service HTTPS port | `8443` | -| `service.clusterIP` | Static clusterIP or None for headless services | `""` | -| `service.loadBalancerSourceRanges` | Control hosts connecting to "LoadBalancer" only | `[]` | -| `service.loadBalancerIP` | loadBalancerIP for the Magento Service (optional, cloud specific) | `""` | -| `service.nodePorts.http` | Kubernetes http node port | `""` | -| `service.nodePorts.https` | Kubernetes https node port | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.pathType` | Default path type for the ingress resource | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `magento.local` | -| `ingress.path` | Default path for the ingress resource | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS for `ingress.hostname` parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Metrics parameters - -| Name | Description | Value | -| ----------------------------- | ---------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r4` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources.limits` | The resources limits for the metrics container | `{}` | -| `metrics.resources.requests` | The requested resources for the metrics container | `{}` | -| `metrics.service.type` | Prometheus metrics service type | `ClusterIP` | -| `metrics.service.port` | Service Metrics port | `9117` | -| `metrics.service.annotations` | Annotations for the Prometheus exporter service | `{}` | - - -### Certificate injection parameters - -| Name | Description | Value | -| ---------------------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------- | -| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` | -| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` | -| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` | -| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` | -| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` | -| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/mychain.pem` | -| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` | -| `certificates.command` | Override default container command (useful when using custom images) | `[]` | -| `certificates.args` | Override default container args (useful when using custom images) | `[]` | -| `certificates.extraEnvVars` | Container sidecar extra environment variables (eg proxy) | `[]` | -| `certificates.extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | -| `certificates.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | -| `certificates.image.registry` | Container sidecar registry | `docker.io` | -| `certificates.image.repository` | Container sidecar image | `bitnami/bitnami-shell` | -| `certificates.image.tag` | Container sidecar image tag (immutable tags are recommended) | `10-debian-10-r203` | -| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` | -| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `[]` | - - -### Other Parameters - -| Name | Description | Value | -| -------------------------- | ------------------------------------ | ------- | -| `autoscaling.enabled` | Enable autoscaling for replicas | `false` | -| `autoscaling.minReplicas` | Minimum number of replicas | `1` | -| `autoscaling.maxReplicas` | Maximum number of replicas | `11` | -| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` | - - -The above parameters map to the env variables defined in [bitnami/magento](http://github.com/bitnami/bitnami-docker-magento). For more information please refer to the [bitnami/magento](http://github.com/bitnami/bitnami-docker-magento) image documentation. - -> **Note**: -> -> For Magento to function correctly, you should specify the `magentoHost` parameter to specify the FQDN (recommended) or the public IP address of the Magento service. -> -> Optionally, you can specify the `service.loadBalancerIP` parameter to assign a reserved IP address to the Magento service of the chart. However please note that this feature is only available on a few cloud providers (f.e. GKE). -> -> To reserve a public IP address on GKE: -> -> ```bash -> $ gcloud compute addresses create magento-public-ip -> ``` -> -> The reserved IP address can be associated to the Magento service by specifying it as the value of the `service.loadBalancerIP` parameter while installing the chart. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set magentoUsername=admin,magentoPassword=password,mariadb.auth.rootPassword=secretpassword \ - bitnami/magento -``` - -The above command sets the Magento administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/magento -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Image - -The `image` parameter allows specifying which image will be pulled for the chart. - -#### Private registry - -If you configure the `image` value to one in a private registry, you will need to [specify an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). - -1. Manually create image pull secret(s) in the namespace. See [this YAML example reference](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config). Consult your image registry's documentation about getting the appropriate secret. -1. Note that the `imagePullSecrets` configuration value cannot currently be passed to helm using the `--set` parameter, so you must supply these using a `values.yaml` file, such as: - - ```yaml - imagePullSecrets: - - name: SECRET_NAME - ``` - -1. Install the chart - -### Ingress - -This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/master/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/master/bitnami/contour) you can utilize the ingress controller to serve your application. - -To enable ingress integration, please set `ingress.enabled` to `true`. - -#### Hosts - -Most likely you will only want to have one hostname that maps to this Magento installation. If that's your case, the property `ingress.hostname` will set it. However, it is possible to have more than one host. To facilitate this, the `ingress.extraHosts` object can be specified as an array. You can also use `ingress.extraTLS` to add the TLS configuration for extra hosts. - -For each host indicated at `ingress.extraHosts`, please indicate a `name`, `path`, and any `annotations` that you may want the ingress controller to know about. - -For annotations, please see [this document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. - -### TLS Secrets - -This chart will facilitate the creation of TLS secrets for use with the ingress controller, however, this is not required. There are three common use cases: - -- Helm generates/manages certificate secrets. -- User generates/manages certificates separately. -- An additional tool (like [cert-manager](https://github.com/jetstack/cert-manager/)) manages the secrets for the application. - -In the first two cases, it's needed a certificate and a key. We would expect them to look like this: - -- certificate files should look like (and there can be more than one certificate if there is a certificate chain) - - ```console - -----BEGIN CERTIFICATE----- - MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV - ... - jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 - -----END CERTIFICATE----- - ``` - -- keys should look like: - - ```console - -----BEGIN RSA PRIVATE KEY----- - MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 - ... - wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= - -----END RSA PRIVATE KEY----- - ``` - -If you are going to use Helm to manage the certificates, please copy these values into the `certificate` and `key` values for a given `ingress.secrets` entry. - -If you are going to manage TLS secrets outside of Helm, please know that you can create a TLS secret (named `magento.local-tls` for example). - -## Persistence - -The [Bitnami Magento](https://github.com/bitnami/bitnami-docker-magento) image stores the Magento data and configurations at the `/bitnami/magento` and `/bitnami/apache` paths of the container. - - Persistent Volume Claims are used to keep the data across deployments. There is a [known issue](https://github.com/kubernetes/kubernetes/issues/39178) in Kubernetes Clusters with EBS in different availability zones. Ensure your cluster is configured properly to create Volumes in the same availability zone where the nodes are running. Kuberentes 1.12 solved this issue with the [Volume Binding Mode](https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode). - -### Adding extra environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: DEBUG -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as Magento (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -If these sidecars export extra ports, you can add extra port definitions using the `service.extraPorts` value: - -```yaml -service: -... - extraPorts: - - name: extraPort - port: 11311 - targetPort: 11311 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Using an external database - -Sometimes you may want to have Magento connect to an external database rather than installing one inside your cluster, e.g. to use a managed database service, or use run a single database server for all your applications. To do this, the chart allows you to specify credentials for an external database under the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. For example with the following parameters: - -```console -mariadb.enabled=false -externalDatabase.host=myexternalhost -externalDatabase.user=myuser -externalDatabase.password=mypassword -externalDatabase.database=mydatabase -externalDatabase.port=3306 -``` - -Note also if you disable MariaDB per above you MUST supply values for the `externalDatabase` connection. - -In case the database already contains data from a previous Magento installation, you need to set the `magentoSkipInstall` parameter to _true_. Otherwise, the container would execute the installation wizard and could modify the existing data in the database. This parameter force the container to not execute the Magento installation wizard. This is necessary in case you use a database that already has Magento data [+info](https://github.com/bitnami/bitnami-docker-magento#connect-magento-docker-container-to-an-existing-database). - -### Deploying extra resources - -There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more infomation about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami Magento](https://github.com/bitnami/bitnami-docker-magento) image stores the Magento data and configurations at the `/bitnami/magento` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -### Existing PersistentVolumeClaim - -1. Create the PersistentVolume -1. Create the PersistentVolumeClaim -1. Install the chart - - ```bash - $ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/magento - ``` - -### Host path - -#### System compatibility - -- The local filesystem accessibility to a container in a pod with `hostPath` has been tested on OSX/MacOS with xhyve, and Linux with VirtualBox. -- Windows has not been tested with the supported VM drivers. Minikube does however officially support [Mounting Host Folders](https://github.com/kubernetes/minikube/blob/master/docs/host_folder_mount.md) per pod. Or you may manually sync your container whenever host files are changed with tools like [docker-sync](https://github.com/EugenMayer/docker-sync) or [docker-bg-sync](https://github.com/cweagans/docker-bg-sync). - -#### Mounting steps - -1. The specified `hostPath` directory must already exist (create one if it does not). -1. Install the chart - - ```bash - $ helm install my-release --set persistence.hostPath=/PATH/TO/HOST/MOUNT bitnami/magento - ``` - - This will mount the `magento-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch. -1. Because the container cannot control the host machine's directory permissions, you must set the Magento file directory permissions yourself and disable or clear Magento cache. - -## CA Certificates - -Custom CA certificates not included in the base docker image can be added by means of existing secrets. The secret must exist in the same namespace and contain the desired CA certificates to import. By default, all found certificate files will be loaded. - -```yaml -certificates: - customCAs: - - secret: my-ca-1 - - secret: my-ca-2 -``` - -> Tip! You can create a secret containing your CA certificates using the following command: -```bash -kubectl create secret generic my-ca-1 --from-file my-ca-1.crt -``` - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Notable changes - -### 19.0.0 - -This major updates the Elasticsearch subchart to its newest major, 17.0.0, which adds support for X-pack security features such as SSL/TLS encryption and password protection. Check [Elasticsearch Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#to-1700) for more information. - -### 18.0.0 - -Elasticsearch dependency version was bumped to a new major version changing the license of some of its components to the [Elastic License](https://www.elastic.co/licensing/elastic-license) that is not currently accepted as an Open Source license by the Open Source Initiative (OSI). Check [Elasticsearch Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#to-1500) for more information. - -Regular upgrade is compatible from previous versions. - -### 17.0.0 - -In this major there were three main changes introduced: - -- Parameter standarizations -- Migration to non-root -- Elasticsearch sub-chart 14.0.0 update - -**1. Chart standarizations** - -This upgrade adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information. In summary: - -- Lots of new parameters were added, including SMTP configuration, for using existing DBs (`magentoSkipInstall`), configuring security context, etc. -- Some parameters were renamed or disappeared in favor of new ones in this major version. For example, `persistence.magento.*` parameters were deprecated in favor of `persistence.*`. -- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -**2. Migration of the Magento image to non-root** - -The [Bitnami Magento](https://github.com/bitnami/bitnami-docker-magento) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. Consequences: - -- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. -- Backwards compatibility is not guaranteed. Uninstall & install the chart again to obtain the latest version. - -**3. Elasticsearch sub-chart 14.0.0 update** - -This version of the Elasticsearch sub-chart standardizes the way of defining Ingress rules in the Kibana sub-chart. - -### 14.0.0 - -This version updates the docker image to `2.3.5-debian-10-r57` version. That version persists the full `htdocs` folder. From now on, to upgrade the Magento version it is needed to follow the [official steps](https://devdocs.magento.com/guides/v2.3/comp-mgr/cli/cli-upgrade.html) manually. - -### 13.0.0 - -Several changes were introduced that can break backwards compatibility: - -- This version includes a new major version of the ElasticSearch chart bundled as dependency. You can find the release notes of the new ElasticSearch major version in [this section](https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#1200) of the ES README. -- Labels are adapted to follow the Helm charts best practices. - -### 9.0.0 - -This version enabled by default an initContainer that modify some kernel settings to meet the Elasticsearch requirements. - -Currently, Elasticsearch requires some changes in the kernel of the host machine to work as expected. If those values are not set in the underlying operating system, the ES containers fail to boot with ERROR messages. More information about these requirements can be found in the links below: - -- [File Descriptor requirements](https://www.elastic.co/guide/en/elasticsearch/reference/current/file-descriptors.html) -- [Virtual memory requirements](https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html) - -You can disable the initContainer using the `elasticsearch.sysctlImage.enabled=false` parameter. - -## Upgrading - -### To 17.0.0 - -To upgrade to `17.0.0`, backup Magento data and the previous MariaDB databases, install a new Magento chart and import the backups and data, ensuring the `1001` user has the appropriate permissions on the migrated volume. - -You can disable the non-root behavior by setting the parameters `containerSecurityContext.runAsUser` to `root`. - -For the Elasticsearch 14.0.0 sub-chart update, when enabling Kibana and configuring a single hostname for the Kibana Ingress rule, set the `kibana.ingress.hostname` value. When defining more than one, set the `kibana.ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading. - -### To 16.0.0 - -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -Consequences: - -- Backwards compatibility is not guaranteed. However, you can easily workaround this issue by removing Magento deployment before upgrading (the following example assumes that the release name is `magento`): - -```console -$ export APP_HOST=$(kubectl get svc --namespace default magento --template "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}") -$ export APP_PASSWORD=$(kubectl get secret --namespace default magento -o jsonpath="{.data.magento-password}" | base64 --decode) -$ export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default magento-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -$ export MARIADB_PASSWORD=$(kubectl get secret --namespace default magento-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -$ kubectl delete deployments.apps magento -$ helm upgrade magento bitnami/magento --set magentoHost=$APP_HOST,magentoPassword=$APP_PASSWORD,mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD,mariadb.auth.password=$MARIADB_PASSWORD -``` - -### To 15.0.0 - -In this major there were two main changes introduced: - -1. Adaptation to Helm v2 EOL -2. Updated MariaDB and Elasticsearch dependency versions - -Please read the update notes carefully. - -**1. Adaptation to Helm v2 EOL** - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -**2. Updated MariaDB dependency version** - -In this major the MariaDB and Elasticsearch dependency versions were also bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. Although it is using the latest `bitnami/mariadb` chart, given Magento `2.4` [current limitations](https://devdocs.magento.com/guides/v2.4/install-gde/system-requirements.html#database), the container image of MariaDB has been bumped to `10.4.x` instead of using the latest `10.5.x`. - -To upgrade to `15.0.0`, it should be done reusing the PVCs used to hold data from MariaDB, Elasticsearch and Magento data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `magento` and that a `rootUser.password` was defined for MariaDB in `values.yaml` when the chart was first installed): - -> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.4.x - -Obtain the credentials and the names of the PVCs used to hold the MariaDB data on your current release: - -```console -$ export MAGENTO_HOST=$(kubectl get svc --namespace default magento --template "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}") -$ export MAGENTO_PASSWORD=$(kubectl get secret --namespace default magento -o jsonpath="{.data.magento-password}" | base64 --decode) -$ export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default magento-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -$ export MARIADB_PASSWORD=$(kubectl get secret --namespace default magento-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -$ export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=magento -o jsonpath="{.items[0].metadata.name}") -``` - -Delete the Magento deployment and delete the MariaDB statefulset. Notice the option `--cascade=false` in the latter. - -```console -$ kubectl delete deployments.apps magento -$ kubectl delete statefulsets.apps magento-mariadb --cascade=false -``` - -Now the upgrade works: - -```console -$ helm upgrade magento bitnami/magento --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set magentoPassword=$MAGENTO_PASSWORD --set magentoHost=$MAGENTO_HOST -``` - -You will have to delete the existing MariaDB pod and the new statefulset is going to create a new one - -```console -$ kubectl delete pod magento-mariadb-0z -``` - -Finally, you should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=magento,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` - -### To 10.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In 4dfac075aacf74405e31ae5b27df4369e84eb0b0 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 5.0.0 - -Manual intervention is needed if configuring Elasticsearch 6 as Magento search engine is desired. - -[Follow the Magento documentation](https://devdocs.magento.com/guides/v2.3/config-guide/elasticsearch/configure-magento.html) in order to configure Elasticsearch, setting **Search Engine** to **Elasticsearch 6.0+**. If using the Elasticsearch server included in this chart, `hostname` and `port` can be obtained with the following commands: - -``` -$ kubectl get svc -l app=elasticsearch,component=client,release=RELEASE_NAME -o jsonpath="{.items[0].metadata.name}" -$ kubectl get svc -l app=elasticsearch,component=client,release=RELEASE_NAME -o jsonpath="{.items[0].spec.ports[0].port}" -``` - -Where `RELEASE_NAME` is the name of the release. Use `helm list` to find it. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is magento: - -```console -$ kubectl patch deployment magento-magento --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl delete statefulset magento-mariadb --cascade=false -``` diff --git a/bitnami/magento/ci/values-production-with-host.yaml b/bitnami/magento/ci/values-production-with-host.yaml deleted file mode 100644 index 72e9965..0000000 --- a/bitnami/magento/ci/values-production-with-host.yaml +++ /dev/null @@ -1,16 +0,0 @@ -magentoHost: magento.local -mariadb: - enabled: false -externalDatabase: - host: database.local -ingress: - enabled: true -metrics: - enabled: true -# Avoids issues with yamllint -livenessProbe: - httpGet: - httpHeaders: [] -readinessProbe: - httpGet: - httpHeaders: [] diff --git a/bitnami/magento/ci/values-with-host-and-ingress.yaml b/bitnami/magento/ci/values-with-host-and-ingress.yaml deleted file mode 100644 index 71121ae..0000000 --- a/bitnami/magento/ci/values-with-host-and-ingress.yaml +++ /dev/null @@ -1,16 +0,0 @@ -magentoHost: magento.local -service: - type: ClusterIP -ingress: - enabled: true - tls: true - hostname: magento.local -metrics: - enabled: true -# Avoids issues with yamllint -livenessProbe: - httpGet: - httpHeaders: [] -readinessProbe: - httpGet: - httpHeaders: [] diff --git a/bitnami/magento/templates/NOTES.txt b/bitnami/magento/templates/NOTES.txt deleted file mode 100644 index 813dd63..0000000 --- a/bitnami/magento/templates/NOTES.txt +++ /dev/null @@ -1,114 +0,0 @@ -{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} - -{{- if empty (include "magento.host" .) -}} -############################################################################### -### ERROR: You did not provide an external host in your 'helm install' call ### -############################################################################### - -This deployment will be incomplete until you configure Magento with a resolvable -host. To configure Magento with the URL of your service: - -1. Get the Magento URL by running: - - {{- if eq .Values.service.type "NodePort" }} - - export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.spec.ports[0].nodePort}") - export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - - {{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "magento.secretName" . }} -o jsonpath="{.data.magento-password}" | base64 --decode) - export DATABASE_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "magento.databaseSecretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) - {{- end }} - export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "magento.databaseSecretName" . }} -o jsonpath="{.data.mariadb-password}" | base64 --decode) - -2. Complete your Magento deployment by running: - -{{- if .Values.mariadb.enabled }} - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set magentoHost=$APP_HOST,magentoPassword=$APP_PASSWORD,mariadb.auth.rootPassword=$DATABASE_ROOT_PASSWORD,mariadb.auth.password=$APP_DATABASE_PASSWORD{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- else }} - - ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set magentoPassword=$APP_PASSWORD,magentoHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.host) }},externalDatabase.host={{ .Values.externalDatabase.host }}{{- end }}{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }}{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- end }} - -{{- else -}} -1. Get the Magento URL by running: - -{{- if eq .Values.service.type "ClusterIP" }} - - echo "Store URL: http://127.0.0.1:8080/" - echo "Admin URL: http://127.0.0.1:8080/{{ .Values.magentoAdminUri }}" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }} - -{{- else }} - -{{- $port:=.Values.service.port | toString }} - - echo "Store URL: http://{{ include "magento.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - echo "Admin URL: http://{{ include "magento.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/{{ .Values.magentoAdminUri }}" - -{{- end }} - -2. Get your Magento login credentials by running: - - echo Username : {{ .Values.magentoUsername }} - echo Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "magento.secretName" . }} -o jsonpath="{.data.magento-password}" | base64 --decode) -{{- end }} - -{{- else -}} - -######################################################################################## -### ERROR: You did not provide an external database host in your 'helm install' call ### -######################################################################################## - -This deployment will be incomplete until you configure Magento with a resolvable database -host. To configure Magento to use and external database host: - - -1. Complete your Magento deployment by running: - -{{- if eq .Values.service.type "NodePort" }} - export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") -{{- else }} - - export APP_HOST=127.0.0.1 -{{- end }} - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "magento.secretName" . }} -o jsonpath="{.data.magento-password}" | base64 --decode) - - ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set magentoPassword=$APP_PASSWORD,magentoHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} - -{{- $passwordValidationErrors := list -}} -{{- if not .Values.existingSecret -}} - {{- $secretName := include "magento.secretName" . -}} - {{- $requiredMagentoPassword := dict "valueKey" "magentoPassword" "secret" $secretName "field" "magento-password" "context" $ -}} - {{- $requiredMagentoPasswordError := include "common.validations.values.single.empty" $requiredMagentoPassword -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $requiredMagentoPasswordError -}} -{{- end -}} - -{{- $mariadbSecretName := include "magento.databaseSecretName" . -}} -{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/magento/templates/_helpers.tpl b/bitnami/magento/templates/_helpers.tpl deleted file mode 100644 index 0f48353..0000000 --- a/bitnami/magento/templates/_helpers.tpl +++ /dev/null @@ -1,170 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Create a random alphanumeric password string. -We append a random number to the string to avoid password validation errors -*/}} -{{- define "magento.randomPassword" -}} -{{- randAlphaNum 9 -}}{{- randNumeric 1 -}} -{{- end -}} - -{{/* -Get the user defined password or use a random string -*/}} -{{- define "magento.password" -}} -{{- $password := index .Values (printf "%sPassword" .Chart.Name) -}} -{{- default (include "magento.randomPassword" .) $password -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "magento.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "magento.elasticsearch.fullname" -}} -{{- printf "%s-%s-coordinating-only" .Release.Name "elasticsearch" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Get the user defined LoadBalancerIP for this release. -Note, returns 127.0.0.1 if using ClusterIP. -*/}} -{{- define "magento.serviceIP" -}} -{{- if eq .Values.service.type "ClusterIP" -}} -127.0.0.1 -{{- else -}} -{{- .Values.service.loadBalancerIP | default "" -}} -{{- end -}} -{{- end -}} - -{{/* -Gets the host to be used for this application. -If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty. -When using Ingress, it will be set to the Ingress hostname. -*/}} -{{- define "magento.host" -}} -{{- if .Values.ingress.enabled }} -{{- $host := .Values.ingress.hostname | default "" -}} -{{- default (include "magento.serviceIP" .) $host -}} -{{- else -}} -{{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}} -{{- default (include "magento.serviceIP" .) $host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper certificate image name -*/}} -{{- define "certificates.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Magento image name -*/}} -{{- define "magento.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "magento.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "magento.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "magento.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "magento.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -Magento credential secret name -*/}} -{{- define "magento.secretName" -}} -{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "magento.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "magento.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "magento.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "magento.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "magento.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "magento.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "magento.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "magento.mariadb.fullname" .) -}} -{{- else if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/magento/templates/deployment.yaml b/bitnami/magento/templates/deployment.yaml deleted file mode 100644 index 7b82ed0..0000000 --- a/bitnami/magento/templates/deployment.yaml +++ /dev/null @@ -1,298 +0,0 @@ -{{- if and (include "magento.host" .) (or .Values.mariadb.enabled .Values.externalDatabase.host) -}} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} - {{- end }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "magento.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "magento.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p "/bitnami/magento" - chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/magento" - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: magento-data - mountPath: /bitnami/magento - {{- end }} - {{- include "certificates.initContainer" . | nindent 8 }} - containers: - - name: magento - image: {{ include "magento.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} - - name: APACHE_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: APACHE_HTTPS_PORT_NUMBER - value: {{ .Values.containerPorts.https | quote }} - - name: MAGENTO_DATABASE_HOST - value: {{ include "magento.databaseHost" . | quote }} - - name: MAGENTO_DATABASE_PORT_NUMBER - value: {{ include "magento.databasePort" . | quote }} - - name: MAGENTO_DATABASE_NAME - value: {{ include "magento.databaseName" . | quote }} - - name: MAGENTO_DATABASE_USER - value: {{ include "magento.databaseUser" . | quote }} - - name: MAGENTO_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "magento.databaseSecretName" . }} - key: mariadb-password - - name: ELASTICSEARCH_HOST - {{- if .Values.elasticsearch.enabled }} - value: {{ template "magento.elasticsearch.fullname" . }} - {{- else if .Values.externalElasticsearch.host }} - value: {{ .Values.externalElasticsearch.host | quote }} - {{- else }} - value: "" - {{- end }} - - name: ELASTICSEARCH_PORT_NUMBER - {{- if .Values.elasticsearch.enabled }} - value: "9200" - {{- else if .Values.externalElasticsearch.port }} - value: {{ .Values.externalElasticsearch.port | quote }} - {{- else }} - value: "" - {{- end }} - - name: MAGENTO_SKIP_BOOTSTRAP - value: {{ ternary "yes" "no" .Values.magentoSkipInstall | quote }} - {{- $port:=.Values.service.port | toString }} - - name: MAGENTO_HOST - value: "{{ include "magento.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}" - - name: MAGENTO_USERNAME - value: {{ .Values.magentoUsername | quote }} - - name: MAGENTO_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: magento-password - {{- if .Values.magentoEmail }} - - name: MAGENTO_EMAIL - value: {{ .Values.magentoEmail | quote }} - {{- end }} - {{- if .Values.magentoFirstName }} - - name: MAGENTO_FIRST_NAME - value: {{ .Values.magentoFirstName | quote }} - {{- end }} - {{- if .Values.magentoLastName }} - - name: MAGENTO_LAST_NAME - value: {{ .Values.magentoLastName | quote }} - {{- end }} - {{- if .Values.magentoMode }} - - name: MAGENTO_MODE - value: {{ .Values.magentoMode | quote }} - {{- end }} - {{- if .Values.magentoExtraInstallArgs }} - - name: MAGENTO_EXTRA_INSTALL_ARGS - value: {{ .Values.magentoExtraInstallArgs | quote }} - {{- end }} - {{- if .Values.magentoAdminUri }} - - name: MAGENTO_ADMIN_URL_PREFIX - value: {{ .Values.magentoAdminUri | quote }} - {{- end }} - - name: MAGENTO_ENABLE_HTTPS - value: {{ ternary "yes" "no" .Values.magentoUseHttps | quote }} - - name: MAGENTO_ENABLE_ADMIN_HTTPS - value: {{ ternary "yes" "no" .Values.magentoUseSecureAdmin | quote }} - - name: MAGENTO_DEPLOY_STATIC_CONTENT - value: {{ ternary "yes" "no" .Values.magentoDeployStaticContent | quote }} - - name: MAGENTO_SKIP_REINDEX - value: {{ ternary "yes" "no" .Values.magentoSkipReindex | quote }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - {{- if .Values.extraContainerPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - httpHeaders: - - name: Host - value: {{ include "magento.host" . | quote }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - httpHeaders: - - name: Host - value: {{ include "magento.host" . | quote }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.startupProbe.path }} - port: http - httpHeaders: - - name: Host - value: {{ include "magento.host" . | quote }} - initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.startupProbe.successThreshold }} - failureThreshold: {{ .Values.startupProbe.failureThreshold }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: magento-data - mountPath: /bitnami/magento - {{- include "certificates.volumeMounts" . | nindent 12 }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "magento.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: ['/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto'] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: magento-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (printf "%s-magento" (include "common.names.fullname" .)) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- include "certificates.volumes" . | indent 8 }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end -}} diff --git a/bitnami/magento/templates/hpa.yaml b/bitnami/magento/templates/hpa.yaml deleted file mode 100644 index 490ce9a..0000000 --- a/bitnami/magento/templates/hpa.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ template "common.names.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- end }} - {{- if .Values.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/bitnami/magento/templates/ingress.yaml b/bitnami/magento/templates/ingress.yaml deleted file mode 100644 index 3e431ae..0000000 --- a/bitnami/magento/templates/ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname | quote }} - http: - paths: - - path: {{ default "/" .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/magento/templates/pv.yaml b/bitnami/magento/templates/pv.yaml deleted file mode 100644 index 96d00c3..0000000 --- a/bitnami/magento/templates/pv.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "common.names.fullname" . }}-magento - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - capacity: - storage: {{ .Values.persistence.size | quote }} - hostPath: - path: {{ .Values.persistence.hostPath | quote }} -{{- end -}} diff --git a/bitnami/magento/templates/pvc.yaml b/bitnami/magento/templates/pvc.yaml deleted file mode 100644 index ebdf573..0000000 --- a/bitnami/magento/templates/pvc.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (include "magento.host" .) .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }}-magento - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.persistence.hostPath }} - storageClassName: "" - {{- end }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "magento.storageClass" . | nindent 2 }} -{{- end -}} diff --git a/bitnami/magento/templates/secrets.yaml b/bitnami/magento/templates/secrets.yaml deleted file mode 100644 index 4efff99..0000000 --- a/bitnami/magento/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - magento-password: {{ b64enc (include "magento.password" .) | quote }} -{{- end }} diff --git a/bitnami/magento/templates/tls-secrets.yaml b/bitnami/magento/templates/tls-secrets.yaml deleted file mode 100644 index ae30401..0000000 --- a/bitnami/magento/templates/tls-secrets.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls (not .Values.ingress.certManager) }} -{{- $ca := genCA "magento-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/magento/values.yaml b/bitnami/magento/values.yaml deleted file mode 100644 index 81c5500..0000000 --- a/bitnami/magento/values.yaml +++ /dev/null @@ -1,821 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override magento.fullname template -## -nameOverride: "" -## @param fullnameOverride String to fully override magento.fullname template -## -fullnameOverride: "" -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). -## -extraDeploy: [] - -## @section Magento parameters - -## Bitnami Magento image version -## ref: https://hub.docker.com/r/bitnami/magento/tags/ -## @param image.registry Magento image registry -## @param image.repository Magento image repository -## @param image.tag Magento image tag (immutable tags are recommended) -## @param image.pullPolicy Magento image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/magento - tag: 2.4.3-debian-10-r27 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param hostAliases [array] Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - ## Necessary for apache-exporter to work - ## - - ip: "127.0.0.1" - hostnames: - - "status.localhost" -## @param replicaCount Number of Magento Pods to run -## -replicaCount: 1 -## @param magentoSkipInstall Skip Magento installation wizard. Useful for migrations and restoring from SQL dump -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoSkipInstall: false -## @param magentoHost Magento host to create application URLs -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoHost: "" -## @param magentoUsername User of the application -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoUsername: user -## @param magentoPassword Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoPassword: "" -## @param magentoEmail Admin email -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoEmail: user@example.com -## @param magentoFirstName Magento Admin First Name -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoFirstName: "" -## @param magentoLastName Magento Admin Last Name -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoLastName: "" -## @param magentoAdminUri Magento prefix to access Magento Admin -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoAdminUri: "" -## @param magentoMode Magento mode -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoMode: "" -## @param magentoExtraInstallArgs Magento extra install args -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoExtraInstallArgs: "" -## @param magentoDeployStaticContent Deploy static content during the first deployment, to optimize page load time -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoDeployStaticContent: false -## @param magentoUseHttps Use SSL to access the Magento Store. Valid values: `true`, `false` -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoUseHttps: false -## @param magentoUseSecureAdmin Use SSL to access the Magento Admin. Valid values: `true`, `false` -## ref: https://github.com/bitnami/bitnami-docker-magento#configuration -## -magentoUseSecureAdmin: false -## @param magentoSkipReindex Skip Magento Indexer reindex step during the initialization. Valid values: `true`, `false` -## -magentoSkipReindex: false -## @param allowEmptyPassword Allow DB blank passwords -## ref: https://github.com/bitnami/bitnami-docker-magento#environment-variables -## -allowEmptyPassword: false -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate -## @param extraEnvVars Extra environment variables -## For example: -## - name: BEARER_AUTH -## value: true -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) -## -extraEnvVarsSecret: "" -## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes` -## -extraVolumeMounts: [] -## @param extraContainerPorts Array of additional container ports for the Magento container -## e.g: -## extraContainerPorts: -## - name: myservice -## containerPort: 9090 -## -extraContainerPorts: [] -## @param initContainers Add additional init containers to the pod (evaluated as a template) -## -initContainers: [] -## @param sidecars Attach additional containers to the pod (evaluated as a template) -## -sidecars: [] -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param existingSecret Name of a secret with the application password -## -existingSecret: "" -## @param containerPorts [object] Container ports -## -containerPorts: - http: 8080 - https: 8443 -## @param sessionAffinity Control where client requests go, to the same pod or round-robin -## Values: ClientIP or None -## ref: https://kubernetes.io/docs/user-guide/services/ -## -sessionAffinity: "None" -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the Magento container -## @param resources.requests The requested resourcesc for the Magento container -## -resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable Magento pods' Security Context -## @param podSecurityContext.fsGroup Magento pods' group ID -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable Magento containers' Security Context -## @param containerSecurityContext.runAsUser Magento containers' Security Context -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.path Request path for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: /index.php - initialDelaySeconds: 300 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Request path for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: /index.php - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for startupProbe probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.path Request path for startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - path: /index.php - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 3 - failureThreshold: 60 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param customStartupProbe Override default startup probe -## -customStartupProbe: {} -## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template -## -lifecycleHooks: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Add additional labels to the pod (evaluated as a template) -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## @section Database parameters - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements. - ## To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## Override MariaDB default image as 10.5 is not supported https://devdocs.magento.com/guides/v2.4/install-gde/system-requirements.html#database - ## ref: https://github.com/bitnami/bitnami-docker-mariadb - ## @param mariadb.image.registry MariaDB image registry - ## @param mariadb.image.repository MariaDB image repository - ## @param mariadb.image.tag MariaDB image tag (immutable tags are recommended) - ## - image: - registry: docker.io - repository: bitnami/mariadb - tag: 10.3.31-debian-10-r49 - ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication` - ## - architecture: standalone - ## MariaDB Authentication parameters - ## - auth: - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param mariadb.auth.database Database name to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - database: bitnami_magento - ## @param mariadb.auth.username Database user to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: bn_magento - ## @param mariadb.auth.password Password for the database - ## - password: "" - primary: - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class - ## @param mariadb.primary.persistence.accessModes Database Persistent Volume Access Modes - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production) - ## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas - ## - persistence: - enabled: true - ## mariadb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - accessModes: - - ReadWriteOnce - size: 8Gi - ## Set path in case you want to use local host path volumes (not recommended in production) - ## - hostPath: "" - ## Use an existing PVC - ## - existingClaim: "" -## External database configuration -## -externalDatabase: - ## @param externalDatabase.host Host of the existing database - ## - host: "" - ## @param externalDatabase.port Port of the existing database - ## - port: 3306 - ## @param externalDatabase.user Existing username in the external db - ## - user: bn_magento - ## @param externalDatabase.password Password for the above username - ## - password: "" - ## @param externalDatabase.database Name of the existing database - ## - database: bitnami_magento - -## @section Elasticsearch parameters - -## Elasticsearch chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/elasticsearch/values.yaml -## -elasticsearch: - ## @param elasticsearch.enabled Whether to deploy a elasticsearch server to use as magento's search engine - ## To use an external server set this to false and configure the externalElasticsearch parameters - ## - enabled: true - ## @param elasticsearch.sysctlImage.enabled Enable kernel settings modifier image for Elasticsearch - ## - sysctlImage: - enabled: true - ## Elasticsearch master-eligible node parameters - ## @param elasticsearch.master.replicas Desired number of Elasticsearch master-eligible nodes - ## - master: - replicas: 1 - ## Elasticsearch coordinating-only node parameters - ## @param elasticsearch.coordinating.replicas Desired number of Elasticsearch coordinating-only nodes - ## - coordinating: - replicas: 1 - ## Elasticsearch data node parameters - ## @param elasticsearch.data.replicas Desired number of Elasticsearch data nodes - ## - data: - replicas: 1 -## External elasticsearch configuration -## -externalElasticsearch: - ## @param externalElasticsearch.host Host of the external elasticsearch server - ## - host: "" - ## @param externalElasticsearch.port Port of the external elasticsearch server - ## - port: "" - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.storageClass PVC Storage Class for Magento volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessMode PVC Access Mode for Magento volume - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - accessMode: ReadWriteOnce - ## @param persistence.size PVC Storage Request for Magento volume - ## - size: 8Gi - ## @param persistence.existingClaim An Existing PVC name for Magento volume - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - ## @param persistence.hostPath Host mount path for Magento volume - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" - -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r203 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resourcesc for the init container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - -## @section Traffic Exposure Parameters - -## Kubernetes configuration -## For minikube, set this to NodePort, elsewhere use LoadBalancer -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 8080 - ## @param service.httpsPort Service HTTPS port - ## - httpsPort: 8443 - ## @param service.clusterIP Static clusterIP or None for headless services - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerSourceRanges Control hosts connecting to "LoadBalancer" only - ## loadBalancerSourceRanges: - ## - 0.0.0.0/0 - ## - loadBalancerSourceRanges: [] - ## @param service.loadBalancerIP loadBalancerIP for the Magento Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.nodePorts.http Kubernetes http node port - ## @param service.nodePorts.https Kubernetes https node port - ## e.g: - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster -## Configure the ingress resource that allows you to access the -## Magento installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Default path type for the ingress resource - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: magento.local - ## @param ingress.path Default path for the ingress resource - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## e.g: - ## kubernetes.io/ingress.class: nginx - ## - annotations: {} - ## @param ingress.tls Enable TLS for `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or - ## let the chart create self-signed certificates for you - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## Example: - ## extraHosts: - ## - name: magento.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## Example: - ## extraTls: - ## - hosts: - ## - magento.local - ## secretName: magento.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY----- - ## name should line up with a secretName set further up - ## - ## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - ## - name: magento.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Metrics parameters - -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Apache exporter image registry - ## @param metrics.image.repository Apache exporter image repository - ## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.1-debian-10-r4 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for the metrics container - ## @param metrics.resources.requests The requested resources for the metrics container - ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## Prometheus exporter service parameters - ## - service: - ## @param metrics.service.type Prometheus metrics service type - ## - type: ClusterIP - ## @param metrics.service.port Service Metrics port - ## - port: 9117 - ## @param metrics.service.annotations [object] Annotations for the Prometheus exporter service - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.port }}" - -## @section Certificate injection parameters - -## Add custom certificates and certificate authorities to Magento container -## -certificates: - ## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add - ## @param certificates.customCertificate.chainSecret.name Name of the secret containing the certificate chain - ## @param certificates.customCertificate.chainSecret.key Key of the certificate chain file inside the secret - ## @param certificates.customCertificate.certificateLocation Location in the container to store the certificate - ## @param certificates.customCertificate.keyLocation Location in the container to store the private key - ## @param certificates.customCertificate.chainLocation Location in the container to store the certificate chain - ## - customCertificate: - certificateSecret: "" - chainSecret: - name: "" - key: "" - certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem - keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key - chainLocation: /etc/ssl/certs/mychain.pem - ## @param certificates.customCAs Defines a list of secrets to import into the container trust store - ## - customCAs: [] - ## @param certificates.command Override default container command (useful when using custom images) - ## e.g: - ## - secret: custom-CA - ## - secret: more-custom-CAs - ## - command: [] - ## @param certificates.args Override default container args (useful when using custom images) - ## - args: [] - ## @param certificates.extraEnvVars Container sidecar extra environment variables (eg proxy) - ## - extraEnvVars: [] - ## @param certificates.extraEnvVarsCM ConfigMap containing extra env vars - ## - extraEnvVarsCM: "" - ## @param certificates.extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param certificates.image.registry Container sidecar registry - ## @param certificates.image.repository Container sidecar image - ## @param certificates.image.tag Container sidecar image tag (immutable tags are recommended) - ## @param certificates.image.pullPolicy Container sidecar image pull policy - ## @param certificates.image.pullSecrets Container sidecar image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r203 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - -## @section Other Parameters - -## Autoscaling configuration -## @param autoscaling.enabled Enable autoscaling for replicas -## @param autoscaling.minReplicas Minimum number of replicas -## @param autoscaling.maxReplicas Maximum number of replicas -## @param autoscaling.targetCPU Target CPU utilization percentage -## @param autoscaling.targetMemory Target Memory utilization percentage -## -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 11 - targetCPU: "" - targetMemory: "" diff --git a/bitnami/metallb/.helmignore b/bitnami/metallb/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/bitnami/metallb/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/bitnami/metallb/Chart.lock b/bitnami/metallb/Chart.lock deleted file mode 100644 index 24fdf71..0000000 --- a/bitnami/metallb/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-25T07:53:42.473435064Z" diff --git a/bitnami/metallb/Chart.yaml b/bitnami/metallb/Chart.yaml deleted file mode 100644 index 04d7221..0000000 --- a/bitnami/metallb/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 0.10.2 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: The Metal LB for Kubernetes -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/metallb -icon: https://bitnami.com/assets/stacks/metallb-speaker/img/metallb-speaker-stack-220x234.png -keywords: - - load-balancer - - balancer - - lb - - bgp - - arp - - vrrp - - vip -maintainers: - - name: cellebyte - email: cellebyte@gmail.com - - name: Bitnami - email: containers@bitnami.com -name: metallb -sources: - - https://github.com/metallb/metallb - - https://github.com/bitnami/bitnami-docker-metallb - - https://metallb.universe.tf -version: 2.5.5 diff --git a/bitnami/metallb/README.md b/bitnami/metallb/README.md deleted file mode 100644 index 59101b8..0000000 --- a/bitnami/metallb/README.md +++ /dev/null @@ -1,276 +0,0 @@ -# MetalLB - -[MetalLB](https://metallb.universe.tf/faq/) is an open source, rock solid LoadBalancer. It handles the `ServiceType: Loadbalancer`. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/metallb -``` - -## Introduction -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - -This chart bootstraps a [MetalLB Controller](https://metallb.universe.tf/community/) Controller Deployment and a [MetalLB Speaker](https://metallb.universe.tf/community/) Daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- Virtual IPs for Layer 2 or Route Reflector for BGP setup. - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/metallb -``` - -These commands deploy metallb on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` helm release: - -```console -$ helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------------------------------------------- | ----- | -| `nameOverride` | String to partially override metallb.fullname include (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override metallb.fullname template | `""` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | - - -### MetalLB parameters - -| Name | Description | Value | -| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `existingConfigMap` | Specify the name of an externally-defined ConfigMap to use as the configuration. This is mutually exclusive with the `configInline` option. | `""` | -| `configInline` | Specifies MetalLB's configuration directly, in yaml format. | `{}` | -| `rbac.create` | Specifies whether to install and use RBAC rules | `true` | -| `psp.create` | create specifies whether to install Pod Security Policies. | `false` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.ingressNSMatchLabels` | Allow connections from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | For other namespaces match by pod labels and namespace labels | `{}` | -| `prometheusRule.enabled` | Prometheus Operator alertmanager alerts are created | `false` | - - -### Controller parameters - -| Name | Description | Value | -| -------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ---------------------------- | -| `controller.image.registry` | MetalLB Controller image registry | `docker.io` | -| `controller.image.repository` | MetalLB Controller image repository | `bitnami/metallb-controller` | -| `controller.image.tag` | MetalLB Controller image tag (immutable tags are recommended) | `0.10.2-debian-10-r94` | -| `controller.image.pullPolicy` | MetalLB Controller image pull policy | `IfNotPresent` | -| `controller.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `controller.hostAliases` | Deployment pod host aliases | `[]` | -| `controller.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | -| `controller.psp.create` | create specifies whether to install Pod Security Policies. | `true` | -| `controller.priorityClassName` | Set pod priorityClassName | `""` | -| `controller.resources.limits` | The resources limits for the container | `{}` | -| `controller.resources.requests` | The requested resources for the container | `{}` | -| `controller.nodeSelector` | Node labels for controller pod assignment | `{}` | -| `controller.tolerations` | Tolerations for controller pod assignment | `[]` | -| `controller.affinity` | Affinity for controller pod assignment | `{}` | -| `controller.podAnnotations` | Controller Pod annotations | `{}` | -| `controller.podLabels` | Controller Pod labels | `{}` | -| `controller.podAffinityPreset` | Controller Pod affinitypreset. Allowed values: soft, hard | `""` | -| `controller.podAntiAffinityPreset` | Controller Pod anti affinitypreset. Allowed values: soft, hard | `soft` | -| `controller.nodeAffinityPreset.type` | Controller Pod Node affinity preset. Allowed values: soft, hard | `""` | -| `controller.nodeAffinityPreset.key` | Controller Pod Node affinity label key to match | `""` | -| `controller.nodeAffinityPreset.values` | Controller Pod Node affinity label values to match | `[]` | -| `controller.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `controller.serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `controller.securityContext.enabled` | Enable pods' security context | `true` | -| `controller.securityContext.runAsNonRoot` | MetalLB Controller must runs as nonRoot. | `true` | -| `controller.securityContext.runAsUser` | User ID for the pods. | `1001` | -| `controller.securityContext.fsGroup` | Group ID for the pods. | `1001` | -| `controller.securityContext.allowPrivilegeEscalation` | This defines if privilegeEscalation is allowed on that container | `false` | -| `controller.securityContext.readOnlyRootFilesystem` | This defines if the container can read the root fs on the host | `true` | -| `controller.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | -| `controller.revisionHistoryLimit` | Configure the revisionHistoryLimit of the Controller deployment | `3` | -| `controller.terminationGracePeriodSeconds` | Configure the grace time period for sig term | `0` | -| `controller.containerPort.metrics` | Configures the ports the MetalLB Controller listens on for metrics | `7472` | -| `controller.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `controller.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `controller.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `controller.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `controller.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `controller.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `controller.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `controller.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `controller.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `controller.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `controller.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `controller.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `controller.prometheus.serviceMonitor.enabled` | Specify if a servicemonitor will be deployed for prometheus-operator | `false` | -| `controller.prometheus.serviceMonitor.jobLabel` | Specify the jobLabel to use for the prometheus-operator | `app.kubernetes.io/name` | -| `controller.prometheus.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` | -| `controller.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | -| `controller.prometheus.serviceMonitor.relabelings` | Specify general relabeling | `[]` | - - -### Speaker parameters - -| Name | Description | Value | -| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `speaker.image.registry` | MetalLB Speaker image registry | `docker.io` | -| `speaker.image.repository` | MetalLB Speaker image repository | `bitnami/metallb-speaker` | -| `speaker.image.tag` | MetalLB Speaker image tag (immutable tags are recommended) | `0.10.2-debian-10-r98` | -| `speaker.image.pullPolicy` | MetalLB Speaker image pull policy | `IfNotPresent` | -| `speaker.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `speaker.rbac.create` | create specifies whether to install and use RBAC rules. | `true` | -| `speaker.hostAliases` | Deployment pod host aliases | `[]` | -| `speaker.psp.create` | create specifies whether to install Pod Security Policies. | `true` | -| `speaker.priorityClassName` | Set pod priorityClassName. | `""` | -| `speaker.resources.limits` | The resources limits for the container | `{}` | -| `speaker.resources.requests` | The requested resources for the container | `{}` | -| `speaker.nodeSelector` | Node labels for speaker pod assignment | `{}` | -| `speaker.tolerations` | Tolerations for speaker pod assignment | `[]` | -| `speaker.affinity` | Affinity for speaker pod assignment | `{}` | -| `speaker.podAnnotations` | Speaker Pod annotations | `{}` | -| `speaker.podLabels` | Speaker Pod labels | `{}` | -| `speaker.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `speaker.serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `speaker.daemonset.terminationGracePeriodSeconds` | Configure the grace time period for sig term | `2` | -| `speaker.daemonset.hostPorts.metrics` | HTTP Metrics Endpoint | `7472` | -| `speaker.secretName` | References a Secret name for the member secret outside of the helm chart | `""` | -| `speaker.secretKey` | References a Secret key the member secret outside of the helm chart | `""` | -| `speaker.secretValue` | Custom value for `speaker.secretKey` | `""` | -| `speaker.initContainers` | Extra initContainers to add to the daemonset | `[]` | -| `speaker.securityContext.enabled` | Enable pods' security context | `true` | -| `speaker.securityContext.runAsUser` | User ID for the pods. | `0` | -| `speaker.securityContext.allowPrivilegeEscalation` | Enables privilege Escalation context for the pod. | `false` | -| `speaker.securityContext.readOnlyRootFilesystem` | Allows the pod to mount the RootFS as ReadOnly | `true` | -| `speaker.securityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | -| `speaker.securityContext.capabilities.add` | Add capabilities for the securityContext | `[]` | -| `speaker.extraEnvVars` | Extra environment variable to pass to the running container. | `[]` | -| `speaker.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `speaker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `speaker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `speaker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `speaker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `speaker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `speaker.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `speaker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `speaker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `speaker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `speaker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `speaker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `speaker.prometheus.serviceMonitor.enabled` | Enable support for Prometheus Operator | `false` | -| `speaker.prometheus.serviceMonitor.jobLabel` | Job label for scrape target | `app.kubernetes.io/name` | -| `speaker.prometheus.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `""` | -| `speaker.prometheus.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | -| `speaker.prometheus.serviceMonitor.relabelings` | Specify general relabeling | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set readinessProbe.successThreshold=5 \ - bitnami/metallb -``` -The above command sets the `readinessProbe.successThreshold` to `5`. - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -To configure [MetalLB](https://metallb.universe.tf) please look into the configuration section [MetalLB Configuration](https://metallb.universe.tf/configuration/). - -### Example Layer 2 configuration - -```yaml -configInline: - # The address-pools section lists the IP addresses that MetalLB is - # allowed to allocate, along with settings for how to advertise - # those addresses over BGP once assigned. You can have as many - # address pools as you want. - address-pools: - - # A name for the address pool. Services can request allocation - # from a specific address pool using this name, by listing this - # name under the 'metallb.universe.tf/address-pool' annotation. - name: generic-cluster-pool - # Protocol can be used to select how the announcement is done. - # Supported values are bgp and layer2. - protocol: layer2 - # A list of IP address ranges over which MetalLB has - # authority. You can list multiple ranges in a single pool, they - # will all share the same settings. Each range can be either a - # CIDR prefix, or an explicit start-end range of IPs. - addresses: - - 10.27.50.30-10.27.50.35 -``` - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 2.0.0 - -**What changes were introduced in this major version?** - -- The `.Values.prometheus` section was moved into the components `.Values.controller.prometheus` and `.Values.speaker.prometheus` -- The `prometheus.prometheusRule` which is used to toggle the deployment of the metallb alerts is moved under the root of the `.Values.prometheusRule` -- A globel `.Values.psp.create` and `.Values.rbac.create` was introduced together with the option of toggeling for each component. (global option overwrites component options) - - `Values.controller.rbac.create` and `Values.controller.psp.create` - - `Values.speaker.rbac.create` and `Values.speaker.psp.create` - -**Considerations when upgrading to this version** - -- Check if you used the `prometheus` section in you deployment. -- If you do so, place the configuration you made into the sections `controller.prometheus` and `speaker.prometheus`. -- `prometheusRule` should stay under the root of your values. - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/bitnami/metallb/templates/NOTES.txt b/bitnami/metallb/templates/NOTES.txt deleted file mode 100644 index 974c89d..0000000 --- a/bitnami/metallb/templates/NOTES.txt +++ /dev/null @@ -1,39 +0,0 @@ -MetalLB is now running in the cluster - -LoadBalancer Services in your cluster are now available on the IPs you -defined in MetalLB's configuration. To see IP assignments, - - kubectl get services -o wide --all-namespaces | grep --color=never -E 'LoadBalancer|NAMESPACE' - -should be executed. - -To see the currently configured configuration for metallb run - - kubectl get configmaps --namespace {{ .Release.Namespace }} {{ include "metallb.configMapName" . }} -o yaml - -in your preferred shell. - -{{- if .Values.existingConfigMap }} -WARNING: you specified a ConfigMap that isn't managed by -Helm. LoadBalancer services will not function until you add that -ConfigMap to your cluster yourself. - -Ensure you put the configmap in place - - kubectl get configmaps --namespace {{ .Release.Namespace }} | grep --color=never -E "{{ include "metallb.configMapName" . }}|NAME" - -If it is missing create it with: - - kubectl create configmap {{ include "metallb.configMapName" . }} --namespace {{ .Release.Namespace }} --from-file=config -{{- end }} - -{{- if .Values.speaker.secretName }} -WARNING: you specified a secretName that isn't managed by -Helm. The MetalLB speakers will not join without the secret in place. - - kubectl get secrets --namespace {{ .Release.Namespace }} | grep --color=never -E "{{ include "metallb.speaker.secretName" .}}|NAME" - -If it is missing create it with: - - kubectl create secret {{ include "metallb.speaker.secretName" .}} --from-file={{ include "metallb.speaker.secretKey" . }} -{{- end }} \ No newline at end of file diff --git a/bitnami/metallb/templates/_helpers.tpl b/bitnami/metallb/templates/_helpers.tpl deleted file mode 100644 index 10b4e46..0000000 --- a/bitnami/metallb/templates/_helpers.tpl +++ /dev/null @@ -1,47 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Create the name of the controller service account to use -*/}} -{{- define "metallb.controllerServiceAccountName" -}} -{{ include "common.secrets.name" (dict "existingSecret" .Values.controller.serviceAccount.name "defaultNameSuffix" "controller" "context" $) }} -{{- end -}} - -{{/* -Create the name of the speaker service account to use -*/}} -{{- define "metallb.speakerServiceAccountName" -}} -{{ include "common.secrets.name" (dict "existingSecret" .Values.speaker.serviceAccount.name "defaultNameSuffix" "speaker" "context" $) }} -{{- end -}} - -{{/* -Create the name of the settings ConfigMap to use. -*/}} -{{- define "metallb.configMapName" -}} -{{ include "common.secrets.name" (dict "existingSecret" .Values.existingConfigMap "defaultNameSuffix" "config" "context" $) }} -{{- end -}} - -{{/* -Create the name of the member Secret to use. -*/}} -{{- define "metallb.speaker.secretName" -}} -{{ include "common.secrets.name" (dict "existingSecret" .Values.speaker.secretName "defaultNameSuffix" "memberlist" "context" $) }} -{{- end -}} - -{{/* -Create the key of the member Secret to use. -*/}} -{{- define "metallb.speaker.secretKey" -}} -{{ include "common.secrets.key" (dict "existingSecret" .Values.speaker.secretKey "key" "secretkey") }} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/metallb/templates/controller/configmap.yaml b/bitnami/metallb/templates/controller/configmap.yaml deleted file mode 100644 index 3f64eb0..0000000 --- a/bitnami/metallb/templates/controller/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.existingConfigMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "metallb.configMapName" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - config: | -{{ include "common.tplvalues.render" ( dict "value" .Values.configInline "context" $) | indent 4 }} -{{- end -}} diff --git a/bitnami/metallb/templates/controller/deployment.yaml b/bitnami/metallb/templates/controller/deployment.yaml deleted file mode 100644 index 0115c7b..0000000 --- a/bitnami/metallb/templates/controller/deployment.yaml +++ /dev/null @@ -1,101 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }}-controller - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: controller - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: controller - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.controller.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.controller.podAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "common.images.pullSecrets" (dict "images" (list .Values.speaker.image .Values.controller.image) "global" .Values.global) | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "metallb.controllerServiceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} - nodeSelector: - {{- if .Values.controller.nodeSelector }} - {{- include "common.tplvalues.render" (dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }} - {{- end }} - "kubernetes.io/os": linux - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.controller.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "controller" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "controller" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.controller.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName | quote }} - {{- end }} - containers: - - name: metallb-controller - image: {{ include "common.images.image" (dict "imageRoot" .Values.controller.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.controller.image.pullPolicy }} - args: - - --port={{ .Values.controller.containerPort.metrics }} - - --config={{ include "metallb.configMapName" . }} - ports: - - name: metrics - containerPort: {{ .Values.controller.containerPort.metrics }} - {{- if .Values.controller.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.controller.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.controller.securityContext.enabled }} - securityContext: - allowPrivilegeEscalation: {{ .Values.controller.securityContext.allowPrivilegeEscalation }} - readOnlyRootFilesystem: {{ .Values.controller.securityContext.readOnlyRootFilesystem }} - capabilities: - drop: {{- toYaml .Values.controller.securityContext.capabilities.drop | nindent 16 }} - {{- end }} - {{- if .Values.controller.resources }} - resources: {{- toYaml .Values.controller.resources | nindent 12 }} - {{- end }} - {{- if .Values.controller.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.controller.securityContext.runAsUser }} - fsGroup: {{ .Values.controller.securityContext.fsGroup }} - runAsNonRoot: {{ .Values.controller.securityContext.runAsNonRoot }} - {{- end }} diff --git a/bitnami/metallb/templates/controller/psp.yaml b/bitnami/metallb/templates/controller/psp.yaml deleted file mode 100644 index 726a494..0000000 --- a/bitnami/metallb/templates/controller/psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.psp.create .Values.controller.psp.create -}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "common.names.fullname" . }}-controller - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - allowPrivilegeEscalation: {{ .Values.controller.securityContext.allowPrivilegeEscalation }} - allowedCapabilities: [] - allowedHostPaths: [] - defaultAddCapabilities: [] - defaultAllowPrivilegeEscalation: {{ .Values.controller.securityContext.allowPrivilegeEscalation }} - fsGroup: - ranges: - - max: {{ .Values.controller.securityContext.fsGroup }} - min: {{ .Values.controller.securityContext.fsGroup }} - rule: MustRunAs - hostIPC: false - hostNetwork: false - hostPID: false - privileged: false - readOnlyRootFilesystem: {{ .Values.controller.securityContext.readOnlyRootFilesystem }} - requiredDropCapabilities: {{- toYaml .Values.controller.securityContext.capabilities.drop | nindent 2 }} - runAsUser: - ranges: - - max: {{ .Values.controller.securityContext.runAsUser }} - min: {{ .Values.controller.securityContext.runAsUser }} - rule: MustRunAs - seLinux: - rule: RunAsAny - supplementalGroups: - ranges: - - max: {{ .Values.controller.securityContext.runAsUser }} - min: {{ .Values.controller.securityContext.runAsUser }} - rule: MustRunAs - volumes: - - configMap - - secret - - emptyDir -{{- end -}} diff --git a/bitnami/metallb/templates/controller/rbac.yaml b/bitnami/metallb/templates/controller/rbac.yaml deleted file mode 100644 index 9a376ea..0000000 --- a/bitnami/metallb/templates/controller/rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- if and .Values.rbac.create .Values.controller.rbac.create -}} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ include "common.names.fullname" . }}-controller - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - '' - resources: - - services - verbs: - - get - - list - - watch - - update - - apiGroups: - - '' - resources: - - services/status - verbs: - - update - - apiGroups: - - '' - resources: - - events - verbs: - - create - - patch - - apiGroups: - - policy - resourceNames: - - {{ include "common.names.fullname" . }}-controller - resources: - - podsecuritypolicies - verbs: - - use ---- -## Role bindings -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ include "common.names.fullname" . }}-controller - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -subjects: - - kind: ServiceAccount - name: {{ include "metallb.controllerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "common.names.fullname" . }}-controller -{{- end -}} diff --git a/bitnami/metallb/templates/controller/service.yaml b/bitnami/metallb/templates/controller/service.yaml deleted file mode 100644 index c589c26..0000000 --- a/bitnami/metallb/templates/controller/service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.controller.prometheus.serviceMonitor.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-controller-metrics - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: "None" - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: controller - ports: - - name: metrics - port: {{ .Values.controller.containerPort.metrics }} - protocol: TCP - targetPort: {{ .Values.controller.containerPort.metrics }} -{{- end }} diff --git a/bitnami/metallb/templates/controller/serviceaccount.yaml b/bitnami/metallb/templates/controller/serviceaccount.yaml deleted file mode 100644 index 6aaaee6..0000000 --- a/bitnami/metallb/templates/controller/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.controller.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "metallb.controllerServiceAccountName" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/bitnami/metallb/templates/controller/servicemonitor.yaml b/bitnami/metallb/templates/controller/servicemonitor.yaml deleted file mode 100644 index 71c8171..0000000 --- a/bitnami/metallb/templates/controller/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.controller.prometheus.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-controller - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.controller.prometheus.serviceMonitor.jobLabel | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: controller - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: metrics - {{- if .Values.controller.prometheus.serviceMonitor.interval }} - interval: {{ .Values.controller.prometheus.serviceMonitor.interval }} - {{- end }} - {{- if .Values.controller.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: {{ toYaml .Values.controller.prometheus.serviceMonitor.metricRelabelings | nindent 4 }} - {{- end }} - {{- if .Values.controller.prometheus.serviceMonitor.relabelings }} - relabelings: {{ toYaml .Values.controller.prometheus.serviceMonitor.relabelings | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/bitnami/metallb/templates/networkpolicy.yaml b/bitnami/metallb/templates/networkpolicy.yaml deleted file mode 100644 index 880c0ab..0000000 --- a/bitnami/metallb/templates/networkpolicy.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "networkPolicy.apiVersion" . }} -metadata: - name: {{ include "common.names.fullname" . }}-controller - labels: - app.kubernetes.io/component: controller -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: controller - policyTypes: - - Ingress - ingress: - # Allow prometheus scrapes for metrics - - ports: - - port: {{ .Values.controller.containerPort.metrics }} - protocol: TCP - {{- if .Values.networkPolicy.ingressNSMatchLabels }} - from: - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/metallb/templates/prometheus/metallb.alerts.yaml b/bitnami/metallb/templates/prometheus/metallb.alerts.yaml deleted file mode 100644 index 4338501..0000000 --- a/bitnami/metallb/templates/prometheus/metallb.alerts.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.prometheusRule.enabled .Values.speaker.prometheus.serviceMonitor.enabled .Values.controller.prometheus.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - groups: - - name: {{ include "common.names.fullname" . }}.alerts - rules: - - alert: MetalLBStaleConfig - annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container_name }} on {{ $labels.instance - }} has a stale config for > 1 minute'`}} - expr: metallb_k8s_client_config_stale_bool{job="{{ include "common.names.name" . }}"} == 1 - for: 1m - labels: - severity: warning - - alert: MetalLBConfigNotLoaded - annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container_name }} on {{ $labels.instance - }} has not loaded for > 1 minute'`}} - expr: metallb_k8s_client_config_loaded_bool{job="{{ include "common.names.name" . }}"} == 0 - for: 1m - labels: - severity: warning -{{- end }} diff --git a/bitnami/metallb/templates/rbac.yaml b/bitnami/metallb/templates/rbac.yaml deleted file mode 100644 index daacd9b..0000000 --- a/bitnami/metallb/templates/rbac.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if and .Values.rbac.create (or .Values.controller.rbac.create .Values.speaker.rbac.create ) -}} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "common.names.fullname" . }}-config-watcher - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - '' - resources: - - configmaps - verbs: - - get - - list - - watch ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ include "common.names.fullname" . }}-config-watcher - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -subjects: -{{- if .Values.controller.rbac.create }} - - kind: ServiceAccount - name: {{ include "metallb.controllerServiceAccountName" . }} -{{- end }} -{{- if .Values.speaker.rbac.create }} - - kind: ServiceAccount - name: {{ include "metallb.speakerServiceAccountName" . }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "common.names.fullname" . }}-config-watcher -{{- end -}} diff --git a/bitnami/metallb/templates/speaker/daemonset.yaml b/bitnami/metallb/templates/speaker/daemonset.yaml deleted file mode 100644 index 9f548fa..0000000 --- a/bitnami/metallb/templates/speaker/daemonset.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "common.names.fullname" . }}-speaker - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: speaker - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: speaker - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.speaker.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.speaker.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "common.images.pullSecrets" (dict "images" (list .Values.speaker.image .Values.controller.image) "global" .Values.global) | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "metallb.speakerServiceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.speaker.daemonset.terminationGracePeriodSeconds }} - hostNetwork: true - {{- if .Values.speaker.initContainers }} - initContainers: - {{- include "common.tplvalues.render" (dict "value" .Values.speaker.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.speaker.priorityClassName }} - priorityClassName: {{ .Values.speaker.priorityClassName | quote }} - {{- end }} - containers: - - name: metallb-speaker - image: {{ include "common.images.image" (dict "imageRoot" .Values.speaker.image "global" .Values.global) }} - imagePullPolicy: {{ .Values.speaker.image.pullPolicy }} - args: - - --port={{ .Values.speaker.daemonset.hostPorts.metrics }} - - --config={{ include "metallb.configMapName" . }} - env: - - name: METALLB_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: METALLB_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: METALLB_ML_BIND_ADDR - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: METALLB_ML_LABELS - value: "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=speaker" - - name: METALLB_ML_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: METALLB_ML_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ include "metallb.speaker.secretName" . }} - key: {{ include "metallb.speaker.secretKey" . }} - {{- if .Values.speaker.extraEnvVars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVars "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - envFrom: - - secretRef: - name: {{ include "common.tplvalues.render" ( dict "value" .Values.speaker.extraEnvVarsSecret "context" $ ) }} - {{- end }} - ports: - - name: metrics - containerPort: {{ .Values.speaker.daemonset.hostPorts.metrics }} - {{- if .Values.speaker.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.speaker.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.speaker.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.speaker.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.speaker.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.speaker.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.speaker.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.speaker.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.speaker.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.speaker.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.speaker.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.speaker.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.speaker.resources }} - resources: {{- toYaml .Values.speaker.resources | nindent 12 }} - {{- end }} - {{- if .Values.speaker.securityContext.enabled }} - securityContext: - runAsUser: {{ .Values.speaker.securityContext.runAsUser }} - allowPrivilegeEscalation: {{ .Values.speaker.securityContext.allowPrivilegeEscalation }} - readOnlyRootFilesystem: {{ .Values.speaker.securityContext.readOnlyRootFilesystem }} - capabilities: - drop: {{- toYaml .Values.speaker.securityContext.capabilities.drop | nindent 16 }} - add: {{- toYaml .Values.speaker.securityContext.capabilities.add | nindent 16 }} - {{- end }} - nodeSelector: - {{- if .Values.speaker.nodeSelector }} - {{- include "common.tplvalues.render" (dict "value" .Values.speaker.nodeSelector "context" $) | nindent 8 }} - {{- end }} - "kubernetes.io/os": linux - {{- if .Values.speaker.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.affinity "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.speaker.tolerations}} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.speaker.tolerations "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/metallb/templates/speaker/psp.yaml b/bitnami/metallb/templates/speaker/psp.yaml deleted file mode 100644 index 30a7a0c..0000000 --- a/bitnami/metallb/templates/speaker/psp.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if and .Values.psp.create .Values.speaker.psp.create -}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "common.names.fullname" . }}-speaker - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - allowPrivilegeEscalation: {{ .Values.speaker.securityContext.allowPrivilegeEscalation }} - allowedCapabilities: {{- toYaml .Values.speaker.securityContext.capabilities.add | nindent 2 }} - allowedHostPaths: [] - defaultAddCapabilities: {{- toYaml .Values.speaker.securityContext.capabilities.add | nindent 2 }} - defaultAllowPrivilegeEscalation: {{ .Values.speaker.securityContext.allowPrivilegeEscalation }} - fsGroup: - rule: RunAsAny - hostIPC: false - hostNetwork: true - hostPID: false - hostPorts: - - max: {{ .Values.speaker.daemonset.hostPorts.metrics }} - min: {{ .Values.speaker.daemonset.hostPorts.metrics }} - privileged: true - readOnlyRootFilesystem: {{ .Values.speaker.securityContext.readOnlyRootFilesystem }} - requiredDropCapabilities: {{- toYaml .Values.speaker.securityContext.capabilities.drop | nindent 2 }} - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - secret - - emptyDir -{{- end -}} diff --git a/bitnami/metallb/templates/speaker/rbac.yaml b/bitnami/metallb/templates/speaker/rbac.yaml deleted file mode 100644 index 0492daa..0000000 --- a/bitnami/metallb/templates/speaker/rbac.yaml +++ /dev/null @@ -1,102 +0,0 @@ -{{- if and .Values.rbac.create .Values.speaker.rbac.create -}} ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ include "common.names.fullname" . }}-speaker - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - '' - resources: - - services - - endpoints - - nodes - verbs: - - get - - list - - watch - - apiGroups: - - '' - resources: - - events - verbs: - - create - - patch - - apiGroups: - - policy - resourceNames: - - {{ include "common.names.fullname" . }}-speaker - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "common.names.fullname" . }}-pod-lister - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - '' - resources: - - pods - verbs: - - list ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ include "common.names.fullname" . }}-speaker - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -subjects: - - kind: ServiceAccount - name: {{ include "metallb.speakerServiceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "common.names.fullname" . }}-speaker ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ include "common.names.fullname" . }}-pod-lister - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "common.names.fullname" . }}-pod-lister -subjects: - - kind: ServiceAccount - name: {{ include "metallb.speakerServiceAccountName" . }} -{{- end -}} diff --git a/bitnami/metallb/templates/speaker/secret.yaml b/bitnami/metallb/templates/speaker/secret.yaml deleted file mode 100644 index 7bce190..0000000 --- a/bitnami/metallb/templates/speaker/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if not .Values.speaker.secretName }} -apiVersion: v1 -data: - {{ include "metallb.speaker.secretKey" . }}: {{ include "common.secrets.passwords.manage" (dict "secret" ( include "metallb.speaker.secretName" .) "key" ( include "metallb.speaker.secretKey" .) "providedValues" (list "speaker.secretValue") "length" 256 "context" $) }} -kind: Secret -metadata: - name: {{ include "metallb.speaker.secretName" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook": "pre-install" - "helm.sh/hook-delete-policy": "before-hook-creation" - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/metallb/templates/speaker/service.yaml b/bitnami/metallb/templates/speaker/service.yaml deleted file mode 100644 index a6d9bf0..0000000 --- a/bitnami/metallb/templates/speaker/service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.speaker.prometheus.serviceMonitor.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-speaker-metrics - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: "None" - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: speaker - ports: - - name: metrics - port: {{ .Values.speaker.daemonset.hostPorts.metrics }} - protocol: TCP - targetPort: {{ .Values.speaker.daemonset.hostPorts.metrics }} -{{- end }} diff --git a/bitnami/metallb/templates/speaker/serviceaccount.yaml b/bitnami/metallb/templates/speaker/serviceaccount.yaml deleted file mode 100644 index 9e46135..0000000 --- a/bitnami/metallb/templates/speaker/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.speaker.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "metallb.speakerServiceAccountName" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/bitnami/metallb/templates/speaker/servicemonitor.yaml b/bitnami/metallb/templates/speaker/servicemonitor.yaml deleted file mode 100644 index 3bb4dab..0000000 --- a/bitnami/metallb/templates/speaker/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.speaker.prometheus.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-speaker - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: speaker - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.speaker.prometheus.serviceMonitor.jobLabel | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: speaker - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: metrics - {{- if .Values.speaker.prometheus.serviceMonitor.interval }} - interval: {{ .Values.speaker.prometheus.serviceMonitor.interval }} - {{- end }} - {{- if .Values.speaker.prometheus.serviceMonitor.metricRelabelings }} - metricRelabelings: {{ toYaml .Values.speaker.prometheus.serviceMonitor.metricRelabelings | nindent 4 }} - {{- end }} - {{- if .Values.speaker.prometheus.serviceMonitor.relabelings }} - relabelings: {{ toYaml .Values.speaker.prometheus.serviceMonitor.relabelings | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/metallb/values.yaml b/bitnami/metallb/values.yaml deleted file mode 100644 index e928d09..0000000 --- a/bitnami/metallb/values.yaml +++ /dev/null @@ -1,496 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param nameOverride String to partially override metallb.fullname include (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override metallb.fullname template -## -fullnameOverride: "" -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param commonAnnotations Add annotations to all the deployed resources -## -commonAnnotations: {} - -## @section MetalLB parameters - -## To configure MetalLB, you must specify ONE of the following two -## options. -## @param existingConfigMap Specify the name of an externally-defined ConfigMap to use as the configuration. This is mutually exclusive with the `configInline` option. -## Helm will not manage the contents of this ConfigMap, it is your responsibility to create it. -## e.g: -## existingConfigMap: metallb-config -## -existingConfigMap: "" -## @param configInline Specifies MetalLB's configuration directly, in yaml format. -## When configInline is used, Helm manages MetalLB's -## configuration ConfigMap as part of the release, and -## existingConfigMap is ignored. -## Refer to https://metallb.universe.tf/configuration/ for -## available options. -## -configInline: {} -## RBAC creation for controller and speaker -## -rbac: - ## @param rbac.create Specifies whether to install and use RBAC rules - ## - create: true -## PSP creation for controller and speaker -## -psp: - ## @param psp.create create specifies whether to install Pod Security Policies. - ## - create: false -## Prometheus Operator alertmanager alerts -## -networkPolicy: - ## @param networkPolicy.enabled Enable NetworkPolicy - ## Prometheus scraping of the controller - ## - enabled: false - ## @param networkPolicy.ingressNSMatchLabels Allow connections from other namespaces - ## Set label for namespace and pods (optional). - ## - ingressNSMatchLabels: {} - ## @param networkPolicy.ingressNSPodMatchLabels For other namespaces match by pod labels and namespace labels - ## - ingressNSPodMatchLabels: {} -## @param prometheusRule.enabled Prometheus Operator alertmanager alerts are created -## -prometheusRule: - enabled: false - -## @section Controller parameters - -## Metallb Controller deployment. -## ref: https://hub.docker.com/r/bitnami/metallb-controller/tags -## -controller: - ## @param controller.image.registry MetalLB Controller image registry - ## @param controller.image.repository MetalLB Controller image repository - ## @param controller.image.tag MetalLB Controller image tag (immutable tags are recommended) - ## @param controller.image.pullPolicy MetalLB Controller image pull policy - ## @param controller.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/metallb-controller - tag: 0.10.2-debian-10-r94 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param controller.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## If global .Values.rbac.create is disabled no rbac is created. - ## This value is then meaningless - ## Defines if the controller rbac should be created. - ## - rbac: - ## @param controller.rbac.create create specifies whether to install and use RBAC rules. - ## - create: true - ## If global .Values.psp.create is disabled no psp is created. - ## This value is then meaningless - ## Defines if the controller psp should be created. - ## - psp: - ## @param controller.psp.create create specifies whether to install Pod Security Policies. - ## - create: true - ## @param controller.priorityClassName Set pod priorityClassName - ## - priorityClassName: "" - ## Controller container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param controller.resources.limits The resources limits for the container - ## @param controller.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 100Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 25m - ## memory: 25Mi - requests: {} - ## @param controller.nodeSelector Node labels for controller pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param controller.tolerations Tolerations for controller pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param controller.affinity Affinity for controller pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## @param controller.podAnnotations Controller Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param controller.podLabels Controller Pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param controller.podAffinityPreset Controller Pod affinitypreset. Allowed values: soft, hard - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param controller.podAntiAffinityPreset Controller Pod anti affinitypreset. Allowed values: soft, hard - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## @param controller.nodeAffinityPreset.type Controller Pod Node affinity preset. Allowed values: soft, hard - ## - type: "" - ## @param controller.nodeAffinityPreset.key Controller Pod Node affinity label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param controller.nodeAffinityPreset.values Controller Pod Node affinity label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - serviceAccount: - ## @param controller.serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param controller.serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template - ## - name: "" - ## Pod securityContext - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param controller.securityContext.enabled Enable pods' security context - ## @param controller.securityContext.runAsNonRoot MetalLB Controller must runs as nonRoot. - ## @param controller.securityContext.runAsUser User ID for the pods. - ## @param controller.securityContext.fsGroup Group ID for the pods. - ## @param controller.securityContext.allowPrivilegeEscalation This defines if privilegeEscalation is allowed on that container - ## @param controller.securityContext.readOnlyRootFilesystem This defines if the container can read the root fs on the host - ## @param controller.securityContext.capabilities.drop [array] Drop capabilities for the securityContext - ## - securityContext: - enabled: true - runAsNonRoot: true - runAsUser: 1001 - fsGroup: 1001 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - ## @param controller.revisionHistoryLimit Configure the revisionHistoryLimit of the Controller deployment - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#revision-history-limit - ## - revisionHistoryLimit: 3 - ## @param controller.terminationGracePeriodSeconds Configure the grace time period for sig term - ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution - ## - terminationGracePeriodSeconds: 0 - ## @param controller.containerPort.metrics Configures the ports the MetalLB Controller listens on for metrics - ## - containerPort: - metrics: 7472 - ## Liveness probe values - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param controller.livenessProbe.enabled Enable livenessProbe - ## @param controller.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param controller.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param controller.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param controller.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param controller.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## Readiness probe values - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param controller.readinessProbe.enabled Enable readinessProbe - ## @param controller.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param controller.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param controller.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param controller.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param controller.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - prometheus: - ## Prometheus Operator service monitors - ## - serviceMonitor: - ## @param controller.prometheus.serviceMonitor.enabled Specify if a servicemonitor will be deployed for prometheus-operator - ## - enabled: false - ## @param controller.prometheus.serviceMonitor.jobLabel Specify the jobLabel to use for the prometheus-operator - ## - jobLabel: "app.kubernetes.io/name" - ## @param controller.prometheus.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used - ## - interval: "" - ## @param controller.prometheus.serviceMonitor.metricRelabelings Specify additional relabeling of metrics - ## - metricRelabelings: [] - ## @param controller.prometheus.serviceMonitor.relabelings Specify general relabeling - ## - relabelings: [] - -## @section Speaker parameters - -## Metallb Speaker daemonset. -## ref: https://hub.docker.com/r/bitnami/metallb-speaker/tags -## -speaker: - ## @param speaker.image.registry MetalLB Speaker image registry - ## @param speaker.image.repository MetalLB Speaker image repository - ## @param speaker.image.tag MetalLB Speaker image tag (immutable tags are recommended) - ## @param speaker.image.pullPolicy MetalLB Speaker image pull policy - ## @param speaker.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/metallb-speaker - tag: 0.10.2-debian-10-r98 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## If global .Values.rbac.create is disabled no rbac is created. - ## This value is then meaningless - ## Defines if the speaker rbac should be created. - ## - rbac: - ## @param speaker.rbac.create create specifies whether to install and use RBAC rules. - ## - create: true - ## @param speaker.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## If global .Values.psp.create is disabled no psp is created. - ## This value is then meaningless - ## Defines if the speaker psp should be created. - ## - psp: - ## @param speaker.psp.create create specifies whether to install Pod Security Policies. - ## - create: true - ## @param speaker.priorityClassName Set pod priorityClassName. - ## - priorityClassName: "" - ## Speaker container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param speaker.resources.limits The resources limits for the container - ## @param speaker.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 100Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 25m - ## memory: 25Mi - requests: {} - ## @param speaker.nodeSelector Node labels for speaker pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param speaker.tolerations Tolerations for speaker pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param speaker.affinity Affinity for speaker pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - ## @param speaker.podAnnotations Speaker Pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param speaker.podLabels Speaker Pod labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - serviceAccount: - ## @param speaker.serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param speaker.serviceAccount.name The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template - ## - name: "" - ## Daemonset configuration - ## - daemonset: - ## @param speaker.daemonset.terminationGracePeriodSeconds Configure the grace time period for sig term - ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution - ## - terminationGracePeriodSeconds: 2 - ## @param speaker.daemonset.hostPorts.metrics HTTP Metrics Endpoint - ## - hostPorts: - metrics: 7472 - ## Defines a secret to use outside of the auto generate - ## @param speaker.secretName References a Secret name for the member secret outside of the helm chart - ## @param speaker.secretKey References a Secret key the member secret outside of the helm chart - ## @param speaker.secretValue Custom value for `speaker.secretKey` - ## Default: {{ randAlphaNum 256 | b64enc | quote }} - ## The auto generated secret has: - ## secretName: {{ "common.names.fullname" }}-memberlist - ## secretKey: secretkey - ## secretValue: random 256 character alphanumeric string - ## - secretName: "" - secretKey: "" - secretValue: "" - ## @param speaker.initContainers Extra initContainers to add to the daemonset - ## - initContainers: [] - ## Pod securityContext - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param speaker.securityContext.enabled Enable pods' security context - ## @param speaker.securityContext.runAsUser User ID for the pods. - ## @param speaker.securityContext.allowPrivilegeEscalation Enables privilege Escalation context for the pod. - ## @param speaker.securityContext.readOnlyRootFilesystem Allows the pod to mount the RootFS as ReadOnly - ## @param speaker.securityContext.capabilities.drop [array] Drop capabilities for the securityContext - ## @param speaker.securityContext.capabilities.add [array] Add capabilities for the securityContext - ## - securityContext: - enabled: true - runAsUser: 0 - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - add: - - NET_ADMIN - - NET_RAW - - SYS_ADMIN - ## @param speaker.extraEnvVars Extra environment variable to pass to the running container. - ## For example: - ## extraEnvVars: - ## - name: MY_ENV_VAR - ## value: env_var_value - ## - extraEnvVars: [] - ## Liveness probe values - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param speaker.livenessProbe.enabled Enable livenessProbe - ## @param speaker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param speaker.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param speaker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param speaker.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param speaker.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - ## Readiness probe values - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param speaker.readinessProbe.enabled Enable readinessProbe - ## @param speaker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param speaker.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param speaker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param speaker.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param speaker.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - prometheus: - ## Prometheus Operator service monitors - ## - serviceMonitor: - ## @param speaker.prometheus.serviceMonitor.enabled Enable support for Prometheus Operator - ## - enabled: false - ## @param speaker.prometheus.serviceMonitor.jobLabel Job label for scrape target - ## - jobLabel: "app.kubernetes.io/name" - ## @param speaker.prometheus.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used - ## - interval: "" - ## @param speaker.prometheus.serviceMonitor.metricRelabelings Specify additional relabeling of metrics - ## - metricRelabelings: [] - ## @param speaker.prometheus.serviceMonitor.relabelings Specify general relabeling - ## - relabelings: [] diff --git a/bitnami/metrics-server/Chart.lock b/bitnami/metrics-server/Chart.lock deleted file mode 100644 index ff7ae7a..0000000 --- a/bitnami/metrics-server/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-23T17:46:42.905258912Z" diff --git a/bitnami/metrics-server/Chart.yaml b/bitnami/metrics-server/Chart.yaml deleted file mode 100644 index 55b5460..0000000 --- a/bitnami/metrics-server/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - category: Analytics -apiVersion: v2 -appVersion: 0.5.1 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Metrics Server is a cluster-wide aggregator of resource usage data. Metrics Server collects metrics from the Summary API, exposed by Kubelet on each node. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/metrics-server -icon: https://bitnami.com/assets/stacks/metrics-server/img/metrics-server-stack-220x234.png -keywords: - - metrics-server - - cluster - - metrics -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: metrics-server -sources: - - https://github.com/bitnami/bitnami-docker-metrics-server - - https://github.com/kubernetes-incubator/metrics-server -version: 5.10.3 diff --git a/bitnami/metrics-server/README.md b/bitnami/metrics-server/README.md deleted file mode 100644 index 2fd00bf..0000000 --- a/bitnami/metrics-server/README.md +++ /dev/null @@ -1,201 +0,0 @@ -# Metrics Server - -[Metrics Server](https://github.com/kubernetes-incubator/metrics-server) is a cluster-wide aggregator of resource usage data. Metrics Server collects metrics from the Summary API, exposed by Kubelet on each node. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/metrics-server -``` - -## Introduction - -This chart bootstraps a [Metrics Server](https://github.com/bitnami/bitnami-docker-metrics-server) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/metrics-server -``` - -These commands deploy Metrics Server on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------------------------------------------------- | ----- | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | - - -### Metrics Server parameters - -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------ | -| `image.registry` | Metrics Server image registry | `docker.io` | -| `image.repository` | Metrics Server image repository | `bitnami/metrics-server` | -| `image.tag` | Metrics Server image tag (immutable tags are recommended) | `0.5.1-debian-10-r0` | -| `image.pullPolicy` | Metrics Server image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Metrics Server image pull secrets | `[]` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `replicas` | Number of metrics-server nodes to deploy | `1` | -| `updateStrategy.type` | Set up update strategy for metrics-server installation. | `RollingUpdate` | -| `rbac.create` | Enable RBAC authentication | `true` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account | `true` | -| `apiService.create` | Specifies whether the v1beta1.metrics.k8s.io API service should be created. You can check if it is needed with `kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes"`. | `false` | -| `securePort` | Port where metrics-server will be running | `8443` | -| `hostNetwork` | Enable hostNetwork mode | `false` | -| `command` | Override default container command (useful when using custom images) | `["metrics-server"]` | -| `extraArgs` | Extra arguments to pass to metrics-server on start up | `{}` | -| `podLabels` | Pod labels | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `priorityClassName` | Priority class for pod scheduling | `""` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `podDisruptionBudget.enabled` | Create a PodDisruptionBudget | `false` | -| `podDisruptionBudget.minAvailable` | Minimum available instances | `""` | -| `podDisruptionBudget.maxUnavailable` | Maximum unavailable instances | `""` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `topologySpreadConstraints` | Topology spread constraints for pod | `[]` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | Kubernetes Service port | `443` | -| `service.nodePort` | Kubernetes Service port | `""` | -| `service.loadBalancerIP` | LoadBalancer IP if Service type is `LoadBalancer` | `""` | -| `service.annotations` | Annotations for the Service | `{}` | -| `service.labels` | Labels for the Service | `{}` | -| `resources.limits` | The resources limits for the container | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.httpGet.path` | Request path for livenessProbe | `/livez` | -| `livenessProbe.httpGet.port` | Port for livenessProbe | `https` | -| `livenessProbe.httpGet.scheme` | Scheme for livenessProbe | `HTTPS` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.httpGet.path` | Request path for readinessProbe | `/readyz` | -| `readinessProbe.httpGet.port` | Port for readinessProbe | `https` | -| `readinessProbe.httpGet.scheme` | Scheme for livenessProbe | `HTTPS` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `customLivenessProbe` | Custom Liveness probes for metrics-server | `{}` | -| `customReadinessProbe` | Custom Readiness probes metrics-server | `{}` | -| `containerSecurityContext.enabled` | Enable Container security context | `true` | -| `containerSecurityContext.readOnlyRootFilesystem` | ReadOnlyRootFilesystem for the container | `false` | -| `containerSecurityContext.runAsNonRoot` | Run containers as non-root users | `true` | -| `podSecurityContext.enabled` | Pod security context | `false` | -| `extraVolumes` | Extra volumes | `[]` | -| `extraVolumeMounts` | Mount extra volume(s) | `[]` | -| `extraContainers` | Extra containers to run within the pod | `{}` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set rbac.create=true bitnami/metrics-server -``` - -The above command enables RBAC authentication. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/metrics-server -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Enable RBAC security - -In order to enable Role-Based Access Control (RBAC) for Metrics Server, use the following parameter: `rbac.create=true`. - -### Set Pod affinity - -This chart allows you to set custom Pod affinity using the `affinity` parameter. Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 5.2.0 - -This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 5.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/metrics-server/administration/upgrade-helm3/). - -### To 4.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 4.0.0. The following example assumes that the release name is metrics-server: - -```console -$ kubectl delete deployment metrics-server --cascade=false -$ helm upgrade metrics-server bitnami/metrics-server -``` - -### To 2.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 2.0.0. The following example assumes that the release name is metrics-server: - -```console -$ kubectl patch deployment metrics-server --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` diff --git a/bitnami/metrics-server/ci/ct-values.yaml b/bitnami/metrics-server/ci/ct-values.yaml deleted file mode 100644 index 68f4924..0000000 --- a/bitnami/metrics-server/ci/ct-values.yaml +++ /dev/null @@ -1 +0,0 @@ -values-with-rbac.yaml \ No newline at end of file diff --git a/bitnami/metrics-server/ci/values-with-rbac.yaml b/bitnami/metrics-server/ci/values-with-rbac.yaml deleted file mode 100644 index 4a3b80f..0000000 --- a/bitnami/metrics-server/ci/values-with-rbac.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct - -rbac: - create: true - -serviceAccount: - create: true - -extraArgs: - kubelet-insecure-tls: true - kubelet-preferred-address-types: InternalIP diff --git a/bitnami/metrics-server/templates/NOTES.txt b/bitnami/metrics-server/templates/NOTES.txt deleted file mode 100644 index b803c8b..0000000 --- a/bitnami/metrics-server/templates/NOTES.txt +++ /dev/null @@ -1,30 +0,0 @@ -** Please be patient while the chart is being deployed ** - -The metric server has been deployed. -{{ if or .Values.apiService.create (.Capabilities.APIVersions.Has "metrics.k8s.io/v1beta1") }} -In a few minutes you should be able to list metrics using the following -command: - - kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes" -{{ else }} -######################################################################################## -### ERROR: The metrics.k8s.io/v1beta1 API service is not enabled in the cluster ### -######################################################################################## -You have disabled the API service creation for this release. As the Kubernetes version in the cluster -does not have metrics.k8s.io/v1beta1, the metrics API will not work with this release unless: - -Option A: - - You complete your metrics-server release by running: - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/metrics-server \ - --set apiService.create=true - -Option B: - - You configure the metrics API service outside of this Helm chart -{{- end -}} - -{{- include "metrics-server.validateValues" . }} -{{- include "metrics-server.checkRollingTags" . }} - diff --git a/bitnami/metrics-server/templates/_helpers.tpl b/bitnami/metrics-server/templates/_helpers.tpl deleted file mode 100644 index d7c8e04..0000000 --- a/bitnami/metrics-server/templates/_helpers.tpl +++ /dev/null @@ -1,56 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "metrics-server.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Return the proper metrics-server image name -*/}} -{{- define "metrics-server.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "metrics-server.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image ) "global" .Values.global) -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "metrics-server.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "metrics-server.validateValues.extraVolumes" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of metrics-server - Incorrect extra volume settings */}} -{{- define "metrics-server.validateValues.extraVolumes" -}} -{{- if and (.Values.extraVolumes) (not .Values.extraVolumeMounts) -}} -metrics-server: missing-extra-volume-mounts - You specified extra volumes but not mount points for them. Please set - the extraVolumeMounts value -{{- end -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "metrics-server.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- end -}} diff --git a/bitnami/metrics-server/templates/auth-delegator-crb.yaml b/bitnami/metrics-server/templates/auth-delegator-crb.yaml deleted file mode 100644 index 32928e0..0000000 --- a/bitnami/metrics-server/templates/auth-delegator-crb.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ include "common.names.fullname" . }}-auth-delegator - namespace: kube-system - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: - - kind: ServiceAccount - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/bitnami/metrics-server/templates/cluster-role.yaml b/bitnami/metrics-server/templates/cluster-role.yaml deleted file mode 100644 index b583992..0000000 --- a/bitnami/metrics-server/templates/cluster-role.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - pods - - nodes - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes/stats - verbs: - - get - - create ---- -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: {{ include "common.names.fullname" . }}-view -rules: - - apiGroups: - - metrics.k8s.io - resources: - - pods - - nodes - verbs: - - get - - list - - watch -{{- end -}} diff --git a/bitnami/metrics-server/templates/deployment.yaml b/bitnami/metrics-server/templates/deployment.yaml deleted file mode 100644 index 0bd4328..0000000 --- a/bitnami/metrics-server/templates/deployment.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $) | nindent 4 }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "metrics-server.imagePullSecrets" . | nindent 6 }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - serviceAccountName: {{ template "metrics-server.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.hostNetwork }} - hostNetwork: true - {{- end }} - containers: - {{- if .Values.extraContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraContainers "context" $) | nindent 8 }} - {{- end }} - - name: metrics-server - image: {{ template "metrics-server.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - ports: - - name: https - containerPort: {{ .Values.securePort }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - args: - - --secure-port={{ .Values.securePort }} - {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - volumeMounts: {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.extraVolumes }} - volumes: {{- toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} diff --git a/bitnami/metrics-server/templates/metrics-api-service.yaml b/bitnami/metrics-server/templates/metrics-api-service.yaml deleted file mode 100644 index b6530fa..0000000 --- a/bitnami/metrics-server/templates/metrics-api-service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.apiService.create -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) }} -apiVersion: apiregistration.k8s.io/v1beta1 -{{- else }} -apiVersion: apiregistration.k8s.io/v1 -{{- end }} -kind: APIService -metadata: - name: v1beta1.metrics.k8s.io - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - service: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - group: metrics.k8s.io - version: v1beta1 - insecureSkipTLSVerify: true - groupPriorityMinimum: 100 - versionPriority: 100 -{{- end -}} diff --git a/bitnami/metrics-server/templates/metrics-server-crb.yaml b/bitnami/metrics-server/templates/metrics-server-crb.yaml deleted file mode 100644 index ede287a..0000000 --- a/bitnami/metrics-server/templates/metrics-server-crb.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/bitnami/metrics-server/templates/pdb.yaml b/bitnami/metrics-server/templates/pdb.yaml deleted file mode 100644 index 964203d..0000000 --- a/bitnami/metrics-server/templates/pdb.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.podDisruptionBudget.enabled -}} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end -}} diff --git a/bitnami/metrics-server/templates/role-binding.yaml b/bitnami/metrics-server/templates/role-binding.yaml deleted file mode 100644 index 9cf00a4..0000000 --- a/bitnami/metrics-server/templates/role-binding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ printf "%s-auth-reader" (include "common.names.fullname" .) }} - namespace: kube-system - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: - - kind: ServiceAccount - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/bitnami/metrics-server/templates/serviceaccount.yaml b/bitnami/metrics-server/templates/serviceaccount.yaml deleted file mode 100644 index 2c2acd7..0000000 --- a/bitnami/metrics-server/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- end -}} diff --git a/bitnami/metrics-server/templates/svc.yaml b/bitnami/metrics-server/templates/svc.yaml deleted file mode 100644 index e81c869..0000000 --- a/bitnami/metrics-server/templates/svc.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.service.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.labels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and (not (empty .Values.service.loadBalancerIP)) (eq .Values.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: https - port: {{ .Values.service.port }} - protocol: TCP - targetPort: https - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} - nodePort: {{ .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/metrics-server/values.yaml b/bitnami/metrics-server/values.yaml deleted file mode 100644 index 1e783a4..0000000 --- a/bitnami/metrics-server/values.yaml +++ /dev/null @@ -1,317 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" - -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} - -## @param commonAnnotations Add annotations to all the deployed resources -## -commonAnnotations: {} - -## @section Metrics Server parameters - -## Bitnami Metrics Server image version -## ref: https://hub.docker.com/r/bitnami/metrics-server/tags/ -## @param image.registry Metrics Server image registry -## @param image.repository Metrics Server image repository -## @param image.tag Metrics Server image tag (immutable tags are recommended) -## @param image.pullPolicy Metrics Server image pull policy -## @param image.pullSecrets Metrics Server image pull secrets -## -image: - registry: docker.io - repository: bitnami/metrics-server - tag: 0.5.1-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - -## @param hostAliases Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param replicas Number of metrics-server nodes to deploy -## -replicas: 1 -## @param updateStrategy.type Set up update strategy for metrics-server installation. -## Set to Recreate if you use persistent volume that cannot be mounted by more than one pods to make sure the pods is destroyed first. -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## Example: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## @param rbac.create Enable RBAC authentication - ## - create: true -## Pods Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param serviceAccount.name The name of the ServiceAccount to create - ## If not set and create is true, a name is generated using the common.names.fullname template - name: "" - ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server - ## - automountServiceAccountToken: true -## API service parameters -## -apiService: - ## @param apiService.create Specifies whether the v1beta1.metrics.k8s.io API service should be created. You can check if it is needed with `kubectl get --raw "/apis/metrics.k8s.io/v1beta1/nodes"`. - ## This is still necessary up to at least k8s version >= 1.21, but depends on vendors and cloud providers. - ## - create: false -## @param securePort Port where metrics-server will be running -## -securePort: 8443 -## @param hostNetwork Enable hostNetwork mode -## You would require this enabled if you use alternate overlay networking for pods and -## API server unable to communicate with metrics-server. As an example, this is required -## if you use Weave network on EKS -## -hostNetwork: false -## @param command Override default container command (useful when using custom images) -## -command: ["metrics-server"] -## @param extraArgs Extra arguments to pass to metrics-server on start up -## ref: https://github.com/kubernetes-incubator/metrics-server/blob/master/README.md#flags -## -## extraArgs: -## kubelet-insecure-tls: true -## kubelet-preferred-address-types: InternalIP -## -extraArgs: {} -## @param podLabels Pod labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param priorityClassName Priority class for pod scheduling -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -priorityClassName: "" -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Pod disruption budget -## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets -## @param podDisruptionBudget.enabled Create a PodDisruptionBudget -## @param podDisruptionBudget.minAvailable Minimum available instances -## @param podDisruptionBudget.maxUnavailable Maximum unavailable instances -## -podDisruptionBudget: - enabled: false - minAvailable: "" - maxUnavailable: "" -## Node affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param topologySpreadConstraints Topology spread constraints for pod -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints -## -topologySpreadConstraints: [] -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## Metrics Server K8s svc properties -## -service: - ## @param service.type Kubernetes Service type - ## - type: ClusterIP - ## @param service.port Kubernetes Service port - ## - port: 443 - ## @param service.nodePort Kubernetes Service port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## e.g: - ## nodePort: 30001 - ## - nodePort: "" - ## @param service.loadBalancerIP LoadBalancer IP if Service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param service.annotations Annotations for the Service - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - ## @param service.labels Labels for the Service - ## have metrics-server show up in `kubectl cluster-info` - ## kubernetes.io/cluster-service: "true" - ## kubernetes.io/name: "Metrics-server" - ## - labels: {} -## Metric Server containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the container -## @param resources.requests The requested resources for the container -## -resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.httpGet.path Request path for livenessProbe -## @param livenessProbe.httpGet.port Port for livenessProbe -## @param livenessProbe.httpGet.scheme Scheme for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## -livenessProbe: - enabled: true - failureThreshold: 3 - httpGet: - path: /livez - port: https - scheme: HTTPS - periodSeconds: 10 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.httpGet.path Request path for readinessProbe -## @param readinessProbe.httpGet.port Port for readinessProbe -## @param readinessProbe.httpGet.scheme Scheme for livenessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## -readinessProbe: - enabled: true - failureThreshold: 3 - httpGet: - path: /readyz - port: https - scheme: HTTPS - periodSeconds: 10 -## @param customLivenessProbe Custom Liveness probes for metrics-server -## -customLivenessProbe: {} -## @param customReadinessProbe Custom Readiness probes metrics-server -## -customReadinessProbe: {} -## Container security context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable Container security context -## @param containerSecurityContext.readOnlyRootFilesystem ReadOnlyRootFilesystem for the container -## @param containerSecurityContext.runAsNonRoot Run containers as non-root users -## -containerSecurityContext: - enabled: true - readOnlyRootFilesystem: false - runAsNonRoot: true -## Pod security context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Pod security context -## -podSecurityContext: - enabled: false -## Extra volumes to mount -## @param extraVolumes Extra volumes -## @param extraVolumeMounts Mount extra volume(s) -## Example Use Case: mount an `emptyDir` to allow running with a `readOnlyRootFilesystem: true` -## extraVolumes: -## - name: tmpdir -## emptyDir: {} -## -extraVolumes: [] -## extraVolumeMounts: -## - name: tmpdir -## mountPath: /tmp -## -extraVolumeMounts: [] -## @param extraContainers Extra containers to run within the pod -## -extraContainers: {} diff --git a/bitnami/moodle/.helmignore b/bitnami/moodle/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/moodle/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/moodle/Chart.lock b/bitnami/moodle/Chart.lock deleted file mode 100644 index faf0419..0000000 --- a/bitnami/moodle/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.5.1 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.8.0 -digest: sha256:17fc436cc41084463d1cef3e3cc5a3a917c02868677d5f4c2bc609a9f195d44d -generated: "2021-09-12T13:01:38.288069075Z" diff --git a/bitnami/moodle/Chart.yaml b/bitnami/moodle/Chart.yaml deleted file mode 100644 index 6a6263f..0000000 --- a/bitnami/moodle/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - category: E-Learning -apiVersion: v2 -appVersion: 3.11.3 -dependencies: - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - version: 1.x.x -description: Moodle™ is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/moodle -icon: https://bitnami.com/assets/stacks/moodle/img/moodle-stack-220x234.png -keywords: - - moodle - - learning - - php -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: moodle -sources: - - https://github.com/bitnami/bitnami-docker-moodle - - http://www.moodle.org/ -version: 11.0.26 diff --git a/bitnami/moodle/README.md b/bitnami/moodle/README.md deleted file mode 100644 index 5f9af60..0000000 --- a/bitnami/moodle/README.md +++ /dev/null @@ -1,436 +0,0 @@ -# Moodle™ LMS - -[Moodle™](https://www.moodle.org) LMS is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalized learning environments. - -Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. Bitnami does not provide commercial license of any of these products. This listing has an open source license. Moodle™ LMS is run and maintained by Moodle HQ, that is a completely and separate project from Bitnami. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/moodle -``` - -## Introduction - -This chart bootstraps a [Moodle™](https://github.com/bitnami/bitnami-docker-moodle) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the Moodle™ application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/moodle -``` - -The command deploys Moodle™ on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ---------------------------------------------------------------------------------------------------------- | ----- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override moodle.fullname template | `""` | -| `fullnameOverride` | String to fully override moodle.fullname template | `""` | -| `commonAnnotations` | Common annotations to add to all Harbor resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all Harbor resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `extraDeploy` | Array with extra yaml to deploy with the chart. Evaluated as a template | `[]` | - - -### Moodle™ parameters - -| Name | Description | Value | -| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | Moodle image registry | `docker.io` | -| `image.repository` | Moodle image repository | `bitnami/moodle` | -| `image.tag` | Moodle image tag (immutable tags are recommended) | `3.11.3-debian-10-r0` | -| `image.pullPolicy` | Moodle image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `replicaCount` | Number of Moodle replicas (requires ReadWriteMany PVC support) | `1` | -| `moodleSkipInstall` | Skip Moodle™ installation wizard. Useful for migrations and restoring from SQL dump | `false` | -| `moodleSiteName` | Site name | `""` | -| `moodleUsername` | User of the application | `user` | -| `moodlePassword` | Application password | `""` | -| `moodleEmail` | Admin email | `user@example.com` | -| `allowEmptyPassword` | Allow DB blank passwords | `true` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `extraEnvVars` | An array to add extra env vars | `[]` | -| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `extraEnvVarsSecret` | Secret with extra environment variables (in case of sensitive data) | `""` | -| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `[]` | -| `initContainers` | Extra init containers to add to the deployment | `[]` | -| `sidecars` | Extra sidecar containers to add to the deployment | `[]` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `existingSecret` | Name of a secret with the application password | `""` | -| `smtpHost` | SMTP host | `""` | -| `smtpPort` | SMTP port | `""` | -| `smtpUser` | SMTP user | `""` | -| `smtpPassword` | SMTP password | `""` | -| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `""` | -| `containerPorts` | Container ports | `{}` | -| `sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for Moodle | `""` | -| `persistence.accessMode` | PVC Access Mode for Moodle | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for Moodle | `8Gi` | -| `persistence.existingClaim` | An Existing PVC name | `""` | -| `persistence.hostPath` | Host mount path for Moodle | `""` | -| `podAffinityPreset` | Pod affinity preset | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset | `soft` | -| `nodeAffinityPreset.type` | Node affinity type | `""` | -| `nodeAffinityPreset.key` | Node label key to match | `""` | -| `nodeAffinityPreset.values` | Node label values to match | `[]` | -| `affinity` | Map of node/pod affinities | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `resources.requests` | CPU/Memory resource requests/limits | `{}` | -| `podSecurityContext.enabled` | Enable Moodle™ pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Moodle™ pods' group ID | `1001` | -| `containerSecurityContext.enabled` | Enable Moodle™ containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Moodle™ containers' Security Context | `1001` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Request path for livenessProbe | `/login/index.php` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Request path for readinessProbe | `/login/index.php` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `""` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.clusterIP` | Service Cluster IP | `""` | -| `service.loadBalancerSourceRanges` | Service load balancer source ranges | `[]` | -| `service.loadBalancerIP` | loadBalancerIP for the Moodle™ Service (optional, cloud specific) | `""` | -| `service.nodePorts.http` | Kubernetes HTTP node port | `""` | -| `service.nodePorts.https` | Kubernetes HTTPS node port | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `ingress.enabled` | Set to true to enable ingress record generation | `false` | -| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | When the ingress is enabled, a host pointing to this will be created | `minio.local` | -| `ingress.path` | The Path to Moodle™. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `ingress.annotations` | Map of Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Database parameters - -| Name | Description | Value | -| ------------------------------------------- | ---------------------------------------------------------------------------------------- | ------------------- | -| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements | `true` | -| `mariadb.architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_moodle` | -| `mariadb.auth.username` | Database user to create | `bn_moodle` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | -| `mariadb.primary.persistence.accessModes` | PVC Access Modes for Moodle™ volume | `["ReadWriteOnce"]` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` | -| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `externalDatabase.host` | Host of the existing database | `""` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.user` | Existing username in the external db | `bn_moodle` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_moodle` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r190` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | - - -### Metrics parameters - -| Name | Description | Value | -| -------------------------------- | ----------------------------------------------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.10.0-debian-10-r44` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.service.type` | Prometheus metrics service type | `LoadBalancer` | -| `metrics.service.port` | Prometheus metrics service port | `9117` | -| `metrics.service.loadBalancerIP` | Load Balancer IP if the Prometheus metrics server type is `LoadBalancer`, otherwise leave blank | `""` | -| `metrics.service.annotations` | Annotations for Prometheus Exporter pods. Evaluated as a template. | `{}` | -| `metrics.resources` | Exporter resource requests/limit | `{}` | -| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | - - -### Certificate injection parameters - -| Name | Description | Value | -| ---------------------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------- | -| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` | -| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` | -| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` | -| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` | -| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` | -| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/mychain.pem` | -| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` | -| `certificates.command` | Override default container command (useful when using custom images) | `[]` | -| `certificates.args` | Override default container args (useful when using custom images) | `[]` | -| `certificates.extraEnvVars` | Container sidecar extra environment variables (eg proxy) | `[]` | -| `certificates.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `certificates.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `certificates.image.registry` | Container sidecar registry | `docker.io` | -| `certificates.image.repository` | Container sidecar image repository | `bitnami/bitnami-shell` | -| `certificates.image.tag` | Container sidecar image tag (immutable tags are recommended) | `10-debian-10-r190` | -| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` | -| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `[]` | - - -The above parameters map to the env variables defined in [bitnami/moodle](http://github.com/bitnami/bitnami-docker-moodle). For more information please refer to the [bitnami/moodle](http://github.com/bitnami/bitnami-docker-moodle) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set moodleUsername=admin,moodlePassword=password,mariadb.auth.rootPassword=secretpassword \ - bitnami/moodle -``` - -The above command sets the Moodle™ administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/moodle -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Ingress without TLS - -For using ingress (example without TLS): - -```console -ingress.enabled=True -ingress.hosts[0]=moodle.domain.com -serviceType=ClusterIP -moodleUsername=admin -moodlePassword=password -mariadb.mariadbRootPassword=secretpassword -``` - -These are the *3 mandatory parameters* when *Ingress* is desired: `ingress.enabled=True`, `ingress.hosts[0]=moodle.domain.com` and `serviceType=ClusterIP` - -### Ingress TLS - -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [kube-lego](https://github.com/jetstack/kube-lego)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret (named `moodle-server-tls` in this example) in the namespace. Include the secret's name, along with the desired hostnames, in the Ingress TLS section of your custom `values.yaml` file: - -```yaml -ingress: - ## If true, Moodle(TM) server Ingress will be created - ## - enabled: true - - ## Moodle(TM) server Ingress annotations - ## - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: 'true' - - ## Moodle(TM) server Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - moodle.domain.com - - ## Moodle(TM) server Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: moodle-server-tls - hosts: - - moodle.domain.com -``` - -## Persistence - -The [Bitnami Container Image for Moodle™](https://github.com/bitnami/bitnami-docker-moodle) stores the Moodle™ data and configurations at the `/bitnami/moodle` and `/bitnami/apache` paths of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, vpshere, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. -You may want to review the [PV reclaim policy](https://kubernetes.io/docs/tasks/administer-cluster/change-pv-reclaim-policy/) and update as required. By default, it's set to delete, and when Moodle™ is uninstalled, data is also removed. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 11.0.0 - -This version standardizes the way of defining Ingress rules. When configuring a single hostname for the Ingress rule, set the `ingress.hostname` value. When defining more than one, set the `ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading. - -### To 10.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 9.0.0 - -MariaDB dependency version was bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -To upgrade to `9.0.0`, it should be done reusing the PVCs used to hold both the MariaDB and Moodle™ data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `moodle`): - -> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x - -Obtain the credentials and the names of the PVCs used to hold both the MariaDB and Moodle™ data on your current release: - -```console -export MOODLE_PASSWORD=$(kubectl get secret --namespace default moodle -o jsonpath="{.data.moodle-password}" | base64 --decode) -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default moodle-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default moodle-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=moodle -o jsonpath="{.items[0].metadata.name}") -``` - -Upgrade your release (maintaining the version) disabling MariaDB and scaling Moodle™ replicas to 0: - -```console -$ helm upgrade moodle bitnami/moodle --set moodlePassword=$MOODLE_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 8.1.6 -``` - -Finally, upgrade you release to 9.0.0 reusing the existing PVC, and enabling back MariaDB: - -```console -$ helm upgrade moodle bitnami/moodle --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set moodlePassword=$MOODLE_PASSWORD -``` - -You should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=moodle,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` - -### To 8.0.0 - -The [Bitnami Container Image for Moodle™](https://github.com/bitnami/bitnami-docker-moodle) was updated to support "non-root" user approach, however, **it is not enabled by default**. The container still runs as the `root` user and the Apache daemon is started as the `daemon` user, due to running Cron as a service, which requires running as root. - -If you want to run with a non-root user, you need to set `podSecurityContext.enabled=true` and `containerSecurity.context.enabled=true`. In addition to that, you will also need to change the default Apache HTTP ports to run as a non-privileged user by setting `containerPorts.http` and `containerPorts.https` to a non-privileged port number (higher than 1024, i.e. 8080 and 8443, respectively). Note that, when running as a non-root user, Cron will not supported and therefore scheduled tasks will not be enabled for Moodle™. - -This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information. - -### To 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17301 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is moodle: - -```console -$ kubectl patch deployment moodle-moodle --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl delete statefulset moodle-mariadb --cascade=false -``` diff --git a/bitnami/moodle/templates/NOTES.txt b/bitnami/moodle/templates/NOTES.txt deleted file mode 100644 index 5928eae..0000000 --- a/bitnami/moodle/templates/NOTES.txt +++ /dev/null @@ -1,95 +0,0 @@ -{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} - -******************************************************************* -*** PLEASE BE PATIENT: Moodle™ may take a few minutes to install *** -******************************************************************* - -1. Get the Moodle™ URL: - -{{- if .Values.ingress.enabled }} - - You should be able to access your new Moodle™ installation through - - http://{{- .Values.ingress.hostname }}/ - -{{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - -{{- $port:=.Values.service.port | toString }} - echo "Moodle™ URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - -{{- else if eq .Values.service.type "ClusterIP" }} - - echo "Moodle™ URL: http://127.0.0.1:8080/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }} - -{{- end }} - -{{- if eq .Values.service.type "NodePort" }} - - Or running: - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "Moodle™ URL: http://$NODE_IP:$NODE_PORT/" - -{{- end }} - -2. Get your Moodle™ login credentials by running: - - echo Username: {{ .Values.moodleUsername }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "moodle.secretName" . }} -o jsonpath="{.data.moodle-password}" | base64 --decode) - -{{- else -}} - -######################################################################################## -### ERROR: You did not provide an external database host in your 'helm install' call ### -######################################################################################## - -This deployment will be incomplete until you configure Moodle™ with a resolvable database -host. To configure Moodle™ to use and external database host: - -1. Complete your Moodle™ deployment by running: - - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "moodle.secretName" . }} -o jsonpath="{.data.moodle-password}" | base64 --decode) - - ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set moodlePassword=$APP_PASSWORD,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} - -{{- end }} - -{{- if .Values.metrics.enabled }} - -You can access Apache Prometheus metrics following the steps below: - -1. Get the Apache Prometheus metrics URL by running: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ .Values.metrics.service.port }}:{{ .Values.metrics.service.port }} & - echo "Apache Prometheus metrics URL: http://127.0.0.1:{{ .Values.metrics.service.port }}/metrics" - -2. Open a browser and access Apache Prometheus metrics using the obtained URL. - -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} - -{{- $passwordValidationErrors := list -}} -{{- if not .Values.existingSecret -}} - {{- $secretName := include "moodle.secretName" . -}} - {{- $requiredMoodlePassword := dict "valueKey" "moodlePassword" "secret" $secretName "field" "moodle-password" "context" $ -}} - {{- $requiredMoodlePasswordError := include "common.validations.values.single.empty" $requiredMoodlePassword -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $requiredMoodlePasswordError -}} -{{- end -}} - -{{- $mariadbSecretName := include "moodle.databaseSecretName" . -}} -{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/moodle/templates/_helpers.tpl b/bitnami/moodle/templates/_helpers.tpl deleted file mode 100644 index 4a179c6..0000000 --- a/bitnami/moodle/templates/_helpers.tpl +++ /dev/null @@ -1,117 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "moodle.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper certificate image name -*/}} -{{- define "certificates.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Moodle™ image name -*/}} -{{- define "moodle.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "moodle.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "moodle.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "moodle.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "moodle.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -Moodle™ credential secret name -*/}} -{{- define "moodle.secretName" -}} -{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "moodle.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "moodle.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "moodle.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "moodle.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "moodle.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "moodle.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "moodle.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "moodle.mariadb.fullname" .) -}} -{{- else if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/moodle/templates/deployment.yaml b/bitnami/moodle/templates/deployment.yaml deleted file mode 100644 index 983442d..0000000 --- a/bitnami/moodle/templates/deployment.yaml +++ /dev/null @@ -1,297 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "moodle.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - hostAliases: - - ip: "127.0.0.1" - hostnames: - - "status.localhost" - initContainers: {{- if .Values.initContainers -}}{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}{{- end -}} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "moodle.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p "/bitnami/moodle" "/bitnami/moodledata" - chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/moodle" "/bitnami/moodledata" - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: moodle-data - mountPath: /bitnami/moodle - subPath: moodle - - name: moodle-data - mountPath: /bitnami/moodledata - subPath: moodledata - {{- end }} - {{- if .Values.certificates.customCAs }} - - name: certificates - image: {{ template "certificates.image" . }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }} - imagePullSecrets: - {{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }} - - name: {{ . }} - {{- end }} - command: - {{- if .Values.certificates.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }} - {{- else if .Values.certificates.customCertificate.certificateSecret }} - - sh - - -c - - install_packages ca-certificates openssl - {{- else }} - - sh - - -c - - install_packages ca-certificates openssl - && openssl req -new -x509 -days 3650 -nodes -sha256 - -subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)" - -out /etc/ssl/certs/ssl-cert-snakeoil.pem - -keyout /etc/ssl/private/ssl-cert-snakeoil.key -extensions v3_req - {{- end }} - {{- if .Values.certificates.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }} - {{- end }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }} - envFrom: - {{- if .Values.certificates.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.certificates.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }} - {{- end }} - volumeMounts: - - name: etc-ssl-certs - mountPath: /etc/ssl/certs - readOnly: false - - name: etc-ssl-private - mountPath: /etc/ssl/private - readOnly: false - - name: custom-ca-certificates - mountPath: /usr/local/share/ca-certificates - readOnly: true - {{- end }} - containers: - - name: {{ include "common.names.fullname" . }} - image: {{ template "moodle.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} - - name: APACHE_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: APACHE_HTTPS_PORT_NUMBER - value: {{ .Values.containerPorts.https | quote }} - - name: MOODLE_DATABASE_HOST - value: {{ include "moodle.databaseHost" . | quote }} - - name: MOODLE_DATABASE_PORT_NUMBER - value: {{ include "moodle.databasePort" . | quote }} - - name: MOODLE_DATABASE_NAME - value: {{ include "moodle.databaseName" . | quote }} - - name: MOODLE_DATABASE_USER - value: {{ include "moodle.databaseUser" . | quote }} - - name: MOODLE_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "moodle.databaseSecretName" . }} - key: mariadb-password - - name: MOODLE_SKIP_BOOTSTRAP - value: {{ ternary "yes" "no" .Values.moodleSkipInstall | quote }} - - name: MOODLE_USERNAME - value: {{ .Values.moodleUsername | quote }} - - name: MOODLE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: moodle-password - {{- if .Values.moodleSiteName }} - - name: MOODLE_SITE_NAME - value: {{ .Values.moodleSiteName| quote }} - {{- end }} - - name: MOODLE_EMAIL - value: {{ .Values.moodleEmail | quote }} - {{- if .Values.smtpHost }} - - name: SMTP_HOST - value: {{ .Values.smtpHost | quote }} - {{- end }} - {{- if .Values.smtpPort }} - - name: SMTP_PORT - value: {{ .Values.smtpPort | quote }} - {{- end }} - {{- if .Values.smtpUser }} - - name: SMTP_USER - value: {{ .Values.smtpUser | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: smtp-password - {{- end }} - {{- if .Values.smtpProtocol }} - - name: SMTP_PROTOCOL - value: {{ .Values.smtpProtocol | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: moodle-data - mountPath: /bitnami/moodle - subPath: moodle - - name: moodle-data - mountPath: /bitnami/moodledata - subPath: moodledata - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "moodle.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto' ] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: moodle-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (printf "%s-moodle" (include "common.names.fullname" .)) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/moodle/templates/ingress.yaml b/bitnami/moodle/templates/ingress.yaml deleted file mode 100644 index 38315c3..0000000 --- a/bitnami/moodle/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - {{- range .Values.ingress.extraHosts }} - - {{ .name }} - {{- end }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/moodle/templates/metrics-svc.yaml b/bitnami/moodle/templates/metrics-svc.yaml deleted file mode 100644 index 43931a2..0000000 --- a/bitnami/moodle/templates/metrics-svc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{ if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - port: {{ .Values.metrics.service.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} -{{- end }} diff --git a/bitnami/moodle/templates/pv.yaml b/bitnami/moodle/templates/pv.yaml deleted file mode 100644 index c19bdc9..0000000 --- a/bitnami/moodle/templates/pv.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "common.names.fullname" . }}-moodle - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - capacity: - storage: {{ .Values.persistence.size | quote }} - hostPath: - path: {{ .Values.persistence.hostPath | quote }} -{{- end -}} diff --git a/bitnami/moodle/templates/pvc.yaml b/bitnami/moodle/templates/pvc.yaml deleted file mode 100644 index 19ca96b..0000000 --- a/bitnami/moodle/templates/pvc.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }}-moodle - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.persistence.hostPath }} - storageClassName: "" - {{- end }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "moodle.storageClass" . | nindent 2 }} -{{- end -}} diff --git a/bitnami/moodle/templates/secrets.yaml b/bitnami/moodle/templates/secrets.yaml deleted file mode 100644 index 0a707c3..0000000 --- a/bitnami/moodle/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.moodlePassword }} - moodle-password: {{ default "" .Values.moodlePassword | b64enc | quote }} - {{- else }} - moodle-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - smtp-password: {{ .Values.smtpPassword | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/bitnami/moodle/templates/svc.yaml b/bitnami/moodle/templates/svc.yaml deleted file mode 100644 index a680ddf..0000000 --- a/bitnami/moodle/templates/svc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: https - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/moodle/templates/tls-secrets.yaml b/bitnami/moodle/templates/tls-secrets.yaml deleted file mode 100644 index 36742a9..0000000 --- a/bitnami/moodle/templates/tls-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} -{{- end }} -{{- end }} diff --git a/bitnami/moodle/values.yaml b/bitnami/moodle/values.yaml deleted file mode 100644 index 1d3fa27..0000000 --- a/bitnami/moodle/values.yaml +++ /dev/null @@ -1,679 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override moodle.fullname template -## -nameOverride: "" -## @param fullnameOverride String to fully override moodle.fullname template -## -fullnameOverride: "" -## @param commonAnnotations Common annotations to add to all Harbor resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels Common labels to add to all Harbor resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param extraDeploy Array with extra yaml to deploy with the chart. Evaluated as a template -## -extraDeploy: [] - -## @section Moodle™ parameters - -## Bitnami Moodle™ image version -## ref: https://hub.docker.com/r/bitnami/moodle/tags/ -## @param image.registry Moodle image registry -## @param image.repository Moodle image repository -## @param image.tag Moodle image tag (immutable tags are recommended) -## @param image.pullPolicy Moodle image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/moodle - tag: 3.11.3-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param replicaCount Number of Moodle replicas (requires ReadWriteMany PVC support) -## -replicaCount: 1 -## @param moodleSkipInstall Skip Moodle™ installation wizard. Useful for migrations and restoring from SQL dump -## ref: https://github.com/bitnami/bitnami-docker-moodle#configuration -## -moodleSkipInstall: false -## @param moodleSiteName Site name -## ref: https://github.com/bitnami/bitnami-docker-moodle#configuration -## -moodleSiteName: "" -## @param moodleUsername User of the application -## ref: https://github.com/bitnami/bitnami-docker-moodle#configuration -## -moodleUsername: user -## @param moodlePassword Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-moodle#configuration -## -moodlePassword: "" -## @param moodleEmail Admin email -## ref: https://github.com/bitnami/bitnami-docker-moodle#configuration -## -moodleEmail: user@example.com -## @param allowEmptyPassword Allow DB blank passwords -## ref: https://github.com/bitnami/bitnami-docker-moodle#environment-variables -## -allowEmptyPassword: true -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate -## @param extraEnvVars An array to add extra env vars -## For example: -## - name: BEARER_AUTH -## value: true -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap with extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret with extra environment variables (in case of sensitive data) -## -extraEnvVarsSecret: "" -## @param extraVolumes Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. -## -extraVolumeMounts: [] -## @param initContainers Extra init containers to add to the deployment -## -initContainers: [] -## @param sidecars Extra sidecar containers to add to the deployment -## -sidecars: [] -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param existingSecret Name of a secret with the application password -## -existingSecret: "" -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-moodle/#smtp-configuration -## @param smtpHost SMTP host -## @param smtpPort SMTP port -## @param smtpUser SMTP user -## @param smtpPassword SMTP password -## @param smtpProtocol SMTP Protocol (options: ssl,tls, nil) -## -smtpHost: "" -smtpPort: "" -smtpUser: "" -smtpPassword: "" -smtpProtocol: "" -## @param containerPorts [object] Container ports -## -containerPorts: - http: 8080 - https: 8443 -## @param sessionAffinity Control where client requests go, to the same pod or round-robin -## Values: ClientIP or None -## ref: https://kubernetes.io/docs/user-guide/services/ -## -sessionAffinity: "None" -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.storageClass PVC Storage Class for Moodle - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessMode PVC Access Mode for Moodle - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - accessMode: ReadWriteOnce - ## @param persistence.size PVC Storage Request for Moodle - ## - size: 8Gi - ## @param persistence.existingClaim An Existing PVC name - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - ## @param persistence.hostPath Host mount path for Moodle - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" -## @param podAffinityPreset Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Map of node/pod affinities -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.requests [object] CPU/Memory resource requests/limits -## -resources: - requests: - memory: 512Mi - cpu: 300m -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable Moodle™ pods' Security Context -## @param podSecurityContext.fsGroup Moodle™ pods' group ID -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable Moodle™ containers' Security Context -## @param containerSecurityContext.runAsUser Moodle™ containers' Security Context -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## Configure extra options for liveness and readiness probes -## Moodle™ core exposes /user/login to unauthenticated requests, making it a good -## default liveness and readiness path. However, that may not always be the -## case. For example, if the image value is overridden to an image containing a -## module that alters that route, or an image that does not auto-install Moodle™. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.path Request path for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: /login/index.php - initialDelaySeconds: 600 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Request path for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: /login/index.php - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 6 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template -## -lifecycleHooks: "" -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Add additional labels to the pod (evaluated as a template) -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## @section Traffic Exposure Parameters - -## Kubernetes configuration -## For minikube, set this to NodePort, for ingress ClusterIP, elsewhere use LoadBalancer -## -service: - ## @param service.type Service type - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 80 - ## @param service.httpsPort Service HTTPS port - ## - httpsPort: 443 - ## @param service.clusterIP Service Cluster IP - ## - clusterIP: "" - ## @param service.loadBalancerSourceRanges Service load balancer source ranges - ## Control hosts connecting to "LoadBalancer" only - ## loadBalancerSourceRanges: - ## - 0.0.0.0/0 - ## - loadBalancerSourceRanges: [] - ## @param service.loadBalancerIP loadBalancerIP for the Moodle™ Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.nodePorts.http Kubernetes HTTP node port - ## @param service.nodePorts.https Kubernetes HTTPS node port - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster -## Configure the ingress resource that allows you to access the -## Moodle™ installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Set to true to enable ingress record generation - ## - enabled: false - ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created - ## - hostname: minio.local - ## @param ingress.path The Path to Moodle™. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Map of Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: minio.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - minio.local - ## secretName: minio.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: minio.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Database parameters - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements - ## To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture (`standalone` or `replication`) - ## - architecture: standalone - ## MariaDB Authentication parameters - ## - auth: - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param mariadb.auth.database Database name to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - database: bitnami_moodle - ## @param mariadb.auth.username Database user to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: bn_moodle - ## @param mariadb.auth.password Password for the database - ## - password: "" - primary: - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## - enabled: true - ## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param mariadb.primary.persistence.accessModes PVC Access Modes for Moodle™ volume - ## - accessModes: - - ReadWriteOnce - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## - size: 8Gi - ## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production) - ## - hostPath: "" - ## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas - ## - existingClaim: "" -## External database configuration -## -externalDatabase: - ## @param externalDatabase.host Host of the existing database - ## - host: "" - ## @param externalDatabase.port Port of the existing database - ## - port: 3306 - ## @param externalDatabase.user Existing username in the external db - ## - user: bn_moodle - ## @param externalDatabase.password Password for the above username - ## - password: "" - ## @param externalDatabase.database Name of the existing database - ## - database: bitnami_moodle - -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r190 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - -## @section Metrics parameters - -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Apache exporter image registry - ## @param metrics.image.repository Apache exporter image repository - ## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.0-debian-10-r44 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Prometheus Exporter service configuration - ## - service: - ## @param metrics.service.type Prometheus metrics service type - ## - type: LoadBalancer - ## @param metrics.service.port Prometheus metrics service port - ## - port: 9117 - ## @param metrics.service.loadBalancerIP Load Balancer IP if the Prometheus metrics server type is `LoadBalancer`, otherwise leave blank - loadBalancerIP: "" - ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.port }}" - ## @param metrics.resources Exporter resource requests/limit - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## @param metrics.podAnnotations [object] Metrics exporter pod Annotation and Labels - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.port }}" - -## @section Certificate injection parameters - -## Add custom certificates and certificate authorities to Moodle™ container -## -certificates: - ## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add - ## @param certificates.customCertificate.chainSecret.name Name of the secret containing the certificate chain - ## @param certificates.customCertificate.chainSecret.key Key of the certificate chain file inside the secret - ## @param certificates.customCertificate.certificateLocation Location in the container to store the certificate - ## @param certificates.customCertificate.keyLocation Location in the container to store the private key - ## @param certificates.customCertificate.chainLocation Location in the container to store the certificate chain - ## - customCertificate: - certificateSecret: "" - chainSecret: - name: "" - key: "" - certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem - keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key - chainLocation: /etc/ssl/certs/mychain.pem - ## @param certificates.customCAs Defines a list of secrets to import into the container trust store - ## - customCAs: [] - ## @param certificates.command Override default container command (useful when using custom images) - ## - command: [] - ## @param certificates.args Override default container args (useful when using custom images) - ## e.g: - ## - secret: custom-CA - ## - secret: more-custom-CAs - ## - args: [] - ## @param certificates.extraEnvVars Container sidecar extra environment variables (eg proxy) - ## - extraEnvVars: [] - ## @param certificates.extraEnvVarsCM ConfigMap with extra environment variables - ## - extraEnvVarsCM: "" - ## @param certificates.extraEnvVarsSecret Secret with extra environment variables - ## - extraEnvVarsSecret: "" - ## @param certificates.image.registry Container sidecar registry - ## @param certificates.image.repository Container sidecar image repository - ## @param certificates.image.tag Container sidecar image tag (immutable tags are recommended) - ## @param certificates.image.pullPolicy Container sidecar image pull policy - ## @param certificates.image.pullSecrets Container sidecar image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r190 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] diff --git a/bitnami/mxnet/.helmignore b/bitnami/mxnet/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/mxnet/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/mxnet/Chart.lock b/bitnami/mxnet/Chart.lock deleted file mode 100644 index 1da665b..0000000 --- a/bitnami/mxnet/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-24T22:36:21.260830745Z" diff --git a/bitnami/mxnet/Chart.yaml b/bitnami/mxnet/Chart.yaml deleted file mode 100644 index 19d7b5c..0000000 --- a/bitnami/mxnet/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -annotations: - category: MachineLearning -apiVersion: v2 -appVersion: 1.8.0 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: A flexible and efficient library for deep learning -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/mxnet -icon: https://bitnami.com/assets/stacks/mxnet/img/mxnet-stack-220x234.png -keywords: - - mxnet - - python - - machine - - learning -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: mxnet -sources: - - https://github.com/bitnami/bitnami-docker-mxnet - - https://mxnet.apache.org/ -version: 2.3.16 diff --git a/bitnami/mxnet/README.md b/bitnami/mxnet/README.md deleted file mode 100644 index 295e629..0000000 --- a/bitnami/mxnet/README.md +++ /dev/null @@ -1,384 +0,0 @@ -# Apache MXNet (Incubating) - -[Apache MXNet (Incubating)](https://mxnet.apache.org/) is a deep learning platform that accelerates the transition from research prototyping to production deployment. It is built for full integration into Python that enables you to use it with its libraries and main packages. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/mxnet -``` - -## Introduction - -This chart bootstraps an [Apache MXNet (Incubating)](https://github.com/bitnami/bitnami-docker-mxnet) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/mxnet -``` - -These commands deploy Apache MXNet (Incubating) on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------ | -------------------------------------------------------------------------------------------- | ----- | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | - - -### Common Mxnet parameters - -| Name | Description | Value | -| -------------------------------------- | ----------------------------------------------------------------------------------------------------- | ----------------------- | -| `image.registry` | Apache MXNet (Incubating) image registry | `docker.io` | -| `image.repository` | Apache MXNet (Incubating) image repository | `bitnami/mxnet` | -| `image.tag` | Apache MXNet (Incubating) image tag (immutable tags are recommended) | `1.8.0-debian-10-r171` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `git.registry` | Git image registry | `docker.io` | -| `git.repository` | Git image repository | `bitnami/git` | -| `git.tag` | Git image tag (immutable tags are recommended) | `2.33.0-debian-10-r38` | -| `git.pullPolicy` | Git image pull policy | `IfNotPresent` | -| `git.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r202` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.port` | Scheduler Service port | `9092` | -| `service.annotations` | Provide any additional annotations which may be required. | `{}` | -| `entrypoint` | The main entrypoint of your app, this will be executed as: | `{}` | -| `mode` | Apache MXNet (Incubating) deployment mode. Can be `standalone` or `distributed` | `standalone` | -| `existingSecret` | Name of a secret with sensitive data to mount in the pods | `""` | -| `configMap` | Name of an existing config map containing all the files you want to load in Apache MXNet (Incubating) | `""` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `cloneFilesFromGit.enabled` | Enable in order to download files from git repository | `false` | -| `cloneFilesFromGit.extraVolumeMounts` | Add extra volume mounts for the GIT container | `[]` | -| `commonExtraEnvVars` | Additional environment variables for all node types | `[]` | -| `podManagementPolicy` | StatefulSet (worker and server nodes) pod management policy | `Parallel` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `resources.limits` | The resources limits for the Mxnet container | `{}` | -| `resources.requests` | The requested resources for the Mxnet container | `{}` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `15` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `15` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `persistence.enabled` | Use a PVC to persist data | `false` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/mxnet` | -| `persistence.accessModes` | Persistent Volume Access Mode | `["ReadWriteOnce"]` | -| `persistence.size` | Size of data volume | `8Gi` | -| `persistence.annotations` | Persistent Volume annotations | `{}` | -| `sidecars` | Attach additional containers to the pods (scheduler, worker and server nodes) | `[]` | -| `initContainers` | Attach additional init containers to the pods (scheduler, worker and server nodes) | `[]` | -| `extraVolumes` | Array to add extra volumes (evaluated as a template) | `[]` | -| `extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes, evaluated as a template) | `[]` | - - -### Mxnet Server parameters (only for distributed mode) - -| Name | Description | Value | -| ---------------------------------- | ------------------------------------------------------------------------------------------------------ | ------ | -| `server.replicaCount` | Number of Server nodes that will execute your code | `1` | -| `server.extraEnvVars` | Extra environment variables to add to the Server nodes | `[]` | -| `server.hostAliases` | Deployment pod host aliases | `[]` | -| `server.resources.limits` | The resources limits for the Mxnet Server container | `{}` | -| `server.resources.requests` | The requested resources for the Mxnet Server container | `{}` | -| `server.podAffinityPreset` | Mxnet Server pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `server.podAntiAffinityPreset` | Mxnet Server pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `server.nodeAffinityPreset.type` | Mxnet Server node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `server.nodeAffinityPreset.key` | Mxnet Server node label key to match Ignored if `affinity` is set. | `""` | -| `server.nodeAffinityPreset.values` | Mxnet Server node label values to match. Ignored if `affinity` is set. | `[]` | -| `server.affinity` | Mxnet Server affinity for pod assignment | `{}` | -| `server.nodeSelector` | Mxnet Server node labels for pod assignment | `{}` | -| `server.tolerations` | Mxnet Server tolerations for pod assignment | `[]` | - - -### Mxnet Worker parameters (only for distributed mode) - -| Name | Description | Value | -| ---------------------------------- | ------------------------------------------------------------------------------------------------------ | ------ | -| `worker.replicaCount` | Number of Worker nodes that will execute your code | `1` | -| `worker.hostAliases` | Add deployment host aliases | `[]` | -| `worker.extraEnvVars` | Extra environment variables to add to the Server nodes | `[]` | -| `worker.resources.limits` | The resources limits for the Mxnet Worker container | `{}` | -| `worker.resources.requests` | The requested resources for the Mxnet Worker container | `{}` | -| `worker.podAffinityPreset` | Mxnet Worker pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `worker.podAntiAffinityPreset` | Mxnet Worker pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `worker.nodeAffinityPreset.type` | Mxnet Worker node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `worker.nodeAffinityPreset.key` | Mxnet Worker node label key to match Ignored if `affinity` is set. | `""` | -| `worker.nodeAffinityPreset.values` | Mxnet Worker node label values to match. Ignored if `affinity` is set. | `[]` | -| `worker.affinity` | Mxnet Worker affinity for pod assignment | `{}` | -| `worker.nodeSelector` | Mxnet Worker node labels for pod assignment | `{}` | -| `worker.tolerations` | Mxnet Worker tolerations for pod assignment | `[]` | - - -### Mxnet Scheduler parameters (only for distributed mode) - -| Name | Description | Value | -| ------------------------------------- | --------------------------------------------------------------------------------------------------------- | ------ | -| `scheduler.port` | The port used to communicate with the scheduler | `9092` | -| `scheduler.hostAliases` | Deployment pod host aliases | `[]` | -| `scheduler.extraEnvVars` | An array to add extra env vars | `[]` | -| `scheduler.resources.limits` | The resources limits for the Mxnet Scheduler container | `{}` | -| `scheduler.resources.requests` | The requested resources for the Mxnet Scheduler container | `{}` | -| `scheduler.podAffinityPreset` | Mxnet Scheduler pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `scheduler.podAntiAffinityPreset` | Mxnet Scheduler pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `scheduler.nodeAffinityPreset.type` | Mxnet Scheduler node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `scheduler.nodeAffinityPreset.key` | Mxnet Scheduler node label key to match Ignored if `affinity` is set. | `""` | -| `scheduler.nodeAffinityPreset.values` | Mxnet Scheduler node label values to match. Ignored if `affinity` is set. | `[]` | -| `scheduler.affinity` | Mxnet Scheduler affinity for pod assignment | `{}` | -| `scheduler.nodeSelector` | Mxnet Scheduler node labels for pod assignment | `{}` | -| `scheduler.tolerations` | Mxnet Scheduler tolerations for pod assignment | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set mode=distributed \ - --set server.replicaCount=2 \ - --set worker.replicaCount=3 \ - bitnami/mxnet -``` - -The above command creates 6 pods for Apache MXNet (Incubating): one scheduler, two servers, and three workers. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/mxnet -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Loading your files - -The Apache MXNet (Incubating) chart supports three different ways to load your files. In order of priority, they are: - - 1. Existing config map - 2. Files under the `files` directory - 3. Cloning a git repository - -This means that if you specify a config map with your files, it won't look for the `files/` directory nor the git repository. - -In order to use use an existing config map you can set the `configMap=my-config-map` parameter. - -To load your files from the `files/` directory you don't have to set any option. Just copy your files inside and don't specify a `ConfigMap`. - -Finally, if you want to clone a git repository you can use the following parameters: - -```console -cloneFilesFromGit.enabled=true -cloneFilesFromGit.repository=https://github.com/my-user/my-repo -cloneFilesFromGit.revision=master -``` - -In case you want to add a file that includes sensitive information, pass a secret object using the `existingSecret` parameter. All the files in the secret will be mounted in the `/secrets` folder. - -### Distributed training example - -We will use the gluon example from the [Apache MXNet (Incubating) official repository](https://github.com/apache/incubator-mxnet/tree/master/example/gluon). Launch it with the following values: - -```console -mode=distributed -cloneFilesFromGit.enabled=true -cloneFilesFromGit.repository=https://github.com/apache/incubator-mxnet.git -cloneFilesFromGit.revision=master -entrypoint.file=image_classification.py -entrypoint.args="--dataset cifar10 --model vgg11 --epochs 1 --kvstore dist_sync" -entrypoint.workDir=/app/example/gluon/ -``` - -Check the logs of the worker node: - -```console -INFO:root:Starting new image-classification task:, Namespace(batch_norm=False, batch_size=32, builtin_profiler=0, data_dir='', dataset='cifar10', dtype='float32', epochs=1, gpus='', kvstore='dist_sync', log_interval=50, lr=0.1, lr_factor=0.1, lr_steps='30,60,90', mode=None, model='vgg11', momentum=0.9, num_workers=4, prefix='', profile=False, resume='', save_frequency=10, seed=123, start_epoch=0, use_pretrained=False, use_thumbnail=False, wd=0.0001) -INFO:root:downloaded http://data.mxnet.io/mxnet/data/cifar10.zip into data/cifar10.zip successfully -[10:05:40] src/io/iter_image_recordio_2.cc:172: ImageRecordIOParser2: data/cifar/train.rec, use 1 threads for decoding.. -[10:05:45] src/io/iter_image_recordio_2.cc:172: ImageRecordIOParser2: data/cifar/test.rec, use 1 threads for decoding.. -``` - -If you want to increase the verbosity, set the environment variable `PS_VERBOSE=1` or `PS_VERBOSE=2` using the `commonEnvVars` value. - -```console -mode=distributed -cloneFilesFromGit.enabled=true -cloneFilesFromGit.repository=https://github.com/apache/incubator-mxnet.git -cloneFilesFromGit.revision=master -entrypoint.file=image_classification.py -entrypoint.args="--dataset cifar10 --model vgg11 --epochs 1 --kvstore dist_sync" -entrypoint.workDir=/app/example/gluon/ -commonExtraEnvVars[0].name=PS_VERBOSE -commonExtraEnvVars[0].value=1 -``` - -You will now see log entries in the scheduler and server nodes. - -```console -[14:22:44] src/van.cc:290: Bind to role=scheduler, id=1, ip=10.32.0.11, port=9092, is_recovery=0 -[14:22:53] src/van.cc:56: assign rank=9 to node role=worker, ip=10.32.0.17, port=55423, is_recovery=0 -[14:22:53] src/van.cc:56: assign rank=11 to node role=worker, ip=10.32.0.16, port=60779, is_recovery=0 -[14:22:53] src/van.cc:56: assign rank=13 to node role=worker, ip=10.32.0.15, port=39817, is_recovery=0 -[14:22:53] src/van.cc:56: assign rank=15 to node role=worker, ip=10.32.0.14, port=48119, is_recovery=0 -[14:22:53] src/van.cc:56: assign rank=8 to node role=server, ip=10.32.0.13, port=56713, is_recovery=0 -[14:22:53] src/van.cc:56: assign rank=10 to node role=server, ip=10.32.0.12, port=57099, is_recovery=0 -[14:22:53] src/van.cc:83: the scheduler is connected to 4 workers and 2 servers -[14:22:53] src/van.cc:183: Barrier count for 7 : 1 -[14:22:53] src/van.cc:183: Barrier count for 7 : 2 -[14:22:53] src/van.cc:183: Barrier count for 7 : 3 -[14:22:53] src/van.cc:183: Barrier count for 7 : 4 -... -``` - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as Apache MXNet (Incubating) (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: -- name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: -- name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -## Persistence - -The [Bitnami Apache MXNet (Incubating)](https://github.com/bitnami/bitnami-docker-mxnet) image can persist data. If enabled, the persisted path is `/bitnami/mxnet` by default. - -The chart mounts a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. - -### Adjust permissions of persistent volume mountpoint - -As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. - -By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. -As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. - -You can enable this initContainer by setting `volumePermissions.enabled` to `true`. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 2.1.0 - -Some parameters disappeared in favor of new ones: - -- `schedulerExtraEnvVars` and `schedulerPort` -> deprecated in favor of `scheduler.extraEnvVars` and `scheduler.port`, respectively. -- `serverExtraEnvVars` and `serverCount` -> deprecated in favor of `server.extraEnvVars` and `server.replicaCount`, respectively. -- `workerExtraEnvVars` and `workerCount` -> deprecated in favor of `worker.extraEnvVars` and `worker.replicaCount`, respectively. - -This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 2.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/bitnami/mxnet/ci/values-production.yaml b/bitnami/mxnet/ci/values-production.yaml deleted file mode 100644 index bbd27cb..0000000 --- a/bitnami/mxnet/ci/values-production.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct - -volumePermissions: - enabled: true - -mode: distributed - -server: - replicaCount: 2 - -worker: - replicaCount: 4 - -persistence: - enabled: true diff --git a/bitnami/mxnet/templates/NOTES.txt b/bitnami/mxnet/templates/NOTES.txt deleted file mode 100644 index 79f4e55..0000000 --- a/bitnami/mxnet/templates/NOTES.txt +++ /dev/null @@ -1,46 +0,0 @@ -{{- if or .Values.configMap (.Files.Glob "files/*") .Values.cloneFilesFromGit.enabled }} -{{- if .Values.entrypoint.file }} -The provided file {{ .Values.entrypoint.file }} is being executed. You can see the logs of each running node with: - - kubectl logs [POD_NAME] - -and the list of pods with: - - kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mxnet.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" - -{{- else }} -You didn't specify any entrypoint to your code. -To run it, you can either re-deploy the chart using the `mxnet.entrypoint.file` option to specify your entrypoint, or execute it manually by jumping into the pods: - -1. Get the running pods: - - kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mxnet.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" - -2. Get into a pod: - - kubectl exec -ti [POD_NAME] bash - -3. Execute your script as you would normally do. -{{- end }} -{{- else }} -WARNING: You haven't loaded any file. You can access the Python REPL by jumping into the pods: - -1. Get the running pods: - - kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mxnet.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" - -2. Run the Python REPL: - - kubectl exec -ti [POD_NAME] python3 - -This chart allows three different methods to load your files: - -1. Load the files from an existing ConfigMap, using the `configMap` option. -2. Putting your files in a `files` folder in the root of the Chart. -3. Cloning a Git repository with the `cloneFilesFromGit` option. - -Examples for the different methods can be found in the README (see https://github.com/bitnami/charts/blob/master/bitnami/mxnet/README.md). -{{- end }} - -{{- include "mxnet.validateValues" . }} -{{- include "mxnet.checkRollingTags" . }} diff --git a/bitnami/mxnet/templates/_helpers.tpl b/bitnami/mxnet/templates/_helpers.tpl deleted file mode 100644 index b23becf..0000000 --- a/bitnami/mxnet/templates/_helpers.tpl +++ /dev/null @@ -1,126 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "mxnet.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Apache MXNet (Incubating) image name -*/}} -{{- define "mxnet.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper git image name -*/}} -{{- define "git.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.git "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mxnet.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "mxnet.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.git .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* Validate values of Apache MXNet (Incubating) - number of workers must be greater than 0 */}} -{{- define "mxnet.entrypoint" -}} -{{- if .Values.entrypoint.file }} - {{- if (.Values.entrypoint.file | regexFind "[.]py$") }} -python3 {{ .Values.entrypoint.file }} {{ if .Values.entrypoint.args }}{{ .Values.entrypoint.args }}{{ end }} - {{- else }} -bash {{ .Values.entrypoint.file }} {{ if .Values.entrypoint.args }}{{ .Values.entrypoint.args }}{{ end }} - {{- end }} - {{- else }} -sleep infinity - {{- end }} -{{- end -}} - -{{- define "mxnet.parseEnvVars" -}} -{{- range $env := . }} -{{- if $env.value }} -- name: {{ $env.name }} - value: {{ $env.value | quote }} -{{- else if $env.valueFrom }} -- name: {{ $env.name }} - valueFrom: -{{ toYaml $env.valueFrom | indent 4 }} -{{- else }} {{/* Leave this for future compatibility */}} -- -{{ toYaml $env | indent 2}} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "mxnet.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "mxnet.validateValues.mode" .) -}} -{{- $messages := append $messages (include "mxnet.validateValues.workerCount" .) -}} -{{- $messages := append $messages (include "mxnet.validateValues.serverCount" .) -}} -{{- $messages := append $messages (include "mxnet.validateValues.extraVolumes" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Apache MXNet (Incubating) - must provide a valid mode ("distributed" or "standalone") */}} -{{- define "mxnet.validateValues.mode" -}} -{{- if and (ne .Values.mode "distributed") (ne .Values.mode "standalone") -}} -mxnet: mode - Invalid mode selected. Valid values are "distributed" and - "standalone". Please set a valid mode (--set mode="xxxx") -{{- end -}} -{{- end -}} - -{{/* Validate values of Apache MXNet (Incubating) - number of workers must be greater than 0 */}} -{{- define "mxnet.validateValues.workerCount" -}} -{{- $replicaCount := int .Values.worker.replicaCount }} -{{- if and (eq .Values.mode "distributed") (lt $replicaCount 1) -}} -mxnet: worker.replicaCount - Worker count must be greater than 0 in distributed mode!! - Please set a valid worker count size (--set worker.replicaCount=X) -{{- end -}} -{{- end -}} - -{{/* Validate values of Apache MXNet (Incubating) - number of workers must be greater than 0 */}} -{{- define "mxnet.validateValues.serverCount" -}} -{{- $replicaCount := int .Values.server.replicaCount }} -{{- if and (eq .Values.mode "distributed") (lt $replicaCount 1) -}} -mxnet: server.replicaCount - Server count must be greater than 0 in distributed mode!! - Please set a valid worker count size (--set server.replicaCount=X) -{{- end -}} -{{- end -}} - -{{/* Validate values of Apache MXNet (Incubating) - Incorrect extra volume settings */}} -{{- define "mxnet.validateValues.extraVolumes" -}} -{{- if and (.Values.extraVolumes) (not (or .Values.extraVolumeMounts .Values.cloneFilesFromGit.extraVolumeMounts)) -}} -mxnet: missing-extra-volume-mounts - You specified extra volumes but not mount points for them. Please set - the extraVolumeMounts value -{{- end -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "mxnet.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.git }} -{{- end -}} diff --git a/bitnami/mxnet/templates/configmap.yaml b/bitnami/mxnet/templates/configmap.yaml deleted file mode 100644 index 2a8b3de..0000000 --- a/bitnami/mxnet/templates/configmap.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Files.Glob "files/*" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-files - labels: {{- include "common.labels.standard" . | nindent 4 }} -data: -{{ (.Files.Glob "files/*").AsConfig | indent 2 }} -{{- end }} diff --git a/bitnami/mxnet/templates/deployment-pvc.yaml b/bitnami/mxnet/templates/deployment-pvc.yaml deleted file mode 100644 index 6dab83b..0000000 --- a/bitnami/mxnet/templates/deployment-pvc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.persistence.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }}{{ if eq .Values.mode "distributed" }}-scheduler{{ end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} -{{- end }} diff --git a/bitnami/mxnet/templates/headless-svc.yaml b/bitnami/mxnet/templates/headless-svc.yaml deleted file mode 100644 index 98ef29e..0000000 --- a/bitnami/mxnet/templates/headless-svc.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if eq .Values.mode "distributed" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-headless - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - type: ClusterIP - clusterIP: None - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} -{{- end }} diff --git a/bitnami/mxnet/templates/scheduler-deployment.yaml b/bitnami/mxnet/templates/scheduler-deployment.yaml deleted file mode 100644 index b7ad93b..0000000 --- a/bitnami/mxnet/templates/scheduler-deployment.yaml +++ /dev/null @@ -1,169 +0,0 @@ -{{- if eq .Values.mode "distributed" }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }}-scheduler - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: scheduler -spec: - replicas: 1 - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: scheduler - spec: - {{- include "mxnet.imagePullSecrets" . | nindent 6 }} - {{- if .Values.scheduler.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.scheduler.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.scheduler.podAffinityPreset "component" "scheduler" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.scheduler.podAntiAffinityPreset "component" "scheduler" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.scheduler.nodeAffinityPreset.type "key" .Values.scheduler.nodeAffinityPreset.key "values" .Values.scheduler.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.scheduler.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.scheduler.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.scheduler.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - {{- if or .Values.cloneFilesFromGit.enabled .Values.initContainers }} - initContainers: - {{- if .Values.cloneFilesFromGit.enabled }} - - name: git-clone-repository - image: {{ include "git.image" . }} - imagePullPolicy: {{ .Values.git.pullPolicy | quote }} - command: - - /bin/sh - - -c - - | - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh" - git clone {{ .Values.cloneFilesFromGit.repository }} --branch {{ .Values.cloneFilesFromGit.revision }} /app - volumeMounts: - - name: git-cloned-files - mountPath: /app - {{- if .Values.cloneFilesFromGit.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.cloneFilesFromGit.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: mxnet - workingDir: {{ .Values.entrypoint.workDir }} - image: {{ include "mxnet.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bash - - -c - - | - {{- include "mxnet.entrypoint" . | nindent 14 }} - env: - - name: DMLC_ROLE - value: "scheduler" - - name: DMLC_NUM_WORKER - value: {{ .Values.worker.replicaCount | quote }} - - name: DMLC_NUM_SERVER - value: {{ .Values.server.replicaCount | quote }} - - name: DMLC_PS_ROOT_URI - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: DMLC_PS_ROOT_PORT - value: {{ .Values.scheduler.port | quote }} - {{- if .Values.commonExtraEnvVars }} - {{- include "mxnet.parseEnvVars" .Values.commonExtraEnvVars | nindent 12 }} - {{- end }} - {{- if .Values.scheduler.extraEnvVars }} - {{- include "mxnet.parseEnvVars" .Values.scheduler.extraEnvVars | nindent 12 }} - {{- end }} - ports: - - name: mxnet - containerPort: {{ .Values.scheduler.port }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.scheduler.port }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: {{ .Values.scheduler.port }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.scheduler.resources }} - resources: {{- toYaml .Values.scheduler.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.configMap }} - - name: ext-files - mountPath: /app - {{- else if .Files.Glob "files/*" }} - - name: local-files - mountPath: /app - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - mountPath: /app - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.existingSecret }} - - name: secret-data - mountPath: /secrets - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.existingSecret }} - - name: secret-data - secret: - secretName: {{ .Values.existingSecret }} - {{- end }} - {{- if .Values.configMap }} - - name: ext-files - configMap: - name: {{ .Values.configMap }} - {{- else if .Files.Glob "files/*" }} - - name: local-files - configMap: - name: {{ include "common.names.fullname" . }}-files - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - emptyDir: {} - {{- end }} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.names.fullname" . }}-scheduler - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/mxnet/templates/scheduler-service.yaml b/bitnami/mxnet/templates/scheduler-service.yaml deleted file mode 100644 index 791fa5f..0000000 --- a/bitnami/mxnet/templates/scheduler-service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if eq .Values.mode "distributed" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-scheduler - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: scheduler - {{- if .Values.service.annotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: mxnet - name: mxnet - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} - nodePort: {{ .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: scheduler -{{- end }} diff --git a/bitnami/mxnet/templates/server-statefulset.yaml b/bitnami/mxnet/templates/server-statefulset.yaml deleted file mode 100644 index 837e323..0000000 --- a/bitnami/mxnet/templates/server-statefulset.yaml +++ /dev/null @@ -1,209 +0,0 @@ -{{- if eq .Values.mode "distributed" }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.names.fullname" . }}-server - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server -spec: - podManagementPolicy: {{ .Values.podManagementPolicy }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: server - replicas: {{ .Values.server.replicaCount }} - serviceName: {{ template "common.names.fullname" . }}-headless - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: server - spec: - {{- include "mxnet.imagePullSecrets" . | nindent 6 }} - {{- if .Values.server.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.server.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.server.podAffinityPreset "component" "server" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.server.podAntiAffinityPreset "component" "server" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.server.nodeAffinityPreset.type "key" .Values.server.nodeAffinityPreset.key "values" .Values.server.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.server.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.server.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.server.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.server.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - {{- if or .Values.cloneFilesFromGit.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.initContainers }} - initContainers: - {{- if .Values.cloneFilesFromGit.enabled }} - - name: git-clone-repository - image: {{ include "git.image" . }} - imagePullPolicy: {{ .Values.git.pullPolicy | quote }} - command: - - /bin/sh - - -c - - | - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh" - git clone {{ .Values.cloneFilesFromGit.repository }} --branch {{ .Values.cloneFilesFromGit.revision }} /app - volumeMounts: - - name: git-cloned-files - mountPath: /app - {{- if .Values.cloneFilesFromGit.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.cloneFilesFromGit.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: "{{ template "mxnet.volumePermissions.image" . }}" - imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: mxnet - workingDir: {{ .Values.entrypoint.workDir }} - image: {{ include "mxnet.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bash - - -c - - | - SERVER_RANK=${POD_NAME##*-} - ((SERVER_RANK++)) - export SERVER_RANK - {{- include "mxnet.entrypoint" . | nindent 14 }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DMLC_ROLE - value: "server" - - name: DMLC_NUM_WORKER - value: {{ .Values.worker.replicaCount | quote }} - - name: DMLC_NUM_SERVER - value: {{ .Values.server.replicaCount | quote }} - - name: DMLC_PS_ROOT_URI - value: {{ include "common.names.fullname" . }}-scheduler - - name: DMLC_PS_ROOT_PORT - value: {{ .Values.scheduler.port | quote }} - {{- if .Values.commonExtraEnvVars }} - {{- include "mxnet.parseEnvVars" .Values.commonExtraEnvVars | nindent 12 }} - {{- end }} - {{- if .Values.server.extraEnvVars }} - {{- include "mxnet.parseEnvVars" .Values.server.extraEnvVars | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - python3 - - -c - - import os; os.environ["DMLC_PS_ROOT_URI"] = "127.0.0.1"; os.environ["DMLC_ROLE"] = "worker"; import mxnet; print(mxnet.__version__) - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - python3 - - -c - - import os; os.environ["DMLC_PS_ROOT_URI"] = "127.0.0.1"; os.environ["DMLC_ROLE"] = "worker"; import mxnet; print(mxnet.__version__) - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.server.resources }} - resources: {{- toYaml .Values.server.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.configMap }} - - name: ext-files - mountPath: /app - {{- else if .Files.Glob "files/*" }} - - name: local-files - mountPath: /app - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - mountPath: /app - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.existingSecret }} - - name: secret-data - mountPath: /secrets - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.existingSecret }} - - name: secret-data - secret: - secretName: {{ .Values.existingSecret }} - {{- end }} - {{- if .Values.configMap }} - - name: ext-files - configMap: - name: {{ .Values.configMap }} - {{- else if .Files.Glob "files/*" }} - - name: local-files - configMap: - name: {{ include "common.names.fullname" . }}-files - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- if not .Values.persistence.enabled }} - - name: data - emptyDir: {} -{{- else }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - {{- if .Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: {{- toYaml .Values.persistence.accessModes | nindent 10 }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/mxnet/templates/standalone-deployment.yaml b/bitnami/mxnet/templates/standalone-deployment.yaml deleted file mode 100644 index b1c7cc3..0000000 --- a/bitnami/mxnet/templates/standalone-deployment.yaml +++ /dev/null @@ -1,179 +0,0 @@ -{{- if eq .Values.mode "standalone" }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: standalone -spec: - replicas: 1 - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: standalone - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: standalone - spec: - {{- include "mxnet.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - {{- if or .Values.cloneFilesFromGit.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.initContainers }} - initContainers: - {{- if .Values.cloneFilesFromGit.enabled }} - - name: git-clone-repository - image: {{ include "git.image" . }} - imagePullPolicy: {{ .Values.git.pullPolicy | quote }} - command: - - /bin/sh - - -c - - | - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh" - git clone {{ .Values.cloneFilesFromGit.repository }} --branch {{ .Values.cloneFilesFromGit.revision }} /app - volumeMounts: - - name: git-cloned-files - mountPath: /app - {{- if .Values.cloneFilesFromGit.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.cloneFilesFromGit.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: "{{ template "mxnet.volumePermissions.image" . }}" - imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: mxnet - workingDir: {{ .Values.entrypoint.workDir }} - image: {{ include "mxnet.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bash - - -c - - | - {{- include "mxnet.entrypoint" . | nindent 14 }} - env: - {{- if .Values.commonExtraEnvVars }} - {{- include "mxnet.parseEnvVars" .Values.commonExtraEnvVars | nindent 12 }} - {{- end }} - ports: - - name: mxnet - containerPort: {{ .Values.scheduler.port }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - python3 - - -c - - import mxnet; print(mxnet.__version__) - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - python3 - - -c - - import mxnet; print(mxnet.__version__) - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.configMap }} - - name: ext-files - mountPath: /app - {{- else if .Files.Glob "files/*" }} - - name: local-files - mountPath: /app - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - mountPath: /app - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.existingSecret }} - - name: secret-data - mountPath: /secrets - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.existingSecret }} - - name: secret-data - secret: - secretName: {{ .Values.existingSecret }} - {{- end }} - {{- if .Values.configMap }} - - name: ext-files - configMap: - name: {{ .Values.configMap }} - {{- else if .Files.Glob "files/*" }} - - name: local-files - configMap: - name: {{ include "common.names.fullname" . }}-files - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.names.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} -{{- end }} diff --git a/bitnami/mxnet/templates/worker-statefulset.yaml b/bitnami/mxnet/templates/worker-statefulset.yaml deleted file mode 100644 index 6f16002..0000000 --- a/bitnami/mxnet/templates/worker-statefulset.yaml +++ /dev/null @@ -1,209 +0,0 @@ -{{- if eq .Values.mode "distributed" }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.names.fullname" . }}-worker - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: worker -spec: - podManagementPolicy: {{ .Values.podManagementPolicy }} - serviceName: {{ template "common.names.fullname" . }}-headless - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: worker - replicas: {{ .Values.worker.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: worker - spec: - {{- include "mxnet.imagePullSecrets" . | nindent 6 }} - {{- if .Values.worker.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.worker.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.worker.podAffinityPreset "component" "worker" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.worker.podAntiAffinityPreset "component" "worker" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.worker.nodeAffinityPreset.type "key" .Values.worker.nodeAffinityPreset.key "values" .Values.worker.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.worker.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.worker.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.worker.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.worker.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.worker.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.worker.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - {{- if or .Values.cloneFilesFromGit.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.initContainers }} - initContainers: - {{- if .Values.cloneFilesFromGit.enabled }} - - name: git-clone-repository - image: {{ include "git.image" . }} - imagePullPolicy: {{ .Values.git.pullPolicy | quote }} - command: - - /bin/sh - - -c - - | - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh" - git clone {{ .Values.cloneFilesFromGit.repository }} --branch {{ .Values.cloneFilesFromGit.revision }} /app - volumeMounts: - - name: git-cloned-files - mountPath: /app - {{- if .Values.cloneFilesFromGit.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.cloneFilesFromGit.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ template "mxnet.volumePermissions.image" . }} - imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" ( dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: mxnet - workingDir: {{ .Values.entrypoint.workDir }} - image: {{ include "mxnet.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - command: - - bash - - -c - - | - WORKER_RANK=${POD_NAME##*-} - ((WORKER_RANK++)) - export WORKER_RANK - {{- include "mxnet.entrypoint" . | nindent 14 }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DMLC_ROLE - value: "worker" - - name: DMLC_NUM_WORKER - value: {{ .Values.worker.replicaCount | quote }} - - name: DMLC_NUM_SERVER - value: {{ .Values.server.replicaCount | quote }} - - name: DMLC_PS_ROOT_URI - value: {{ include "common.names.fullname" . }}-scheduler - - name: DMLC_PS_ROOT_PORT - value: {{ .Values.scheduler.port | quote }} - {{- if .Values.commonExtraEnvVars }} - {{- include "mxnet.parseEnvVars" .Values.commonExtraEnvVars | nindent 12 }} - {{- end }} - {{- if .Values.worker.extraEnvVars }} - {{- include "mxnet.parseEnvVars" .Values.worker.extraEnvVars | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - python3 - - -c - - import mxnet; print(mxnet.__version__) - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - python3 - - -c - - import mxnet; print(mxnet.__version__) - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.worker.resources }} - resources: {{- toYaml .Values.worker.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.configMap }} - - name: ext-files - mountPath: /app - {{- else if .Files.Glob "files/*" }} - - name: local-files - mountPath: /app - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - mountPath: /app - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.existingSecret }} - - name: secret-data - mountPath: /secrets - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.existingSecret }} - - name: secret-data - secret: - secretName: {{ .Values.existingSecret }} - {{- end }} - {{- if .Values.configMap }} - - name: ext-files - configMap: - name: {{ .Values.configMap }} - {{- else if .Files.Glob "files/*" }} - - name: local-files - configMap: - name: {{ include "common.names.fullname" . }}-files - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- if not .Values.persistence.enabled }} - - name: data - emptyDir: {} -{{- else }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - {{- if .Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: {{- toYaml .Values.persistence.accessModes | nindent 10 }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/mxnet/values.yaml b/bitnami/mxnet/values.yaml deleted file mode 100644 index 740a30b..0000000 --- a/bitnami/mxnet/values.yaml +++ /dev/null @@ -1,585 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" - -## @section Common Mxnet parameters - -## Bitnami Apache MXNet (Incubating) image version -## ref: https://hub.docker.com/r/bitnami/mxnet/tags/ -## @param image.registry Apache MXNet (Incubating) image registry -## @param image.repository Apache MXNet (Incubating) image repository -## @param image.tag Apache MXNet (Incubating) image tag (immutable tags are recommended) -## @param image.pullPolicy Image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/mxnet - tag: 1.8.0-debian-10-r171 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## It turns BASH and/or NAMI debugging in the image - ## - debug: false -## Bitnami git image version -## ref: https://hub.docker.com/r/bitnami/git/tags/ -## @param git.registry Git image registry -## @param git.repository Git image repository -## @param git.tag Git image tag (immutable tags are recommended) -## @param git.pullPolicy Git image pull policy -## @param git.pullSecrets Specify docker-registry secret names as an array -## -git: - registry: docker.io - repository: bitnami/git - tag: 2.33.0-debian-10-r38 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r202 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} -## Service for the scheduler node -## -service: - ## @param service.type Kubernetes service type - ## - type: ClusterIP - ## @param service.port Scheduler Service port - ## - port: 9092 - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - ## @param service.annotations Provide any additional annotations which may be required. - ## This can be used to set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} -## @param entrypoint [object] The main entrypoint of your app, this will be executed as: -## python [file] [args] -## -entrypoint: - file: - workDir: /app - # args: -## @param mode Apache MXNet (Incubating) deployment mode. Can be `standalone` or `distributed` -## -mode: standalone -## @param existingSecret Name of a secret with sensitive data to mount in the pods -## -existingSecret: "" -## @param configMap Name of an existing config map containing all the files you want to load in Apache MXNet (Incubating) -## -configMap: "" -## @param hostAliases Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -cloneFilesFromGit: - ## @param cloneFilesFromGit.enabled Enable in order to download files from git repository - ## - enabled: false - # repository: - # revision: master - ## @param cloneFilesFromGit.extraVolumeMounts Add extra volume mounts for the GIT container - ## Useful to mount keys to connect through ssh. (normally used with extraVolumes) - ## E.g: - ## extraVolumeMounts: - ## - name: ssh-dir - ## mountPath: /.ssh/ - ## - extraVolumeMounts: [] -## @param commonExtraEnvVars Additional environment variables for all node types -## Example: -## commonExtraEnvVars: -## - name: PS_VERBOSE -## value: "1" -## -commonExtraEnvVars: [] -## @param podManagementPolicy StatefulSet (worker and server nodes) pod management policy -## -podManagementPolicy: Parallel -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## Container resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the Mxnet container -## @param resources.requests The requested resources for the Mxnet container -## -resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## @param securityContext.enabled Enable security context -## @param securityContext.fsGroup Group ID for the container -## @param securityContext.runAsUser User ID for the container -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 15 - successThreshold: 1 - failureThreshold: 5 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 15 - successThreshold: 1 - failureThreshold: 5 -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Use a PVC to persist data - ## - enabled: false - ## @param persistence.mountPath Path to mount the volume at - ## - mountPath: /bitnami/mxnet - ## @param persistence.accessModes Persistent Volume Access Mode - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size Size of data volume - ## - size: 8Gi - ## Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - ## @param persistence.annotations Persistent Volume annotations - ## - annotations: {} -## @param sidecars Attach additional containers to the pods (scheduler, worker and server nodes) -## e.g. -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @param initContainers Attach additional init containers to the pods (scheduler, worker and server nodes) -## e.g. -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param extraVolumes Array to add extra volumes (evaluated as a template) -## -extraVolumes: [] -## @param extraVolumeMounts Array to add extra mounts (normally used with extraVolumes, evaluated as a template) -## -extraVolumeMounts: [] - - -## @section Mxnet Server parameters (only for distributed mode) - -server: - ## @param server.replicaCount Number of Server nodes that will execute your code - ## - replicaCount: 1 - ## @param server.extraEnvVars Extra environment variables to add to the Server nodes - ## Example: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param server.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## Container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param server.resources.limits The resources limits for the Mxnet Server container - ## @param server.resources.requests The requested resources for the Mxnet Server container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## @param server.podAffinityPreset Mxnet Server pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param server.podAntiAffinityPreset Mxnet Server pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## @param server.nodeAffinityPreset.type Mxnet Server node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param server.nodeAffinityPreset.key Mxnet Server node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param server.nodeAffinityPreset.values Mxnet Server node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param server.affinity Mxnet Server affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: configsvr.podAffinityPreset, configsvr.podAntiAffinityPreset, and configsvr.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param server.nodeSelector Mxnet Server node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param server.tolerations Mxnet Server tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - -## @section Mxnet Worker parameters (only for distributed mode) - -worker: - ## @param worker.replicaCount Number of Worker nodes that will execute your code - ## - replicaCount: 1 - ## @param worker.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param worker.extraEnvVars Extra environment variables to add to the Server nodes - ## Example: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## Container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param worker.resources.limits The resources limits for the Mxnet Worker container - ## @param worker.resources.requests The requested resources for the Mxnet Worker container - ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## @param worker.podAffinityPreset Mxnet Worker pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param worker.podAntiAffinityPreset Mxnet Worker pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## @param worker.nodeAffinityPreset.type Mxnet Worker node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param worker.nodeAffinityPreset.key Mxnet Worker node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param worker.nodeAffinityPreset.values Mxnet Worker node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param worker.affinity Mxnet Worker affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: configsvr.podAffinityPreset, configsvr.podAntiAffinityPreset, and configsvr.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param worker.nodeSelector Mxnet Worker node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param worker.tolerations Mxnet Worker tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - -## @section Mxnet Scheduler parameters (only for distributed mode) - -scheduler: - ## @param scheduler.port The port used to communicate with the scheduler - ## MASTER_PORT will be set to this value - ## - port: 9092 - ## @param scheduler.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param scheduler.extraEnvVars An array to add extra env vars - ## Example: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## Container resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param scheduler.resources.limits The resources limits for the Mxnet Scheduler container - ## @param scheduler.resources.requests The requested resources for the Mxnet Scheduler container - ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## @param scheduler.podAffinityPreset Mxnet Scheduler pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param scheduler.podAntiAffinityPreset Mxnet Scheduler pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## Allowed values: soft, hard - ## - nodeAffinityPreset: - ## @param scheduler.nodeAffinityPreset.type Mxnet Scheduler node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param scheduler.nodeAffinityPreset.key Mxnet Scheduler node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param scheduler.nodeAffinityPreset.values Mxnet Scheduler node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param scheduler.affinity Mxnet Scheduler affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: configsvr.podAffinityPreset, configsvr.podAntiAffinityPreset, and configsvr.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param scheduler.nodeSelector Mxnet Scheduler node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param scheduler.tolerations Mxnet Scheduler tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] diff --git a/bitnami/mysql/.helmignore b/bitnami/mysql/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/mysql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/mysql/Chart.lock b/bitnami/mysql/Chart.lock deleted file mode 100644 index 70d3660..0000000 --- a/bitnami/mysql/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-24T14:26:14.263576407Z" diff --git a/bitnami/mysql/Chart.yaml b/bitnami/mysql/Chart.yaml deleted file mode 100644 index 556fb9b..0000000 --- a/bitnami/mysql/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - category: Database -apiVersion: v2 -appVersion: 8.0.26 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Chart to create a Highly available MySQL cluster -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/mysql -icon: https://bitnami.com/assets/stacks/mysql/img/mysql-stack-220x234.png -keywords: - - mysql - - database - - sql - - cluster - - high availability -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: mysql -sources: - - https://github.com/bitnami/bitnami-docker-mysql - - https://mysql.com -version: 8.8.8 diff --git a/bitnami/mysql/README.md b/bitnami/mysql/README.md deleted file mode 100644 index ba89b31..0000000 --- a/bitnami/mysql/README.md +++ /dev/null @@ -1,469 +0,0 @@ -# MySQL - -[MySQL](https://mysql.com) is a fast, reliable, scalable, and easy to use open-source relational database system. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. - -## TL;DR - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/mysql -``` - -## Introduction - -This chart bootstraps a [MySQL](https://github.com/bitnami/bitnami-docker-mysql) replication cluster deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/mysql -``` - -These commands deploy MySQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `clusterDomain` | Cluster domain | `cluster.local` | -| `commonAnnotations` | Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `extraDeploy` | Array with extra yaml to deploy with the chart. Evaluated as a template | `[]` | -| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### MySQL common parameters - -| Name | Description | Value | -| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | -| `image.registry` | MySQL image registry | `docker.io` | -| `image.repository` | MySQL image repository | `bitnami/mysql` | -| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.26-debian-10-r60` | -| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `architecture` | MySQL architecture (`standalone` or `replication`) | `standalone` | -| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided | `""` | -| `auth.database` | Name for a custom database to create | `my_database` | -| `auth.username` | Name for a custom user to create | `""` | -| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | -| `auth.replicationUser` | MySQL replication user | `replicator` | -| `auth.replicationPassword` | MySQL replication user password. Ignored if existing secret is provided | `""` | -| `auth.existingSecret` | Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` | `""` | -| `auth.forcePassword` | Force users to specify required passwords | `false` | -| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` | -| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | -| `initdbScripts` | Dictionary of initdb scripts | `{}` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | - - -### MySQL Primary parameters - -| Name | Description | Value | -| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------- | -| `primary.command` | Override default container command on MySQL Primary container(s) (useful when using custom images) | `[]` | -| `primary.args` | Override default container args on MySQL Primary container(s) (useful when using custom images) | `[]` | -| `primary.hostAliases` | Deployment pod host aliases | `[]` | -| `primary.configuration` | Configure MySQL Primary with a custom my.cnf file | `""` | -| `primary.existingConfiguration` | Name of existing ConfigMap with MySQL Primary configuration. | `""` | -| `primary.updateStrategy` | Update strategy type for the MySQL primary statefulset | `RollingUpdate` | -| `primary.rollingUpdatePartition` | Partition update strategy for MySQL Primary statefulset | `""` | -| `primary.podAnnotations` | Additional pod annotations for MySQL primary pods | `{}` | -| `primary.podAffinityPreset` | MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.podAntiAffinityPreset` | MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `primary.nodeAffinityPreset.type` | MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.nodeAffinityPreset.key` | MySQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | -| `primary.nodeAffinityPreset.values` | MySQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | -| `primary.affinity` | Affinity for MySQL primary pods assignment | `{}` | -| `primary.nodeSelector` | Node labels for MySQL primary pods assignment | `{}` | -| `primary.tolerations` | Tolerations for MySQL primary pods assignment | `[]` | -| `primary.podSecurityContext.enabled` | Enable security context for MySQL primary pods | `true` | -| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` | -| `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` | -| `primary.resources.limits` | The resources limits for MySQL primary containers | `{}` | -| `primary.resources.requests` | The requested resources for MySQL primary containers | `{}` | -| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `primary.startupProbe.enabled` | Enable startupProbe | `true` | -| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | -| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | -| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `primary.customLivenessProbe` | Override default liveness probe for MySQL primary containers | `{}` | -| `primary.customReadinessProbe` | Override default readiness probe for MySQL primary containers | `{}` | -| `primary.customStartupProbe` | Override default startup probe for MySQL primary containers | `{}` | -| `primary.extraFlags` | MySQL primary additional command line flags | `""` | -| `primary.extraEnvVars` | Extra environment variables to be set on MySQL primary containers | `[]` | -| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL primary containers | `""` | -| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL primary containers | `""` | -| `primary.persistence.enabled` | Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` | -| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL primary replicas | `""` | -| `primary.persistence.storageClass` | MySQL primary persistent volume storage Class | `""` | -| `primary.persistence.annotations` | MySQL primary persistent volume claim annotations | `{}` | -| `primary.persistence.accessModes` | MySQL primary persistent volume access Modes | `["ReadWriteOnce"]` | -| `primary.persistence.size` | MySQL primary persistent volume size | `8Gi` | -| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL Primary pod(s) | `[]` | -| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) | `[]` | -| `primary.initContainers` | Add additional init containers for the MySQL Primary pod(s) | `[]` | -| `primary.sidecars` | Add additional sidecar containers for the MySQL Primary pod(s) | `[]` | -| `primary.service.type` | MySQL Primary K8s service type | `ClusterIP` | -| `primary.service.port` | MySQL Primary K8s service port | `3306` | -| `primary.service.nodePort` | MySQL Primary K8s service node port | `""` | -| `primary.service.clusterIP` | MySQL Primary K8s service clusterIP IP | `""` | -| `primary.service.loadBalancerIP` | MySQL Primary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL Primary service is LoadBalancer | `[]` | -| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` | -| `primary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MySQL primary pods | `false` | -| `primary.pdb.minAvailable` | Minimum number/percentage of MySQL primary pods that should remain scheduled | `1` | -| `primary.pdb.maxUnavailable` | Maximum number/percentage of MySQL primary pods that may be made unavailable | `""` | -| `primary.podLabels` | MySQL Primary pod label. If labels are same as commonLabels , this will take precedence | `{}` | - - -### MySQL Secondary parameters - -| Name | Description | Value | -| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `secondary.replicaCount` | Number of MySQL secondary replicas | `1` | -| `secondary.hostAliases` | Deployment pod host aliases | `[]` | -| `secondary.command` | Override default container command on MySQL Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.args` | Override default container args on MySQL Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.configuration` | Configure MySQL Secondary with a custom my.cnf file | `""` | -| `secondary.existingConfiguration` | Name of existing ConfigMap with MySQL Secondary configuration. | `""` | -| `secondary.updateStrategy` | Update strategy type for the MySQL secondary statefulset | `RollingUpdate` | -| `secondary.rollingUpdatePartition` | Partition update strategy for MySQL Secondary statefulset | `""` | -| `secondary.podAnnotations` | Additional pod annotations for MySQL secondary pods | `{}` | -| `secondary.podAffinityPreset` | MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.podAntiAffinityPreset` | MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `secondary.nodeAffinityPreset.type` | MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.nodeAffinityPreset.key` | MySQL secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | -| `secondary.nodeAffinityPreset.values` | MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | -| `secondary.affinity` | Affinity for MySQL secondary pods assignment | `{}` | -| `secondary.nodeSelector` | Node labels for MySQL secondary pods assignment | `{}` | -| `secondary.tolerations` | Tolerations for MySQL secondary pods assignment | `[]` | -| `secondary.podSecurityContext.enabled` | Enable security context for MySQL secondary pods | `true` | -| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` | -| `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` | -| `secondary.resources.limits` | The resources limits for MySQL secondary containers | `{}` | -| `secondary.resources.requests` | The requested resources for MySQL secondary containers | `{}` | -| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `secondary.startupProbe.enabled` | Enable startupProbe | `true` | -| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | -| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `secondary.customLivenessProbe` | Override default liveness probe for MySQL secondary containers | `{}` | -| `secondary.customReadinessProbe` | Override default readiness probe for MySQL secondary containers | `{}` | -| `secondary.customStartupProbe` | Override default startup probe for MySQL secondary containers | `{}` | -| `secondary.extraFlags` | MySQL secondary additional command line flags | `""` | -| `secondary.extraEnvVars` | An array to add extra environment variables on MySQL secondary containers | `[]` | -| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL secondary containers | `""` | -| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL secondary containers | `""` | -| `secondary.persistence.enabled` | Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` | `true` | -| `secondary.persistence.storageClass` | MySQL secondary persistent volume storage Class | `""` | -| `secondary.persistence.annotations` | MySQL secondary persistent volume claim annotations | `{}` | -| `secondary.persistence.accessModes` | MySQL secondary persistent volume access Modes | `["ReadWriteOnce"]` | -| `secondary.persistence.size` | MySQL secondary persistent volume size | `8Gi` | -| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL secondary pod(s) | `[]` | -| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) | `[]` | -| `secondary.initContainers` | Add additional init containers for the MySQL secondary pod(s) | `[]` | -| `secondary.sidecars` | Add additional sidecar containers for the MySQL secondary pod(s) | `[]` | -| `secondary.service.type` | MySQL secondary Kubernetes service type | `ClusterIP` | -| `secondary.service.port` | MySQL secondary Kubernetes service port | `3306` | -| `secondary.service.nodePort` | MySQL secondary Kubernetes service node port | `""` | -| `secondary.service.clusterIP` | MySQL secondary Kubernetes service clusterIP IP | `""` | -| `secondary.service.loadBalancerIP` | MySQL secondary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `secondary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL secondary service is LoadBalancer | `[]` | -| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` | -| `secondary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MySQL secondary pods | `false` | -| `secondary.pdb.minAvailable` | Minimum number/percentage of MySQL secondary pods that should remain scheduled | `1` | -| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MySQL secondary pods that may be made unavailable | `""` | -| `secondary.podLabels` | Additional pod labels for MySQL secondary pods | `{}` | - - -### RBAC parameters - -| Name | Description | Value | -| ---------------------------- | ------------------------------------------------------ | ------- | -| `serviceAccount.create` | Enable the creation of a ServiceAccount for MySQL pods | `true` | -| `serviceAccount.name` | Name of the created ServiceAccount | `""` | -| `serviceAccount.annotations` | Annotations for MySQL Service Account | `{}` | -| `rbac.create` | Whether to create & use RBAC resources or not | `false` | - - -### Network Policy - -| Name | Description | Value | -| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------- | ------- | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | -| `networkPolicy.allowExternal` | The Policy model to apply. | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL | `{}` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r202` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources` | Init container volume-permissions resources | `{}` | - - -### Metrics parameters - -| Name | Description | Value | -| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Exporter image registry | `docker.io` | -| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.13.0-debian-10-r105` | -| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.service.type` | Kubernetes service type for MySQL Prometheus Exporter | `ClusterIP` | -| `metrics.service.port` | MySQL Prometheus Exporter service port | `9104` | -| `metrics.service.annotations` | Prometheus exporter service annotations | `{}` | -| `metrics.extraArgs.primary` | Extra args to be passed to mysqld_exporter on Primary pods | `[]` | -| `metrics.extraArgs.secondary` | Extra args to be passed to mysqld_exporter on Secondary pods | `[]` | -| `metrics.resources.limits` | The resources limits for MySQL prometheus exporter containers | `{}` | -| `metrics.resources.requests` | The requested resources for MySQL prometheus exporter containers | `{}` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `""` | -| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | - - -The above parameters map to the env variables defined in [bitnami/mysql](http://github.com/bitnami/bitnami-docker-mysql). For more information please refer to the [bitnami/mysql](http://github.com/bitnami/bitnami-docker-mysql) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set auth.rootPassword=secretpassword,auth.database=app_database \ - bitnami/mysql -``` - -The above command sets the MySQL `root` account password to `secretpassword`. Additionally it creates a database named `app_database`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/mysql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different MySQL version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/mysql/configuration/change-image-version/). - -### Customize a new MySQL instance - -The [Bitnami MySQL](https://github.com/bitnami/bitnami-docker-mysql) image allows you to use your custom scripts to initialize a fresh instance. Custom scripts may be specified using the `initdbScripts` parameter. Alternatively, an external ConfigMap may be created with all the initialization scripts and the ConfigMap passed to the chart via the `initdbScriptsConfigMap` parameter. Note that this will override the `initdbScripts` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -These scripts are treated differently depending on their extension. While `.sh` scripts are executed on all the nodes, `.sql` and `.sql.gz` scripts are only executed on the primary nodes. This is because `.sh` scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in `.sql` or `sql.gz` files. - -Refer to the [chart documentation for more information and a usage example](http://docs.bitnami.com/kubernetes/infrastructure/mysql/configuration/customize-new-instance/). - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as MySQL, you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -## Persistence - -The [Bitnami MySQL](https://github.com/bitnami/bitnami-docker-mysql) image stores the MySQL data and configurations at the `/bitnami/mysql` path of the container. - -The chart mounts a [Persistent Volume](https://kubernetes.io/docs/user-guide/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can also be defined for this purpose. - -If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). - -## Network Policy - -To enable network policy for MySQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 3306. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to MySQL. -This label will be displayed in the output of a successful install. - -## Pod affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: - -```bash -$ helm upgrade my-release bitnami/mysql --set auth.rootPassword=[ROOT_PASSWORD] -``` - -| Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. - -### To 8.0.0 - -- Several parameters were renamed or disappeared in favor of new ones on this major version: - - The terms *master* and *slave* have been replaced by the terms *primary* and *secondary*. Therefore, parameters prefixed with `master` or `slave` are now prefixed with `primary` or `secondary`, respectively. - - Credentials parameters are reorganized under the `auth` parameter. - - `replication.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -Consequences: - -- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MySQL chart, and migrate the data from your previous release. You have 2 alternatives to do so: - - Create a backup of the database, and restore it on the new release using tools such as [mysqldump](https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html). - - Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mysql`: - -```bash -$ helm install mysql bitnami/mysql --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] -``` - -| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release. - -### To 7.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/mysql/administration/upgrade-helm3/). - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is mysql: - -```console -$ kubectl delete statefulset mysql-master --cascade=false -$ kubectl delete statefulset mysql-slave --cascade=false -``` diff --git a/bitnami/mysql/ci/values-production-with-rbac.yaml b/bitnami/mysql/ci/values-production-with-rbac.yaml deleted file mode 100644 index d3370c9..0000000 --- a/bitnami/mysql/ci/values-production-with-rbac.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct - -architecture: replication -auth: - usePasswordFiles: true - -primary: - extraEnvVars: - - name: TEST - value: "3" - podDisruptionBudget: - create: true - -secondary: - replicaCount: 2 - extraEnvVars: - - name: TEST - value: "2" - podDisruptionBudget: - create: true - -serviceAccount: - create: true - name: mysql-service-account -rbac: - create: true - -metrics: - enabled: true diff --git a/bitnami/mysql/templates/NOTES.txt b/bitnami/mysql/templates/NOTES.txt deleted file mode 100644 index b033ffa..0000000 --- a/bitnami/mysql/templates/NOTES.txt +++ /dev/null @@ -1,98 +0,0 @@ -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/bitnami/scripts/mysql/entrypoint.sh /opt/bitnami/scripts/mysql/run.sh - -{{- else }} - -Tip: - - Watch the deployment status using the command: kubectl get pods -w --namespace {{ .Release.Namespace }} - -Services: - - echo Primary: {{ include "mysql.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.primary.service.port }} -{{- if eq .Values.architecture "replication" }} - echo Secondary: {{ include "mysql.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.secondary.service.port }} -{{- end }} - -Execute the following to get the administrator credentials: - - echo Username: root - MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mysql.secretName" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode) - -To connect to your database: - - 1. Run a pod that you can use as a client: - - kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mysql.image" . }} --namespace {{ .Release.Namespace }} --command -- bash - - 2. To connect to primary service (read/write): - - mysql -h {{ include "mysql.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p"$MYSQL_ROOT_PASSWORD" - -{{- if eq .Values.architecture "replication" }} - - 3. To connect to secondary service (read-only): - - mysql -h {{ include "mysql.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p"$MYSQL_ROOT_PASSWORD" -{{- end }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to MySQL. -{{- end }} - -{{- if .Values.metrics.enabled }} - -To access the MySQL Prometheus metrics from outside the cluster execute the following commands: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ .Values.metrics.service.port }}:{{ .Values.metrics.service.port }} & - curl http://127.0.0.1:{{ .Values.metrics.service.port }}/metrics - -{{- end }} - -To upgrade this helm chart: - - 1. Obtain the password as described on the 'Administrator credentials' section and set the 'root.password' parameter as shown below: - - ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode) - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/mysql --set auth.rootPassword=$ROOT_PASSWORD - -{{ include "mysql.validateValues" . }} -{{ include "mysql.checkRollingTags" . }} -{{- if and (not .Values.auth.existingSecret) (not .Values.auth.customPasswordFiles) -}} - {{- $secretName := include "mysql.secretName" . -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" "auth.rootPassword" "secret" $secretName "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- if not (empty .Values.auth.username) -}} - {{- $requiredPassword := dict "valueKey" "auth.password" "secret" $secretName "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq .Values.architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" "auth.replicationPassword" "secret" $secretName "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- $mysqlPasswordValidationErrors := include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" $) -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $mysqlPasswordValidationErrors "context" $) -}} -{{- end }} -{{- end }} diff --git a/bitnami/mysql/templates/_helpers.tpl b/bitnami/mysql/templates/_helpers.tpl deleted file mode 100644 index e28117a..0000000 --- a/bitnami/mysql/templates/_helpers.tpl +++ /dev/null @@ -1,158 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "mysql.primary.fullname" -}} -{{- if eq .Values.architecture "replication" }} -{{- printf "%s-%s" (include "common.names.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- include "common.names.fullname" . -}} -{{- end -}} -{{- end -}} - -{{- define "mysql.secondary.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "secondary" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper MySQL image name -*/}} -{{- define "mysql.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper metrics image name -*/}} -{{- define "mysql.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mysql.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "mysql.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} -{{- end -}} - -{{ template "mysql.initdbScriptsCM" . }} -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "mysql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} - {{- printf "%s" .Values.initdbScriptsConfigMap -}} -{{- else -}} - {{- printf "%s-init-scripts" (include "mysql.primary.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* - Returns the proper service account name depending if an explicit service account name is set - in the values file. If the name is not set it will default to either mysql.fullname if serviceAccount.create - is true or default otherwise. -*/}} -{{- define "mysql.serviceAccountName" -}} - {{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} - {{- else -}} - {{ default "default" .Values.serviceAccount.name }} - {{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MySQL Primary configuration -*/}} -{{- define "mysql.primary.configmapName" -}} -{{- if .Values.primary.existingConfigmap -}} - {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s" (include "mysql.primary.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MySQL Secondary -*/}} -{{- define "mysql.primary.createConfigmap" -}} -{{- if and .Values.primary.configuration (not .Values.primary.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MySQL Primary configuration -*/}} -{{- define "mysql.secondary.configmapName" -}} -{{- if .Values.secondary.existingConfigmap -}} - {{- printf "%s" (tpl .Values.secondary.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s" (include "mysql.secondary.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MySQL Secondary -*/}} -{{- define "mysql.secondary.createConfigmap" -}} -{{- if and (eq .Values.architecture "replication") .Values.secondary.configuration (not .Values.secondary.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret with MySQL credentials -*/}} -{{- define "mysql.secretName" -}} - {{- if .Values.auth.existingSecret -}} - {{- printf "%s" .Values.auth.existingSecret -}} - {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created for MySQL -*/}} -{{- define "mysql.createSecret" -}} -{{- if and (not .Values.auth.existingSecret) (not .Values.auth.customPasswordFiles) }} - {{- true -}} -{{- end -}} -{{- end -}} - - -{{/* Check if there are rolling tags in the images */}} -{{- define "mysql.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "mysql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "mysql.networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"extensions/v1beta1" -{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} -"networking.k8s.io/v1" -{{- end -}} -{{- end -}} diff --git a/bitnami/mysql/templates/metrics-svc.yaml b/bitnami/mysql/templates/metrics-svc.yaml deleted file mode 100644 index fb0d9d7..0000000 --- a/bitnami/mysql/templates/metrics-svc.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - app.kubernetes.io/component: metrics - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - ports: - - port: {{ .Values.metrics.service.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} -{{- end }} diff --git a/bitnami/mysql/templates/networkpolicy.yaml b/bitnami/mysql/templates/networkpolicy.yaml deleted file mode 100644 index a2960de..0000000 --- a/bitnami/mysql/templates/networkpolicy.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "mysql.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.primary.service.port }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes - - ports: - - port: 9104 - {{- end }} -{{- end }} diff --git a/bitnami/mysql/templates/primary/configmap.yaml b/bitnami/mysql/templates/primary/configmap.yaml deleted file mode 100644 index 540b7b9..0000000 --- a/bitnami/mysql/templates/primary/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if (include "mysql.primary.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - my.cnf: |- - {{ .Values.primary.configuration | nindent 4 }} -{{- end -}} diff --git a/bitnami/mysql/templates/primary/initialization-configmap.yaml b/bitnami/mysql/templates/primary/initialization-configmap.yaml deleted file mode 100644 index 5bc09c5..0000000 --- a/bitnami/mysql/templates/primary/initialization-configmap.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-init-scripts" (include "mysql.primary.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary -data: -{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} -{{ end }} diff --git a/bitnami/mysql/templates/primary/pdb.yaml b/bitnami/mysql/templates/primary/pdb.yaml deleted file mode 100644 index 3c22c39..0000000 --- a/bitnami/mysql/templates/primary/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.primary.pdb.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.primary.pdb.minAvailable }} - minAvailable: {{ .Values.primary.pdb.minAvailable }} - {{- end }} - {{- if .Values.primary.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.primary.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: primary -{{- end }} diff --git a/bitnami/mysql/templates/primary/statefulset.yaml b/bitnami/mysql/templates/primary/statefulset.yaml deleted file mode 100644 index 6f9c99e..0000000 --- a/bitnami/mysql/templates/primary/statefulset.yaml +++ /dev/null @@ -1,368 +0,0 @@ -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.primary.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: 1 - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: primary - serviceName: {{ include "mysql.primary.fullname" . }} - updateStrategy: - type: {{ .Values.primary.updateStrategy }} - {{- if (eq "Recreate" .Values.primary.updateStrategy) }} - rollingUpdate: null - {{- else if .Values.primary.rollingUpdatePartition }} - rollingUpdate: - partition: {{ .Values.primary.rollingUpdatePartition }} - {{- end }} - template: - metadata: - annotations: - {{- if (include "mysql.primary.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.primary.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.primary.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "mysql.imagePullSecrets" . | nindent 6 }} - {{- if .Values.primary.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "mysql.serviceAccountName" . }} - {{- if .Values.primary.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.primary.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.primary.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.primary.podSecurityContext.enabled }} - securityContext: {{- omit .Values.primary.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if or .Values.primary.initContainers (and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled) }} - initContainers: - {{- if .Values.primary.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled }} - - name: volume-permissions - image: {{ include "mysql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} /bitnami/mysql - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- end }} - {{- end }} - containers: - - name: mysql - image: {{ include "mysql.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.primary.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.primary.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.primary.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - {{- else }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - {{- end }} - {{- if not (empty .Values.auth.username) }} - - name: MYSQL_USER - value: {{ .Values.auth.username | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-password" .Values.auth.customPasswordFiles.user }} - {{- else }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-password - {{- end }} - {{- end }} - - name: MYSQL_DATABASE - value: {{ .Values.auth.database | quote }} - {{- if eq .Values.architecture "replication" }} - - name: MYSQL_REPLICATION_MODE - value: "master" - - name: MYSQL_REPLICATION_USER - value: {{ .Values.auth.replicationUser | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_REPLICATION_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-replication-password" .Values.auth.customPasswordFiles.replicator }} - {{- else }} - - name: MYSQL_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-replication-password - {{- end }} - {{- end }} - {{- if .Values.primary.extraFlags }} - - name: MYSQL_EXTRA_FLAGS - value: "{{ .Values.primary.extraFlags }}" - {{- end }} - {{- if .Values.primary.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.primary.extraEnvVarsCM .Values.primary.extraEnvVarsSecret }} - envFrom: - {{- if .Values.primary.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.primary.extraEnvVarsCM }} - {{- end }} - {{- if .Values.primary.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.primary.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: mysql - containerPort: 3306 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.primary.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.primary.livenessProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.primary.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.primary.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.primary.readinessProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.primary.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.primary.startupProbe.enabled }} - startupProbe: {{- omit .Values.primary.startupProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.primary.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.primary.resources }} - resources: {{ toYaml .Values.primary.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if or .Values.primary.configuration .Values.primary.existingConfigmap }} - - name: config - mountPath: /opt/bitnami/mysql/conf/my.cnf - subPath: my.cnf - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - mountPath: /opt/bitnami/mysql/secrets/ - {{- end }} - {{- if .Values.primary.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "mysql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - env: - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - {{- else }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mysql.secretName" . }} - key: mysql-root-password - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} - {{- end }} - ports: - - name: metrics - containerPort: 9104 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - volumeMounts: - - name: mysql-credentials - mountPath: /opt/bitnami/mysqld-exporter/secrets/ - {{- end }} - {{- end }} - {{- if .Values.primary.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if or .Values.primary.configuration .Values.primary.existingConfigmap }} - - name: config - configMap: - name: {{ include "mysql.primary.configmapName" . }} - {{- end }} - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ include "mysql.initdbScriptsCM" . }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - secret: - secretName: {{ include "mysql.secretName" . }} - items: - - key: mysql-root-password - path: mysql-root-password - - key: mysql-password - path: mysql-password - {{- if eq .Values.architecture "replication" }} - - key: mysql-replication-password - path: mysql-replication-password - {{- end }} - {{- end }} - {{- if .Values.primary.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.primary.persistence.enabled .Values.primary.persistence.existingClaim }} - - name: data - persistentVolumeClaim: - claimName: {{ tpl .Values.primary.persistence.existingClaim . }} - {{- else if not .Values.primary.persistence.enabled }} - - name: data - emptyDir: {} - {{- else if and .Values.primary.persistence.enabled (not .Values.primary.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{ include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: primary - {{- if .Values.primary.persistence.annotations }} - annotations: - {{- toYaml .Values.primary.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.primary.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.primary.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) }} - {{- if .Values.primary.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} - {{- end -}} - {{- end }} diff --git a/bitnami/mysql/templates/primary/svc-headless.yaml b/bitnami/mysql/templates/primary/svc-headless.yaml deleted file mode 100644 index 49e6e57..0000000 --- a/bitnami/mysql/templates/primary/svc-headless.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.primary.fullname" . }}-headless - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: mysql - port: {{ .Values.primary.service.port }} - targetPort: mysql - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: primary diff --git a/bitnami/mysql/templates/primary/svc.yaml b/bitnami/mysql/templates/primary/svc.yaml deleted file mode 100644 index b46e6fa..0000000 --- a/bitnami/mysql/templates/primary/svc.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.primary.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.service.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.primary.service.type }} - {{- if and (eq .Values.primary.service.type "ClusterIP") .Values.primary.service.clusterIP }} - clusterIP: {{ .Values.primary.service.clusterIP }} - {{- end }} - {{- if and .Values.primary.service.loadBalancerIP (eq .Values.primary.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} - externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.primary.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: mysql - port: {{ .Values.primary.service.port }} - protocol: TCP - targetPort: mysql - {{- if (and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) .Values.primary.service.nodePort) }} - nodePort: {{ .Values.primary.service.nodePort }} - {{- else if eq .Values.primary.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: primary diff --git a/bitnami/mysql/templates/role.yaml b/bitnami/mysql/templates/role.yaml deleted file mode 100644 index 4cbdd5c..0000000 --- a/bitnami/mysql/templates/role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get -{{- end }} diff --git a/bitnami/mysql/templates/rolebinding.yaml b/bitnami/mysql/templates/rolebinding.yaml deleted file mode 100644 index 90ede32..0000000 --- a/bitnami/mysql/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -kind: RoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -subjects: - - kind: ServiceAccount - name: {{ include "mysql.serviceAccountName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "common.names.fullname" . -}} -{{- end }} diff --git a/bitnami/mysql/templates/secondary/configmap.yaml b/bitnami/mysql/templates/secondary/configmap.yaml deleted file mode 100644 index 682e3e1..0000000 --- a/bitnami/mysql/templates/secondary/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if (include "mysql.secondary.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - my.cnf: |- - {{ .Values.secondary.configuration | nindent 4 }} -{{- end -}} diff --git a/bitnami/mysql/templates/secondary/pdb.yaml b/bitnami/mysql/templates/secondary/pdb.yaml deleted file mode 100644 index e689b54..0000000 --- a/bitnami/mysql/templates/secondary/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq .Values.architecture "replication") .Values.secondary.pdb.enabled }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.secondary.pdb.minAvailable }} - minAvailable: {{ .Values.secondary.pdb.minAvailable }} - {{- end }} - {{- if .Values.secondary.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.secondary.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: secondary -{{- end }} diff --git a/bitnami/mysql/templates/secondary/statefulset.yaml b/bitnami/mysql/templates/secondary/statefulset.yaml deleted file mode 100644 index ef196eb..0000000 --- a/bitnami/mysql/templates/secondary/statefulset.yaml +++ /dev/null @@ -1,338 +0,0 @@ -{{- if eq .Values.architecture "replication" }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.secondary.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.podLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.secondary.replicaCount }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: secondary - serviceName: {{ include "mysql.secondary.fullname" . }} - updateStrategy: - type: {{ .Values.secondary.updateStrategy }} - {{- if (eq "Recreate" .Values.secondary.updateStrategy) }} - rollingUpdate: null - {{- else if .Values.secondary.rollingUpdatePartition }} - rollingUpdate: - partition: {{ .Values.secondary.rollingUpdatePartition }} - {{- end }} - template: - metadata: - annotations: - {{- if (include "mysql.secondary.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/secondary/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.secondary.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.secondary.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.podLabels "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "mysql.imagePullSecrets" . | nindent 6 }} - {{- if .Values.secondary.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ include "mysql.serviceAccountName" . }} - {{- if .Values.secondary.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAffinityPreset "component" "secondary" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAntiAffinityPreset "component" "secondary" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.secondary.nodeAffinityPreset.type "key" .Values.secondary.nodeAffinityPreset.key "values" .Values.secondary.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.secondary.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.secondary.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.secondary.podSecurityContext.enabled }} - securityContext: {{- omit .Values.secondary.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if or .Values.secondary.initContainers (and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled) }} - initContainers: - {{- if .Values.secondary.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled }} - - name: volume-permissions - image: {{ include "mysql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.secondary.containerSecurityContext.runAsUser }}:{{ .Values.secondary.podSecurityContext.fsGroup }} /bitnami/mysql - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- end }} - {{- end }} - containers: - - name: mysql - image: {{ include "mysql.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.secondary.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.secondary.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.secondary.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.secondary.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: MYSQL_REPLICATION_MODE - value: "slave" - - name: MYSQL_MASTER_HOST - value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER - value: {{ .Values.primary.service.port | quote }} - - name: MYSQL_MASTER_ROOT_USER - value: "root" - - name: MYSQL_REPLICATION_USER - value: {{ .Values.auth.replicationUser | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_MASTER_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - - name: MYSQL_REPLICATION_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-replication-password" .Values.auth.customPasswordFiles.replicator }} - {{- else }} - - name: MYSQL_MASTER_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - - name: MYSQL_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-replication-password - {{- end }} - {{- if .Values.secondary.extraFlags }} - - name: MYSQL_EXTRA_FLAGS - value: "{{ .Values.secondary.extraFlags }}" - {{- end }} - {{- if .Values.secondary.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.secondary.extraEnvVarsCM .Values.secondary.extraEnvVarsSecret }} - envFrom: - {{- if .Values.secondary.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.secondary.extraEnvVarsCM }} - {{- end }} - {{- if .Values.secondary.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.secondary.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: mysql - containerPort: 3306 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.secondary.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.secondary.livenessProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.secondary.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.secondary.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.secondary.readinessProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.secondary.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.secondary.startupProbe.enabled }} - startupProbe: {{- omit .Values.secondary.startupProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.secondary.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.secondary.resources }} - resources: {{ toYaml .Values.secondary.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} - - name: config - mountPath: /opt/bitnami/mysql/conf/my.cnf - subPath: my.cnf - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - mountPath: /opt/bitnami/mysql/secrets/ - {{- end }} - {{- if .Values.secondary.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "mysql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - env: - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - {{- else }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter {{- range .Values.metrics.extraArgs.secondary }} {{ . }} {{- end }} - {{- end }} - ports: - - name: metrics - containerPort: 9104 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - volumeMounts: - - name: mysql-credentials - mountPath: /opt/bitnami/mysqld-exporter/secrets/ - {{- end }} - {{- end }} - {{- if .Values.secondary.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} - - name: config - configMap: - name: {{ include "mysql.secondary.configmapName" . }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - secret: - secretName: {{ template "mysql.secretName" . }} - items: - - key: mysql-root-password - path: mysql-root-password - - key: mysql-replication-password - path: mysql-replication-password - {{- end }} - {{- if .Values.secondary.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if not .Values.secondary.persistence.enabled }} - - name: data - emptyDir: {} - {{- else }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{ include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: secondary - {{- if .Values.secondary.persistence.annotations }} - annotations: - {{- toYaml .Values.secondary.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.secondary.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.secondary.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.secondary.persistence "global" .Values.global) }} - {{- if .Values.secondary.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.persistence.selector "context" $) | nindent 10 }} - {{- end -}} - {{- end }} -{{- end }} diff --git a/bitnami/mysql/templates/secondary/svc-headless.yaml b/bitnami/mysql/templates/secondary/svc-headless.yaml deleted file mode 100644 index 703d8e7..0000000 --- a/bitnami/mysql/templates/secondary/svc-headless.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.architecture "replication" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.secondary.fullname" . }}-headless - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: mysql - port: {{ .Values.secondary.service.port }} - targetPort: mysql - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: secondary -{{- end }} diff --git a/bitnami/mysql/templates/secondary/svc.yaml b/bitnami/mysql/templates/secondary/svc.yaml deleted file mode 100644 index 74a4c6e..0000000 --- a/bitnami/mysql/templates/secondary/svc.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if eq .Values.architecture "replication" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.secondary.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.service.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.secondary.service.type }} - {{- if and (eq .Values.secondary.service.type "ClusterIP") .Values.secondary.service.clusterIP }} - clusterIP: {{ .Values.secondary.service.clusterIP }} - {{- end }} - {{- if and .Values.secondary.service.loadBalancerIP (eq .Values.secondary.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.secondary.service.loadBalancerIP }} - externalTrafficPolicy: {{ .Values.secondary.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.secondary.service.type "LoadBalancer") .Values.secondary.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.secondary.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: mysql - port: {{ .Values.secondary.service.port }} - protocol: TCP - targetPort: mysql - {{- if (and (or (eq .Values.secondary.service.type "NodePort") (eq .Values.secondary.service.type "LoadBalancer")) .Values.secondary.service.nodePort) }} - nodePort: {{ .Values.secondary.service.nodePort }} - {{- else if eq .Values.secondary.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: secondary -{{- end }} diff --git a/bitnami/mysql/templates/secrets.yaml b/bitnami/mysql/templates/secrets.yaml deleted file mode 100644 index 7f0ac96..0000000 --- a/bitnami/mysql/templates/secrets.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if eq (include "mysql.createSecret" .) "true" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if not (empty .Values.auth.rootPassword) }} - mysql-root-password: {{ .Values.auth.rootPassword | b64enc | quote }} - {{- else if (not .Values.auth.forcePassword) }} - mysql-root-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- else }} - mysql-root-password: {{ required "A MySQL Root Password is required!" .Values.auth.rootPassword }} - {{- end }} - {{- if and (not (empty .Values.auth.username)) (not (empty .Values.auth.password)) }} - mysql-password: {{ .Values.auth.password | b64enc | quote }} - {{- else if (not .Values.auth.forcePassword) }} - mysql-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- else }} - mysql-password: {{ required "A MySQL Database Password is required!" .Values.auth.password }} - {{- end }} - {{- if eq .Values.architecture "replication" }} - {{- if not (empty .Values.auth.replicationPassword) }} - mysql-replication-password: {{ .Values.auth.replicationPassword | b64enc | quote }} - {{- else if (not .Values.auth.forcePassword) }} - mysql-replication-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- else }} - mysql-replication-password: {{ required "A MySQL Replication Password is required!" .Values.auth.replicationPassword }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/mysql/templates/serviceaccount.yaml b/bitnami/mysql/templates/serviceaccount.yaml deleted file mode 100644 index 59eb104..0000000 --- a/bitnami/mysql/templates/serviceaccount.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "mysql.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- if (not .Values.auth.customPasswordFiles) }} -secrets: - - name: {{ template "mysql.secretName" . }} -{{- end }} -{{- end }} diff --git a/bitnami/mysql/templates/servicemonitor.yaml b/bitnami/mysql/templates/servicemonitor.yaml deleted file mode 100644 index f082dd5..0000000 --- a/bitnami/mysql/templates/servicemonitor.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: metrics -{{- end }} diff --git a/bitnami/mysql/values.schema.json b/bitnami/mysql/values.schema.json deleted file mode 100644 index 8021a46..0000000 --- a/bitnami/mysql/values.schema.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "architecture": { - "type": "string", - "title": "MySQL architecture", - "form": true, - "description": "Allowed values: `standalone` or `replication`", - "enum": ["standalone", "replication"] - }, - "auth": { - "type": "object", - "title": "Authentication configuration", - "form": true, - "required": ["database", "username", "password"], - "properties": { - "rootPassword": { - "type": "string", - "title": "MySQL root password", - "description": "Defaults to a random 10-character alphanumeric string if not set" - }, - "database": { - "type": "string", - "title": "MySQL custom database name" - }, - "username": { - "type": "string", - "title": "MySQL custom username" - }, - "password": { - "type": "string", - "title": "MySQL custom password" - }, - "replicationUser": { - "type": "string", - "title": "MySQL replication username" - }, - "replicationPassword": { - "type": "string", - "title": "MySQL replication password" - } - } - }, - "primary": { - "type": "object", - "title": "Primary database configuration", - "form": true, - "properties": { - "podSecurityContext": { - "type": "object", - "title": "MySQL primary Pod security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "fsGroup": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "primary/podSecurityContext/enabled" - } - } - } - }, - "containerSecurityContext": { - "type": "object", - "title": "MySQL primary container security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "runAsUser": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "primary/containerSecurityContext/enabled" - } - } - } - }, - "persistence": { - "type": "object", - "title": "Enable persistence using Persistent Volume Claims", - "properties": { - "enabled": { - "type": "boolean", - "default": true, - "title": "If true, use a Persistent Volume Claim, If false, use emptyDir" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "primary/persistence/enabled" - } - } - } - } - } - }, - "secondary": { - "type": "object", - "title": "Secondary database configuration", - "form": true, - "properties": { - "podSecurityContext": { - "type": "object", - "title": "MySQL secondary Pod security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "fsGroup": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "secondary/podSecurityContext/enabled" - } - } - } - }, - "containerSecurityContext": { - "type": "object", - "title": "MySQL secondary container security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "runAsUser": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "secondary/containerSecurityContext/enabled" - } - } - } - }, - "persistence": { - "type": "object", - "title": "Enable persistence using Persistent Volume Claims", - "properties": { - "enabled": { - "type": "boolean", - "default": true, - "title": "If true, use a Persistent Volume Claim, If false, use emptyDir" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "secondary/persistence/enabled" - } - } - } - } - } - } - } -} \ No newline at end of file diff --git a/bitnami/mysql/values.yaml b/bitnami/mysql/values.yaml deleted file mode 100644 index ad5791b..0000000 --- a/bitnami/mysql/values.yaml +++ /dev/null @@ -1,1020 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets [array] Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param clusterDomain Cluster domain -## -clusterDomain: cluster.local -## @param commonAnnotations [object] Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels [object] Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param extraDeploy [array] Array with extra yaml to deploy with the chart. Evaluated as a template -## -extraDeploy: [] -## @param schedulerName Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @section MySQL common parameters - -## Bitnami MySQL image -## ref: https://hub.docker.com/r/bitnami/mysql/tags/ -## @param image.registry MySQL image registry -## @param image.repository MySQL image repository -## @param image.tag MySQL image tag (immutable tags are recommended) -## @param image.pullPolicy MySQL image pull policy -## @param image.pullSecrets [array] Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/mysql - tag: 8.0.26-debian-10-r60 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## It turns BASH and/or NAMI debugging in the image - ## - debug: false -## @param architecture MySQL architecture (`standalone` or `replication`) -## -architecture: standalone -## MySQL Authentication parameters -## -auth: - ## @param auth.rootPassword Password for the `root` user. Ignored if existing secret is provided - ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param auth.database Name for a custom database to create - ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-on-first-run - ## - database: my_database - ## @param auth.username Name for a custom user to create - ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: "" - ## @param auth.password Password for the new user. Ignored if existing secret is provided - ## - password: "" - ## @param auth.replicationUser MySQL replication user - ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster - ## - replicationUser: replicator - ## @param auth.replicationPassword MySQL replication user password. Ignored if existing secret is provided - ## - replicationPassword: "" - ## @param auth.existingSecret Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` - ## NOTE: When it's set the auth.rootPassword, auth.password, auth.replicationPassword are ignored. - ## - existingSecret: "" - ## @param auth.forcePassword Force users to specify required passwords - ## - forcePassword: false - ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable - ## - usePasswordFiles: false - ## @param auth.customPasswordFiles [object] Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` - ## Example: - ## customPasswordFiles: - ## root: /vault/secrets/mysql-root - ## user: /vault/secrets/mysql-user - ## replicator: /vault/secrets/mysql-replicator - ## - customPasswordFiles: {} -## @param initdbScripts [object] Dictionary of initdb scripts -## Specify dictionary of scripts to be run at first boot -## Example: -## initdbScripts: -## my_init_script.sh: | -## #!/bin/bash -## echo "Do something." -## -initdbScripts: {} -## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) -## -initdbScriptsConfigMap: "" - -## @section MySQL Primary parameters - -primary: - ## @param primary.command [array] Override default container command on MySQL Primary container(s) (useful when using custom images) - ## - command: [] - ## @param primary.args [array] Override default container args on MySQL Primary container(s) (useful when using custom images) - ## - args: [] - ## @param primary.hostAliases [array] Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param primary.configuration [string] Configure MySQL Primary with a custom my.cnf file - ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file - ## - configuration: |- - [mysqld] - default_authentication_plugin=mysql_native_password - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - plugin_dir=/opt/bitnami/mysql/lib/plugin - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - - [client] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - default-character-set=UTF8 - plugin_dir=/opt/bitnami/mysql/lib/plugin - - [manager] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - ## @param primary.existingConfiguration Name of existing ConfigMap with MySQL Primary configuration. - ## NOTE: When it's set the 'configuration' parameter is ignored - ## - existingConfiguration: "" - ## @param primary.updateStrategy Update strategy type for the MySQL primary statefulset - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: RollingUpdate - ## @param primary.rollingUpdatePartition Partition update strategy for MySQL Primary statefulset - ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions - ## - rollingUpdatePartition: "" - ## @param primary.podAnnotations [object] Additional pod annotations for MySQL primary pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param primary.podAffinityPreset MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param primary.podAntiAffinityPreset MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## MySQL Primary node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param primary.nodeAffinityPreset.type MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param primary.nodeAffinityPreset.key MySQL primary node label key to match Ignored if `primary.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param primary.nodeAffinityPreset.values [array] MySQL primary node label values to match. Ignored if `primary.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param primary.affinity [object] Affinity for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param primary.nodeSelector [object] Node labels for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param primary.tolerations [array] Tolerations for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## MySQL primary Pod security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param primary.podSecurityContext.enabled Enable security context for MySQL primary pods - ## @param primary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## MySQL primary container security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param primary.containerSecurityContext.enabled MySQL primary container securityContext - ## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## MySQL primary container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param primary.resources.limits [object] The resources limits for MySQL primary containers - ## @param primary.resources.requests [object] The requested resources for MySQL primary containers - ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param primary.livenessProbe.enabled Enable livenessProbe - ## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param primary.readinessProbe.enabled Enable readinessProbe - ## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for startupProbe probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param primary.startupProbe.enabled Enable startupProbe - ## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param primary.startupProbe.periodSeconds Period seconds for startupProbe - ## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param primary.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 10 - successThreshold: 1 - ## @param primary.customLivenessProbe [object] Override default liveness probe for MySQL primary containers - ## - customLivenessProbe: {} - ## @param primary.customReadinessProbe [object] Override default readiness probe for MySQL primary containers - ## - customReadinessProbe: {} - ## @param primary.customStartupProbe [object] Override default startup probe for MySQL primary containers - ## - customStartupProbe: {} - ## @param primary.extraFlags MySQL primary additional command line flags - ## Can be used to specify command line flags, for example: - ## E.g. - ## extraFlags: "--max-connect-errors=1000 --max_connections=155" - ## - extraFlags: "" - ## @param primary.extraEnvVars [array] Extra environment variables to be set on MySQL primary containers - ## E.g. - ## extraEnvVars: - ## - name: TZ - ## value: "Europe/Paris" - ## - extraEnvVars: [] - ## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL primary containers - ## - extraEnvVarsCM: "" - ## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL primary containers - ## - extraEnvVarsSecret: "" - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations [object] MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 8Gi - ## @param primary.persistence.selector [object] Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param primary.extraVolumes [array] Optionally specify extra list of additional volumes to the MySQL Primary pod(s) - ## - extraVolumes: [] - ## @param primary.extraVolumeMounts [array] Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) - ## - extraVolumeMounts: [] - ## @param primary.initContainers [array] Add additional init containers for the MySQL Primary pod(s) - ## - initContainers: [] - ## @param primary.sidecars [array] Add additional sidecar containers for the MySQL Primary pod(s) - ## - sidecars: [] - ## MySQL Primary Service parameters - ## - service: - ## @param primary.service.type MySQL Primary K8s service type - ## - type: ClusterIP - ## @param primary.service.port MySQL Primary K8s service port - ## - port: 3306 - ## @param primary.service.nodePort MySQL Primary K8s service node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param primary.service.clusterIP MySQL Primary K8s service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param primary.service.loadBalancerIP MySQL Primary loadBalancerIP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param primary.service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param primary.service.loadBalancerSourceRanges [array] Addresses that are allowed when MySQL Primary service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## E.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param primary.service.annotations [object] Provide any additional annotations which may be required - ## - annotations: {} - ## MySQL primary Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param primary.pdb.enabled Enable/disable a Pod Disruption Budget creation for MySQL primary pods - ## - enabled: false - ## @param primary.pdb.minAvailable Minimum number/percentage of MySQL primary pods that should remain scheduled - ## - minAvailable: 1 - ## @param primary.pdb.maxUnavailable Maximum number/percentage of MySQL primary pods that may be made unavailable - ## - maxUnavailable: "" - ## @param primary.podLabels [object] MySQL Primary pod label. If labels are same as commonLabels , this will take precedence - ## - podLabels: {} - -## @section MySQL Secondary parameters - -secondary: - ## @param secondary.replicaCount Number of MySQL secondary replicas - ## - replicaCount: 1 - ## @param secondary.hostAliases [array] Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param secondary.command [array] Override default container command on MySQL Secondary container(s) (useful when using custom images) - ## - command: [] - ## @param secondary.args [array] Override default container args on MySQL Secondary container(s) (useful when using custom images) - ## - args: [] - ## @param secondary.configuration [string] Configure MySQL Secondary with a custom my.cnf file - ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file - ## - configuration: |- - [mysqld] - default_authentication_plugin=mysql_native_password - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - - [client] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - default-character-set=UTF8 - - [manager] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - ## @param secondary.existingConfiguration Name of existing ConfigMap with MySQL Secondary configuration. - ## NOTE: When it's set the 'configuration' parameter is ignored - ## - existingConfiguration: "" - ## @param secondary.updateStrategy Update strategy type for the MySQL secondary statefulset - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: RollingUpdate - ## @param secondary.rollingUpdatePartition Partition update strategy for MySQL Secondary statefulset - ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions - ## - rollingUpdatePartition: "" - ## @param secondary.podAnnotations [object] Additional pod annotations for MySQL secondary pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param secondary.podAffinityPreset MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param secondary.podAntiAffinityPreset MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAntiAffinityPreset: soft - ## MySQL Secondary node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param secondary.nodeAffinityPreset.type MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param secondary.nodeAffinityPreset.key MySQL secondary node label key to match Ignored if `secondary.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param secondary.nodeAffinityPreset.values [array] MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param secondary.affinity [object] Affinity for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param secondary.nodeSelector [object] Node labels for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param secondary.tolerations [array] Tolerations for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## MySQL secondary Pod security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param secondary.podSecurityContext.enabled Enable security context for MySQL secondary pods - ## @param secondary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## MySQL secondary container security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext - ## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## MySQL secondary container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param secondary.resources.limits [object] The resources limits for MySQL secondary containers - ## @param secondary.resources.requests [object] The requested resources for MySQL secondary containers - ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param secondary.livenessProbe.enabled Enable livenessProbe - ## @param secondary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param secondary.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param secondary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param secondary.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param secondary.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param secondary.readinessProbe.enabled Enable readinessProbe - ## @param secondary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param secondary.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param secondary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param secondary.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param secondary.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for startupProbe probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param secondary.startupProbe.enabled Enable startupProbe - ## @param secondary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param secondary.startupProbe.periodSeconds Period seconds for startupProbe - ## @param secondary.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param secondary.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param secondary.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param secondary.customLivenessProbe [object] Override default liveness probe for MySQL secondary containers - ## - customLivenessProbe: {} - ## @param secondary.customReadinessProbe [object] Override default readiness probe for MySQL secondary containers - ## - customReadinessProbe: {} - ## @param secondary.customStartupProbe [object] Override default startup probe for MySQL secondary containers - ## - customStartupProbe: {} - ## @param secondary.extraFlags MySQL secondary additional command line flags - ## Can be used to specify command line flags, for example: - ## E.g. - ## extraFlags: "--max-connect-errors=1000 --max_connections=155" - ## - extraFlags: "" - ## @param secondary.extraEnvVars [array] An array to add extra environment variables on MySQL secondary containers - ## E.g. - ## extraEnvVars: - ## - name: TZ - ## value: "Europe/Paris" - ## - extraEnvVars: [] - ## @param secondary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL secondary containers - ## - extraEnvVarsCM: "" - ## @param secondary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL secondary containers - ## - extraEnvVarsSecret: "" - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param secondary.persistence.enabled Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` - ## - enabled: true - ## @param secondary.persistence.storageClass MySQL secondary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param secondary.persistence.annotations [object] MySQL secondary persistent volume claim annotations - ## - annotations: {} - ## @param secondary.persistence.accessModes MySQL secondary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param secondary.persistence.size MySQL secondary persistent volume size - ## - size: 8Gi - ## @param secondary.persistence.selector [object] Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param secondary.extraVolumes [array] Optionally specify extra list of additional volumes to the MySQL secondary pod(s) - ## - extraVolumes: [] - ## @param secondary.extraVolumeMounts [array] Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) - ## - extraVolumeMounts: [] - ## @param secondary.initContainers [array] Add additional init containers for the MySQL secondary pod(s) - ## - initContainers: [] - ## @param secondary.sidecars [array] Add additional sidecar containers for the MySQL secondary pod(s) - ## - sidecars: [] - ## MySQL Secondary Service parameters - ## - service: - ## @param secondary.service.type MySQL secondary Kubernetes service type - ## - type: ClusterIP - ## @param secondary.service.port MySQL secondary Kubernetes service port - ## - port: 3306 - ## @param secondary.service.nodePort MySQL secondary Kubernetes service node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param secondary.service.clusterIP MySQL secondary Kubernetes service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param secondary.service.loadBalancerIP MySQL secondary loadBalancerIP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param secondary.service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param secondary.service.loadBalancerSourceRanges [array] Addresses that are allowed when MySQL secondary service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## E.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param secondary.service.annotations [object] Provide any additional annotations which may be required - ## - annotations: {} - ## MySQL secondary Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param secondary.pdb.enabled Enable/disable a Pod Disruption Budget creation for MySQL secondary pods - ## - enabled: false - ## @param secondary.pdb.minAvailable Minimum number/percentage of MySQL secondary pods that should remain scheduled - ## - minAvailable: 1 - ## @param secondary.pdb.maxUnavailable Maximum number/percentage of MySQL secondary pods that may be made unavailable - ## - maxUnavailable: "" - ## @param secondary.podLabels [object] Additional pod labels for MySQL secondary pods - ## - podLabels: {} - -## @section RBAC parameters - -## MySQL pods ServiceAccount -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable the creation of a ServiceAccount for MySQL pods - ## - create: true - ## @param serviceAccount.name Name of the created ServiceAccount - ## If not set and create is true, a name is generated using the mysql.fullname template - ## - name: "" - ## @param serviceAccount.annotations [object] Annotations for MySQL Service Account - ## - annotations: {} -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## @param rbac.create Whether to create & use RBAC resources or not - ## - create: false - -## @section Network Policy - -## MySQL Nework Policy configuration -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: false - ## @param networkPolicy.allowExternal The Policy model to apply. - ## When set to false, only pods with the correct - ## client label will have network access to the port MySQL is listening - ## on. When true, MySQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector [object] A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} - -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets [array] Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r202 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param volumePermissions.resources [object] Init container volume-permissions resources - ## - resources: {} - -## @section Metrics parameters - -## Mysqld Prometheus exporter parameters -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Exporter image registry - ## @param metrics.image.repository Exporter image repository - ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Exporter image pull policy - ## @param metrics.image.pullSecrets [array] Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/mysqld-exporter - tag: 0.13.0-debian-10-r105 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## MySQL Prometheus exporter service parameters - ## Mysqld Prometheus exporter liveness and readiness probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param metrics.service.type Kubernetes service type for MySQL Prometheus Exporter - ## @param metrics.service.port MySQL Prometheus Exporter service port - ## @param metrics.service.annotations [object] Prometheus exporter service annotations - ## - service: - type: ClusterIP - port: 9104 - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.port }}" - ## @param metrics.extraArgs.primary [array] Extra args to be passed to mysqld_exporter on Primary pods - ## @param metrics.extraArgs.secondary [array] Extra args to be passed to mysqld_exporter on Secondary pods - ## ref: https://github.com/prometheus/mysqld_exporter/ - ## E.g. - ## - --collect.auto_increment.columns - ## - --collect.binlog_size - ## - --collect.engine_innodb_status - ## - --collect.engine_tokudb_status - ## - --collect.global_status - ## - --collect.global_variables - ## - --collect.info_schema.clientstats - ## - --collect.info_schema.innodb_metrics - ## - --collect.info_schema.innodb_tablespaces - ## - --collect.info_schema.innodb_cmp - ## - --collect.info_schema.innodb_cmpmem - ## - --collect.info_schema.processlist - ## - --collect.info_schema.processlist.min_time - ## - --collect.info_schema.query_response_time - ## - --collect.info_schema.tables - ## - --collect.info_schema.tables.databases - ## - --collect.info_schema.tablestats - ## - --collect.info_schema.userstats - ## - --collect.perf_schema.eventsstatements - ## - --collect.perf_schema.eventsstatements.digest_text_limit - ## - --collect.perf_schema.eventsstatements.limit - ## - --collect.perf_schema.eventsstatements.timelimit - ## - --collect.perf_schema.eventswaits - ## - --collect.perf_schema.file_events - ## - --collect.perf_schema.file_instances - ## - --collect.perf_schema.indexiowaits - ## - --collect.perf_schema.tableiowaits - ## - --collect.perf_schema.tablelocks - ## - --collect.perf_schema.replication_group_member_stats - ## - --collect.slave_status - ## - --collect.slave_hosts - ## - --collect.heartbeat - ## - --collect.heartbeat.database - ## - --collect.heartbeat.table - ## - extraArgs: - primary: [] - secondary: [] - ## Mysqld Prometheus exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits [object] The resources limits for MySQL prometheus exporter containers - ## @param metrics.resources.requests [object] The requested resources for MySQL prometheus exporter containers - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 256Mi - requests: {} - ## Mysqld Prometheus exporter liveness probe - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param metrics.livenessProbe.enabled Enable livenessProbe - ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ## Mysqld Prometheus exporter readiness probe - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param metrics.readinessProbe.enabled Enable readinessProbe - ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## e.g: - ## scrapeTimeout: 30s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabellings [array] Specify Metric Relabellings to add to the scrape endpoint - ## - relabellings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.additionalLabels [object] Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} diff --git a/bitnami/nats/.helmignore b/bitnami/nats/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/nats/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/nginx-ingress-controller/.helmignore b/bitnami/nginx-ingress-controller/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/nginx-ingress-controller/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/nginx-ingress-controller/Chart.lock b/bitnami/nginx-ingress-controller/Chart.lock deleted file mode 100644 index 6c602e4..0000000 --- a/bitnami/nginx-ingress-controller/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-27T07:00:39.325604232Z" diff --git a/bitnami/nginx-ingress-controller/Chart.yaml b/bitnami/nginx-ingress-controller/Chart.yaml deleted file mode 100644 index 853d8e9..0000000 --- a/bitnami/nginx-ingress-controller/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 1.0.2 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Chart for the nginx Ingress controller -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/nginx-ingress-controller -icon: https://bitnami.com/assets/stacks/nginx-ingress-controller/img/nginx-ingress-controller-stack-220x234.png -keywords: - - ingress - - nginx - - http - - web - - www - - reverse proxy -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: nginx-ingress-controller -sources: - - https://github.com/bitnami/bitnami-docker-nginx-ingress-controller - - https://github.com/kubernetes/ingress-nginx -version: 8.0.2 diff --git a/bitnami/nginx-ingress-controller/README.md b/bitnami/nginx-ingress-controller/README.md deleted file mode 100644 index c2a3ed3..0000000 --- a/bitnami/nginx-ingress-controller/README.md +++ /dev/null @@ -1,407 +0,0 @@ -# Nginx Ingress Controller - -[nginx-ingress](https://github.com/kubernetes/ingress-nginx) is an Ingress controller that uses NGINX to manage external access to HTTP services in a Kubernetes cluster. - -## TL;DR - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/nginx-ingress-controller -``` - -## Introduction - -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - -This chart bootstraps a [nginx-ingress](https://github.com/kubernetes/ingress-nginx) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/nginx-ingress-controller -``` - -These commands deploy nginx-ingress-controller on the Kubernetes cluster in the default configuration. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------- | ----- | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### Nginx Ingress Controller parameters - -| Name | Description | Value | -| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | -| `image.registry` | Nginx Ingress Controller image registry | `docker.io` | -| `image.repository` | Nginx Ingress Controller image repository | `bitnami/nginx-ingress-controller` | -| `image.tag` | Nginx Ingress Controller image tag (immutable tags are recommended) | `1.0.2-debian-10-r0` | -| `image.pullPolicy` | Nginx Ingress Controller image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `containerPorts` | Controller container ports to open | `{}` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `config` | Custom configuration options for NGINX | `{}` | -| `proxySetHeaders` | Custom headers before sending traffic to backends | `{}` | -| `addHeaders` | Custom headers before sending response traffic to the client | `{}` | -| `defaultBackendService` | Default 404 backend service; required only if `defaultBackend.enabled = false` | `""` | -| `electionID` | Election ID to use for status update | `ingress-controller-leader` | -| `reportNodeInternalIp` | If using `hostNetwork=true`, setting `reportNodeInternalIp=true`, will pass the flag `report-node-internal-ip-address` to Nginx Ingress Controller | `false` | -| `watchIngressWithoutClass` | Process Ingress objects without ingressClass annotation/ingressClassName field | `false` | -| `ingressClass` | Name of the ingress class to route through this controller | `nginx` | -| `publishService.enabled` | Set the endpoint records on the Ingress objects to reflect those on the service | `false` | -| `publishService.pathOverride` | Allows overriding of the publish service to bind to | `""` | -| `scope.enabled` | Limit the scope of the controller. Defaults to `.Release.Namespace` | `false` | -| `configMapNamespace` | Allows customization of the configmap / nginx-configmap namespace | `""` | -| `tcpConfigMapNamespace` | Allows customization of the tcp-services-configmap namespace | `""` | -| `udpConfigMapNamespace` | Allows customization of the udp-services-configmap namespace | `""` | -| `maxmindLicenseKey` | License key used to download Geolite2 database | `""` | -| `dhParam` | A base64ed Diffie-Hellman parameter | `""` | -| `tcp` | TCP service key:value pairs | `{}` | -| `udp` | UDP service key:value pairs | `{}` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraArgs` | Additional command line arguments to pass to nginx-ingress-controller | `{}` | -| `extraEnvVars` | Extra environment variables to be set on Nginx Ingress container | `[]` | -| `extraEnvVarsCM` | Name of a existing ConfigMap containing extra environment variables | `""` | -| `extraEnvVarsSecret` | Name of a existing Secret containing extra environment variables | `""` | - - -### Nginx Ingress deployment / daemonset parameters - -| Name | Description | Value | -| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | -------------- | -| `kind` | Install as Deployment or DaemonSet | `Deployment` | -| `daemonset.useHostPort` | If `kind` is `DaemonSet`, this will enable `hostPort` for `TCP/80` and `TCP/443` | `false` | -| `daemonset.hostPorts` | HTTP and HTTPS ports | `{}` | -| `replicaCount` | Desired number of Controller pods | `1` | -| `updateStrategy` | Strategy to use to update Pods | `{}` | -| `revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | -| `podSecurityContext.enabled` | Enable Controller pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Group ID for the container filesystem | `1001` | -| `containerSecurityContext.enabled` | Enable Controller containers' Security Context | `true` | -| `containerSecurityContext.allowPrivilegeEscalation` | Switch to allow priviledge escalation on the Controller container | `true` | -| `containerSecurityContext.runAsUser` | User ID for the Controller container | `1001` | -| `containerSecurityContext.capabilities.drop` | Linux Kernel capabilities that should be dropped | `[]` | -| `containerSecurityContext.capabilities.add` | Linux Kernel capabilities that should be added | `[]` | -| `minReadySeconds` | How many seconds a pod needs to be ready before killing the next, during update | `0` | -| `resources.limits` | The resources limits for the Controller container | `{}` | -| `resources.requests` | The requested resources for the Controller container | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.httpGet.path` | Request path for livenessProbe | `/healthz` | -| `livenessProbe.httpGet.port` | Port for livenessProbe | `10254` | -| `livenessProbe.httpGet.scheme` | Scheme for livenessProbe | `HTTP` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.httpGet.path` | Request path for readinessProbe | `/healthz` | -| `readinessProbe.httpGet.port` | Port for readinessProbe | `10254` | -| `readinessProbe.httpGet.scheme` | Scheme for readinessProbe | `HTTP` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `lifecycle` | LifecycleHooks to set additional configuration at startup | `{}` | -| `podLabels` | Extra labels for Controller pods | `{}` | -| `podAnnotations` | Annotations for Controller pods | `{}` | -| `priorityClassName` | Controller priorityClassName | `""` | -| `hostNetwork` | If the Nginx deployment / daemonset should run on the host's network namespace | `false` | -| `dnsPolicy` | By default, while using host network, name resolution uses the host's DNS | `ClusterFirst` | -| `terminationGracePeriodSeconds` | How many seconds to wait before terminating a pod | `60` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes for Controller pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Controller container(s) | `[]` | -| `initContainers` | Add init containers to the controller pods | `[]` | -| `sidecars` | Add sidecars to the controller pods. | `[]` | -| `customTemplate` | Override NGINX template | `{}` | -| `topologySpreadConstraints` | Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in | `[]` | -| `podSecurityPolicy.enabled` | If true, create & use Pod Security Policy resources | `false` | - - -### Default backend parameters - -| Name | Description | Value | -| --------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------------- | -| `defaultBackend.enabled` | Enable a default backend based on NGINX | `true` | -| `defaultBackend.hostAliases` | Add deployment host aliases | `[]` | -| `defaultBackend.image.registry` | Default backend image registry | `docker.io` | -| `defaultBackend.image.repository` | Default backend image repository | `bitnami/nginx` | -| `defaultBackend.image.tag` | Default backend image tag (immutable tags are recommended) | `1.21.3-debian-10-r19` | -| `defaultBackend.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `defaultBackend.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `defaultBackend.extraArgs` | Additional command line arguments to pass to Nginx container | `{}` | -| `defaultBackend.containerPort` | HTTP container port number | `8080` | -| `defaultBackend.serverBlockConfig` | NGINX backend default server block configuration | `""` | -| `defaultBackend.replicaCount` | Desired number of default backend pods | `1` | -| `defaultBackend.podSecurityContext.enabled` | Enable Default backend pods' Security Context | `true` | -| `defaultBackend.podSecurityContext.fsGroup` | Group ID for the container filesystem | `1001` | -| `defaultBackend.containerSecurityContext.enabled` | Enable Default backend containers' Security Context | `true` | -| `defaultBackend.containerSecurityContext.runAsUser` | User ID for the Default backend container | `1001` | -| `defaultBackend.resources.limits` | The resources limits for the Default backend container | `{}` | -| `defaultBackend.resources.requests` | The requested resources for the Default backend container | `{}` | -| `defaultBackend.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `defaultBackend.livenessProbe.httpGet.path` | Request path for livenessProbe | `/healthz` | -| `defaultBackend.livenessProbe.httpGet.port` | Port for livenessProbe | `http` | -| `defaultBackend.livenessProbe.httpGet.scheme` | Scheme for livenessProbe | `HTTP` | -| `defaultBackend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `defaultBackend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `defaultBackend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `defaultBackend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `defaultBackend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `defaultBackend.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `defaultBackend.readinessProbe.httpGet.path` | Request path for readinessProbe | `/healthz` | -| `defaultBackend.readinessProbe.httpGet.port` | Port for readinessProbe | `http` | -| `defaultBackend.readinessProbe.httpGet.scheme` | Scheme for readinessProbe | `HTTP` | -| `defaultBackend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `defaultBackend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `defaultBackend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `defaultBackend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `defaultBackend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `defaultBackend.podLabels` | Extra labels for Controller pods | `{}` | -| `defaultBackend.podAnnotations` | Annotations for Controller pods | `{}` | -| `defaultBackend.priorityClassName` | priorityClassName | `""` | -| `defaultBackend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `defaultBackend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `defaultBackend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `defaultBackend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `defaultBackend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `defaultBackend.affinity` | Affinity for pod assignment | `{}` | -| `defaultBackend.nodeSelector` | Node labels for pod assignment | `{}` | -| `defaultBackend.tolerations` | Tolerations for pod assignment | `[]` | -| `defaultBackend.service.type` | Kubernetes Service type for default backend | `ClusterIP` | -| `defaultBackend.service.port` | Default backend service port | `80` | -| `defaultBackend.pdb.create` | Enable/disable a Pod Disruption Budget creation for Default backend | `false` | -| `defaultBackend.pdb.minAvailable` | Minimum number/percentage of Default backend pods that should remain scheduled | `1` | -| `defaultBackend.pdb.maxUnavailable` | Maximum number/percentage of Default backend pods that may be made unavailable | `""` | - - -### Traffic exposure parameters - -| Name | Description | Value | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | -------------- | -| `service.type` | Kubernetes Service type for Controller | `LoadBalancer` | -| `service.ports` | Service ports | `{}` | -| `service.targetPorts` | Map the controller service HTTP/HTTPS port | `{}` | -| `service.nodePorts` | Specify the nodePort value(s) for the LoadBalancer and NodePort service types. | `{}` | -| `service.annotations` | Annotations for controller service | `{}` | -| `service.labels` | Labels for controller service | `{}` | -| `service.clusterIP` | Controller Internal Cluster Service IP (optional) | `""` | -| `service.externalIPs` | Controller Service external IP addresses | `[]` | -| `service.loadBalancerIP` | Kubernetes LoadBalancerIP to request for Controller (optional, cloud specific) | `""` | -| `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `service.externalTrafficPolicy` | Set external traffic policy to: "Local" to preserve source IP on providers supporting it | `""` | -| `service.healthCheckNodePort` | Set this to the managed health-check port the kube-proxy will expose. If blank, a random port in the `NodePort` range will be assigned | `0` | - - -### RBAC parameters - -| Name | Description | Value | -| ---------------------------- | ----------------------------------------------------------- | ------ | -| `serviceAccount.create` | Enable the creation of a ServiceAccount for Controller pods | `true` | -| `serviceAccount.name` | Name of the created ServiceAccount | `""` | -| `serviceAccount.annotations` | Annotations for service account. | `{}` | -| `rbac.create` | Specifies whether RBAC rules should be created | `true` | - - -### Other parameters - -| Name | Description | Value | -| -------------------------- | ------------------------------------------------------------------------- | ------- | -| `pdb.create` | Enable/disable a Pod Disruption Budget creation for Controller | `false` | -| `pdb.minAvailable` | Minimum number/percentage of Controller pods that should remain scheduled | `1` | -| `pdb.maxUnavailable` | Maximum number/percentage of Controller pods that may be made unavailable | `""` | -| `autoscaling.enabled` | Enable autoscaling for Controller | `false` | -| `autoscaling.minReplicas` | Minimum number of Controller replicas | `1` | -| `autoscaling.maxReplicas` | Maximum number of Controller replicas | `11` | -| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` | - - -### Metrics parameters - -| Name | Description | Value | -| ----------------------------------------- | ----------------------------------------------------------------------------- | ----------- | -| `metrics.enabled` | Enable exposing Controller statistics | `false` | -| `metrics.service.type` | Type of Prometheus metrics service to create | `ClusterIP` | -| `metrics.service.port` | Service HTTP management port | `9913` | -| `metrics.service.annotations` | Annotations for the Prometheus exporter service | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | -| `metrics.prometheusRule.enabled` | Create PrometheusRules resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.prometheusRule.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}` | -| `metrics.prometheusRule.namespace` | Namespace which Prometheus is running in | `""` | -| `metrics.prometheusRule.rules` | Rules to be prometheus in YAML format, check values for an example | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set image.pullPolicy=Always \ - bitnami/nginx-ingress-controller -``` - -The above command sets the `image.pullPolicy` to `Always`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/nginx-ingress-controller -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as the NGINX Ingress Controller (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Deploying extra resources - -There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Notable changes - -### 5.3.0 - -In this version you can indicate the key to download the GeoLite2 databases using the [parameter](#parameters) `maxmindLicenseKey`. - -## Upgrading - -### To 7.0.0 - -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- Several parameters were renamed or disappeared in favor of new ones on this major version. These are a few examples: - - `*.securityContext` paramateres are deprecated in favor of `*.containerSecurityContext` ones. - - `*.minAvailable` paramateres are deprecated in favor of `*.pdb.minAvailable` ones. - - `extraContainers` paramatere is deprecated in favor of `sidecars`. -- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -Consequences: - -- Backwards compatibility is not guaranteed. Uninstall & install the chart again to obtain the latest version. - -### To 6.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -#### What changes were introduced in this major version? - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -#### Considerations when upgrading to this version - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -#### Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 1.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is nginx-ingress-controller: - -```console -$ kubectl patch deployment nginx-ingress-controller-default-backend --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -# If using deployments -$ kubectl patch deployment nginx-ingress-controller --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -# If using daemonsets -$ kubectl patch daemonset nginx-ingress-controller --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` diff --git a/bitnami/nginx-ingress-controller/ci/ct-values.yaml b/bitnami/nginx-ingress-controller/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/nginx-ingress-controller/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/nginx-ingress-controller/ci/values-production-with-psp.yaml b/bitnami/nginx-ingress-controller/ci/values-production-with-psp.yaml deleted file mode 100644 index ff2245b..0000000 --- a/bitnami/nginx-ingress-controller/ci/values-production-with-psp.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct - -kind: DaemonSet - -podSecurityPolicy: - enabled: true - -metrics: - enabled: true - ## Kubeval doesn't recognise ServiceMonitor as a valid K8s object - # serviceMonitor: - # enabled: true diff --git a/bitnami/nginx-ingress-controller/templates/NOTES.txt b/bitnami/nginx-ingress-controller/templates/NOTES.txt deleted file mode 100644 index b7b28c7..0000000 --- a/bitnami/nginx-ingress-controller/templates/NOTES.txt +++ /dev/null @@ -1,90 +0,0 @@ -** Please be patient while the chart is being deployed ** - -The nginx-ingress controller has been installed. - -Get the application URL by running these commands: - -{{- $httpPort := .Values.service.ports.http | toString }} -{{- $httpsPort := .Values.service.ports.https | toString }} - -{{- if contains "NodePort" .Values.service.type }} -{{- if (not (empty .Values.service.nodePorts.http)) }} - export HTTP_NODE_PORT={{ .Values.service.nodePorts.http }} -{{- else }} - export HTTP_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[0].nodePort}" {{ template "common.names.fullname" . }}) -{{- end }} -{{- if (not (empty .Values.service.nodePorts.https)) }} - export HTTPS_NODE_PORT={{ .Values.service.nodePorts.https }} -{{- else }} - export HTTPS_NODE_PORT=$(kubectl --namespace {{ .Release.Namespace }} get services -o jsonpath="{.spec.ports[1].nodePort}" {{ template "common.names.fullname" . }}) -{{- end }} - export NODE_IP=$(kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}") - - echo "Visit http://$NODE_IP:$HTTP_NODE_PORT to access your application via HTTP." - echo "Visit https://$NODE_IP:$HTTPS_NODE_PORT to access your application via HTTPS." - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo "Visit http://${SERVICE_IP}{{- if ne $httpPort "80" }}:{{ $httpPort }}{{ end }} to access your application via HTTP." - echo "Visit https://${SERVICE_IP}{{- if ne $httpsPort "443" }}:{{ $httpsPort }}{{ end }} to access your application via HTTPS." - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} ${SERVICE_PORT}:${SERVICE_PORT} & - echo "Visit http://127.0.0.1:{{- if ne $httpPort "80" }}:{{ $httpPort }}{{ end }}to access your application via HTTP." - echo "Visit https://127.0.0.1:{{- if ne $httpsPort "443" }}:{{ $httpsPort }}{{ end }} to access your application via HTTPS." - -{{- end }} - -An example Ingress that makes use of the controller: - - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - annotations: - kubernetes.io/ingress.class: {{ .Values.ingressClass }} - name: example - namespace: foo - spec: - rules: - - host: www.example.com - http: - paths: - - backend: - service: - name: exampleService - port: - number: 80 - path: / - pathType: Prefix - # This section is only required if TLS is to be enabled for the Ingress - tls: - - hosts: - - www.example.com - secretName: example-tls - -If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided: - - apiVersion: v1 - kind: Secret - metadata: - name: example-tls - namespace: foo - data: - tls.crt: - tls.key: - type: kubernetes.io/tls - -{{- if .Values.headers }} -################################################################################# -###### WARNING: `controller.headers` has been deprecated! ##### -###### It has been renamed to `controller.proxySetHeaders`. ##### -################################################################################# -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.defaultBackend.image }} diff --git a/bitnami/nginx-ingress-controller/templates/_helpers.tpl b/bitnami/nginx-ingress-controller/templates/_helpers.tpl deleted file mode 100644 index 2cf9d21..0000000 --- a/bitnami/nginx-ingress-controller/templates/_helpers.tpl +++ /dev/null @@ -1,86 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Create a default fully qualified default backend name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "nginx-ingress-controller.defaultBackend.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- printf "%s-default-backend" .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-default-backend" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-default-backend" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper nginx-ingress-controller image name -*/}} -{{- define "nginx-ingress-controller.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper defaultBackend image name -*/}} -{{- define "nginx-ingress-controller.defaultBackend.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.defaultBackend.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "nginx-ingress-controller.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.defaultBackend.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Construct the path for the publish-service. - -By convention this will simply use the / to match the name of the -service generated. -Users can provide an override for an explicit service they want bound via `.Values.publishService.pathOverride` - -*/}} -{{- define "nginx-ingress-controller.publishServicePath" -}} -{{- $defServiceName := printf "%s/%s" .Release.Namespace (include "common.names.fullname" .) -}} -{{- $servicePath := default $defServiceName .Values.publishService.pathOverride }} -{{- print $servicePath | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "nginx-ingress-controller.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for PodSecurityPolicy -*/}} -{{- define "nginx-ingress-controller.podSecurityPolicy.apiVersion" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "extensions/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiGroup for PodSecurityPolicy. -*/}} -{{- define "nginx-ingress-controller.podSecurityPolicy.apiGroup" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy" -}} -{{- else -}} -{{- print "extensions" -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/nginx-ingress-controller/templates/addheaders-configmap.yaml b/bitnami/nginx-ingress-controller/templates/addheaders-configmap.yaml deleted file mode 100644 index 6772586..0000000 --- a/bitnami/nginx-ingress-controller/templates/addheaders-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.addHeaders }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-custom-add-headers" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: {{- include "common.tplvalues.render" (dict "value" .Values.addHeaders "context" $ ) | nindent 2 }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/clusterrole.yaml b/bitnami/nginx-ingress-controller/templates/clusterrole.yaml deleted file mode 100644 index 224c191..0000000 --- a/bitnami/nginx-ingress-controller/templates/clusterrole.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- if and .Values.rbac.create (not .Values.scope.enabled) -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - verbs: - - list - - watch - {{- if and .Values.scope.enabled .Values.scope.namespace }} - - apiGroups: - - "" - resources: - - namespaces - resourceNames: - - "{{ .Values.scope.namespace }}" - verbs: - - get - {{- end }} - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -{{- end -}} diff --git a/bitnami/nginx-ingress-controller/templates/clusterrolebinding.yaml b/bitnami/nginx-ingress-controller/templates/clusterrolebinding.yaml deleted file mode 100644 index 9d0857d..0000000 --- a/bitnami/nginx-ingress-controller/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.rbac.create (not .Values.scope.enabled) -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "nginx-ingress-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} -{{- end -}} diff --git a/bitnami/nginx-ingress-controller/templates/controller-configmap.yaml b/bitnami/nginx-ingress-controller/templates/controller-configmap.yaml deleted file mode 100644 index 9f46023..0000000 --- a/bitnami/nginx-ingress-controller/templates/controller-configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if or .Values.config (or (or .Values.proxySetHeaders .Values.headers) .Values.addHeaders) .Values.dhParam }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - {{- if .Values.addHeaders }} - add-headers: {{ .Release.Namespace }}/{{ printf "%s-custom-add-headers" (include "common.names.fullname" .) }} - {{- end }} - {{- if or .Values.proxySetHeaders .Values.headers }} - proxy-set-headers: {{ .Release.Namespace }}/{{ printf "%s-custom-proxy-headers" (include "common.names.fullname" .) }} - {{- end }} - {{- if .Values.dhParam }} - ssl-dh-param: {{ printf "%s/%s" .Release.Namespace (include "common.names.fullname" .) }} - {{- end }} - {{- if .Values.config }} - {{- include "common.tplvalues.render" (dict "value" .Values.config "context" $) | nindent 2 }} - {{- end }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/controller-daemonset.yaml b/bitnami/nginx-ingress-controller/templates/controller-daemonset.yaml deleted file mode 100644 index 879d261..0000000 --- a/bitnami/nginx-ingress-controller/templates/controller-daemonset.yaml +++ /dev/null @@ -1,221 +0,0 @@ -{{- if eq .Values.kind "DaemonSet" }} -{{- $useHostPort := .Values.daemonset.useHostPort -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: controller - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - {{- if .Values.updateStrategy }} - updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - minReadySeconds: {{ .Values.minReadySeconds }} - template: - metadata: - {{- if .Values.podAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: controller - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "nginx-ingress-controller.imagePullSecrets" . | nindent 6 }} - dnsPolicy: {{ .Values.dnsPolicy }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "controller" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "controller" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - hostNetwork: {{ .Values.hostNetwork }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- toYaml .Values.topologySpreadConstraints | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "nginx-ingress-controller.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- if .Values.initContainers }} - initContainers: {{- toYaml .Values.initContainers | nindent 8 }} - {{- end }} - containers: - - name: controller - image: {{ include "nginx-ingress-controller.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - # yamllint disable rule:indentation - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - # yamllint enable rule:indentation - {{- end }} - {{- if .Values.lifecycle }} - lifecycle: {{- toYaml .Values.lifecycle | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- else }} - args: - - /nginx-ingress-controller - - --default-backend-service={{ if .Values.defaultBackend.enabled }}{{ .Release.Namespace }}/{{ include "nginx-ingress-controller.defaultBackend.fullname" . }}{{ else }}{{ .Values.defaultBackendService }}{{ end }} - {{- if .Values.publishService.enabled }} - - --publish-service={{ include "nginx-ingress-controller.publishServicePath" . }} - {{- end }} - - --election-id={{ .Values.electionID }} - - --controller-class={{ .Values.ingressClass }} - - --configmap={{ .Release.Namespace }}/{{ include "common.names.fullname" . }} - {{- if .Values.tcp }} - - --tcp-services-configmap={{ .Release.Namespace }}/{{ include "common.names.fullname" . }}-tcp - {{- end }} - {{- if .Values.udp }} - - --udp-services-configmap={{ .Release.Namespace }}/{{ include "common.names.fullname" . }}-udp - {{- end }} - {{- if .Values.scope.enabled }} - - --watch-namespace={{ default .Release.Namespace .Values.scope.namespace }} - {{- end }} - {{- if .Values.maxmindLicenseKey }} - - --maxmind-license-key={{ .Values.maxmindLicenseKey }} - {{- end }} - {{- if and (.Values.reportNodeInternalIp) (.Values.hostNetwork)}} - - --report-node-internal-ip-address={{ .Values.reportNodeInternalIp }} - {{- end }} - {{- if .Values.watchIngressWithoutClass }} - - --watch-ingress-without-class=true - {{- end }} - {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ .Values.daemonset.hostPorts.http }} - {{- end }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ .Values.daemonset.hostPorts.https }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - containerPort: {{ .Values.containerPorts.metrics }} - protocol: TCP - {{- end }} - {{- range $key, $value := .Values.tcp }} - - name: "{{ $key }}-tcp" - containerPort: {{ $key }} - protocol: TCP - {{- if $useHostPort }} - hostPort: {{ $key }} - {{- end }} - {{- end }} - {{- range $key, $value := .Values.udp }} - - name: "{{ $key }}-udp" - containerPort: {{ $key }} - protocol: UDP - {{- if $useHostPort }} - hostPort: {{ $key }} - {{- end }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if or .Values.customTemplate.configMapName .Values.extraVolumeMounts }} - volumeMounts: - {{- if .Values.customTemplate.configMapName }} - - mountPath: /etc/nginx/template - name: nginx-template-volume - readOnly: true - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- if (or .Values.customTemplate.configMapName .Values.extraVolumes) }} - volumes: - {{- if .Values.customTemplate.configMapName }} - - name: nginx-template-volume - configMap: - name: {{ .Values.customTemplate.configMapName }} - items: - - key: {{ .Values.customTemplate.configMapKey }} - path: nginx.tmpl - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/controller-deployment.yaml b/bitnami/nginx-ingress-controller/templates/controller-deployment.yaml deleted file mode 100644 index 962af7c..0000000 --- a/bitnami/nginx-ingress-controller/templates/controller-deployment.yaml +++ /dev/null @@ -1,211 +0,0 @@ -{{- if eq .Values.kind "Deployment" }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: controller - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - minReadySeconds: {{ .Values.minReadySeconds }} - template: - metadata: - {{- if .Values.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: controller - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "nginx-ingress-controller.imagePullSecrets" . | nindent 6 }} - dnsPolicy: {{ .Values.dnsPolicy }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "controller" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "controller" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - hostNetwork: {{ .Values.hostNetwork }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- toYaml .Values.topologySpreadConstraints | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "nginx-ingress-controller.serviceAccountName" . }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - {{- if .Values.initContainers }} - initContainers: {{- toYaml .Values.initContainers | nindent 8 }} - {{- end }} - containers: - - name: controller - image: {{ include "nginx-ingress-controller.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - # yamllint disable rule:indentation - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - # yamllint enable rule:indentation - {{- end }} - {{- if .Values.lifecycle }} - lifecycle: {{- toYaml .Values.lifecycle | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- else }} - args: - - /nginx-ingress-controller - - --default-backend-service={{ if .Values.defaultBackend.enabled }}{{ .Release.Namespace }}/{{ include "nginx-ingress-controller.defaultBackend.fullname" . }}{{ else }}{{ .Values.defaultBackendService }}{{ end }} - {{- if .Values.publishService.enabled }} - - --publish-service={{ include "nginx-ingress-controller.publishServicePath" . }} - {{- end }} - - --election-id={{ .Values.electionID }} - - --controller-class={{ .Values.ingressClass }} - - --configmap={{ default .Release.Namespace .Values.configMapNamespace }}/{{ include "common.names.fullname" . }} - {{- if .Values.tcp }} - - --tcp-services-configmap={{ default .Release.Namespace .Values.tcpConfigMapNamespace }}/{{ include "common.names.fullname" . }}-tcp - {{- end }} - {{- if .Values.udp }} - - --udp-services-configmap={{ default .Release.Namespace .Values.udpConfigMapNamespace }}/{{ include "common.names.fullname" . }}-udp - {{- end }} - {{- if .Values.scope.enabled }} - - --watch-namespace={{ default .Release.Namespace .Values.scope.namespace }} - {{- end }} - {{- if .Values.maxmindLicenseKey }} - - --maxmind-license-key={{ .Values.maxmindLicenseKey }} - {{- end }} - {{- if and (.Values.reportNodeInternalIp) (.Values.hostNetwork) }} - - --report-node-internal-ip-address={{ .Values.reportNodeInternalIp }} - {{- end }} - {{- if .Values.watchIngressWithoutClass }} - - --watch-ingress-without-class=true - {{- end }} - {{- range $key, $value := .Values.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - protocol: TCP - - name: https - containerPort: {{ .Values.containerPorts.https }} - protocol: TCP - {{- if .Values.metrics.enabled }} - - name: metrics - containerPort: {{ .Values.containerPorts.metrics }} - protocol: TCP - {{- end }} - {{- range $key, $value := .Values.tcp }} - - name: "{{ $key }}-tcp" - containerPort: {{ $key }} - protocol: TCP - {{- end }} - {{- range $key, $value := .Values.udp }} - - name: "{{ $key }}-udp" - containerPort: {{ $key }} - protocol: UDP - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if or .Values.customTemplate.configMapName .Values.extraVolumeMounts }} - volumeMounts: - {{- if .Values.customTemplate.configMapName }} - - mountPath: /etc/nginx/template - name: nginx-template-volume - readOnly: true - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- if (or .Values.customTemplate.configMapName .Values.extraVolumes) }} - volumes: - {{- if .Values.customTemplate.configMapName }} - - name: nginx-template-volume - configMap: - name: {{ .Values.customTemplate.configMapName }} - items: - - key: {{ .Values.customTemplate.configMapKey }} - path: nginx.tmpl - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/controller-hpa.yaml b/bitnami/nginx-ingress-controller/templates/controller-hpa.yaml deleted file mode 100644 index d5519e0..0000000 --- a/bitnami/nginx-ingress-controller/templates/controller-hpa.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.autoscaling.enabled (eq .Values.kind "Deployment") }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ template "common.names.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- end }} - {{- if .Values.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- end }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/controller-metrics-service.yaml b/bitnami/nginx-ingress-controller/templates/controller-metrics-service.yaml deleted file mode 100644 index 742552e..0000000 --- a/bitnami/nginx-ingress-controller/templates/controller-metrics-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.metrics.service.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.labels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - ports: - - name: metrics - port: {{ .Values.metrics.service.port }} - targetPort: metrics - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: controller -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/controller-poddisruptionbudget.yaml b/bitnami/nginx-ingress-controller/templates/controller-poddisruptionbudget.yaml deleted file mode 100644 index d1e3d44..0000000 --- a/bitnami/nginx-ingress-controller/templates/controller-poddisruptionbudget.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.pdb.create (eq .Values.kind "Deployment") }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.standard" . | nindent 6 }} - app.kubernetes.io/component: controller -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/controller-prometheusrules.yaml b/bitnami/nginx-ingress-controller/templates/controller-prometheusrules.yaml deleted file mode 100644 index 4f07fc4..0000000 --- a/bitnami/nginx-ingress-controller/templates/controller-prometheusrules.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.prometheusRule.namespace }} - namespace: {{ .Values.metrics.prometheusRule.namespace | quote }} - {{- else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ include "common.names.name" $ }} - rules: {{- toYaml . | nindent 6 }} - {{- end }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/controller-service.yaml b/bitnami/nginx-ingress-controller/templates/controller-service.yaml deleted file mode 100644 index 7c97e57..0000000 --- a/bitnami/nginx-ingress-controller/templates/controller-service.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.service.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.labels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if not (empty .Values.service.clusterIP) }} - clusterIP: {{ .Values.service.clusterIP | quote }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP | quote }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if .Values.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if .Values.service.healthCheckNodePort }} - healthCheckNodePort: {{ .Values.service.healthCheckNodePort }} - {{- end }} - ports: - {{- if not (empty .Values.service.ports.http) }} - - name: http - port: {{ .Values.service.ports.http }} - protocol: TCP - targetPort: {{ .Values.service.targetPorts.http }} - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- end }} - {{- if not (empty .Values.service.ports.https) }} - - name: https - port: {{ .Values.service.ports.https }} - protocol: TCP - targetPort: {{ .Values.service.targetPorts.https }} - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- end }} - {{- range $key, $value := .Values.tcp }} - - name: {{ $key }}-tcp - port: {{ $key }} - protocol: TCP - targetPort: {{ $key }}-tcp - {{- if and (or (eq $.Values.service.type "NodePort") (eq $.Values.service.type "LoadBalancer")) (index $.Values.service.nodePorts.tcp $key) }} - nodePort: {{ index $.Values.service.nodePorts.tcp $key }} - {{- else if eq $.Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- end }} - {{- range $key, $value := .Values.udp }} - - name: {{ $key }}-udp - port: {{ $key }} - protocol: UDP - targetPort: {{ $key }}-udp - {{- if and (or (eq $.Values.service.type "NodePort") (eq $.Values.service.type "LoadBalancer")) (index $.Values.service.nodePorts.udp $key) }} - nodePort: {{ index $.Values.service.nodePorts.udp $key }} - {{- else if eq $.Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: controller diff --git a/bitnami/nginx-ingress-controller/templates/controller-servicemonitor.yaml b/bitnami/nginx-ingress-controller/templates/controller-servicemonitor.yaml deleted file mode 100644 index df6d14d..0000000 --- a/bitnami/nginx-ingress-controller/templates/controller-servicemonitor.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace | quote }} - {{- else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: metrics - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: true - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: metrics -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/default-backend-configmap.yaml b/bitnami/nginx-ingress-controller/templates/default-backend-configmap.yaml deleted file mode 100644 index cc6bd20..0000000 --- a/bitnami/nginx-ingress-controller/templates/default-backend-configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (.Values.defaultBackend.enabled) (.Values.defaultBackend.serverBlockConfig) -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "nginx-ingress-controller.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: default-backend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - defaultBackend.conf: |- - {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.serverBlockConfig "context" $) | nindent 4 }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/default-backend-deployment.yaml b/bitnami/nginx-ingress-controller/templates/default-backend-deployment.yaml deleted file mode 100644 index ffb1c33..0000000 --- a/bitnami/nginx-ingress-controller/templates/default-backend-deployment.yaml +++ /dev/null @@ -1,104 +0,0 @@ -{{- if .Values.defaultBackend.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "nginx-ingress-controller.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: default-backend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: default-backend - replicas: {{ .Values.defaultBackend.replicaCount }} - template: - metadata: - {{- if .Values.defaultBackend.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: default-backend - {{- if .Values.defaultBackend.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "nginx-ingress-controller.imagePullSecrets" . | nindent 6 }} - {{- if .Values.defaultBackend.priorityClassName }} - priorityClassName: {{ .Values.defaultBackend.priorityClassName | quote }} - {{- end }} - {{- if .Values.defaultBackend.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.defaultBackend.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.defaultBackend.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.defaultBackend.podAffinityPreset "component" "default-backend" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.defaultBackend.podAntiAffinityPreset "component" "default-backend" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.defaultBackend.nodeAffinityPreset.type "key" .Values.defaultBackend.nodeAffinityPreset.key "values" .Values.defaultBackend.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.defaultBackend.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.defaultBackend.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.defaultBackend.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.defaultBackend.podSecurityContext.enabled }} - securityContext: {{- omit .Values.defaultBackend.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "nginx-ingress-controller.serviceAccountName" . }} - terminationGracePeriodSeconds: 60 - containers: - - name: default-backend - image: {{ template "nginx-ingress-controller.defaultBackend.image" . }} - imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy | quote }} - {{- if .Values.defaultBackend.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.defaultBackend.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - {{- range $key, $value := .Values.defaultBackend.extraArgs }} - {{- if $value }} - - --{{ $key }}={{ $value }} - {{- else }} - - --{{ $key }} - {{- end }} - {{- end }} - {{- if .Values.defaultBackend.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.defaultBackend.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.defaultBackend.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.defaultBackend.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.defaultBackend.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.defaultBackend.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.defaultBackend.containerPort }} - protocol: TCP - {{- if .Values.defaultBackend.resources }} - resources: {{- toYaml .Values.defaultBackend.resources | nindent 12 }} - {{- end }} - {{- if .Values.defaultBackend.serverBlockConfig }} - volumeMounts: - - name: nginx-config-volume - mountPath: /opt/bitnami/nginx/conf/bitnami/ - readOnly: true - {{- end }} - {{- if .Values.defaultBackend.serverBlockConfig }} - volumes: - - name: nginx-config-volume - configMap: - name: {{ template "nginx-ingress-controller.defaultBackend.fullname" . }} - items: - - key: defaultBackend.conf - path: defaultBackend.conf - {{- end }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/default-backend-poddisruptionbudget.yaml b/bitnami/nginx-ingress-controller/templates/default-backend-poddisruptionbudget.yaml deleted file mode 100644 index 5271650..0000000 --- a/bitnami/nginx-ingress-controller/templates/default-backend-poddisruptionbudget.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.defaultBackend.enabled .Values.defaultBackend.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "nginx-ingress-controller.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: default-backend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.defaultBackend.pdb.minAvailable }} - minAvailable: {{ .Values.defaultBackend.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.defaultBackend.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: default-backend -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/default-backend-service.yaml b/bitnami/nginx-ingress-controller/templates/default-backend-service.yaml deleted file mode 100644 index a62ab9a..0000000 --- a/bitnami/nginx-ingress-controller/templates/default-backend-service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if .Values.defaultBackend.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "nginx-ingress-controller.defaultBackend.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: default-backend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if or .Values.defaultBackend.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.defaultBackend.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.defaultBackend.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.defaultBackend.service.type }} - ports: - - name: http - port: {{ .Values.defaultBackend.service.port }} - protocol: TCP - targetPort: http - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: default-backend -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/dh-param-secret.yaml b/bitnami/nginx-ingress-controller/templates/dh-param-secret.yaml deleted file mode 100644 index e2fb64e..0000000 --- a/bitnami/nginx-ingress-controller/templates/dh-param-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.dhParam -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - dhparam.pem: {{ .Values.dhParam | quote }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/extra-list.yaml b/bitnami/nginx-ingress-controller/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/nginx-ingress-controller/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/podsecuritypolicy.yaml b/bitnami/nginx-ingress-controller/templates/podsecuritypolicy.yaml deleted file mode 100644 index 3ae0cc0..0000000 --- a/bitnami/nginx-ingress-controller/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if .Values.podSecurityPolicy.enabled}} -apiVersion: {{ include "nginx-ingress-controller.podSecurityPolicy.apiVersion" . }} -kind: PodSecurityPolicy -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - allowedCapabilities: - - NET_BIND_SERVICE - privileged: false - allowPrivilegeEscalation: true - volumes: - - 'configMap' - # - 'emptyDir' - # - 'projected' - - 'secret' - # - 'downwardAPI' - hostNetwork: {{ .Values.hostNetwork }} - hostIPC: false - hostPID: false - runAsUser: - # Require the container to run without root privileges. - rule: 'MustRunAsNonRoot' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - seLinux: - rule: 'RunAsAny' - hostPorts: - - max: 65535 - min: 1 -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/proxyheaders-configmap.yaml b/bitnami/nginx-ingress-controller/templates/proxyheaders-configmap.yaml deleted file mode 100644 index 9994dc4..0000000 --- a/bitnami/nginx-ingress-controller/templates/proxyheaders-configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if or .Values.proxySetHeaders .Values.headers }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-custom-proxy-headers" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- if .Values.proxySetHeaders }} -{{- include "common.tplvalues.render" (dict "value" .Values.proxySetHeaders "context" $) | nindent 2 }} -{{- else if and .Values.headers (not .Values.proxySetHeaders) }} -{{- include "common.tplvalues.render" (dict "value" .Values.headers "context" $) | nindent 2 }} -{{- end }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/role.yaml b/bitnami/nginx-ingress-controller/templates/role.yaml deleted file mode 100644 index 71fb15a..0000000 --- a/bitnami/nginx-ingress-controller/templates/role.yaml +++ /dev/null @@ -1,91 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - update - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update - - apiGroups: - - "" - resources: - - configmaps - resourceNames: - - {{ .Values.electionID }}-{{ .Values.ingressClass }} - verbs: - - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - {{- if .Values.podSecurityPolicy.enabled }} - - apiGroups: [{{ template "nginx-ingress-controller.podSecurityPolicy.apiGroup" . }}] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "common.names.fullname" . }}] - {{- end }} -{{- end -}} diff --git a/bitnami/nginx-ingress-controller/templates/rolebinding.yaml b/bitnami/nginx-ingress-controller/templates/rolebinding.yaml deleted file mode 100644 index 3812828..0000000 --- a/bitnami/nginx-ingress-controller/templates/rolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "nginx-ingress-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} -{{- end -}} diff --git a/bitnami/nginx-ingress-controller/templates/serviceaccount.yaml b/bitnami/nginx-ingress-controller/templates/serviceaccount.yaml deleted file mode 100644 index 1e177f2..0000000 --- a/bitnami/nginx-ingress-controller/templates/serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "nginx-ingress-controller.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/bitnami/nginx-ingress-controller/templates/tcp-configmap.yaml b/bitnami/nginx-ingress-controller/templates/tcp-configmap.yaml deleted file mode 100644 index 0f5fda6..0000000 --- a/bitnami/nginx-ingress-controller/templates/tcp-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.tcp }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-tcp" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: {{- include "common.tplvalues.render" (dict "value" .Values.tcp "context" $) | nindent 2 }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/templates/udp-configmap.yaml b/bitnami/nginx-ingress-controller/templates/udp-configmap.yaml deleted file mode 100644 index abb08b8..0000000 --- a/bitnami/nginx-ingress-controller/templates/udp-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.udp }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-udp" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: controller - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: {{- include "common.tplvalues.render" (dict "value" .Values.udp "context" $) | nindent 2 }} -{{- end }} diff --git a/bitnami/nginx-ingress-controller/values.yaml b/bitnami/nginx-ingress-controller/values.yaml deleted file mode 100644 index e8e3c96..0000000 --- a/bitnami/nginx-ingress-controller/values.yaml +++ /dev/null @@ -1,804 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param commonAnnotations Add annotations to all the deployed resources -## -commonAnnotations: {} -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section Nginx Ingress Controller parameters - -## Bitnami NGINX Ingress controller image version -## ref: https://hub.docker.com/r/bitnami/nginx-ingress-controller/tags/ -## @param image.registry Nginx Ingress Controller image registry -## @param image.repository Nginx Ingress Controller image repository -## @param image.tag Nginx Ingress Controller image tag (immutable tags are recommended) -## @param image.pullPolicy Nginx Ingress Controller image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## -image: - registry: docker.io - repository: bitnami/nginx-ingress-controller - tag: 1.0.2-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param containerPorts [object] Controller container ports to open -## -containerPorts: - http: 80 - https: 443 - metrics: 10254 -## @param hostAliases Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param config Custom configuration options for NGINX -## ref: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/ -## -config: {} -## @param proxySetHeaders Custom headers before sending traffic to backends -## ref: https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers -## -proxySetHeaders: {} -## @param addHeaders Custom headers before sending response traffic to the client -## ref: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers -## -addHeaders: {} -## @param defaultBackendService Default 404 backend service; required only if `defaultBackend.enabled = false` -## Must be / -## -defaultBackendService: "" -## @param electionID Election ID to use for status update -## -electionID: ingress-controller-leader -## @param reportNodeInternalIp If using `hostNetwork=true`, setting `reportNodeInternalIp=true`, will pass the flag `report-node-internal-ip-address` to Nginx Ingress Controller -## Bare-metal considerations via the host network -## ref: https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network -## -reportNodeInternalIp: false -## @param watchIngressWithoutClass Process Ingress objects without ingressClass annotation/ingressClassName field -## -watchIngressWithoutClass: false -## @param ingressClass Name of the ingress class to route through this controller -## -ingressClass: nginx -## Allows customization of the external service -## the ingress will be bound to via DNS -## -publishService: - ## @param publishService.enabled Set the endpoint records on the Ingress objects to reflect those on the service - ## - enabled: false - ## @param publishService.pathOverride Allows overriding of the publish service to bind to - ## Must be / - ## - pathOverride: "" -## @param scope.enabled Limit the scope of the controller. Defaults to `.Release.Namespace` -## -scope: - enabled: false -## @param configMapNamespace Allows customization of the configmap / nginx-configmap namespace -## Defaults to .Release.Namespace -## -configMapNamespace: "" -## @param tcpConfigMapNamespace Allows customization of the tcp-services-configmap namespace -## Defaults to .Release.Namespace -## -tcpConfigMapNamespace: "" -## @param udpConfigMapNamespace Allows customization of the udp-services-configmap namespace -## Defaults to .Release.Namespace -## -udpConfigMapNamespace: "" -## @param maxmindLicenseKey License key used to download Geolite2 database -## -maxmindLicenseKey: "" -## @param dhParam A base64ed Diffie-Hellman parameter -## This can be generated with: openssl dhparam 4096 2> / -## Ref: https://github.com/krmichel/ingress-nginx/blob/master/docs/examples/customization/ssl-dh-param -dhParam: "" -## @param tcp TCP service key:value pairs -## ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tcp -## e.g: -## tcp: -## 8080: "default/example-tcp-svc:9000" -## -tcp: {} -## @param udp UDP service key:value pairs -## ref: https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/udp -## e.g: -## udp: -## 53: "kube-system/kube-dns:53" -## -udp: {} -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param extraArgs Additional command line arguments to pass to nginx-ingress-controller -## E.g. to specify the default SSL certificate you can use -## extraArgs: -## default-ssl-certificate: "/" -## -extraArgs: {} -## @param extraEnvVars Extra environment variables to be set on Nginx Ingress container -## E.g: -## extraEnvs: -## - name: FOO -## valueFrom: -## secretKeyRef: -## key: FOO -## name: secret-resource -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of a existing ConfigMap containing extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of a existing Secret containing extra environment variables -## -extraEnvVarsSecret: "" - -## @section Nginx Ingress deployment / daemonset parameters - -## @param kind Install as Deployment or DaemonSet -## -kind: Deployment -## Daemonset configuration -## -daemonset: - ## @param daemonset.useHostPort If `kind` is `DaemonSet`, this will enable `hostPort` for `TCP/80` and `TCP/443` - ## - useHostPort: false - ## @param daemonset.hostPorts [object] HTTP and HTTPS ports - ## - hostPorts: - http: 80 - https: 443 -## @param replicaCount Desired number of Controller pods -## -replicaCount: 1 -## @param updateStrategy Strategy to use to update Pods -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## -updateStrategy: {} -## @param revisionHistoryLimit The number of old history to retain to allow rollback -## -revisionHistoryLimit: 10 -## Controller pods' Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable Controller pods' Security Context -## @param podSecurityContext.fsGroup Group ID for the container filesystem -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Controller containers' Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable Controller containers' Security Context -## @param containerSecurityContext.allowPrivilegeEscalation Switch to allow priviledge escalation on the Controller container -## @param containerSecurityContext.runAsUser User ID for the Controller container -## @param containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities that should be dropped -## @param containerSecurityContext.capabilities.add [array] Linux Kernel capabilities that should be added -## -containerSecurityContext: - enabled: true - allowPrivilegeEscalation: true - runAsUser: 1001 - capabilities: - drop: ["ALL"] - add: ["NET_BIND_SERVICE"] -## @param minReadySeconds How many seconds a pod needs to be ready before killing the next, during update -## -minReadySeconds: 0 -## Controller containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the Controller container -## @param resources.requests The requested resources for the Controller container -## -resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} -## Controller containers' liveness probe. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.httpGet.path Request path for livenessProbe -## @param livenessProbe.httpGet.port Port for livenessProbe -## @param livenessProbe.httpGet.scheme Scheme for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 -## Controller containers' readiness probe. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.httpGet.path Request path for readinessProbe -## @param readinessProbe.httpGet.port Port for readinessProbe -## @param readinessProbe.httpGet.scheme Scheme for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param lifecycle LifecycleHooks to set additional configuration at startup -## -lifecycle: {} -## @param podLabels Extra labels for Controller pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Annotations for Controller pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param priorityClassName Controller priorityClassName -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -## -priorityClassName: "" -## @param hostNetwork If the Nginx deployment / daemonset should run on the host's network namespace -## Required on CNI based K8s installations, since CNI and hostport don't mix yet -## Can be deprecated once https://github.com/kubernetes/kubernetes/issues/23920 is merged -## -hostNetwork: false -## @param dnsPolicy By default, while using host network, name resolution uses the host's DNS -## Optionally, change this to ClusterFirstWithHostNet in case you have 'hostNetwork: true' if you wish nginx-controller -## to keep resolving names inside the Kubernetes network -## -dnsPolicy: ClusterFirst -## @param terminationGracePeriodSeconds How many seconds to wait before terminating a pod -## -terminationGracePeriodSeconds: 60 -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param extraVolumes Optionally specify extra list of additional volumes for Controller pods -## -extraVolumes: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Controller container(s) -## -extraVolumeMounts: [] -## @param initContainers Add init containers to the controller pods -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param sidecars Add sidecars to the controller pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @param customTemplate [object] Override NGINX template -## -customTemplate: - configMapName: "" - configMapKey: "" -## @param topologySpreadConstraints Topology spread constraints rely on node labels to identify the topology domain(s) that each Node is in -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## -## topologySpreadConstraints: -## - maxSkew: 1 -## topologyKey: failure-domain.beta.kubernetes.io/zone -## whenUnsatisfiable: DoNotSchedule -## labelSelector: -## matchLabels: -## app.kubernetes.io/instance: ingress-nginx-internal -## -topologySpreadConstraints: [] -## @param podSecurityPolicy.enabled If true, create & use Pod Security Policy resources -## https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - enabled: false - -## @section Default backend parameters - -## Default 404 backend -## -defaultBackend: - ## @param defaultBackend.enabled Enable a default backend based on NGINX - ## - enabled: true - ## @param defaultBackend.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## Bitnami NGINX image - ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ - ## @param defaultBackend.image.registry Default backend image registry - ## @param defaultBackend.image.repository Default backend image repository - ## @param defaultBackend.image.tag Default backend image tag (immutable tags are recommended) - ## @param defaultBackend.image.pullPolicy Image pull policy - ## @param defaultBackend.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/nginx - tag: 1.21.3-debian-10-r19 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param defaultBackend.extraArgs Additional command line arguments to pass to Nginx container - ## - extraArgs: {} - ## @param defaultBackend.containerPort HTTP container port number - ## - containerPort: 8080 - ## @param defaultBackend.serverBlockConfig [string] NGINX backend default server block configuration - ## Should be compliant with: https://kubernetes.github.io/ingress-nginx/user-guide/default-backend/ - ## - serverBlockConfig: |- - location /healthz { - return 200; - } - - location / { - return 404; - } - ## @param defaultBackend.replicaCount Desired number of default backend pods - ## - replicaCount: 1 - ## Default backend pods' Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param defaultBackend.podSecurityContext.enabled Enable Default backend pods' Security Context - ## @param defaultBackend.podSecurityContext.fsGroup Group ID for the container filesystem - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Default backend containers' Security Context (only main container) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param defaultBackend.containerSecurityContext.enabled Enable Default backend containers' Security Context - ## @param defaultBackend.containerSecurityContext.runAsUser User ID for the Default backend container - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## Default backend containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param defaultBackend.resources.limits The resources limits for the Default backend container - ## @param defaultBackend.resources.requests The requested resources for the Default backend container - ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## Default backend containers' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param defaultBackend.livenessProbe.enabled Enable livenessProbe - ## @param defaultBackend.livenessProbe.httpGet.path Request path for livenessProbe - ## @param defaultBackend.livenessProbe.httpGet.port Port for livenessProbe - ## @param defaultBackend.livenessProbe.httpGet.scheme Scheme for livenessProbe - ## @param defaultBackend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param defaultBackend.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param defaultBackend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param defaultBackend.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param defaultBackend.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - httpGet: - path: /healthz - port: http - scheme: HTTP - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - ## Default backend containers' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param defaultBackend.readinessProbe.enabled Enable readinessProbe - ## @param defaultBackend.readinessProbe.httpGet.path Request path for readinessProbe - ## @param defaultBackend.readinessProbe.httpGet.port Port for readinessProbe - ## @param defaultBackend.readinessProbe.httpGet.scheme Scheme for readinessProbe - ## @param defaultBackend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param defaultBackend.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param defaultBackend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param defaultBackend.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param defaultBackend.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - httpGet: - path: /healthz - port: http - scheme: HTTP - failureThreshold: 6 - initialDelaySeconds: 0 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - ## @param defaultBackend.podLabels Extra labels for Controller pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param defaultBackend.podAnnotations Annotations for Controller pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param defaultBackend.priorityClassName priorityClassName - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass - ## - priorityClassName: "" - ## @param defaultBackend.podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param defaultBackend.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param defaultBackend.nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param defaultBackend.nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param defaultBackend.nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param defaultBackend.affinity Affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: defaultBackend.podAffinityPreset, defaultBackend.podAntiAffinityPreset, and defaultBackend.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param defaultBackend.nodeSelector Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param defaultBackend.tolerations Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## Default backend Service parameters - ## - service: - ## @param defaultBackend.service.type Kubernetes Service type for default backend - ## - type: ClusterIP - ## @param defaultBackend.service.port Default backend service port - ## - port: 80 - ## Default backend Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param defaultBackend.pdb.create Enable/disable a Pod Disruption Budget creation for Default backend - ## - create: false - ## @param defaultBackend.pdb.minAvailable Minimum number/percentage of Default backend pods that should remain scheduled - ## - minAvailable: 1 - ## @param defaultBackend.pdb.maxUnavailable Maximum number/percentage of Default backend pods that may be made unavailable - ## - maxUnavailable: "" - -## @section Traffic exposure parameters - -## Service parameters -## -service: - ## @param service.type Kubernetes Service type for Controller - ## - type: LoadBalancer - ## @param service.ports [object] Service ports - ## - ports: - http: 80 - https: 443 - ## @param service.targetPorts [object] Map the controller service HTTP/HTTPS port - ## - targetPorts: - http: http - https: https - ## @param service.nodePorts [object] Specify the nodePort value(s) for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - http: "" - https: "" - tcp: {} - udp: {} - ## @param service.annotations Annotations for controller service - ## This can be used to set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - ## @param service.labels Labels for controller service - ## - labels: {} - ## @param service.clusterIP Controller Internal Cluster Service IP (optional) - ## - clusterIP: "" - ## @param service.externalIPs Controller Service external IP addresses - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - ## @param service.loadBalancerIP Kubernetes LoadBalancerIP to request for Controller (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges List of IP CIDRs allowed access to load balancer (if supported) - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy Set external traffic policy to: "Local" to preserve source IP on providers supporting it - ## Enable client source IP preservation - ## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer - ## - externalTrafficPolicy: "" - ## @param service.healthCheckNodePort Set this to the managed health-check port the kube-proxy will expose. If blank, a random port in the `NodePort` range will be assigned - ## - healthCheckNodePort: 0 - -## @section RBAC parameters - -## Pods Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable the creation of a ServiceAccount for Controller pods - ## - create: true - ## @param serviceAccount.name Name of the created ServiceAccount - ## If not set and create is true, a name is generated using the metrics-server.fullname template - name: "" - ## @param serviceAccount.annotations Annotations for service account. - ## Only used if `create` is `true`. - ## - annotations: {} -## Role Based Access -## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## @param rbac.create Specifies whether RBAC rules should be created - ## - create: true - -## @section Other parameters - -## Controller Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - ## @param pdb.create Enable/disable a Pod Disruption Budget creation for Controller - ## - create: false - ## @param pdb.minAvailable Minimum number/percentage of Controller pods that should remain scheduled - ## - minAvailable: 1 - ## @param pdb.maxUnavailable Maximum number/percentage of Controller pods that may be made unavailable - ## - maxUnavailable: "" -## Controller Autoscaling configuration -## @param autoscaling.enabled Enable autoscaling for Controller -## @param autoscaling.minReplicas Minimum number of Controller replicas -## @param autoscaling.maxReplicas Maximum number of Controller replicas -## @param autoscaling.targetCPU Target CPU utilization percentage -## @param autoscaling.targetMemory Target Memory utilization percentage -## -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 11 - targetCPU: "" - targetMemory: "" - -## @section Metrics parameters - -## Prometheus exporter parameters -## -metrics: - ## @param metrics.enabled Enable exposing Controller statistics - ## - enabled: false - ## Prometheus exporter service parameters - ## - service: - ## @param metrics.service.type Type of Prometheus metrics service to create - ## - type: ClusterIP - ## @param metrics.service.port Service HTTP management port - ## - port: 9913 - ## @param metrics.service.annotations [object] Annotations for the Prometheus exporter service - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.port }}" - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.selector ServiceMonitor selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## e.g: - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param metrics.prometheusRule.enabled Create PrometheusRules resource for scraping metrics using PrometheusOperator - ## @param metrics.prometheusRule.additionalLabels Used to pass Labels that are required by the Installed Prometheus Operator - ## @param metrics.prometheusRule.namespace Namespace which Prometheus is running in - ## @param metrics.prometheusRule.rules Rules to be prometheus in YAML format, check values for an example - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: "" - rules: [] diff --git a/bitnami/nginx/.helmignore b/bitnami/nginx/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/nginx/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/nginx/Chart.yaml b/bitnami/nginx/Chart.yaml deleted file mode 100644 index 469fde9..0000000 --- a/bitnami/nginx/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 1.21.3 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Chart for the nginx server -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/nginx -icon: https://bitnami.com/assets/stacks/nginx/img/nginx-stack-220x234.png -keywords: - - nginx - - http - - web - - www - - reverse proxy -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: nginx -sources: - - https://github.com/bitnami/bitnami-docker-nginx - - http://www.nginx.org -version: 9.5.4 diff --git a/bitnami/nginx/ci/ct-values.yaml b/bitnami/nginx/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/nginx/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/nginx/templates/extra-list.yaml b/bitnami/nginx/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/nginx/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/node-exporter/.helmignore b/bitnami/node-exporter/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/node-exporter/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/node/.helmignore b/bitnami/node/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/node/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/node/Chart.lock b/bitnami/node/Chart.lock deleted file mode 100644 index bd2f8b9..0000000 --- a/bitnami/node/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: mongodb - repository: https://charts.bitnami.com/bitnami - version: 10.24.1 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.8.0 -digest: sha256:82864bf4ffb511268cebe7c8ffd999a6ad493ec730dfa62b76094e9b1be62568 -generated: "2021-08-31T21:26:24.616599764Z" diff --git a/bitnami/node/Chart.yaml b/bitnami/node/Chart.yaml deleted file mode 100644 index f5691ae..0000000 --- a/bitnami/node/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 14.17.6 -dependencies: - - condition: mongodb.enabled - name: mongodb - repository: https://charts.bitnami.com/bitnami - version: 10.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Event-driven I/O server-side JavaScript environment based on V8 -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/node -icon: https://bitnami.com/assets/stacks/nodejs/img/nodejs-stack-220x234.png -keywords: - - node - - javascript - - nodejs - - git -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: node -sources: - - https://github.com/bitnami/bitnami-docker-node - - http://nodejs.org/ -version: 15.2.26 diff --git a/bitnami/node/README.md b/bitnami/node/README.md deleted file mode 100644 index 572f8da..0000000 --- a/bitnami/node/README.md +++ /dev/null @@ -1,426 +0,0 @@ -# Node - -[Node](https://www.nodejs.org) Event-driven I/O server-side JavaScript environment based on V8. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/node -``` - -## Introduction - -This chart bootstraps a [Node](https://github.com/bitnami/bitnami-docker-node) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It clones and deploys a Node.js application from a Git repository. Optionally, you can set up an Ingress resource to access your application and provision an external database using the Kubernetes service catalog and the Open Service Broker for Azure. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/node -``` - -These commands deploy Node.js on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. Also includes support for MariaDB chart out of the box. - -Due that the Helm Chart clones the application on the /app volume while the container is initializing, a persistent volume is not required. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------------------------------------------------ | ----- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override node.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override node.fullname template | `""` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | - - -### Node parameters - -| Name | Description | Value | -| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -| `command` | Override default container command (useful when using custom images) | `["/bin/bash","-ec","npm start"]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `extraEnvVars` | Extra environment variables to be set on Node container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` | -| `mongodb.enabled` | Whether to install or not the MongoDB® chart | `true` | -| `mongodb.auth.enabled` | Whether to enable auth or not for the MongoDB® chart | `true` | -| `mongodb.auth.rootPassword` | MongoDB® admin password | `""` | -| `mongodb.auth.username` | MongoDB® custom user | `user` | -| `mongodb.auth.database` | MongoDB® custom database | `test_db` | -| `mongodb.auth.password` | MongoDB® custom password | `secret_password` | -| `externaldb.enabled` | Enables or disables external database (ignored if `mongodb.enabled=true`) | `false` | -| `externaldb.ssl` | Set to true if your external database has ssl enabled | `false` | -| `externaldb.secretName` | Secret containing existing database credentials | `""` | -| `externaldb.type` | Only if using Kubernetes Service Catalog you can specify the kind of broker used. Available options are osba|gce|aws | `osba` | -| `externaldb.broker.serviceInstanceName` | If you provide the serviceInstanceName, the chart will create a ServiceBinding for that ServiceInstance | `""` | - - -### Node deployment parameters - -| Name | Description | Value | -| --------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------------- | -| `image.registry` | NodeJS image registry | `docker.io` | -| `image.repository` | NodeJS image repository | `bitnami/node` | -| `image.tag` | NodeJS image tag (immutable tags are recommended) | `14.17.6-debian-10-r0` | -| `image.pullPolicy` | NodeJS image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `replicaCount` | Specify the number of replicas for the application | `1` | -| `applicationPort` | Specify the port where your application will be running | `3000` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `{}` | -| `podAnnotations` | Additional pod annotations | `{}` | -| `podLabels` | Additional labels for Node pods | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Request path for livenessProbe | `/` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Request path for readinessProbe | `/` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `priorityClassName` | Node priorityClassName | `""` | -| `lifecycleHooks` | lifecycleHooks for the Node container to automate configuration before or after startup. | `{}` | -| `sidecars` | Add sidecars to the Node pods | `[]` | -| `initContainers` | Add init containers to the Node pods | `[]` | -| `extraVolumes` | Extra volumes to add to the deployment | `[]` | -| `extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | -| `containerSecurityContext.enabled` | Node Container securityContext | `true` | -| `containerSecurityContext.runAsUser` | User ID for the Node container | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `podSecurityContext.enabled` | Enable security context for Node pods | `true` | -| `podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` | -| `resources.limits` | The resources limits for the Node container | `{}` | -| `resources.requests` | The requested resources for the Node container | `{}` | - - -### Node application parameters - -| Name | Description | Value | -| ------------------------------ | --------------------------------------------------- | -------------------------------------------- | -| `git.image.registry` | Git image registry | `docker.io` | -| `git.image.repository` | Git image repository | `bitnami/git` | -| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.33.0-debian-10-r14` | -| `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` | -| `git.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `git.extraVolumeMounts` | Add extra volume mounts for the Git container | `[]` | -| `getAppFromExternalRepository` | Enable to download app from external git repository | `true` | -| `repository` | Git repository http/https url | `https://github.com/bitnami/sample-mean.git` | -| `revision` | Git repository revision to checkout | `master` | - - -### Volume permissions parameters - -| Name | Description | Value | -| -------------------------------------- | ---------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r178` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | - - -### Persistence parameters - -| Name | Description | Value | -| -------------------------- | ------------------------------- | --------------- | -| `persistence.enabled` | Enable persistence using PVC | `false` | -| `persistence.path` | Path to persisted directory | `/app/data` | -| `persistence.storageClass` | Persistent Volume Storage Class | `""` | -| `persistence.accessMode` | PVC Access Mode | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request | `1Gi` | - - -### Traffic exposure parameters - -| Name | Description | Value | -| ---------------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | Kubernetes Service port | `80` | -| `service.clusterIP` | Service Cluster IP | `""` | -| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `service.nodePort` | NodePort if Service type is `LoadBalancer` or `NodePort` | `""` | -| `service.loadBalancerIP` | LoadBalancer IP if Service type is `LoadBalancer` | `""` | -| `service.loadBalancerSourceRanges` | In order to limit which client IP's can access the Network Load Balancer, specify loadBalancerSourceRanges | `[]` | -| `service.annotations` | Annotations for the Service | `{}` | -| `ingress.enabled` | Set to true to enable ingress record generation | `false` | -| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | When the ingress is enabled, a host pointing to this will be created | `node.local` | -| `ingress.path` | The Path to Node.js. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -The above parameters map to the env variables defined in [bitnami/node](http://github.com/bitnami/bitnami-docker-node). For more information please refer to the [bitnami/node](http://github.com/bitnami/bitnami-docker-node) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set repository=https://github.com/jbianquetti-nami/simple-node-app.git,replicaCount=2 \ - bitnami/node -``` - -The above command clones the remote git repository to the `/app/` directory of the container. Additionally it sets the number of `replicaCount` to `2`. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/node -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different Node.js version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/nodejs/configuration/change-image-version/). - -### Set up an Ingress controller - -First install the nginx-ingress controller and then deploy the node helm chart with the following parameters: - -```console -ingress.enabled=true -ingress.host=example.com -service.type=ClusterIP -``` - -### Configure TLS termination for your ingress controller - -You must manually create a secret containing the certificate and key for your domain. Then ensure you deploy the Helm chart with the following ingress configuration: - -```yaml -ingress: - enabled: false - path: / - host: example.com - annotations: - kubernetes.io/ingress.class: nginx - tls: - hosts: - - example.com -``` - -### Connect your application to an already existing database - -1. Create a secret containing your database credentials (named `my-database-secret` as example), you can use the following options (set with `--from-literal`) to create the secret: - - ```console - host=YOUR_DATABASE_HOST - port=YOUR_DATABASE_PORT - username=YOUR_DATABASE_USER - password=YOUR_DATABASE_PASSWORD - database=YOUR_DATABASE_NAME - ``` - - `YOUR_DATABASE_HOST`, `YOUR_DATABASE_PORT`, `YOUR_DATABASE_USER`, `YOUR_DATABASE_PASSWORD`, and `YOUR_DATABASE_NAME` are placeholders that must be replaced with correct values. - -2. Deploy the node chart specifying the secret name - - ```console - mongodb.enabled=false - externaldb.enabled=true - externaldb.secretName=my-database-secret - ``` - -### Provision a database using the Open Service Broker for Azure - -1. Install Service Catalog in your Kubernetes cluster following [this instructions](https://kubernetes.io/docs/tasks/service-catalog/install-service-catalog-using-helm/) -2. Install the Open Service Broker for Azure in your Kubernetes cluster following [this instructions](https://github.com/Azure/open-service-broker-azure/tree/master/contrib/k8s/charts/open-service-broker-azure) - -> TIP: you may want to install the osba chart setting the `modules.minStability=EXPERIMENTAL` to see all the available services. -> -> azure.subscriptionId=$AZURE_SUBSCRIPTION_ID -> azure.tenantId=$AZURE_TENANT_ID -> azure.clientId=$AZURE_CLIENT_ID -> azure.clientSecret=$AZURE_CLIENT_SECRET -> modules.minStability=EXPERIMENTAL - -3. Create and deploy a ServiceInstance to provision a database server in Azure cloud. - - ```yaml - apiVersion: servicecatalog.k8s.io/v1beta1 - kind: ServiceInstance - metadata: - name: azure-mongodb-instance - labels: - app: mongodb - spec: - clusterServiceClassExternalName: azure-cosmosdb-mongo-account - clusterServicePlanExternalName: account - parameters: - location: YOUR_AZURE_LOCATION - resourceGroup: mongodb-k8s-service-catalog - ipFilters: - allowedIPRanges: - - "0.0.0.0/0" - ``` - - Please update the `YOUR_AZURE_LOCATION` placeholder in the above example. - -4. Deploy the helm chart: - - ```command - mongodb.enabled=false - externaldb.enabled=true - externaldb.broker.serviceInstanceName=azure-mongodb-instance - externaldb.ssl=true - ``` - -Once the instance has been provisioned in Azure, a new secret should have been automatically created with the connection parameters for your application. - -Deploying the helm chart enabling the Azure external database makes the following assumptions: - -- You would want an Azure CosmosDB MongoDB® database -- Your application uses DATABASE_HOST, DATABASE_PORT, DATABASE_USER, DATABASE_PASSWORD, and DATABASE_NAME environment variables to connect to the database. - -You can read more about the kubernetes service catalog at https://github.com/kubernetes-bitnami/service-catalog - -## Persistence - -The [Bitnami Node](https://github.com/bitnami/bitnami-docker-node) image stores the Node application and configurations at the `/app` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -### Adjust permissions of persistent volume mountpoint - -As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. - -By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. -As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. - -You can enable this initContainer by setting `volumePermissions.enabled` to `true`. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 15.0.0 - -This version standardizes the way of defining Ingress rules. When configuring a single hostname for the Ingress rule, set the `ingress.hostname` value. When defining more than one, set the `ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading. - -### To 14.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts -- MongoDB® dependency version was bumped to a new major version `10.X.X`. Check [MongoDB® Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mongodb#to-1000) for more information. -- Inclusion of the`bitnami/common` library chart and standardization to include common features found on other charts. -- `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. -- `replicas` is deprecated in favor of `replicaCount`. - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 13.0.0 - -MongoDB® subchart container images were updated to 4.4.x and it can affect compatibility with older versions of MongoDB®. - -- https://github.com/bitnami/charts/tree/master/bitnami/mongodb#to-900 - -### To 12.0.0 - -Backwards compatibility is not guaranteed since breaking changes were included in MongoDB® subchart. More information in the link below: - -- https://github.com/bitnami/charts/tree/master/bitnami/mongodb#to-800 - -### To 7.0.0 - -This release includes security contexts, so the containers in the chart are run as non-root. More information in [this link](https://github.com/bitnami/bitnami-docker-node#484-r1-6112-r1-7101-r1-and-830-r1). - -### To 6.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 6.0.0. The following example assumes that the release name is node: - -```console -$ kubectl patch deployment node --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl patch deployment node-mongodb --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` diff --git a/bitnami/node/ci/values-with-ingress-and-persistence.yaml b/bitnami/node/ci/values-with-ingress-and-persistence.yaml deleted file mode 100644 index 94917f7..0000000 --- a/bitnami/node/ci/values-with-ingress-and-persistence.yaml +++ /dev/null @@ -1,9 +0,0 @@ -## Test values file for generating all of the yaml and check that -## the rendering is correct - -ingress: - enabled: true - tls: [] - -persistence: - enabled: true diff --git a/bitnami/node/templates/NOTES.txt b/bitnami/node/templates/NOTES.txt deleted file mode 100644 index 8aa0a69..0000000 --- a/bitnami/node/templates/NOTES.txt +++ /dev/null @@ -1,36 +0,0 @@ -{{- $dbSecretName := include "node.mongodb.fullname" . -}} - -1. Get the URL of your Node app by running: - -{{- if eq .Values.service.type "NodePort" }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "Node app URL: http://$NODE_IP:$NODE_PORT/" - -{{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc -w {{ template "common.names.fullname" . }} --namespace {{ .Release.Namespace }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo "Node app URL: http://$SERVICE_IP/" - -{{- else if eq .Values.service.type "ClusterIP" }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} - echo "Node app URL: http://127.0.0.1:{{ .Values.service.port }}/" - -{{- end }} - -{{- include "node.checkRollingTags" . }} -{{- include "node.validateValues" . }} - -{{- $passwordValidationErrors := list }} - -{{- if .Values.mongodb.enabled }} -{{- $dbPasswordValidationErrors := include "common.validations.values.mongodb.passwords" (dict "secret" $dbSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $dbPasswordValidationErrors -}} -{{- end }} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/node/templates/_helpers.tpl b/bitnami/node/templates/_helpers.tpl deleted file mode 100644 index cdc9086..0000000 --- a/bitnami/node/templates/_helpers.tpl +++ /dev/null @@ -1,85 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "node.mongodb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mongodb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Custom template to get proper service name -*/}} -{{- define "node.secretName" -}} - {{- if .Values.externaldb.secretName }} - {{- printf "%s" .Values.externaldb.secretName }} - {{- else }} - {{- printf "%s-%s" .Release.Name "mongodb-binding" | trunc 63 | trimSuffix "-" -}} - {{- end }} -{{- end -}} - -{{/* -Return the proper Node image name -*/}} -{{- define "node.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper git image name -*/}} -{{- define "git.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.git.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "node.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.git.image) "global" .Values.global) -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "node.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.git.image }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "node.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "node.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "node.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "node.validateValues.database" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Node - Database */}} -{{- define "node.validateValues.database" -}} -{{- if and .Values.mongodb.enabled .Values.externaldb.enabled -}} -node: Database - You can only use one database. - Please choose installing a MongoDB® chart (--set mongodb.enabled=true) or - using an external database (--set externaldb.enabled=true) -{{- end -}} -{{- end -}} diff --git a/bitnami/node/templates/deployment.yaml b/bitnami/node/templates/deployment.yaml deleted file mode 100644 index b7a12be..0000000 --- a/bitnami/node/templates/deployment.yaml +++ /dev/null @@ -1,248 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - {{- if .Values.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "node.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.getAppFromExternalRepository }} - - name: git-clone-repository - image: {{ include "git.image" . }} - imagePullPolicy: {{ .Values.git.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh" - git clone {{ .Values.repository }} --branch {{ .Values.revision }} /app - volumeMounts: - - name: app - mountPath: /app - {{- if .Values.git.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.git.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - - name: npm-install - image: {{ template "node.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - workingDir: /app - command: - - /bin/bash - - -ec - - | - npm install - env: - - name: HOME - value: /tmp - volumeMounts: - - name: app - mountPath: /app - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "node.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.path }} - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.path }} - {{- end }} - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: node - image: {{ template "node.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - {{- if .Values.mongodb.enabled }} - - name: DATABASE_HOST - value: {{ template "node.mongodb.fullname" . }} - - name: DATABASE_PORT - value: "27017" - - name: DATABASE_USER - value: {{ .Values.mongodb.auth.username | quote }} - - name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "node.mongodb.fullname" . }} - key: mongodb-password - - name: DATABASE_NAME - value: {{ .Values.mongodb.auth.database | quote }} - - name: DATABASE_CONNECTION_OPTIONS - value: "" - {{- else if .Values.externaldb.enabled }} - - name: DATABASE_HOST - valueFrom: - secretKeyRef: - name: {{ template "node.secretName" . }} - key: host - - name: DATABASE_NAME - {{- if not .Values.externaldb.broker.serviceInstanceName }} - valueFrom: - secretKeyRef: - name: {{ template "node.secretName" . }} - key: database - {{- else }} - value: "" - {{- end }} - - name: DATABASE_PORT - valueFrom: - secretKeyRef: - name: {{ template "node.secretName" . }} - key: port - - name: DATABASE_USER - valueFrom: - secretKeyRef: - name: {{ template "node.secretName" . }} - key: username - - name: DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "node.secretName" . }} - key: password - - name: DATABASE_CONNECTION_OPTIONS - {{- if .Values.externaldb.ssl }} - value: "ssl=true" - {{- else }} - value: "" - {{- end }} - {{- end }} - - name: DATA_FOLDER - value: "/app" - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - workingDir: /app - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.applicationPort }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.getAppFromExternalRepository }} - - name: app - mountPath: /app - {{- end }} - - name: data - mountPath: {{ .Values.persistence.path }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.getAppFromExternalRepository }} - - name: app - emptyDir: {} - {{- end }} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ template "common.names.fullname" . }}-binding - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/node/templates/extra-list.yaml b/bitnami/node/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/node/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/node/templates/ingress.yaml b/bitnami/node/templates/ingress.yaml deleted file mode 100644 index 38315c3..0000000 --- a/bitnami/node/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - {{- range .Values.ingress.extraHosts }} - - {{ .name }} - {{- end }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/node/templates/mongodb-binding.yaml b/bitnami/node/templates/mongodb-binding.yaml deleted file mode 100644 index c1aeffd..0000000 --- a/bitnami/node/templates/mongodb-binding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.externaldb.enabled .Values.externaldb.broker.serviceInstanceName }} -apiVersion: servicecatalog.k8s.io/v1beta1 -kind: ServiceBinding -metadata: - name: {{ template "common.names.fullname" . }}-binding - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - instanceRef: - name: {{ .Values.externaldb.broker.serviceInstanceName }} - secretName: {{ template "node.secretName" . }} -{{- end }} diff --git a/bitnami/node/templates/pvc.yaml b/bitnami/node/templates/pvc.yaml deleted file mode 100644 index 3e2e573..0000000 --- a/bitnami/node/templates/pvc.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.persistence.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "common.names.fullname" . }}-binding - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - annotations: - volume.alpha.kubernetes.io/storage-class: {{ ternary "default" (trimPrefix "storageClassName: " (include "node.storageClass" .)) (empty (include "node.storageClass" .)) }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "node.storageClass" . }} -{{- end }} diff --git a/bitnami/node/templates/svc.yaml b/bitnami/node/templates/svc.yaml deleted file mode 100644 index f94e8e6..0000000 --- a/bitnami/node/templates/svc.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.service.annotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} - nodePort: {{ .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/node/values.yaml b/bitnami/node/values.yaml deleted file mode 100644 index f64556d..0000000 --- a/bitnami/node/values.yaml +++ /dev/null @@ -1,548 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override node.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override node.fullname template -## -fullnameOverride: "" -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param commonAnnotations Add annotations to all the deployed resources -## -commonAnnotations: {} - -## @section Node parameters - -## @param command Override default container command (useful when using custom images) -## -command: ['/bin/bash', '-ec', 'npm start'] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param hostAliases Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param extraEnvVars Extra environment variables to be set on Node container -## For example: -## - name: BEARER_AUTH -## value: true -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra environment variables -## -extraEnvVarsSecret: "" -## MongoDB® chart configuration -## ref: https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml -## -mongodb: - ## @param mongodb.enabled Whether to install or not the MongoDB® chart - ## To use an external database set this to false and configure the externaldb parameters - ## - enabled: true - ## MongoDB® Authentication parameters - ## - auth: - ## @param mongodb.auth.enabled Whether to enable auth or not for the MongoDB® chart - ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ - ## - enabled: true - ## @param mongodb.auth.rootPassword MongoDB® admin password - ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param mongodb.auth.username MongoDB® custom user - ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#creating-a-user-and-database-on-first-run - ## - username: user - ## @param mongodb.auth.database MongoDB® custom database - ## - database: test_db - ## @param mongodb.auth.password MongoDB® custom password - ## - password: secret_password -## External Database Configuration -## Provision an external database -## You have two alternatives: -## 1) Pass an already existing Secret with your database credentials -## 2) Pass an already existing ServiceInstance name and specify the service catalog broker to automatically create a ServiceBinding for your application. -## -externaldb: - ## @param externaldb.enabled Enables or disables external database (ignored if `mongodb.enabled=true`) - ## - enabled: false - ## @param externaldb.ssl Set to true if your external database has ssl enabled - ## - ssl: false - ## @param externaldb.secretName Secret containing existing database credentials - ## Please refer to the respective section in the README to know the details about this secret. - ## - secretName: "" - ## @param externaldb.type Only if using Kubernetes Service Catalog you can specify the kind of broker used. Available options are osba|gce|aws - ## - type: osba - ## @param externaldb.broker.serviceInstanceName If you provide the serviceInstanceName, the chart will create a ServiceBinding for that ServiceInstance - ## - broker: - serviceInstanceName: "" - -## @section Node deployment parameters - -## Bitnami node image version -## ref: https://hub.docker.com/r/bitnami/node/tags/ -## @param image.registry NodeJS image registry -## @param image.repository NodeJS image repository -## @param image.tag NodeJS image tag (immutable tags are recommended) -## @param image.pullPolicy NodeJS image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## -image: - registry: docker.io - repository: bitnami/node - tag: 14.17.6-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param replicaCount Specify the number of replicas for the application -## -replicaCount: 1 -## @param applicationPort Specify the port where your application will be running -## -applicationPort: 3000 -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: {} -## @param podAnnotations Additional pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Additional labels for Node pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) -## -extraDeploy: [] -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.path Request path for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: '/' - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Request path for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: '/' - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 3 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param priorityClassName Node priorityClassName -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## @param lifecycleHooks lifecycleHooks for the Node container to automate configuration before or after startup. -## -lifecycleHooks: {} -## @param sidecars Add sidecars to the Node pods -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @param initContainers Add init containers to the Node pods -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param extraVolumes Extra volumes to add to the deployment -## -extraVolumes: [] -## @param extraVolumeMounts Extra volume mounts to add to the container -## -extraVolumeMounts: [] -## SecurityContext configuration -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## @param containerSecurityContext.enabled Node Container securityContext -## @param containerSecurityContext.runAsUser User ID for the Node container -## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true -## @param podSecurityContext.enabled Enable security context for Node pods -## @param podSecurityContext.fsGroup Group ID for the volumes of the pod -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Node conatiners' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the Node container -## @param resources.requests The requested resources for the Node container -## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - -## @section Node application parameters - -## Bitnami Git image version -## ref: https://hub.docker.com/r/bitnami/git/tags/ -## -git: - ## Bitnami git image version - ## ref: https://hub.docker.com/r/bitnami/git/tags/ - ## @param git.image.registry Git image registry - ## @param git.image.repository Git image repository - ## @param git.image.tag Git image tag (immutable tags are recommended) - ## @param git.image.pullPolicy Git image pull policy - ## @param git.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/git - tag: 2.33.0-debian-10-r14 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param git.extraVolumeMounts Add extra volume mounts for the Git container - ## Useful to mount keys to connect through ssh. (normally used with extraVolumes) - ## E.g: - ## extraVolumeMounts: - ## - name: ssh-dir - ## mountPath: /root/.ssh/ - ## - extraVolumeMounts: [] -## @param getAppFromExternalRepository Enable to download app from external git repository -## Disable it if your docker image already includes your application at /app -## -getAppFromExternalRepository: true -## @param repository Git repository http/https url -## -repository: https://github.com/bitnami/sample-mean.git -## @param revision Git repository revision to checkout -## -revision: master - -## @section Volume permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r178 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: false - ## @param persistence.path Path to persisted directory - ## - path: /app/data - ## @param persistence.storageClass Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessMode PVC Access Mode - ## - accessMode: ReadWriteOnce - ## @param persistence.size PVC Storage Request - ## - size: 1Gi - -## @section Traffic exposure parameters - -## Service parameters -## -service: - ## @param service.type Kubernetes Service type - ## - type: ClusterIP - ## @param service.port Kubernetes Service port - ## - port: 80 - ## @param service.clusterIP Service Cluster IP - ## - clusterIP: "" - ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/user-guide/services/ - ## - sessionAffinity: 'None' - ## @param service.nodePort NodePort if Service type is `LoadBalancer` or `NodePort` - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param service.loadBalancerIP LoadBalancer IP if Service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges In order to limit which client IP's can access the Network Load Balancer, specify loadBalancerSourceRanges - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support - ## - loadBalancerSourceRanges: [] - ## @param service.annotations Annotations for the Service - ## This can be used to set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} -## Configure the ingress resource that allows you to access the -## Node.js installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Set to true to enable ingress record generation - ## - enabled: false - ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created - ## - hostname: node.local - ## @param ingress.path The Path to Node.js. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: node.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - node.local - ## secretName: node.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: node.local-tls - ## key: - ## certificate: - ## - secrets: [] diff --git a/bitnami/oauth2-proxy/.helmignore b/bitnami/oauth2-proxy/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/oauth2-proxy/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/oauth2-proxy/templates/extra-list.yaml b/bitnami/oauth2-proxy/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/oauth2-proxy/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/odoo/.helmignore b/bitnami/odoo/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/odoo/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/odoo/Chart.lock b/bitnami/odoo/Chart.lock deleted file mode 100644 index 089e85c..0000000 --- a/bitnami/odoo/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 10.9.5 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.8.0 -digest: sha256:0125268f8603f0cd962380d79049d346df21e86b1f02689f099da24c0c528765 -generated: "2021-09-10T06:37:00.376267608Z" diff --git a/bitnami/odoo/Chart.yaml b/bitnami/odoo/Chart.yaml deleted file mode 100644 index 20bcfa7..0000000 --- a/bitnami/odoo/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -annotations: - category: CRM -apiVersion: v2 -appVersion: 14.0.20210910 -dependencies: - - condition: postgresql.enabled - name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 10.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - version: 1.x.x -description: A suite of web based open source business apps. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/odoo -icon: https://bitnami.com/assets/stacks/odoo/img/odoo-stack-220x234.png -keywords: - - odoo - - crm - - www - - http - - web -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: odoo -sources: - - https://github.com/bitnami/bitnami-docker-odoo - - https://www.odoo.com/ -version: 19.0.8 diff --git a/bitnami/odoo/README.md b/bitnami/odoo/README.md deleted file mode 100644 index ee8769c..0000000 --- a/bitnami/odoo/README.md +++ /dev/null @@ -1,504 +0,0 @@ -# Odoo - -[Odoo](https://www.odoo.com/) is a suite of web-based open source business apps. The main Odoo Apps include an Open Source CRM, Website Builder, eCommerce, Project Management, Billing & Accounting, Point of Sale, Human Resources, Marketing, Manufacturing, Purchase Management, ... - -Odoo Apps can be used as stand-alone applications, but they also integrate seamlessly so you get a full-featured Open Source ERP when you install several Apps. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/odoo -``` - -## Introduction - -This chart bootstraps a [Odoo](https://github.com/bitnami/bitnami-docker-odoo) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/odoo -``` - -The command deploys Odoo on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------- | ---------------------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `image.registry` | Odoo image registry | `docker.io` | -| `image.repository` | Odoo image repository | `bitnami/odoo` | -| `image.tag` | Odoo image tag (immutable tags are recommended) | `14.0.20210910-debian-10-r0` | -| `image.pullPolicy` | Odoo image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Odoo image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | - - -### Odoo Configuration parameters - -| Name | Description | Value | -| ----------------------- | -------------------------------------------------------------------- | ------------------ | -| `odooEmail` | Odoo user email | `user@example.com` | -| `odooPassword` | Odoo user password | `""` | -| `loadDemoData` | Whether to load demo data for all modules during initialization | `false` | -| `customPostInitScripts` | Custom post-init.d user scripts | `{}` | -| `smtpHost` | SMTP server host | `""` | -| `smtpPort` | SMTP server port | `""` | -| `smtpUser` | SMTP username | `""` | -| `smtpPassword` | SMTP user password | `""` | -| `smtpProtocol` | SMTP protocol | `""` | -| `existingSecret` | Name of existing secret containing Odoo credentials | `""` | -| `smtpExistingSecret` | The name of an existing secret with SMTP credentials | `""` | -| `allowEmptyPassword` | Allow the container to be started with blank passwords | `false` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraEnvVars` | Array with extra environment variables to add to the Odoo container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | - - -### Odoo deployment parameters - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------------------------------------------------------- | --------------- | -| `replicaCount` | Number of Odoo replicas to deploy | `1` | -| `updateStrategy.type` | Odoo deployment strategy type | `RollingUpdate` | -| `updateStrategy.rollingUpdate` | Odoo deployment rolling update configuration parameters | `{}` | -| `schedulerName` | Alternate scheduler | `""` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `hostAliases` | Odoo pod host aliases | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes for Odoo pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Odoo container(s) | `[]` | -| `sidecars` | Add additional sidecar containers to the Odoo pod | `[]` | -| `initContainers` | Add additional init containers to the Odoo pods | `[]` | -| `podLabels` | Extra labels for Odoo pods | `{}` | -| `podAnnotations` | Annotations for Odoo pods | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `resources.limits` | The resources limits for the Odoo container | `{}` | -| `resources.requests` | The requested resources for the Odoo container | `{}` | -| `containerPort` | Odoo HTTP container port | `8069` | -| `podSecurityContext.enabled` | Enabled Odoo pods' Security Context | `false` | -| `podSecurityContext.fsGroup` | Set Odoo pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled Odoo containers' Security Context | `false` | -| `containerSecurityContext.runAsUser` | Set Odoo container's Security Context runAsUser | `1001` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Path for to check for livenessProbe | `/` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Path to check for readinessProbe | `/` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.path` | Path to check for startupProbe | `/` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `300` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Odoo service type | `LoadBalancer` | -| `service.port` | Odoo service HTTP port | `80` | -| `service.nodePort` | Node port for HTTP | `""` | -| `service.clusterIP` | Odoo service Cluster IP | `""` | -| `service.loadBalancerIP` | Odoo service Load Balancer IP | `""` | -| `service.loadBalancerSourceRanges` | Odoo service Load Balancer sources | `[]` | -| `service.externalTrafficPolicy` | Odoo service external traffic policy | `Cluster` | -| `service.annotations` | Additional custom annotations for Odoo service | `{}` | -| `service.extraPorts` | Extra port to expose on Odoo service | `[]` | -| `ingress.enabled` | Enable ingress record generation for Odoo | `false` | -| `ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` | -| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress record | `odoo.local` | -| `ingress.path` | Default path for the ingress record | `/` | -| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` | -| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | -| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | -| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | -| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | -| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | - - -### Persistence Parameters - -| Name | Description | Value | -| --------------------------------------------- | ----------------------------------------------------------------------------------------------- | --------------- | -| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | -| `persistence.storageClass` | Persistent Volume storage class | `""` | -| `persistence.accessModes` | Persistent Volume access modes | `[]` | -| `persistence.accessMode` | Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead) | `ReadWriteOnce` | -| `persistence.size` | Persistent Volume size | `10Gi` | -| `persistence.dataSource` | Custom PVC data source | `{}` | -| `persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | -| `volumePermissions.securityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | - - -### Other Parameters - -| Name | Description | Value | -| -------------------------- | -------------------------------------------------------------- | ------- | -| `pdb.create` | Enable a Pod Disruption Budget creation | `false` | -| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `autoscaling.enabled` | Enable Horizontal POD autoscaling for Odoo | `false` | -| `autoscaling.minReplicas` | Minimum number of Odoo replicas | `1` | -| `autoscaling.maxReplicas` | Maximum number of Odoo replicas | `11` | -| `autoscaling.targetCPU` | Target CPU utilization percentage | `50` | -| `autoscaling.targetMemory` | Target Memory utilization percentage | `50` | - - -### Database Parameters - -| Name | Description | Value | -| --------------------------------------------- | --------------------------------------------------------------------------------- | --------------- | -| `postgresql.enabled` | Deploy PostgreSQL container(s) | `true` | -| `postgresql.postgresqlUsername` | PostgreSQL username | `bn_odoo` | -| `postgresql.postgresqlPassword` | PostgreSQL password | `""` | -| `postgresql.postgresqlDatabase` | PostgreSQL database | `bitnami_odoo` | -| `postgresql.existingSecret` | Name of existing secret object | `""` | -| `postgresql.persistence.enabled` | Enable PostgreSQL persistence using PVC | `true` | -| `postgresql.persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template | `""` | -| `postgresql.persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `""` | -| `postgresql.persistence.accessMode` | PVC Access Mode for PostgreSQL volume | `ReadWriteOnce` | -| `postgresql.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `externalDatabase.host` | External Database server host | `""` | -| `externalDatabase.port` | External Database server port | `5432` | -| `externalDatabase.user` | External Database username | `bn_odoo` | -| `externalDatabase.password` | External Database user password | `""` | -| `externalDatabase.database` | External Database database name | `bitnami_odoo` | -| `externalDatabase.create` | Enable PostgreSQL user and database creation (when using an external db) | `true` | -| `externalDatabase.postgresqlPostgresUser` | External Database admin username | `postgres` | -| `externalDatabase.postgresqlPostgresPassword` | External Database admin password | `""` | -| `externalDatabase.existingSecret` | Name of existing secret object | `""` | - - -The above parameters map to the env variables defined in [bitnami/odoo](http://github.com/bitnami/bitnami-docker-odoo). For more information please refer to the [bitnami/odoo](http://github.com/bitnami/bitnami-docker-odoo) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set odooPassword=password,postgresql.postgresPassword=secretpassword \ - bitnami/odoo -``` - -The above command sets the Odoo administrator account password to `password` and the PostgreSQL `postgres` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/odoo -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different Odoo version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/apps/odoo/configuration/change-image-version/). - -### Using an external database - -Sometimes you may want to have Odoo connect to an external database rather than installing one inside your cluster, e.g. to use a managed database service, or use a single database server for all your applications. To do this, the chart allows you to specify credentials for an external database under the [`externalDatabase` parameter](#parameters). You should also disable the PostgreSQL installation with the `postgresql.enabled` option. For example using the following parameters: - -```console -postgresql.enabled=false -externalDatabase.host=myexternalhost -externalDatabase.user=myuser -externalDatabase.password=mypassword -externalDatabase.port=3306 -``` - -Note also if you disable PostgreSQL per above you MUST supply values for the `externalDatabase` connection. - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as Odoo, you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami Odoo](https://github.com/bitnami/bitnami-docker-odoo) image stores the Odoo data and configurations at the `/bitnami/odoo` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### 19.0.0 - -The [Bitnami Odoo](https://github.com/bitnami/bitnami-docker-odoo) image was refactored and now the source code is published in GitHub in the [`rootfs`](https://github.com/bitnami/bitnami-docker-odoo/tree/master/14/debian-10/rootfs) folder of the container image repository. - -Upgrades from previous versions require to specify `--set volumePermissions.enabled=true` in order for all features to work properly: - -```console -$ helm upgrade odoo bitnami/odoo \ - --set odooPassword=$DISCOURSE_PASSWORD \ - --set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD \ - --set postgresql.persistence.existingClaim=$POSTGRESQL_PVC \ - --set volumePermissions.enabled=true -``` - -Full compatibility is not guaranteed due to the amount of involved changes, however no breaking changes are expected aside from the ones mentioned above. - -### To 17.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts -- This chart depends on the **PostgreSQL 10** instead of **PostgreSQL 9**. Apart from the same changes that are described in this section, there are also other major changes due to the master/slave nomenclature was replaced by primary/readReplica. [Here](https://github.com/bitnami/charts/pull/4385) you can find more information about the changes introduced - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 -- If you want to upgrade to this version from a previous one installed with Helm v3, it should be done reusing the PVC used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `odoo`): - -> NOTE: Please, create a backup of your database before running any of those actions. - -##### Export secrets and required values to update - -```console -$ export ODOO_PASSWORD=$(kubectl get secret --namespace default odoo -o jsonpath="{.data.odoo-password}" | base64 --decode) -$ export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default odoo-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) -$ export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=odoo,app.kubernetes.io/name=postgresql,role=master -o jsonpath="{.items[0].metadata.name}") -``` - -##### Delete statefulsets - -Delete the Odoo deployment and delete the PostgreSQL statefulset. Notice the option `--cascade=false` in the latter: - -``` -$ kubectl delete statefulsets.apps --cascade=false odoo-postgresql -``` - -##### Upgrade the chart release - -```console -$ helm upgrade odoo bitnami/odoo \ - --set odooPassword=$ODOO_PASSWORD \ - --set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD \ - --set postgresql.persistence.existingClaim=$POSTGRESQL_PVC -``` - -##### Force new statefulset to create a new pod for postgresql - -```console -$ kubectl delete pod odoo-postgresql-0 -``` -Finally, you should see the lines below in the PostgreSQL container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") -... -postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... -... -``` - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 18.0.0 - -This version standardizes the way of defining Ingress rules. When configuring a single hostname for the Ingress rule, set the `ingress.hostname` value. When defining more than one, set the `ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading. - -### To 16.0.0 - -In this version the application version itself was bumped to the new major, odoo 14, and the database schemas where changed. Please refer to the [upstream upgrade process documentation](https://www.odoo.com/documentation/14.0/webservices/upgrade.html) in order to upgrade from the previous version. - -### To 15.0.0 - -This major version includes two main changes: - -- Major change in the PostgreSQL subchart labeling. Check [PostgreSQL Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/postgresql#900) for more information. -- Re-labeling so as to follow Helm label best practices (see [PR 3021](https://github.com/bitnami/charts/pull/3021)) -- Adaptation to use common Bitnami chart standards. The following common elements have been included: extra volumes, extra volume mounts, common annotations and labels, pod annotations and labels, pod and container security contexts, affinity settings, node selectors, tolerations, init and sidecar containers, support for existing secrets, custom commands and arguments, extra env variables and custom liveness/readiness probes. - -As a consequence, backwards compatibility from previous versions is not guaranteed during the upgrade. To upgrade to `9.0.0`, it should be done reusing the PVCs used to hold both the PostgreSQL and Odoo data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `odoo`): - -> NOTE: Please, create a backup of your database before running any of those actions. - -- Old version is up and running - - ```console - $ helm ls - NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION - odoo default 1 2020-10-21 13:11:29.028263 +0200 CEST deployed odoo-14.0.21 13.0.20201010 - - $ kubectl get pods - NAME READY STATUS RESTARTS AGE - odoo-odoo-984f954b9-tk8t8 1/1 Running 0 16m - odoo-postgresql-0 1/1 Running 0 16m - ``` - -- Export both database and Odoo credentials in order to provide them in the update - - ```console - $ export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default odoo-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) - - $ export ODOO_PASSWORD=$(kubectl get secret --namespace default odoo-odoo -o jsonpath="{.data.odoo-password}" | base64 --decode) - ``` - -- The upgrade to the latest (`15.X.X`) version is going to fail - - ```console - $ helm upgrade odoo bitnami/odoo --set odooPassword=$ODOO_PASSWORD --set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD - Error: UPGRADE FAILED: cannot patch "odoo-odoo" with kind Deployment: Deployment.apps "odoo-odoo" is invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/instance":"odoo", "app.kubernetes.io/name":"odoo"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable - ``` - -- Delete both the statefulset and recplicaset (PostgreSQL and Odoo respectively). Notice the option `--cascade=false` for the former. - - ```console - $ kubectl delete deployment.apps/odoo-odoo - deployment.apps "odoo-odoo" deleted - - $ kubectl delete statefulset.apps/odoo-postgresql --cascade=false - statefulset.apps "odoo-postgresql" deleted - ``` - -- Now the upgrade works - - ```console - $ helm upgrade odoo bitnami/odoo --set odooPassword=$ODOO_PASSWORD --set postgresql.postgresqlPassword=$POSTGRESQL_PASSWORD - $ helm ls - NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION - odoo default 3 v2020-10-21 13:35:27.255118 +0200 CEST deployed odoo-15.0.0 13.0.20201010 - ``` - -- You can kill the existing PostgreSQL pod and the new statefulset is going to create a new one - - ```console - $ kubectl delete pod odoo-postgresql-0 - pod "odoo-postgresql-0" deleted - - $ kubectl get pods - NAME READY STATUS RESTARTS AGE - odoo-odoo-854b9cd5fb-282md 1/1 Running 0 9m12s - odoo-postgresql-0 1/1 Running 0 7m19s - ``` - -Please, note that without the --cascade=false both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the helm upgrade command - -### To 12.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17352 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is odoo: - -```console -$ kubectl patch deployment odoo-odoo --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl patch deployment odoo-postgresql --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` diff --git a/bitnami/odoo/ci/ct-values.yaml b/bitnami/odoo/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/odoo/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/odoo/ci/values-hpa-pdb.yaml b/bitnami/odoo/ci/values-hpa-pdb.yaml deleted file mode 100644 index d996388..0000000 --- a/bitnami/odoo/ci/values-hpa-pdb.yaml +++ /dev/null @@ -1,4 +0,0 @@ -autoscaling: - enabled: true -pdb: - create: true diff --git a/bitnami/odoo/templates/NOTES.txt b/bitnami/odoo/templates/NOTES.txt deleted file mode 100644 index b0614a3..0000000 --- a/bitnami/odoo/templates/NOTES.txt +++ /dev/null @@ -1,64 +0,0 @@ -{{- $secretName := include "odoo.secretName" . -}} - -******************************************************************* -*** PLEASE BE PATIENT: Odoo may take a few minutes to install *** -******************************************************************* - -{{- if .Values.ingress.enabled }} - -1. Get the Odoo URL indicated on the Ingress Rule and associate it to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - export HOSTNAME=$(kubectl get ingress --namespace {{ .Release.Namespace }} {{ template "odoo.fullname" . }} -o jsonpath='{.spec.rules[0].host}') - echo "Odoo URL: http://$HOSTNAME/" - echo "$CLUSTER_IP $HOSTNAME" | sudo tee -a /etc/hosts - -{{- else }} - -1. Get the Odoo URL by running: - -{{- if eq .Values.service.type "NodePort" }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "odoo.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "Odoo URL: http://$NODE_IP:$NODE_PORT/" - -{{- else if eq .Values.service.type "LoadBalancer" }} - -** Please ensure an external IP is associated to the {{ template "odoo.fullname" . }} service before proceeding ** -** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "odoo.fullname" . }} ** - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "odoo.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - -{{- $port:=.Values.service.port | toString }} - echo "Odoo URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" -{{- else if eq .Values.service.type "ClusterIP" }} - - echo "Odoo URL: http://127.0.0.1:8080/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "odoo.fullname" . }} 8080:{{ .Values.service.port }} - -{{- end }} -{{- end }} - -2. Obtain the login credentials - - export ODOO_EMAIL={{ .Values.odooEmail }} - {{ include "common.utils.secret.getvalue" (dict "secret" $secretName "field" "odoo-password" "context" $) }} - - echo Email : $ODOO_EMAIL - echo Password: $ODOO_PASSWORD - -{{- include "common.warnings.rollingTag" .Values.image }} - -{{- $passwordValidationErrors := list -}} -{{- if not .Values.existingSecret -}} - {{- $requiredOdooPassword := dict "valueKey" "odooPassword" "secret" $secretName "field" "odoo-password" "context" $ -}} - {{- $requiredOdooPasswordError := include "common.validations.values.single.empty" $requiredOdooPassword -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $requiredOdooPasswordError -}} -{{- end -}} - -{{- $postgresqlSecretName := include "odoo.databaseSecretName" . -}} -{{- $postgresqlPasswordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" $postgresqlSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $postgresqlPasswordValidationErrors -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/odoo/templates/_helpers.tpl b/bitnami/odoo/templates/_helpers.tpl deleted file mode 100644 index 570356d..0000000 --- a/bitnami/odoo/templates/_helpers.tpl +++ /dev/null @@ -1,137 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "odoo.name" -}} -{{- include "common.names.name" . -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "odoo.fullname" -}} -{{- include "common.names.fullname" . -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "odoo.postgresql.fullname" -}} -{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "odoo.chart" -}} -{{- include "common.names.chart" . -}} -{{- end -}} - -{{/* -Return the proper Odoo image name -*/}} -{{- define "odoo.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "odoo.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "odoo.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the Postgresql hostname -*/}} -{{- define "odoo.databaseHost" -}} -{{- if .Values.postgresql.enabled }} - {{- printf "%s" (include "odoo.postgresql.fullname" .) -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Postgresql port -*/}} -{{- define "odoo.databasePort" -}} -{{- if .Values.postgresql.enabled }} - {{- printf "5432" | quote -}} -{{- else -}} - {{- .Values.externalDatabase.port | quote -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Postgresql database name -*/}} -{{- define "odoo.databaseName" -}} -{{- if .Values.postgresql.enabled }} - {{- printf "%s" .Values.postgresql.postgresqlDatabase -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Postgresql user -*/}} -{{- define "odoo.databaseUser" -}} -{{- if .Values.postgresql.enabled }} - {{- printf "%s" .Values.postgresql.postgresqlUsername -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the PostgreSQL Secret Name -*/}} -{{- define "odoo.databaseSecretName" -}} -{{- if .Values.postgresql.enabled }} - {{- if .Values.postgresql.existingSecret }} - {{- printf "%s" .Values.postgresql.existingSecret -}} - {{- else -}} - {{- printf "%s" (include "odoo.postgresql.fullname" .) -}} - {{- end -}} -{{- else if .Values.externalDatabase.existingSecret }} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-externaldb" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Odoo credential secret name -*/}} -{{- define "odoo.secretName" -}} -{{- coalesce .Values.existingSecret (include "odoo.fullname" .) -}} -{{- end -}} - -{{/* -Return the SMTP Secret Name -*/}} -{{- define "odoo.smtpSecretName" -}} -{{- coalesce .Values.smtpExistingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* - Create the name of the service account to use - */}} -{{- define "odoo.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "odoo.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/bitnami/odoo/templates/deployment.yaml b/bitnami/odoo/templates/deployment.yaml deleted file mode 100644 index d88482e..0000000 --- a/bitnami/odoo/templates/deployment.yaml +++ /dev/null @@ -1,263 +0,0 @@ -apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "odoo.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.podAnnotations }} - annotations: - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "odoo.imagePullSecrets" . | nindent 6 }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "odoo.serviceAccountName" . }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.initContainers }} - - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "odoo.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p "/bitnami/odoo" - chown -R "odoo:root" "/bitnami/odoo" - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: odoo-data - mountPath: /bitnami/odoo - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: {{ template "odoo.fullname" . }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.containerSecurityContext.runAsUser }} - {{- end }} - image: {{ template "odoo.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} - - name: ODOO_DATABASE_HOST - value: {{ template "odoo.databaseHost" . }} - - name: ODOO_DATABASE_PORT_NUMBER - value: {{ template "odoo.databasePort" . }} - - name: ODOO_DATABASE_NAME - value: {{ template "odoo.databaseName" . }} - - name: ODOO_DATABASE_USER - value: {{ template "odoo.databaseUser" . }} - - name: ODOO_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "odoo.databaseSecretName" . | quote }} - key: "postgresql-password" - {{- if and (not .Values.postgresql.enabled) .Values.externalDatabase.create }} - - name: POSTGRESQL_CLIENT_DATABASE_HOST - value: {{ template "odoo.databaseHost" . }} - - name: POSTGRESQL_CLIENT_DATABASE_PORT_NUMBER - value: {{ template "odoo.databasePort" . }} - - name: POSTGRESQL_CLIENT_POSTGRES_USER - value: {{ .Values.externalDatabase.postgresqlPostgresUser }} - - name: POSTGRESQL_CLIENT_POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "odoo.databaseSecretName" . }} - key: "postgresql-postgres-password" - - name: POSTGRESQL_CLIENT_CREATE_DATABASE_NAME - value: {{ template "odoo.databaseName" . }} - - name: POSTGRESQL_CLIENT_CREATE_DATABASE_USERNAME - value: {{ template "odoo.databaseUser" . }} - - name: POSTGRESQL_CLIENT_CREATE_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "odoo.databaseSecretName" . }} - key: "postgresql-password" - {{- end }} - - name: ODOO_EMAIL - value: {{ .Values.odooEmail | quote }} - - name: ODOO_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "odoo.secretName" . }} - key: odoo-password - - name: ODOO_SKIP_BOOTSTRAP - value: {{ .Values.skipInstall | quote }} - - name: ODOO_LOAD_DEMO_DATA - value: {{ ternary "yes" "no" .Values.loadDemoData | quote }} - {{- if .Values.withoutDemo }} - - name: WITHOUT_DEMO - value: {{ .Values.withoutDemo | quote }} - {{- end }} - {{- if .Values.smtpHost }} - - name: ODOO_SMTP_HOST - value: {{ .Values.smtpHost | quote }} - {{- end }} - {{- if .Values.smtpPort }} - - name: ODOO_SMTP_PORT_NUMBER - value: {{ .Values.smtpPort | quote }} - {{- end }} - {{- if .Values.smtpUser }} - - name: ODOO_SMTP_USER - value: {{ .Values.smtpUser | quote }} - {{- end }} - {{- if or .Values.smtpPassword .Values.smtpExistingSecret }} - - name: ODOO_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "odoo.smtpSecretName" . }} - key: smtp-password - {{- end }} - {{- if .Values.smtpProtocol }} - - name: ODOO_SMTP_PROTOCOL - value: {{ .Values.smtpProtocol | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPort }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.startupProbe.path }} - port: http - initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.startupProbe.successThreshold }} - failureThreshold: {{ .Values.startupProbe.failureThreshold }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: odoo-data - mountPath: /bitnami/odoo - {{- if .Values.customPostInitScripts }} - - mountPath: /docker-entrypoint-init.d - name: custom-postinit - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: odoo-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "odoo.fullname" .) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.customPostInitScripts }} - - name: custom-postinit - configMap: - name: {{ printf "%s-postinit" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/odoo/templates/externaldb-secrets.yaml b/bitnami/odoo/templates/externaldb-secrets.yaml deleted file mode 100644 index 34b4883..0000000 --- a/bitnami/odoo/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if not (or .Values.postgresql.enabled .Values.externalDatabase.existingSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-externaldb" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - postgresql-password: {{ .Values.externalDatabase.password | b64enc | quote }} - postgresql-postgres-password: {{ .Values.externalDatabase.postgresqlPostgresPassword | b64enc | quote }} -{{- end }} diff --git a/bitnami/odoo/templates/extra-list.yaml b/bitnami/odoo/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/odoo/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/odoo/templates/ingress.yaml b/bitnami/odoo/templates/ingress.yaml deleted file mode 100644 index 1e6baa4..0000000 --- a/bitnami/odoo/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "odoo.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "odoo.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "odoo.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or (and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or .Values.ingress.certManager .Values.ingress.selfSigned) }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/odoo/templates/pvc.yaml b/bitnami/odoo/templates/pvc.yaml deleted file mode 100644 index 4e441f6..0000000 --- a/bitnami/odoo/templates/pvc.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "odoo.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- if not (empty .Values.persistence.accessModes) }} - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - {{- else }} - - {{ .Values.persistence.accessMode | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} - {{- if .Values.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/odoo/templates/secrets.yaml b/bitnami/odoo/templates/secrets.yaml deleted file mode 100644 index 5371129..0000000 --- a/bitnami/odoo/templates/secrets.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if or (not .Values.existingSecret) (and (not .Values.smtpExistingSecret) .Values.smtpPassword) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "odoo.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if not .Values.existingSecret }} - {{- if .Values.odooPassword }} - odoo-password: {{ .Values.odooPassword | b64enc | quote }} - {{- else }} - odoo-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- end }} - {{- if and .Values.smtpPassword (not .Values.smtpExistingSecret) }} - {{- if .Values.smtpPassword }} - smtp-password: {{ .Values.smtpPassword | b64enc | quote }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/odoo/templates/serviceaccount.yaml b/bitnami/odoo/templates/serviceaccount.yaml deleted file mode 100644 index 3452b52..0000000 --- a/bitnami/odoo/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "odoo.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -secrets: - - name: {{ include "odoo.fullname" . }} -{{- end }} - diff --git a/bitnami/odoo/templates/svc.yaml b/bitnami/odoo/templates/svc.yaml deleted file mode 100644 index b6835d9..0000000 --- a/bitnami/odoo/templates/svc.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "odoo.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - protocol: TCP - targetPort: http - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort))) }} - nodePort: {{ .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/odoo/templates/tls-secrets.yaml b/bitnami/odoo/templates/tls-secrets.yaml deleted file mode 100644 index f119315..0000000 --- a/bitnami/odoo/templates/tls-secrets.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} -{{- $ca := genCA "odoo-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/odoo/values.yaml b/bitnami/odoo/values.yaml deleted file mode 100644 index 06e49ac..0000000 --- a/bitnami/odoo/values.yaml +++ /dev/null @@ -1,643 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## Bitnami Odoo image -## ref: https://hub.docker.com/r/bitnami/odoo/tags/ -## @param image.registry Odoo image registry -## @param image.repository Odoo image repository -## @param image.tag Odoo image tag (immutable tags are recommended) -## @param image.pullPolicy Odoo image pull policy -## @param image.pullSecrets Odoo image pull secrets -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/odoo - tag: 14.0.20210910-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - -## @section Odoo Configuration parameters -## Odoo settings based on environment variables -## ref: https://github.com/bitnami/bitnami-docker-odoo#environment-variables - -## @param odooEmail Odoo user email -## ref: https://github.com/bitnami/bitnami-docker-odoo#configuration -## -odooEmail: user@example.com -## @param odooPassword Odoo user password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-odoo#configuration -## -odooPassword: "" -## @param loadDemoData Whether to load demo data for all modules during initialization -## ref: https://github.com/bitnami/bitnami-docker-odoo#configuration -## -loadDemoData: false -## @param customPostInitScripts Custom post-init.d user scripts -## ref: https://github.com/bitnami/bitnami-docker-odoo/tree/master/14.0/debian-10/rootfs/post-init.d -## NOTE: supported formats are `.sh`, `.sql` or `.php` -## NOTE: scripts are exclusively executed during the 1st boot of the container -## e.g: -## customPostInitScripts: -## enable-logs.sh: | -## #!/bin/bash -## sed -i s/;logfile/logfile/ /opt/bitnami/odoo/conf/odoo.conf -## ... -## -customPostInitScripts: {} -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-odoo/#smtp-configuration -## @param smtpHost SMTP server host -## @param smtpPort SMTP server port -## @param smtpUser SMTP username -## @param smtpPassword SMTP user password -## @param smtpProtocol SMTP protocol -## -smtpHost: "" -smtpPort: "" -smtpUser: "" -smtpPassword: "" -smtpProtocol: "" -## @param existingSecret Name of existing secret containing Odoo credentials -## NOTE: Must contain key `odoo-password` -## NOTE: When it's set, the `odooPassword` parameter is ignored -## -existingSecret: "" -## @param smtpExistingSecret The name of an existing secret with SMTP credentials -## NOTE: Must contain key `smtp-password` -## NOTE: When it's set, the `smtpPassword` parameter is ignored -## -smtpExistingSecret: "" -## @param allowEmptyPassword Allow the container to be started with blank passwords -## -allowEmptyPassword: false -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param extraEnvVars Array with extra environment variables to add to the Odoo container -## e.g: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars -## -extraEnvVarsSecret: "" - -## @section Odoo deployment parameters - -## @param replicaCount Number of Odoo replicas to deploy -## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 -## -replicaCount: 1 -## @param updateStrategy.type Odoo deployment strategy type -## @param updateStrategy.rollingUpdate Odoo deployment rolling update configuration parameters -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods -## e.g: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate - rollingUpdate: {} -## @param schedulerName Alternate scheduler -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## @param serviceAccount.create Specifies whether a ServiceAccount should be created -## @param serviceAccount.name The name of the ServiceAccount to create -## -serviceAccount: - create: true - name: "" -## @param hostAliases [array] Odoo pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param extraVolumes Optionally specify extra list of additional volumes for Odoo pods -## -extraVolumes: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Odoo container(s) -## -extraVolumeMounts: [] -## @param sidecars Add additional sidecar containers to the Odoo pod -## e.g: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @param initContainers Add additional init containers to the Odoo pods -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## e.g: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## command: ['sh', '-c', 'copy addons from git and push to /bitnami/odoo/addons. Should work with extraVolumeMounts and extraVolumes'] -## -initContainers: [] -## @param podLabels Extra labels for Odoo pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Annotations for Odoo pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## Odoo containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.limits The resources limits for the Odoo container -## @param resources.requests [object] The requested resources for the Odoo container -## -resources: - limits: {} - requests: - memory: 512Mi - cpu: 300m -## Container ports -## @param containerPort Odoo HTTP container port -## -containerPort: 8069 -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled Odoo pods' Security Context -## @param podSecurityContext.fsGroup Set Odoo pod's Security Context fsGroup -## -podSecurityContext: - enabled: false - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled Odoo containers' Security Context -## @param containerSecurityContext.runAsUser Set Odoo container's Security Context runAsUser -## -containerSecurityContext: - enabled: false - runAsUser: 1001 -## Configure extra options for Odoo containers' liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.path Path for to check for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: / - initialDelaySeconds: 600 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Path to check for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: / - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.path Path to check for startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - path: / - initialDelaySeconds: 300 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param customLivenessProbe Custom livenessProbe that overrides the default one -## -customLivenessProbe: {} -## @param customReadinessProbe Custom readinessProbe that overrides the default one -# -customReadinessProbe: {} -## @param customStartupProbe Custom startupProbe that overrides the default one -# -customStartupProbe: {} - -## @section Traffic Exposure Parameters - -## Odoo service parameters -## -service: - ## @param service.type Odoo service type - ## - type: LoadBalancer - ## @param service.port Odoo service HTTP port - ## - port: 80 - ## Node ports to expose - ## @param service.nodePort Node port for HTTP - ## NOTE: choose port between <30000-32767> - ## - nodePort: "" - ## @param service.clusterIP Odoo service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerIP Odoo service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Odoo service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy Odoo service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Additional custom annotations for Odoo service - ## - annotations: {} - ## @param service.extraPorts Extra port to expose on Odoo service - ## - extraPorts: [] - -## Configure the ingress resource that allows you to access the Odoo installation -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress record generation for Odoo - ## - enabled: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## - certManager: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress record - ## - hostname: odoo.local - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers - ## - path: / - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.tls=true` and `ingress.certManager=false` - ## - tls: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: odoo.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - odoo.local - ## secretName: odoo.local-tls - ## - extraTls: [] - ## @param ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: odoo.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] - -## @section Persistence Parameters - -## Persistence Parameters -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using Persistent Volume Claims - ## - enabled: true - ## @param persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param persistence.accessModes [array] Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param persistence.accessMode Persistent Volume access mode (DEPRECATED: use `persistence.accessModes` instead) - ## - accessMode: ReadWriteOnce - ## @param persistence.size Persistent Volume size - ## - size: 10Gi - ## @param persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param persistence.existingClaim The name of an existing PVC to use for persistence - ## - existingClaim: "" - -## 'volumePermissions' init container parameters -## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values -## based on the podSecurityContext/containerSecurityContext parameters -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` - ## - enabled: false - ## Init container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} - ## Init container Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param volumePermissions.securityContext.runAsUser Set init container's Security Context runAsUser - ## - securityContext: - runAsUser: 0 - -## @section Other Parameters - -## Odoo Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## @param pdb.create Enable a Pod Disruption Budget creation -## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled -## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable -## -pdb: - create: false - minAvailable: 1 - maxUnavailable: "" - -## Odoo Autoscaling configuration -## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ -## @param autoscaling.enabled Enable Horizontal POD autoscaling for Odoo -## @param autoscaling.minReplicas Minimum number of Odoo replicas -## @param autoscaling.maxReplicas Maximum number of Odoo replicas -## @param autoscaling.targetCPU Target CPU utilization percentage -## @param autoscaling.targetMemory Target Memory utilization percentage -## -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 11 - targetCPU: 50 - targetMemory: 50 - -## @section Database Parameters - -## PostgreSQL chart configuration -## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml -## -postgresql: - ## @param postgresql.enabled Deploy PostgreSQL container(s) - ## - enabled: true - ## @param postgresql.postgresqlUsername PostgreSQL username - ## ref: https://hub.docker.com/_/postgres/ - ## - postgresqlUsername: "bn_odoo" - ## @param postgresql.postgresqlPassword PostgreSQL password - ## ref: https://hub.docker.com/_/postgres/ - ## - postgresqlPassword: "" - ## @param postgresql.postgresqlDatabase PostgreSQL database - ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run - ## - postgresqlDatabase: bitnami_odoo - ## @param postgresql.existingSecret Name of existing secret object - ## The secret should contain the following keys: - ## postgresql-postgres-password (for root user) - ## postgresql-password (for the unprivileged user) - ## - # existingSecret: my-secret - existingSecret: "" - - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param postgresql.persistence.enabled Enable PostgreSQL persistence using PVC - ## - enabled: true - ## @param postgresql.persistence.existingClaim Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template - ## - # existingClaim: your-claim - existingClaim: "" - - ## @param postgresql.persistence.storageClass PVC Storage Class for PostgreSQL volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - storageClass: "" - ## @param postgresql.persistence.accessMode PVC Access Mode for PostgreSQL volume - ## - accessMode: ReadWriteOnce - ## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume - ## - size: 8Gi - -## External Database Configuration -## All of these values are only used when postgresql.enabled is set to false -externalDatabase: - ## @param externalDatabase.host External Database server host - ## - host: "" - ## @param externalDatabase.port External Database server port - ## - port: 5432 - ## @param externalDatabase.user External Database username - ## - user: bn_odoo - ## @param externalDatabase.password External Database user password - ## - password: "" - ## @param externalDatabase.database External Database database name - ## - database: bitnami_odoo - ## @param externalDatabase.create Enable PostgreSQL user and database creation (when using an external db) - ## If true it will add POSTGRESQL_CLIENT_* env vars to the deployment which will create the PostgreSQL user & database using the provided admin credentials - ## - create: true - ## @param externalDatabase.postgresqlPostgresUser External Database admin username - ## - postgresqlPostgresUser: "postgres" - ## @param externalDatabase.postgresqlPostgresPassword External Database admin password - ## - postgresqlPostgresPassword: "" - ## @param externalDatabase.existingSecret Name of existing secret object - ## The secret should contain the following keys: - ## postgresql-postgres-password (for root user) - ## postgresql-password (for the unprivileged user) - ## - # existingSecret: my-secret - existingSecret: "" diff --git a/bitnami/opencart/.helmignore b/bitnami/opencart/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/opencart/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/opencart/Chart.lock b/bitnami/opencart/Chart.lock deleted file mode 100644 index b30275d..0000000 --- a/bitnami/opencart/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.6.0 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:6d618e256ecb1deea43a6ed15deee9d170e1161e7f94f2b43e2c9da68cb9165d -generated: "2021-09-25T11:28:35.870565323Z" diff --git a/bitnami/opencart/Chart.yaml b/bitnami/opencart/Chart.yaml deleted file mode 100644 index f7a52d7..0000000 --- a/bitnami/opencart/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -annotations: - category: E-Commerce -apiVersion: v2 -appVersion: 3.0.3-8 -dependencies: - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: A free and open source e-commerce platform for online merchants. It provides a professional and reliable foundation for a successful online store. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/opencart -icon: https://bitnami.com/assets/stacks/opencart/img/opencart-stack-220x234.png -keywords: - - opencart - - e-commerce - - http - - web - - php -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: opencart -sources: - - https://github.com/bitnami/bitnami-docker-opencart - - https://opencart.com/ -version: 10.0.23 diff --git a/bitnami/opencart/README.md b/bitnami/opencart/README.md deleted file mode 100644 index 2479fd7..0000000 --- a/bitnami/opencart/README.md +++ /dev/null @@ -1,436 +0,0 @@ -# OpenCart - -[OpenCart](https://opencart.com/) is a free and open source e-commerce platform for online merchants. It provides a professional and reliable foundation for a successful online store. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/opencart -``` - -## Introduction - -This chart bootstraps an [OpenCart](https://github.com/bitnami/bitnami-docker-opencart) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the OpenCart application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/opencart -``` - -The command deploys OpenCart on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------------------------------------------------------------------------ | ----- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override opencart.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override opencart.fullname template | `""` | -| `commonAnnotations` | Common annotations to add to all OpenCart resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all OpenCart resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | - - -### OpenCart parameters - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------------------------------------------------------- | ----------------------- | -| `image.registry` | OpenCart image registry | `docker.io` | -| `image.repository` | OpenCart image repository | `bitnami/opencart` | -| `image.tag` | OpenCart image tag (immutable tags are recommended) | `3.0.3-8-debian-10-r28` | -| `image.pullPolicy` | OpenCart image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `replicaCount` | Number of replicas (requires ReadWriteMany PVC support) | `1` | -| `opencartSkipInstall` | Skip OpenCart installation wizard. Useful for migrations and restoring from SQL dump | `false` | -| `opencartHost` | OpenCart host to create application URLs | `""` | -| `opencartUsername` | User of the application | `user` | -| `opencartPassword` | Application password | `""` | -| `opencartEmail` | Admin email | `user@example.com` | -| `allowEmptyPassword` | Allow DB blank passwords | `true` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `extraEnvVars` | An array to add extra env vars | `[]` | -| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `extraVolumes` | Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Extra volume mounts to add to the container. Normally used with `extraVolumes`. | `[]` | -| `initContainers` | Extra init containers to add to the deployment | `[]` | -| `sidecars` | Extra sidecar containers to add to the deployment | `[]` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `existingSecret` | Name of a secret with the application password | `""` | -| `smtpHost` | SMTP host | `""` | -| `smtpPort` | SMTP port | `""` | -| `smtpUser` | SMTP user | `""` | -| `smtpPassword` | SMTP password | `""` | -| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `""` | -| `containerPorts` | Container ports | `{}` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | OpenCart Data Persistent Volume Storage Class | `""` | -| `persistence.accessMode` | PVC Access Mode for OpenCart volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for OpenCart volume | `8Gi` | -| `persistence.existingClaim` | An Existing PVC name | `""` | -| `persistence.hostPath` | Host mount path for OpenCart volume | `""` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `podSecurityContext.enabled` | Enable OpenCart pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | OpenCart pods' group ID | `1001` | -| `containerSecurityContext.enabled` | Enable OpenCart containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | OpenCart containers' Security Context | `1001` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Request path for livenessProbe | `/admin/` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Request path for readinessProbe | `/admin/` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ------------------------------- | --------------------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.nodePorts.http` | Kubernetes HTTP node port | `""` | -| `service.nodePorts.https` | Kubernetes HTTPS node port | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `ingress.enabled` | Set to true to enable ingress record generation | `false` | -| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `opencart.local` | -| `ingress.path` | The Path to Opencart. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Database parameters - -| Name | Description | Value | -| ------------------------------------------- | ---------------------------------------------------------------------------------------- | ------------------- | -| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements | `true` | -| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_opencart` | -| `mariadb.auth.username` | Database user to create | `bn_opencart` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | -| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` | -| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `externalDatabase.host` | Host of the existing database | `""` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.user` | Existing username in the external db | `bn_opencart` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_opencart` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r203` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | - - -### Metrics parameters - -| Name | Description | Value | -| --------------------------- | ---------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r4` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | -| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | - - -### Certificate injection parameters - -| Name | Description | Value | -| ---------------------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------- | -| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` | -| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` | -| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` | -| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` | -| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` | -| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/mychain.pem` | -| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` | -| `certificates.command` | Override default container command (useful when using custom images) | `[]` | -| `certificates.args` | Override default container args (useful when using custom images) | `[]` | -| `certificates.extraEnvVars` | Container sidecar extra environment variables | `[]` | -| `certificates.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `certificates.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `certificates.image.registry` | Container sidecar registry | `docker.io` | -| `certificates.image.repository` | Container sidecar image repository | `bitnami/bitnami-shell` | -| `certificates.image.tag` | Container sidecar image tag (immutable tags are recommended) | `10-debian-10-r203` | -| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` | -| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `[]` | - - -The above parameters map to the env variables defined in [bitnami/opencart](http://github.com/bitnami/bitnami-docker-opencart). For more information please refer to the [bitnami/opencart](http://github.com/bitnami/bitnami-docker-opencart) image documentation. - -> **Note**: -> -> For OpenCart to function correctly, you should specify the `opencartHost` parameter to specify the FQDN (recommended) or the public IP address of the OpenCart service. -> -> Optionally, you can specify the `opencartLoadBalancerIP` parameter to assign a reserved IP address to the OpenCart service of the chart. However please note that this feature is only available on a few cloud providers (f.e. GKE). -> -> To reserve a public IP address on GKE: -> -> ```bash -> $ gcloud compute addresses create opencart-public-ip -> ``` -> -> The reserved IP address can be associated to the OpenCart service by specifying it as the value of the `opencartLoadBalancerIP` parameter while installing the chart. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set opencartUsername=admin,opencartPassword=password,mariadb.auth.rootPassword=secretpassword \ - bitnami/opencart -``` - -The above command sets the OpenCart administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/opencart -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Image - -The `image` parameter allows specifying which image will be pulled for the chart. - -#### Private registry - -If you configure the `image` value to one in a private registry, you will need to [specify an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). - -1. Manually create image pull secret(s) in the namespace. See [this YAML example reference](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config). Consult your image registry's documentation about getting the appropriate secret. -1. Note that the `imagePullSecrets` configuration value cannot currently be passed to helm using the `--set` parameter, so you must supply these using a `values.yaml` file, such as: - -```yaml -imagePullSecrets: - - name: SECRET_NAME -``` - -1. Install the chart - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami OpenCart](https://github.com/bitnami/bitnami-docker-opencart) image stores the OpenCart data and configurations at the `/bitnami/opencart` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -### Existing PersistentVolumeClaim - -1. Create the PersistentVolume -1. Create the PersistentVolumeClaim -1. Install the chart - -```bash -$ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/prestashop -``` - -### Host path - -#### System compatibility - -- The local filesystem accessibility to a container in a pod with `hostPath` has been tested on OSX/MacOS with xhyve, and Linux with VirtualBox. -- Windows has not been tested with the supported VM drivers. Minikube does however officially support [Mounting Host Folders](https://github.com/kubernetes/minikube/blob/master/docs/host_folder_mount.md) per pod. Or you may manually sync your container whenever host files are changed with tools like [docker-sync](https://github.com/EugenMayer/docker-sync) or [docker-bg-sync](https://github.com/cweagans/docker-bg-sync). - -#### Mounting steps - -1. The specified `hostPath` directory must already exist (create one if it does not). -1. Install the chart - - ```bash - $ helm install my-release --set persistence.hostPath=/PATH/TO/HOST/MOUNT bitnami/prestashop - ``` - - This will mount the `prestashop-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch. -1. Because the container cannot control the host machine's directory permissions, you must set the PrestaShop file directory permissions yourself and disable or clear PrestaShop cache. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 10.0.0 - -This version standardizes the way of defining Ingress rules. When configuring a single hostname for the Ingress rule, set the `ingress.hostname` value. When defining more than one, set the `ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading. - -### To 9.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 8.0.0 - -**Important:** Under no circumstance should you run `helm upgrade` to `8.0.0` or you may suffer unrecoverable data loss of your site's data. - -This release includes several breaking changes which are listed below. To upgrade to `8.0.0`, we recommend to install a new OpenCart chart, and migrate your OpenCart site using the application's [Backup & Restore tool](http://docs.opencart.com/en-gb/tools/backup/). - -> NOTE: It is highly recommended to create a backup of your database before migrating your site. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x -Obtain the credentials and the name of the PVC used to hold the MariaDB data on your current release: - -```console -export OPENCART_PASSWORD=$(kubectl get secret --namespace default opencart -o jsonpath="{.data.opencart-password}" | base64 --decode) -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default opencart-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default opencart-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=opencart,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -``` - -#### New volume mount locations - -Locations for volume mounts have been changed. Now, OpenCart's persisted volume will contain the following directories: - -- `opencart`: Persisted OpenCart files -- `opencart_storage`: OpenCart storage files - -These folders will be mounted to the respective sub-paths in `/bitnami`. Before, the entire volume was mounted to `/bitnami/opencart`. - -#### Support for non-root user approach - -The [Bitnami OpenCart](https://github.com/bitnami/bitnami-docker-opencart) image was updated to support and enable the "non-root" user approach - -If you want to continue to run the container image as the `root` user, you need to set `podSecurityContext.enabled=false` and `containerSecurity.context.enabled=false`. - -This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information. - -#### MariaDB dependency update - -MariaDB dependency version was bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -### To 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17302 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is opencart: - -```console -$ kubectl patch deployment opencart-opencart --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl delete statefulset opencart-mariadb --cascade=false -``` diff --git a/bitnami/opencart/ci/ct-values.yaml b/bitnami/opencart/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/opencart/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/opencart/templates/NOTES.txt b/bitnami/opencart/templates/NOTES.txt deleted file mode 100644 index 7151c0c..0000000 --- a/bitnami/opencart/templates/NOTES.txt +++ /dev/null @@ -1,114 +0,0 @@ -{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} - -{{- if empty (include "opencart.host" .) -}} -############################################################################### -### ERROR: You did not provide an external host in your 'helm install' call ### -############################################################################### - -This deployment will be incomplete until you configure OpenCart with a resolvable -host. To configure OpenCart with the URL of your service: - -1. Get the OpenCart URL by running: - - {{- if eq .Values.service.type "NodePort" }} - - export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.spec.ports[0].nodePort}") - export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - - {{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "opencart.secretName" . }} -o jsonpath="{.data.opencart-password}" | base64 --decode) - export DATABASE_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "opencart.databaseSecretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) - {{- end }} - export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "opencart.databaseSecretName" . }} -o jsonpath="{.data.mariadb-password}" | base64 --decode) - -2. Complete your OpenCart deployment by running: - -{{- if .Values.mariadb.enabled }} - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set opencartHost=$APP_HOST,opencartPassword=$APP_PASSWORD,mariadb.auth.rootPassword=$DATABASE_ROOT_PASSWORD,mariadb.auth.password=$APP_DATABASE_PASSWORD{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- else }} - - ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set opencartPassword=$APP_PASSWORD,opencartHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.host) }},externalDatabase.host={{ .Values.externalDatabase.host }}{{- end }}{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }}{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- end }} - -{{- else -}} -1. Get the OpenCart URL by running: - -{{- if eq .Values.service.type "ClusterIP" }} - - echo "Store URL: http://127.0.0.1:8080/" - echo "Admin URL: http://127.0.0.1:8080/admin" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }} - -{{- else }} - -{{- $port:=.Values.service.port | toString }} - - echo "Store URL: http://{{ include "opencart.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - echo "Admin URL: http://{{ include "opencart.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/admin" - -{{- end }} - -2. Get your OpenCart login credentials by running: - - echo Admin Username: {{ .Values.opencartUsername }} - echo Admin Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "opencart.secretName" . }} -o jsonpath="{.data.opencart-password}" | base64 --decode) -{{- end }} - -{{- else -}} - -######################################################################################## -### ERROR: You did not provide an external database host in your 'helm install' call ### -######################################################################################## - -This deployment will be incomplete until you configure OpenCart with a resolvable database -host. To configure OpenCart to use and external database host: - - -1. Complete your OpenCart deployment by running: - -{{- if eq .Values.service.type "NodePort" }} - export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") -{{- else }} - - export APP_HOST=127.0.0.1 -{{- end }} - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "opencart.secretName" . }} -o jsonpath="{.data.opencart-password}" | base64 --decode) - - ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set opencartPassword=$APP_PASSWORD,opencartHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} - -{{- $passwordValidationErrors := list -}} -{{- if not .Values.existingSecret -}} - {{- $secretName := include "opencart.secretName" . -}} - {{- $requiredOpencartPassword := dict "valueKey" "opencartPassword" "secret" $secretName "field" "opencart-password" "context" $ -}} - {{- $requiredOpencartPasswordError := include "common.validations.values.single.empty" $requiredOpencartPassword -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $requiredOpencartPasswordError -}} -{{- end -}} - -{{- $mariadbSecretName := include "opencart.databaseSecretName" . -}} -{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/opencart/templates/_helpers.tpl b/bitnami/opencart/templates/_helpers.tpl deleted file mode 100644 index 153ac68..0000000 --- a/bitnami/opencart/templates/_helpers.tpl +++ /dev/null @@ -1,144 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "opencart.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Get the user defined LoadBalancerIP for this release. -Note, returns 127.0.0.1 if using ClusterIP. -*/}} -{{- define "opencart.serviceIP" -}} -{{- if eq .Values.service.type "ClusterIP" -}} -127.0.0.1 -{{- else -}} -{{- .Values.service.loadBalancerIP | default "" -}} -{{- end -}} -{{- end -}} - -{{/* -Gets the host to be used for this application. -If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty. -When using Ingress, it will be set to the Ingress hostname. -*/}} -{{- define "opencart.host" -}} -{{- if .Values.ingress.enabled }} -{{- $host := .Values.ingress.hostname | default "" -}} -{{- default (include "opencart.serviceIP" .) $host -}} -{{- else -}} -{{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}} -{{- default (include "opencart.serviceIP" .) $host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper certificate image name -*/}} -{{- define "certificates.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper OpenCart image name -*/}} -{{- define "opencart.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "opencart.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "opencart.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "opencart.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "opencart.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -OpenCart credential secret name -*/}} -{{- define "opencart.secretName" -}} -{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "opencart.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "opencart.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "opencart.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "opencart.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "opencart.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "opencart.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "opencart.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "opencart.mariadb.fullname" .) -}} -{{- else if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/opencart/templates/deployment.yaml b/bitnami/opencart/templates/deployment.yaml deleted file mode 100644 index 9808bb7..0000000 --- a/bitnami/opencart/templates/deployment.yaml +++ /dev/null @@ -1,308 +0,0 @@ -{{- if include "opencart.host" . -}} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - {{- toYaml .Values.podAnnotations | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- toYaml .Values.metrics.podAnnotations | nindent 8 }} - {{- end }} - spec: - {{- include "opencart.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "opencart.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p "/bitnami/opencart" "/bitnami/opencart_storage" - chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/opencart" "/bitnami/opencart_storage" - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: opencart-data - mountPath: /bitnami/opencart - subPath: opencart - - name: opencart-data - mountPath: /bitnami/opencart_storage - subPath: opencart_storage - {{- end }} - {{- if .Values.certificates.customCAs }} - - name: certificates - image: {{ template "certificates.image" . }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }} - imagePullSecrets: - {{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }} - - name: {{ . }} - {{- end }} - command: - {{- if .Values.certificates.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }} - {{- else if .Values.certificates.customCertificate.certificateSecret }} - - sh - - -c - - install_packages ca-certificates openssl - {{- else }} - - sh - - -c - - install_packages ca-certificates openssl - && openssl req -new -x509 -days 3650 -nodes -sha256 - -subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)" - -out /etc/ssl/certs/ssl-cert-snakeoil.pem - -keyout /etc/ssl/private/ssl-cert-snakeoil.key -extensions v3_req - {{- end }} - {{- if .Values.certificates.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }} - {{- end }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }} - envFrom: - {{- if .Values.certificates.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.certificates.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }} - {{- end }} - volumeMounts: - - name: etc-ssl-certs - mountPath: /etc/ssl/certs - readOnly: false - - name: etc-ssl-private - mountPath: /etc/ssl/private - readOnly: false - - name: custom-ca-certificates - mountPath: /usr/local/share/ca-certificates - readOnly: true - {{- end }} - containers: - - name: {{ include "common.names.fullname" . }} - image: {{ template "opencart.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} - - name: APACHE_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: APACHE_HTTPS_PORT_NUMBER - value: {{ .Values.containerPorts.https | quote }} - - name: OPENCART_DATABASE_HOST - value: {{ include "opencart.databaseHost" . | quote }} - - name: OPENCART_DATABASE_PORT_NUMBER - value: {{ include "opencart.databasePort" . | quote }} - - name: OPENCART_DATABASE_NAME - value: {{ include "opencart.databaseName" . | quote }} - - name: OPENCART_DATABASE_USER - value: {{ include "opencart.databaseUser" . | quote }} - - name: OPENCART_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "opencart.databaseSecretName" . }} - key: mariadb-password - - name: OPENCART_SKIP_BOOTSTRAP - value: {{ ternary "yes" "no" .Values.opencartSkipInstall | quote }} - {{- $port:=.Values.service.port | toString }} - - name: OPENCART_HOST - value: "{{ include "opencart.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}" - - name: OPENCART_USERNAME - value: {{ .Values.opencartUsername | quote }} - - name: OPENCART_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: opencart-password - - name: OPENCART_EMAIL - value: {{ .Values.opencartEmail | quote }} - {{- if .Values.smtpHost }} - - name: SMTP_HOST - value: {{ .Values.smtpHost | quote }} - {{- end }} - {{- if .Values.smtpPort }} - - name: SMTP_PORT - value: {{ .Values.smtpPort | quote }} - {{- end }} - {{- if .Values.smtpUser }} - - name: SMTP_USER - value: {{ .Values.smtpUser | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: smtp-password - {{- end }} - {{- if .Values.smtpProtocol }} - - name: SMTP_PROTOCOL - value: {{ .Values.smtpProtocol | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - httpHeaders: - - name: Host - value: {{ include "opencart.host" . | quote }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - httpHeaders: - - name: Host - value: {{ include "opencart.host" . | quote }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: opencart-data - mountPath: /bitnami/opencart - subPath: opencart - - name: opencart-data - mountPath: /bitnami/opencart_storage - subPath: opencart_storage - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "opencart.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto' ] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: opencart-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (printf "%s-opencart" (include "common.names.fullname" .)) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end -}} diff --git a/bitnami/opencart/templates/externaldb-secrets.yaml b/bitnami/opencart/templates/externaldb-secrets.yaml deleted file mode 100644 index b895357..0000000 --- a/bitnami/opencart/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if not .Values.mariadb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ include "common.names.fullname" . }}-externaldb" - labels: {{- include "common.labels.standard" . | nindent 4 }} -type: Opaque -data: - mariadb-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/opencart/templates/extra-list.yaml b/bitnami/opencart/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/opencart/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/opencart/templates/ingress.yaml b/bitnami/opencart/templates/ingress.yaml deleted file mode 100644 index 145b9d6..0000000 --- a/bitnami/opencart/templates/ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/opencart/templates/pv.yaml b/bitnami/opencart/templates/pv.yaml deleted file mode 100644 index 3aabb57..0000000 --- a/bitnami/opencart/templates/pv.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "common.names.fullname" . }}-opencart - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - capacity: - storage: {{ .Values.persistence.size | quote }} - hostPath: - path: {{ .Values.persistence.hostPath | quote }} -{{- end -}} diff --git a/bitnami/opencart/templates/pvc.yaml b/bitnami/opencart/templates/pvc.yaml deleted file mode 100644 index 52930f7..0000000 --- a/bitnami/opencart/templates/pvc.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and (include "opencart.host" .) .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }}-opencart - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.persistence.hostPath }} - storageClassName: "" - {{- end }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "opencart.storageClass" . | nindent 2 }} -{{- end -}} diff --git a/bitnami/opencart/templates/secrets.yaml b/bitnami/opencart/templates/secrets.yaml deleted file mode 100644 index 83b8366..0000000 --- a/bitnami/opencart/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.opencartPassword }} - opencart-password: {{ default "" .Values.opencartPassword | b64enc | quote }} - {{- else }} - opencart-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - smtp-password: {{ .Values.smtpPassword | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/bitnami/opencart/templates/svc.yaml b/bitnami/opencart/templates/svc.yaml deleted file mode 100644 index a680ddf..0000000 --- a/bitnami/opencart/templates/svc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: https - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/opencart/templates/tls-secrets.yaml b/bitnami/opencart/templates/tls-secrets.yaml deleted file mode 100644 index 36742a9..0000000 --- a/bitnami/opencart/templates/tls-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} -{{- end }} -{{- end }} diff --git a/bitnami/opencart/values.yaml b/bitnami/opencart/values.yaml deleted file mode 100644 index cde84af..0000000 --- a/bitnami/opencart/values.yaml +++ /dev/null @@ -1,666 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override opencart.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override opencart.fullname template -## -fullnameOverride: "" -## @param commonAnnotations Common annotations to add to all OpenCart resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels Common labels to add to all OpenCart resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) -## -extraDeploy: [] - -## @section OpenCart parameters - -## Bitnami OpenCart image version -## ref: https://hub.docker.com/r/bitnami/opencart/tags/ -## @param image.registry OpenCart image registry -## @param image.repository OpenCart image repository -## @param image.tag OpenCart image tag (immutable tags are recommended) -## @param image.pullPolicy OpenCart image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/opencart - tag: 3.0.3-8-debian-10-r28 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param hostAliases [array] Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - ## Necessary for apache-exporter to work - ## - - ip: "127.0.0.1" - hostnames: - - "status.localhost" -## @param replicaCount Number of replicas (requires ReadWriteMany PVC support) -## -replicaCount: 1 -## @param opencartSkipInstall Skip OpenCart installation wizard. Useful for migrations and restoring from SQL dump -## ref: https://github.com/bitnami/bitnami-docker-opencart#configuration -## -opencartSkipInstall: false -## @param opencartHost OpenCart host to create application URLs -## ref: https://github.com/bitnami/bitnami-docker-opencart#configuration -## -opencartHost: "" -## @param opencartUsername User of the application -## ref: https://github.com/bitnami/bitnami-docker-opencart#configuration -## -opencartUsername: user -## @param opencartPassword Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-opencart#configuration -## -opencartPassword: "" -## @param opencartEmail Admin email -## ref: https://github.com/bitnami/bitnami-docker-opencart#configuration -## -opencartEmail: user@example.com -## @param allowEmptyPassword Allow DB blank passwords -## ref: https://github.com/bitnami/bitnami-docker-opencart#environment-variables -## -allowEmptyPassword: true -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate -## @param extraEnvVars An array to add extra env vars -## For example: -## - name: BEARER_AUTH -## value: true -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap with extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret with extra environment variables -## -extraEnvVarsSecret: "" -## @param extraVolumes Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Extra volume mounts to add to the container. Normally used with `extraVolumes`. -## -extraVolumeMounts: [] -## @param initContainers Extra init containers to add to the deployment -## -initContainers: [] -## @param sidecars Extra sidecar containers to add to the deployment -## -sidecars: [] -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param existingSecret Name of a secret with the application password -## -existingSecret: "" -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-opencart/#smtp-configuration -## @param smtpHost SMTP host -## @param smtpPort SMTP port -## @param smtpUser SMTP user -## @param smtpPassword SMTP password -## @param smtpProtocol SMTP Protocol (options: ssl,tls, nil) -## -smtpHost: "" -smtpPort: "" -smtpUser: "" -smtpPassword: "" -smtpProtocol: "" -## @param containerPorts [object] Container ports -## -containerPorts: - http: 8080 - https: 8443 -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.storageClass OpenCart Data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - ## @param persistence.accessMode PVC Access Mode for OpenCart volume - ## - accessMode: ReadWriteOnce - ## @param persistence.size PVC Storage Request for OpenCart volume - ## - size: 8Gi - ## @param persistence.existingClaim An Existing PVC name - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - ## @param persistence.hostPath Host mount path for OpenCart volume - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.requests [object] The requested resources for the container -## -resources: - requests: - memory: 512Mi - cpu: 300m -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable OpenCart pods' Security Context -## @param podSecurityContext.fsGroup OpenCart pods' group ID -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable OpenCart containers' Security Context -## @param containerSecurityContext.runAsUser OpenCart containers' Security Context -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.path Request path for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: /admin/ - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Request path for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: /admin/ - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 6 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup -## -lifecycleHooks: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Add additional labels to the pod (evaluated as a template) -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## @section Traffic Exposure Parameters - -## Kubernetes configuration -## For minikube, set this to NodePort, elsewhere use LoadBalancer -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 80 - ## @param service.httpsPort Service HTTPS port - ## - httpsPort: 443 - ## clusterIP: "" - ## Control hosts connecting to "LoadBalancer" only - ## loadBalancerSourceRanges: - ## - 0.0.0.0/0 - ## loadBalancerIP for the OpenCart Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## loadBalancerIP: - ## @param service.nodePorts.http Kubernetes HTTP node port - ## @param service.nodePorts.https Kubernetes HTTPS node port - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/user-guide/services/ - ## - sessionAffinity: "None" -## Configure the ingress resource that allows you to access the -## Opencart installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Set to true to enable ingress record generation - ## - enabled: false - ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: opencart.local - ## @param ingress.path The Path to Opencart. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: opencart.local - ## path: / - ## - ## The tls configuration for the ingress - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - opencart.local - ## secretName: opencart.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: opencart.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Database parameters - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements - ## To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication` - ## - architecture: standalone - ## MariaDB Authentication parameters - ## - auth: - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param mariadb.auth.database Database name to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - database: bitnami_opencart - ## @param mariadb.auth.username Database user to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: bn_opencart - ## @param mariadb.auth.password Password for the database - ## - password: "" - primary: - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## - enabled: true - ## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param mariadb.primary.persistence.accessModes Database Persistent Volume Access Modes - ## - accessModes: - - ReadWriteOnce - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## - size: 8Gi - ## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production) - ## - hostPath: "" - ## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas - ## - existingClaim: "" -## External database configuration -## -externalDatabase: - ## @param externalDatabase.host Host of the existing database - ## - host: "" - ## @param externalDatabase.port Port of the existing database - ## - port: 3306 - ## @param externalDatabase.user Existing username in the external db - ## - user: bn_opencart - ## @param externalDatabase.password Password for the above username - ## - password: "" - ## @param externalDatabase.database Name of the existing database - ## - database: bitnami_opencart - -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r203 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - -## @section Metrics parameters - -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Apache exporter image registry - ## @param metrics.image.repository Apache exporter image repository - ## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.1-debian-10-r4 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.resources Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## @param metrics.podAnnotations [object] Metrics exporter pod Annotation and Labels - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" - -## @section Certificate injection parameters - -## Add custom certificates and certificate authorities to OpenCart container -## -certificates: - ## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add - ## @param certificates.customCertificate.chainSecret.name Name of the secret containing the certificate chain - ## @param certificates.customCertificate.chainSecret.key Key of the certificate chain file inside the secret - ## @param certificates.customCertificate.certificateLocation Location in the container to store the certificate - ## @param certificates.customCertificate.keyLocation Location in the container to store the private key - ## @param certificates.customCertificate.chainLocation Location in the container to store the certificate chain - ## - customCertificate: - certificateSecret: "" - chainSecret: - name: "" - key: "" - certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem - keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key - chainLocation: /etc/ssl/certs/mychain.pem - ## @param certificates.customCAs Defines a list of secrets to import into the container trust store - ## - customCAs: [] - ## @param certificates.command Override default container command (useful when using custom images) - ## - command: [] - ## @param certificates.args Override default container args (useful when using custom images) - ## e.g: - ## - secret: custom-CA - ## - secret: more-custom-CAs - ## - args: [] - ## @param certificates.extraEnvVars Container sidecar extra environment variables - ## - extraEnvVars: [] - ## @param certificates.extraEnvVarsCM ConfigMap with extra environment variables - ## - extraEnvVarsCM: "" - ## @param certificates.extraEnvVarsSecret Secret with extra environment variables - ## - extraEnvVarsSecret: "" - ## @param certificates.image.registry Container sidecar registry - ## @param certificates.image.repository Container sidecar image repository - ## @param certificates.image.tag Container sidecar image tag (immutable tags are recommended) - ## @param certificates.image.pullPolicy Container sidecar image pull policy - ## @param certificates.image.pullSecrets Container sidecar image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r203 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] diff --git a/bitnami/orangehrm/.helmignore b/bitnami/orangehrm/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/orangehrm/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/orangehrm/Chart.lock b/bitnami/orangehrm/Chart.lock deleted file mode 100644 index 29ae35e..0000000 --- a/bitnami/orangehrm/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.6.0 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:6d618e256ecb1deea43a6ed15deee9d170e1161e7f94f2b43e2c9da68cb9165d -generated: "2021-09-24T21:08:19.613230561Z" diff --git a/bitnami/orangehrm/Chart.yaml b/bitnami/orangehrm/Chart.yaml deleted file mode 100644 index 53fee1d..0000000 --- a/bitnami/orangehrm/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -annotations: - category: HumanResourceManagement -apiVersion: v2 -appVersion: 4.8.0-0 -dependencies: - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: OrangeHRM is a free HR management system that offers a wealth of modules to suit the needs of your business. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/orangehrm -icon: https://bitnami.com/assets/stacks/orangehrm/img/orangehrm-stack-220x234.png -keywords: - - orangehrm - - http - - https - - web - - application - - php - - human resources -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: orangehrm -sources: - - https://github.com/bitnami/bitnami-docker-orangehrm - - https://www.orangehrm.com -version: 10.1.20 diff --git a/bitnami/orangehrm/README.md b/bitnami/orangehrm/README.md deleted file mode 100644 index af57af5..0000000 --- a/bitnami/orangehrm/README.md +++ /dev/null @@ -1,509 +0,0 @@ -# OrangeHRM - -[OrangeHRM](https://www.orangehrm.com) is a free HR management system that offers a wealth of modules to suit the needs of your business. This widely-used system is feature-rich, intuitive and provides an essential HR management platform along with free documentation and access to a broad community of users. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/orangehrm -``` - -## Introduction - -This chart bootstraps a [OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the OrangeHRM application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/orangehrm -``` - -The command deploys OrangeHRM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------------------------------------------------------------------------- | ----- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override orangehrm.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override orangehrm.fullname template | `""` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | -| `commonAnnotations` | Common annotations to add to all OrangeHRM resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all OrangeHRM resources (sub-charts are not considered). Evaluated as a template | `{}` | - - -### OrangeHRM parameters - -| Name | Description | Value | -| ------------------------------------ | -------------------------------------------------------------------------------------------- | ------------------------ | -| `image.registry` | OrangeHRM image registry | `docker.io` | -| `image.repository` | OrangeHRM image repository | `bitnami/orangehrm` | -| `image.tag` | OrangeHRM Image tag (immutable tags are recommended) | `4.8.0-0-debian-10-r167` | -| `image.pullPolicy` | OrangeHRM image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `replicaCount` | Number of OrangeHRM Pods to run (requires ReadWriteMany PVC support) | `1` | -| `orangehrmSkipInstall` | Skip OrangeHRM installation wizard. Useful for migrations and restoring from SQL dump | `false` | -| `orangehrmUsername` | User of the application | `admin` | -| `orangehrmPassword` | Application password | `""` | -| `orangehrmEnforcePasswordStrength` | Whether the OrangeHRM password validation should use strong or medium level | `true` | -| `allowEmptyPassword` | Allow DB blank passwords | `true` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `extraEnvVars` | An array to add extra env vars | `[]` | -| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `extraVolumes` | Array of extra volumes to be added to the deployment. Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Array of extra volume mounts to be added to the container. Normally used with `extraVolumes` | `[]` | -| `initContainers` | Extra init containers to add to the deployment | `[]` | -| `sidecars` | Extra sidecar containers to add to the deployment | `[]` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `existingSecret` | Use existing secret for the application password | `""` | -| `smtpHost` | SMTP host | `""` | -| `smtpPort` | SMTP port | `""` | -| `smtpUser` | SMTP user | `""` | -| `smtpPassword` | SMTP password. Ignored if `smtpExistingSecret` is set | `""` | -| `smtpProtocol` | SMTP Protocol (options: ssl, none) | `""` | -| `smtpExistingSecret` | Use an existing secret for the SMTP Password | `""` | -| `containerPorts` | Container ports | `{}` | -| `sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | OrangeHRM Data Persistent Volume Storage Class | `""` | -| `persistence.accessMode` | PVC Access Mode for OrangeHRM volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for OrangeHRM volume | `8Gi` | -| `persistence.existingClaim` | A manually managed Persistent Volume Claim | `""` | -| `persistence.hostPath` | If defined, the orangehrm-data volume will mount to the specified hostPath | `""` | -| `persistence.subPath` | volumeMount subPath, use it for compatibility with previous versions of the chart | `orangehrm` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `podSecurityContext.enabled` | Enable OrangeHRM pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | OrangeHRM pods' group ID | `1001` | -| `containerSecurityContext.enabled` | Enable OrangeHRM containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | OrangeHRM containers' Security Context | `1001` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Request path for livenessProbe | `/symfony/web/index.php` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Request path for readinessProbe | `/symfony/web/index.php` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `lifecycleHooks` | LifecycleHooks for the container to automate configuration before or after startup | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Pod extra labels | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | ---------------------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.httpsTargetPort` | Service Target HTTPS port | `https` | -| `service.clusterIP` | OrangeHRM service cluster IP | `""` | -| `service.loadBalancerSourceRanges` | Control hosts connecting to "LoadBalancer" only | `[]` | -| `service.loadBalancerIP` | Load balancer IP for the OrangeHRM Service (optional, cloud specific) | `""` | -| `service.nodePorts.http` | Kubernetes HTTP node port | `""` | -| `service.nodePorts.https` | Kubernetes HTTPS node port | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.annotations` | Provide any additional annotations that may be required (evaluated as a template) | `{}` | -| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | -| `ingress.enabled` | Set to true to enable ingress record generation | `false` | -| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `orangehrm.local` | -| `ingress.path` | The Path to OrangeHRM. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Database parameters - -| Name | Description | Value | -| ------------------------------------------- | ---------------------------------------------------------------------------------------- | ------------------- | -| `mariadb.enabled` | Whether to deploy a MariaDB server to satisfy the applications database requirements | `true` | -| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_orangehrm` | -| `mariadb.auth.username` | Database user to create | `bn_orangehrm` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | -| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` | -| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `externalDatabase.host` | Host of the existing database | `""` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.user` | Existing username in the external db | `bn_orangehrm` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_orangehrm` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r202` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | - - -### Metrics parameters - -| Name | Description | Value | -| --------------------------- | ---------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r4` | -| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | -| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | - - -### Certificate injection parameters - -| Name | Description | Value | -| ---------------------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------- | -| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` | -| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` | -| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` | -| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` | -| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` | -| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/mychain.pem` | -| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` | -| `certificates.command` | Override default container command (useful when using custom images) | `[]` | -| `certificates.args` | Override default container args (useful when using custom images) | `[]` | -| `certificates.extraEnvVars` | Container sidecar extra environment variables | `[]` | -| `certificates.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `certificates.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `certificates.image.registry` | Container sidecar registry | `docker.io` | -| `certificates.image.repository` | Container sidecar image repository | `bitnami/bitnami-shell` | -| `certificates.image.tag` | Container sidecar image tag (immutable tags are recommended) | `10-debian-10-r202` | -| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` | -| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `[]` | - - -The above parameters map to the env variables defined in [bitnami/orangehrm](http://github.com/bitnami/bitnami-docker-orangehrm). For more information please refer to the [bitnami/orangehrm](http://github.com/bitnami/bitnami-docker-orangehrm) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set orangehrmUsername=admin,orangehrmPassword=password,mariadb.auth.rootPassword=secretpassword \ - bitnami/orangehrm -``` - -The above command sets the OrangeHRM administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/orangehrm -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Image - -The `image` parameter allows specifying which image will be pulled for the chart. - -#### Private registry - -If you configure the `image` value to one in a private registry, you will need to [specify an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). - -1. Manually create image pull secret(s) in the namespace. See [this YAML example reference](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config). Consult your image registry's documentation about getting the appropriate secret. -1. Note that the `imagePullSecrets` configuration value cannot currently be passed to helm using the `--set` parameter, so you must supply these using a `values.yaml` file, such as: - -```yaml -imagePullSecrets: - - name: SECRET_NAME -``` - -1. Install the chart - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -### TLS Secrets - -This chart will facilitate the creation of TLS secrets for use with the ingress controller, however, this is not required. There are three common use cases: - -- Helm generates/manages certificate secrets -- User generates/manages certificates separately -- An additional tool (like [kube-lego](https://kubeapps.com/charts/stable/kube-lego)) manages the secrets for the application - -In the first two cases, one will need a certificate and a key. We would expect them to look like this: - -- certificate files should look like (and there can be more than one certificate if there is a certificate chain) - -```console ------BEGIN CERTIFICATE----- -MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV -... -jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 ------END CERTIFICATE----- -``` - -- keys should look like: - -```console ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 -... -wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= ------END RSA PRIVATE KEY----- -``` - -If you are going to use Helm to manage the certificates, please copy these values into the `certificate` and `key` values for a given `ingress.secrets` entry. - -If you are going to manage TLS secrets outside of Helm, please know that you can create a TLS secret (named `orangehrm.local-tls` for example). - -Please see [this example](https://github.com/kubernetes/contrib/tree/master/ingress/controllers/nginx/examples/tls) for more information. - -### Ingress-terminated https - -In cases where HTTPS/TLS is terminated on the ingress, you may run into an issue where non-https liveness and readiness probes result in a 302 (redirect from HTTP to HTTPS) and are interpreted by Kubernetes as not-live/not-ready. (See [Kubernetes issue #47893 on GitHub](https://github.com/kubernetes/kubernetes/issues/47893) for further details about 302 _not_ being interpreted as "successful".) To work around this problem, use `livenessProbeHeaders` and `readinessProbeHeaders` to pass the same headers that your ingress would pass in order to get an HTTP 200 status result. For example (where the following is in a `--values`-referenced file): - -```yaml -livenessProbeHeaders: - - name: X-Forwarded-Proto - value: https -readinessProbeHeaders: - - name: X-Forwarded-Proto - value: https -``` - -Any number of name/value pairs may be specified; they are all copied into the liveness or readiness probe definition. - -## Persistence - -The [Bitnami OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) image stores the OrangeHRM configurations at the `/bitnami/orangehrm` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -### Existing PersistentVolumeClaim - -1. Create the PersistentVolume -1. Create the PersistentVolumeClaim -1. Install the chart - -```bash -$ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/orangehrm -``` - -### Host path - -#### System compatibility - -- The local filesystem accessibility to a container in a pod with `hostPath` has been tested on OSX/MacOS with xhyve, and Linux with VirtualBox. -- Windows has not been tested with the supported VM drivers. Minikube does however officially support [Mounting Host Folders](https://github.com/kubernetes/minikube/blob/master/docs/host_folder_mount.md) per pod. Or you may manually sync your container whenever host files are changed with tools like [docker-sync](https://github.com/EugenMayer/docker-sync) or [docker-bg-sync](https://github.com/cweagans/docker-bg-sync). - -#### Mounting steps - -1. The specified `hostPath` directory must already exist (create one if it does not). -1. Install the chart - - ```bash - $ helm install my-release --set persistence.hostPath=/PATH/TO/HOST/MOUNT bitnami/orangehrm - ``` - - This will mount the `orangehrm-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch. -1. Because the container cannot control the host machine's directory permissions, you must set the OrangeHRM file directory permissions yourself and disable or clear OrangeHRM cache. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 10.0.0 - -This version standardizes the way of defining Ingress rules. When configuring a single hostname for the Ingress rule, set the `ingress.hostname` value. When defining more than one, set the `ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading. - -### To 9.0.0 - -The [Bitnami OrangeHRM](https://github.com/bitnami/bitnami-docker-orangehrm) image was updated to support and enable the "non-root" user approach - -If you want to continue to run the container image as the `root` user, you need to set `podSecurityContext.enabled=false` and `containerSecurity.context.enabled=false`. - -This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information. - -To upgrade from `8.x.x`, backup OrangeHRM data and the previous MariaDB databases, install a new OrangeHRM chart and import the backups and data, ensuring the `1001` user has the appropriate permissions on the migrated volume. As an alternative, you can use `helm upgrade` if you specify `volumePermissions.enabled=true` and `persistence.subPath=""`. - -### To 8.0.0 - -In this major there were two main changes introduced: - -1. Adaptation to Helm v2 EOL -2. Updated MariaDB dependency version - -Please read the update notes carefully. - -**1. Adaptation to Helm v2 EOL** - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -**2. Updated MariaDB dependency version** - -In this major the MariaDB dependency version was also bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -To upgrade to `8.0.0`, it should be done reusing the PVCs used to hold both the MariaDB and OrangeHRM data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `orangehrm`): - -> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x - -Obtain the credentials and the names of the PVCs used to hold both the MariaDB and OrangeHRM data on your current release: - -```console -export ORANGEHRM_PASSWORD=$(kubectl get secret --namespace default orangehrm -o jsonpath="{.data.orangehrm-password}" | base64 --decode) -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default orangehrm-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default orangehrm-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=orangehrm -o jsonpath="{.items[0].metadata.name}") -``` - -Delete the OrangeHRM deployment and delete the MariaDB statefulset. Notice the option `--cascade=false` in the latter. - - ```console - $ kubectl delete deployments.apps orangehrm - - $ kubectl delete statefulsets.apps orangehrm-mariadb --cascade=false - ``` - -Now the upgrade works: - -```console -$ helm upgrade orangehrm bitnami/orangehrm --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set orangehrmPassword=$ORANGEHRM_PASSWORD -``` - -You will have to delete the existing MariaDB pod and the new statefulset is going to create a new one - - ```console - $ kubectl delete pod osclass-mariadb-0 - ``` - -Finally, you should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=orangehrm,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` - -### To 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In this version the `apiVersion` of the deployment resources is updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is orangehrm: - -```console -$ kubectl patch deployment orangehrm-orangehrm --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl delete statefulset orangehrm-mariadb --cascade=false -``` diff --git a/bitnami/orangehrm/ci/ct-values.yaml b/bitnami/orangehrm/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/orangehrm/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/orangehrm/templates/NOTES.txt b/bitnami/orangehrm/templates/NOTES.txt deleted file mode 100644 index d15d9a4..0000000 --- a/bitnami/orangehrm/templates/NOTES.txt +++ /dev/null @@ -1,75 +0,0 @@ -{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} -** Please be patient while the chart is being deployed ** -{{- if and .Values.ingress.enabled (ne .Values.service.type "ClusterIP") }} -** Notice : Usually with ingress the service.type should be set to ClusterIP, which is not the case to this deployment! ** -{{- end }} - -1. Access you OrangeHRM instance with: - -{{- if .Values.ingress.enabled }} - {{ if .Values.ingress.tls }} - - https://{{ .Values.ingress.hostname }} - {{- else }} - - https://{{ .Values.ingress.hostname }} - {{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "OrangeHRM URL: http://$NODE_IP:$NODE_PORT/" - -{{- else if contains "LoadBalancer" .Values.service.type }} - -** Please ensure an external IP is associated to the {{ template "common.names.fullname" . }} service before proceeding ** -** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }} ** - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - -{{- $port:=.Values.service.port | toString }} - echo "OrangeHRM URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 8080:{{ .Values.service.port }} - echo "OrangeHRM URL: http://127.0.0.1:8080/" - -{{- end }} - -2. Login with the following credentials - - echo Username: {{ .Values.orangehrmUsername }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "orangehrm.secretName" . }} -o jsonpath="{.data.orangehrm-password}" | base64 --decode) - -{{- else -}} - -######################################################################################## -### ERROR: You did not provide an external database host in your 'helm install' call ### -######################################################################################## - -This deployment will be incomplete until you configure OrangeHRM with a resolvable database -host. To configure OrangeHRM to use and external database host: - -1. Complete your OrangeHRM deployment by running: - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} --set service.type={{ .Values.service.type }},mariadb.enabled=false,externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST bitnami/orangehrm - -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} - -{{- $passwordValidationErrors := list -}} -{{- $databaseSecretName := include "orangehrm.databaseSecretName" . -}} - -{{- if .Values.mariadb.enabled }} - {{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $databaseSecretName "subchart" true "context" $) -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} -{{- end }} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} - -{{- if and (not .Values.mariadb.enabled) .Release.IsUpgrade -}} - {{- $requiredExternalPassword := dict "valueKey" "externalDatabase.password" "secret" $databaseSecretName "field" "db-password" -}} - -WARNING: Review values for the following password in the command, if they are correct please ignore this notice. - {{- include "common.validations.values.multiple.empty" (dict "required" (list $requiredExternalPassword) "context" $) -}} -{{- end -}} diff --git a/bitnami/orangehrm/templates/_helpers.tpl b/bitnami/orangehrm/templates/_helpers.tpl deleted file mode 100644 index b5cb1ff..0000000 --- a/bitnami/orangehrm/templates/_helpers.tpl +++ /dev/null @@ -1,135 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "orangehrm.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper certificate image name -*/}} -{{- define "certificates.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper OrangeHRM image name -*/}} -{{- define "orangehrm.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "orangehrm.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "orangehrm.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "orangehrm.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "orangehrm.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -OrangeHRM credential secret name -*/}} -{{- define "orangehrm.secretName" -}} -{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Return the SMTP secret name -*/}} -{{- define "orangehrm.smtpSecretName" -}} -{{- coalesce .Values.smtpExistingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "orangehrm.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "orangehrm.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "orangehrm.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "orangehrm.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "orangehrm.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "orangehrm.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "orangehrm.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "orangehrm.mariadb.fullname" .) -}} -{{- else if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the database password key -*/}} -{{- define "orangehrm.databasePasswordKey" -}} -{{- if .Values.mariadb.enabled -}} -mariadb-password -{{- else -}} -db-password -{{- end -}} -{{- end -}} diff --git a/bitnami/orangehrm/templates/deployment.yaml b/bitnami/orangehrm/templates/deployment.yaml deleted file mode 100644 index 784a796..0000000 --- a/bitnami/orangehrm/templates/deployment.yaml +++ /dev/null @@ -1,348 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "orangehrm.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "orangehrm.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p "/bitnami/orangehrm" - chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/orangehrm" - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: orangehrm-data - mountPath: /bitnami/orangehrm - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath | quote }} - {{- end }} - {{- end }} - {{- if .Values.certificates.customCAs }} - - name: certificates - image: {{ template "certificates.image" . }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }} - imagePullSecrets: - {{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }} - - name: {{ . }} - {{- end }} - command: - {{- if .Values.certificates.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }} - {{- else if .Values.certificates.customCertificate.certificateSecret }} - - sh - - -c - - install_packages ca-certificates openssl - {{- else }} - - sh - - -c - - install_packages ca-certificates openssl - && openssl req -new -x509 -days 3650 -nodes -sha256 - -subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)" - -out {{ .Values.certificates.customCertificate.certificateLocation }} - -keyout {{ .Values.certificates.customCertificate.keyLocation }} -extensions v3_req - {{- end }} - {{- if .Values.certificates.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }} - {{- end }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }} - envFrom: - {{- if .Values.certificates.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.certificates.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }} - {{- end }} - volumeMounts: - - name: etc-ssl-certs - mountPath: /etc/ssl/certs - readOnly: false - - name: etc-ssl-private - mountPath: /etc/ssl/private - readOnly: false - - name: custom-ca-certificates - mountPath: /usr/local/share/ca-certificates - readOnly: true - {{- end }} - containers: - - name: {{ include "common.names.fullname" . }} - image: {{ template "orangehrm.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} - - name: APACHE_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: APACHE_HTTPS_PORT_NUMBER - value: {{ .Values.containerPorts.https | quote }} - - name: ORANGEHRM_DATABASE_HOST - value: {{ include "orangehrm.databaseHost" . | quote }} - - name: ORANGEHRM_DATABASE_PORT_NUMBER - value: {{ include "orangehrm.databasePort" . | quote }} - - name: ORANGEHRM_DATABASE_NAME - value: {{ include "orangehrm.databaseName" . | quote }} - - name: ORANGEHRM_DATABASE_USER - value: {{ include "orangehrm.databaseUser" . | quote }} - - name: ORANGEHRM_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "orangehrm.databaseSecretName" . }} - key: {{ include "orangehrm.databasePasswordKey" . }} - - name: ORANGEHRM_SKIP_BOOTSTRAP - value: {{ ternary "yes" "no" .Values.orangehrmSkipInstall | quote }} - - name: ORANGEHRM_USERNAME - value: {{ .Values.orangehrmUsername | quote }} - - name: ORANGEHRM_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: orangehrm-password - - name: ORANGEHRM_ENFORCE_PASSWORD_STRENGTH - value: {{ ternary "yes" "no" .Values.orangehrmEnforcePasswordStrength | quote }} - {{- if .Values.smtpHost }} - - name: SMTP_HOST - value: {{ .Values.smtpHost | quote }} - {{- end }} - {{- if .Values.smtpPort }} - - name: SMTP_PORT - value: {{ .Values.smtpPort | quote }} - {{- end }} - {{- if .Values.smtpUser }} - - name: SMTP_USER - value: {{ .Values.smtpUser | quote }} - {{- end }} - {{- if or .Values.smtpPassword .Values.smtpExistingSecret }} - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "orangehrm.smtpSecretName" . }} - key: smtp-password - {{- end }} - {{- if .Values.smtpProtocol }} - - name: SMTP_PROTOCOL - value: {{ .Values.smtpProtocol | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: orangehrm-data - mountPath: /bitnami/orangehrm - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath | quote }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.certificates.customCAs }} - - name: etc-ssl-certs - mountPath: /etc/ssl/certs/ - readOnly: false - - name: etc-ssl-private - mountPath: /etc/ssl/private/ - readOnly: false - - name: custom-ca-certificates - mountPath: /usr/local/share/ca-certificates - readOnly: true - {{- end }} - {{- if .Values.certificates.customCertificate.certificateSecret }} - - name: custom-certificate - mountPath: {{ .Values.certificates.customCertificate.certificateLocation }} - subPath: tls.crt - readOnly: true - - name: custom-certificate - mountPath: {{ .Values.certificates.customCertificate.keyLocation }} - subPath: tls.key - readOnly: true - {{- if .Values.certificates.customCertificate.chainSecret }} - - name: custom-certificate-chain - mountPath: {{ .Values.certificates.customCertificate.chainLocation }} - subPath: {{ .Values.certificates.customCertificate.chainSecret.key }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "orangehrm.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto' ] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: orangehrm-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (printf "%s-orangehrm" (include "common.names.fullname" .)) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.certificates.customCAs }} - - name: etc-ssl-certs - emptyDir: - medium: "Memory" - - name: etc-ssl-private - emptyDir: - medium: "Memory" - - name: custom-ca-certificates - projected: - defaultMode: 0400 - sources: - {{- range $index, $customCA := .Values.certificates.customCAs }} - - secret: - name: {{ $customCA.secret }} - {{- end }} - {{- end }} - {{- if .Values.certificates.customCertificate.certificateSecret }} - - name: custom-certificate - secret: - secretName: {{ .Values.certificates.customCertificate.certificateSecret }} - {{- if .Values.certificates.customCertificate.chainSecret }} - - name: custom-certificate-chain - secret: - secretName: {{ .Values.certificates.customCertificate.chainSecret.name }} - {{- end }} - {{- end }} diff --git a/bitnami/orangehrm/templates/externaldb-secrets.yaml b/bitnami/orangehrm/templates/externaldb-secrets.yaml deleted file mode 100644 index 43e9f4e..0000000 --- a/bitnami/orangehrm/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if not .Values.mariadb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ include "common.names.fullname" . }}-externaldb" - labels: {{- include "common.labels.standard" . | nindent 4 }} -type: Opaque -data: - db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/orangehrm/templates/extra-list.yaml b/bitnami/orangehrm/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/orangehrm/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/orangehrm/templates/ingress.yaml b/bitnami/orangehrm/templates/ingress.yaml deleted file mode 100644 index 84e1621..0000000 --- a/bitnami/orangehrm/templates/ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/orangehrm/templates/pv.yaml b/bitnami/orangehrm/templates/pv.yaml deleted file mode 100644 index 43ec5f5..0000000 --- a/bitnami/orangehrm/templates/pv.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "common.names.fullname" . }}-orangehrm - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - capacity: - storage: {{ .Values.persistence.size | quote }} - hostPath: - path: {{ .Values.persistence.hostPath | quote }} -{{- end -}} diff --git a/bitnami/orangehrm/templates/pvc.yaml b/bitnami/orangehrm/templates/pvc.yaml deleted file mode 100644 index e08fc1f..0000000 --- a/bitnami/orangehrm/templates/pvc.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }}-orangehrm - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.persistence.hostPath }} - storageClassName: "" - {{- end }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "orangehrm.storageClass" . | nindent 2 }} -{{- end -}} diff --git a/bitnami/orangehrm/templates/secrets.yaml b/bitnami/orangehrm/templates/secrets.yaml deleted file mode 100644 index 12be2c7..0000000 --- a/bitnami/orangehrm/templates/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if or (not .Values.existingSecret) (and (not .Values.smtpExistingSecret) .Values.smtpPassword) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if not .Values.existingSecret }} - orangehrm-password: {{ include "common.secrets.passwords.manage" (dict "secret" ( include "common.names.fullname" .) "key" "orangehrm-password" "providedValues" (list "orangehrmPassword") "strong" true "context" $) }} - {{- end }} - {{- if and .Values.smtpPassword (not .Values.smtpExistingSecret) }} - smtp-password: {{ include "common.secrets.passwords.manage" (dict "secret" ( include "common.names.fullname" .) "key" "smtp-password" "providedValues" (list "smtpPassword") "context" $) }} - {{- end }} -{{- end }} diff --git a/bitnami/orangehrm/templates/svc.yaml b/bitnami/orangehrm/templates/svc.yaml deleted file mode 100644 index a61ed32..0000000 --- a/bitnami/orangehrm/templates/svc.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: {{ .Values.service.httpsTargetPort }} - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/orangehrm/templates/tls-secrets.yaml b/bitnami/orangehrm/templates/tls-secrets.yaml deleted file mode 100644 index 1b65d4f..0000000 --- a/bitnami/orangehrm/templates/tls-secrets.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- else if and .Values.ingress.tls (not .Values.ingress.certManager) }} -{{- $ca := genCA "orangehrm-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/orangehrm/values.yaml b/bitnami/orangehrm/values.yaml deleted file mode 100644 index 7000916..0000000 --- a/bitnami/orangehrm/values.yaml +++ /dev/null @@ -1,681 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override orangehrm.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override orangehrm.fullname template -## -fullnameOverride: "" -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) -## -extraDeploy: [] -## @param commonAnnotations Common annotations to add to all OrangeHRM resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels Common labels to add to all OrangeHRM resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} - -## @section OrangeHRM parameters - -## Bitnami OrangeHRM image version -## ref: https://hub.docker.com/r/bitnami/orangehrm/tags/ -## @param image.registry OrangeHRM image registry -## @param image.repository OrangeHRM image repository -## @param image.tag OrangeHRM Image tag (immutable tags are recommended) -## @param image.pullPolicy OrangeHRM image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/orangehrm - tag: 4.8.0-0-debian-10-r167 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param hostAliases [array] Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - ## Necessary for apache-exporter to work - ## - - ip: "127.0.0.1" - hostnames: - - "status.localhost" -## @param replicaCount Number of OrangeHRM Pods to run (requires ReadWriteMany PVC support) -## -replicaCount: 1 -## @param orangehrmSkipInstall Skip OrangeHRM installation wizard. Useful for migrations and restoring from SQL dump -## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration -## -orangehrmSkipInstall: false -## @param orangehrmUsername User of the application -## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration -## -orangehrmUsername: admin -## @param orangehrmPassword Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration -## -orangehrmPassword: "" -## @param orangehrmEnforcePasswordStrength Whether the OrangeHRM password validation should use strong or medium level -## ref: https://github.com/bitnami/bitnami-docker-orangehrm#configuration -## -orangehrmEnforcePasswordStrength: true -## @param allowEmptyPassword Allow DB blank passwords -## ref: https://github.com/bitnami/bitnami-docker-orangehrm#environment-variables -## -allowEmptyPassword: true -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate -## @param extraEnvVars An array to add extra env vars -## For example: -## - name: BEARER_AUTH -## value: true -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap with extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret with extra environment variables -## -extraEnvVarsSecret: "" -## @param extraVolumes Array of extra volumes to be added to the deployment. Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Array of extra volume mounts to be added to the container. Normally used with `extraVolumes` -## -extraVolumeMounts: [] -## @param initContainers Extra init containers to add to the deployment -## -initContainers: [] -## @param sidecars Extra sidecar containers to add to the deployment -## -sidecars: [] -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param existingSecret Use existing secret for the application password -## -existingSecret: "" -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-orangehrm/#smtp-configuration -## @param smtpHost SMTP host -## @param smtpPort SMTP port -## @param smtpUser SMTP user -## @param smtpPassword SMTP password. Ignored if `smtpExistingSecret` is set -## @param smtpProtocol SMTP Protocol (options: ssl, none) -## -smtpHost: "" -smtpPort: "" -smtpUser: "" -smtpPassword: "" -smtpProtocol: "" -## @param smtpExistingSecret Use an existing secret for the SMTP Password -## Can be the same secret as existingSecret -## Must contain key `smtp-password` -## NOTE: When it's set, the `smtpPassword` parameter is ignored -## -smtpExistingSecret: "" -## @param containerPorts [object] Container ports -## -containerPorts: - http: 8080 - https: 8443 -## @param sessionAffinity Control where client requests go, to the same pod or round-robin -## Values: ClientIP or None -## ref: https://kubernetes.io/docs/user-guide/services/ -## -sessionAffinity: "None" -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.storageClass OrangeHRM Data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessMode PVC Access Mode for OrangeHRM volume - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - accessMode: ReadWriteOnce - ## @param persistence.size PVC Storage Request for OrangeHRM volume - ## - size: 8Gi - ## @param persistence.existingClaim A manually managed Persistent Volume Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - ## @param persistence.hostPath If defined, the orangehrm-data volume will mount to the specified hostPath - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" - ## @param persistence.subPath volumeMount subPath, use it for compatibility with previous versions of the chart - ## - subPath: orangehrm -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.requests [object] The requested resources for the container -## -resources: - requests: - memory: 512Mi - cpu: 300m -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable OrangeHRM pods' Security Context -## @param podSecurityContext.fsGroup OrangeHRM pods' group ID -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable OrangeHRM containers' Security Context -## @param containerSecurityContext.runAsUser OrangeHRM containers' Security Context -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## Configure extra options for liveness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.path Request path for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: /symfony/web/index.php - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Request path for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: /symfony/web/index.php - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 6 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param lifecycleHooks LifecycleHooks for the container to automate configuration before or after startup -## -lifecycleHooks: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## @section Traffic Exposure Parameters - -## Kubernetes configuration -## For minikube, set this to NodePort, elsewhere use LoadBalancer -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 80 - ## @param service.httpsPort Service HTTPS port - ## - httpsPort: 443 - ## @param service.httpsTargetPort Service Target HTTPS port - ## defaults to https unless overridden to the specified port. - ## if you want the target port to be "http" or "80" you can specify that here. - ## - httpsTargetPort: https - ## @param service.clusterIP OrangeHRM service cluster IP - ## - clusterIP: "" - ## @param service.loadBalancerSourceRanges Control hosts connecting to "LoadBalancer" only - ## e.g: - ## loadBalancerSourceRanges: - ## - 0.0.0.0/0 - ## - loadBalancerSourceRanges: [] - ## @param service.loadBalancerIP Load balancer IP for the OrangeHRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.nodePorts.http Kubernetes HTTP node port - ## @param service.nodePorts.https Kubernetes HTTPS node port - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Provide any additional annotations that may be required (evaluated as a template) - ## - annotations: {} - ## @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) - ## - extraPorts: [] -## Configure the ingress resource that allows you to access the -## OrangeHRM installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Set to true to enable ingress record generation - ## - enabled: false - ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: orangehrm.local - ## @param ingress.path The Path to OrangeHRM. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: orangehrm.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - orangehrm.local - ## secretName: orangehrm.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: orangehrm.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Database parameters - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to deploy a MariaDB server to satisfy the applications database requirements - ## To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication` - ## - architecture: standalone - ## MariaDB Authentication parameters - ## - auth: - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param mariadb.auth.database Database name to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - database: bitnami_orangehrm - ## @param mariadb.auth.username Database user to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: bn_orangehrm - ## @param mariadb.auth.password Password for the database - ## - password: "" - primary: - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## - enabled: true - ## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param mariadb.primary.persistence.accessModes Database Persistent Volume Access Modes - ## - accessModes: - - ReadWriteOnce - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## - size: 8Gi - ## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production) - ## - hostPath: "" - ## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas - ## - existingClaim: "" -## External database configuration -## -externalDatabase: - ## @param externalDatabase.host Host of the existing database - ## - host: "" - ## @param externalDatabase.port Port of the existing database - ## - port: 3306 - ## @param externalDatabase.user Existing username in the external db - ## - user: bn_orangehrm - ## @param externalDatabase.password Password for the above username - ## - password: "" - ## @param externalDatabase.database Name of the existing database - ## - database: bitnami_orangehrm - -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r202 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - -## @section Metrics parameters - -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Apache exporter image registry - ## @param metrics.image.repository Apache exporter image repository - ## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Apache exporter image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.1-debian-10-r4 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.resources Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## @param metrics.podAnnotations [object] Metrics exporter pod Annotation and Labels - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" - -## @section Certificate injection parameters - -## Add custom certificates and certificate authorities to OrangeHRM container -## -certificates: - ## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add - ## @param certificates.customCertificate.chainSecret.name Name of the secret containing the certificate chain - ## @param certificates.customCertificate.chainSecret.key Key of the certificate chain file inside the secret - ## @param certificates.customCertificate.certificateLocation Location in the container to store the certificate - ## @param certificates.customCertificate.keyLocation Location in the container to store the private key - ## @param certificates.customCertificate.chainLocation Location in the container to store the certificate chain - ## - customCertificate: - certificateSecret: "" - chainSecret: - name: "" - key: "" - certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem - keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key - chainLocation: /etc/ssl/certs/mychain.pem - ## @param certificates.customCAs Defines a list of secrets to import into the container trust store - ## - customCAs: [] - ## @param certificates.command Override default container command (useful when using custom images) - ## - command: [] - ## @param certificates.args Override default container args (useful when using custom images) - ## e.g: - ## - secret: custom-CA - ## - secret: more-custom-CAs - ## - args: [] - ## @param certificates.extraEnvVars Container sidecar extra environment variables - ## - extraEnvVars: [] - ## @param certificates.extraEnvVarsCM ConfigMap with extra environment variables - ## - extraEnvVarsCM: "" - ## @param certificates.extraEnvVarsSecret Secret with extra environment variables - ## - extraEnvVarsSecret: "" - ## @param certificates.image.registry Container sidecar registry - ## @param certificates.image.repository Container sidecar image repository - ## @param certificates.image.tag Container sidecar image tag (immutable tags are recommended) - ## @param certificates.image.pullPolicy Container sidecar image pull policy - ## @param certificates.image.pullSecrets Container sidecar image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r202 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] diff --git a/bitnami/osclass/.helmignore b/bitnami/osclass/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/osclass/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/osclass/Chart.lock b/bitnami/osclass/Chart.lock deleted file mode 100644 index ad60837..0000000 --- a/bitnami/osclass/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.6.0 -digest: sha256:543ef79a3956337bfd42864a40e91d69dafb02d9bcdf063db14d027e53dd64cc -generated: "2021-09-21T13:07:42.478239666Z" diff --git a/bitnami/osclass/Chart.yaml b/bitnami/osclass/Chart.yaml deleted file mode 100644 index d924a92..0000000 --- a/bitnami/osclass/Chart.yaml +++ /dev/null @@ -1,34 +0,0 @@ -annotations: - category: CMS -apiVersion: v2 -appVersion: 4.4.0 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - tags: - - osclass-database - version: 9.x.x -description: Osclass is a php script that allows you to quickly create and manage your own free classifieds site. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/osclass -icon: https://bitnami.com/assets/stacks/osclass/img/osclass-stack-220x234.png -keywords: - - osclass - - classifieds - - http - - web - - php -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: osclass -sources: - - https://github.com/bitnami/bitnami-docker-osclass - - https://osclass.org/ -version: 11.0.13 diff --git a/bitnami/osclass/README.md b/bitnami/osclass/README.md deleted file mode 100644 index 87b9607..0000000 --- a/bitnami/osclass/README.md +++ /dev/null @@ -1,500 +0,0 @@ -# Osclass - -[Osclass](https://osclass.org/) is a PHP script that allows you to quickly create and manage your own free classifieds site. Using this script, you can provide free advertising for items for sale, real estate, jobs, cars... Hundreds of free classified advertising sites are using Osclass. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/osclass -``` - -## Introduction - -This chart bootstraps an [Osclass](https://github.com/bitnami/bitnami-docker-osclass) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the Osclass application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/osclass -``` - -The command deploys Osclass on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------- | ----- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### Osclass Image parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------- | ---------------------- | -| `image.registry` | Osclass image registry | `docker.io` | -| `image.repository` | Osclass image repository | `bitnami/osclass` | -| `image.tag` | Osclass image tag (immutable tags are recommended) | `4.4.0-debian-10-r121` | -| `image.pullPolicy` | Osclass image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Osclass image pull secrets | `[]` | -| `image.debug` | Enable Bitnami debug mode in Osclass image | `false` | - - -### Osclass Configuration parameters - -| Name | Description | Value | -| -------------------- | ------------------------------------------------------ | ------------------ | -| `osclassSkipInstall` | Skip wizard installation | `false` | -| `osclassUsername` | Osclass username | `user` | -| `osclassSiteTitle` | Osclass site title | `user` | -| `osclassPassword` | Osclass user password | `""` | -| `osclassEmail` | Osclass user email | `user@example.com` | -| `existingSecret` | Name of existing secret containing Osclass credentials | `""` | -| `allowEmptyPassword` | Allow the container to be started with blank passwords | `true` | -| `smtpHost` | SMTP server host | `""` | -| `smtpPort` | SMTP server port | `""` | -| `smtpUser` | SMTP username | `""` | -| `smtpPassword` | SMTP user password | `""` | -| `smtpProtocol` | SMTP protocol | `""` | - - -### Osclass deployment parameters - -| Name | Description | Value | -| ---------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------------------------------- | -| `hostAliases` | Osclass pod host aliases | `[]` | -| `podSecurityContext.enabled` | Enabled Osclass pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Set Osclass pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled Osclass containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set Osclass container's Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set Osclass container's Security Context runAsNonRoot | `true` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Path for the HTTP probe | `/oc-admin` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Path for the HTTP probe | `/oc-admin` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `certificates.customCertificate.certificateSecret` | name of the secret with custom certificates | `""` | -| `certificates.customCertificate.chainSecret.name` | name of the secret with the chain | `""` | -| `certificates.customCertificate.chainSecret.key` | key of the secret with the chain | `""` | -| `certificates.customCertificate.certificateLocation` | Location of the certificate inside the container | `/etc/ssl/certs/ssl-cert-snakeoil.pem` | -| `certificates.customCertificate.keyLocation` | Location of the certificate key inside the container | `/etc/ssl/private/ssl-cert-snakeoil.key` | -| `certificates.customCertificate.chainLocation` | Location of the certificate chain inside the container | `/etc/ssl/certs/mychain.pem` | -| `certificates.customCAs` | Array with custom CAs | `[]` | -| `certificates.command` | Override certificate container command | `[]` | -| `certificates.args` | Override certificate container args | `[]` | -| `certificates.extraEnvVars` | An array to add extra env vars | `[]` | -| `certificates.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `certificates.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `certificates.image.registry` | Apache Exporter image registry | `docker.io` | -| `certificates.image.repository` | Apache Exporter image repository | `bitnami/bitnami-shell` | -| `certificates.image.tag` | Apache Exporter image tag (immutable tags are recommended) | `10-debian-10-r199` | -| `certificates.image.pullPolicy` | Apache Exporter image pull policy | `IfNotPresent` | -| `certificates.image.pullSecrets` | Apache Exporter image pull secrets | `[]` | -| `lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup. | `{}` | -| `podAnnotations` | Annotations for Osclass pods | `{}` | -| `podLabels` | Extra labels for Osclass pods | `{}` | -| `replicaCount` | Number of Osclass replicas to deploy | `1` | -| `containerPorts.http` | WordPress HTTP container port | `8080` | -| `containerPorts.https` | WordPress HTTPS container port | `8443` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `updateStrategy.type` | Osclass deployment strategy type | `RollingUpdate` | -| `updateStrategy.rollingUpdate` | Osclass deployment rolling update configuration parameters | `{}` | -| `extraEnvVars` | Array with extra environment variables to add to the Osclass container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | -| `extraVolumes` | Optionally specify extra list of additional volumes for Osclass pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Osclass container(s) | `[]` | -| `initContainers` | Add additional init containers to the Osclass pods | `[]` | -| `sidecars` | Add additional sidecar containers to the Osclass pod | `[]` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `resources.limits` | The resources limits for the Osclass container | `{}` | -| `resources.requests` | The requested resources for the Osclass container | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | WordPress service type | `LoadBalancer` | -| `service.port` | WordPress service HTTP port | `80` | -| `service.httpsPort` | WordPress service HTTPS port | `443` | -| `service.clusterIP` | WordPress service Cluster IP | `""` | -| `service.loadBalancerIP` | Osclass service Load Balancer IP | `""` | -| `service.loadBalancerSourceRanges` | Osclass service Load Balancer sources | `[]` | -| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `service.nodePorts.http` | Node port for HTTP | `""` | -| `service.nodePorts.https` | Node port for HTTPS | `""` | -| `service.externalTrafficPolicy` | Osclass service external traffic policy | `Cluster` | -| `ingress.enabled` | Enable ingress record generation for Osclass | `false` | -| `ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress record | `osclass.local` | -| `ingress.path` | Default path for the ingress record | `/` | -| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` | -| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | -| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | -| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | -| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | -| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | - - -### Database Parameters - -| Name | Description | Value | -| ------------------------------------------ | ----------------------------------------------------------------------------------------------- | ----------------------- | -| `externalDatabase.host` | External Database server host | `""` | -| `externalDatabase.port` | External Database server port | `3306` | -| `externalDatabase.user` | External Database username | `bn_osclass` | -| `externalDatabase.password` | External Database user password | `""` | -| `externalDatabase.database` | External Database database name | `bitnami_osclass` | -| `mariadb.enabled` | Deploy a MariaDB server to satisfy the applications database requirements | `true` | -| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | -| `mariadb.auth.rootPassword` | MariaDB root password | `""` | -| `mariadb.auth.database` | MariaDB custom database | `bitnami_osclass` | -| `mariadb.auth.username` | MariaDB custom user name | `bn_osclass` | -| `mariadb.auth.password` | MariaDB custom user password | `""` | -| `mariadb.primary.persistence.enabled` | Enable persistence on MariaDB using PVC(s) | `true` | -| `mariadb.primary.persistence.storageClass` | Persistent Volume storage class | `""` | -| `mariadb.primary.persistence.accessModes` | Persistent Volume access modes | `[]` | -| `mariadb.primary.persistence.size` | Persistent Volume size | `8Gi` | -| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | -| `persistence.storageClass` | Persistent Volume storage class | `""` | -| `persistence.accessModes` | Persistent Volume access modes | `[]` | -| `persistence.size` | Persistent Volume size | `8Gi` | -| `persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` | -| `persistence.hostPath` | If defined, the osclass-data volume will mount to the specified hostPath. | `""` | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | -| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `10-debian-10-r199` | -| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | - - -### Other Parameters - -| Name | Description | Value | -| -------------------------- | -------------------------------------------------------------- | ------- | -| `pdb.create` | Enable a Pod Disruption Budget creation | `false` | -| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `autoscaling.enabled` | Enable Horizontal POD autoscaling for Osclass | `false` | -| `autoscaling.minReplicas` | Minimum number of Osclass replicas | `1` | -| `autoscaling.maxReplicas` | Maximum number of Osclass replicas | `11` | -| `autoscaling.targetCPU` | Target CPU utilization percentage | `50` | -| `autoscaling.targetMemory` | Target Memory utilization percentage | `50` | - - -### Metrics Parameters - -| Name | Description | Value | -| ----------------------------------------- | ---------------------------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | -| `metrics.image.registry` | Apache Exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache Exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache Exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r0` | -| `metrics.image.pullPolicy` | Apache Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Apache Exporter image pull secrets | `[]` | -| `metrics.resources.limits` | The resources limits for the Prometheus exporter container | `{}` | -| `metrics.resources.requests` | The requested resources for the Prometheus exporter container | `{}` | -| `metrics.podAnnotations` | Annotations to add | `{}` | -| `metrics.service.type` | Metrics service type | `ClusterIP` | -| `metrics.service.port` | Metrics service port | `9117` | -| `metrics.service.annotations` | Additional custom annotations for Metrics service | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | -| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabellings` | Metrics relabellings to add to the scrape endpoint | `[]` | -| `metrics.serviceMonitor.honorLabels` | Labels to honor to add to the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional custom labels for the ServiceMonitor | `{}` | - - -The above parameters map to the env variables defined in [bitnami/osclass](http://github.com/bitnami/bitnami-docker-osclass). For more information please refer to the [bitnami/osclass](http://github.com/bitnami/bitnami-docker-osclass) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set osclassUsername=admin,osclassPassword=password,mariadb.auth.rootPassword=secretpassword \ - bitnami/osclass -``` - -The above command sets the Osclass administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/osclass -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -## Persistence - -The [Bitnami Osclass](https://github.com/bitnami/bitnami-docker-osclass) image stores the Osclass data and configurations at the `/bitnami/osclass` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -### Adding extra environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: DEBUG -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as the Osclass app (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -### Ingress - -This chart provides support for Ingress resources. If an Ingress controller, such as [nginx-ingress](https://kubeapps.com/charts/stable/nginx-ingress) or [traefik](https://kubeapps.com/charts/stable/traefik), that Ingress controller can be used to serve WordPress. - -To enable Ingress integration, set `ingress.enabled` to `true`. The `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. It is also possible to have more than one host, with a separate TLS configuration for each host. [Learn more about configuring and using Ingress](https://docs.bitnami.com/kubernetes/apps/wordpress/configuration/configure-ingress/). - -### TLS secrets - -The chart also facilitates the creation of TLS secrets for use with the Ingress controller, with different options for certificate management. [Learn more about TLS secrets](https://docs.bitnami.com/kubernetes/apps/wordpress/administration/enable-tls/). - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 10.0.0 - -The [Bitnami Osclass](https://github.com/bitnami/bitnami-docker-osclass) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by setting the parameters `containerSecurityContext.runAsUser` to `root`. - -Consequences: - -- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. -- Backwards compatibility is not guaranteed. - -To upgrade to `9.0.0`, backup Osclass data and the previous MariaDB databases, install a new Osclass chart and import the backups and data, ensuring the `1001` user has the appropriate permissions on the migrated volume. - -In addition to this, the image was refactored and now the source code is published in GitHub in the [`rootfs`](https://github.com/bitnami/bitnami-docker-osclass/tree/master/4/debian-10/rootfs) folder of the container image. - -This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information. - -### To 9.0.0 - -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -Consequences: - -- Backwards compatibility is not guaranteed. However, you can easily workaround this issue by removing Osclass deployment before upgrading (the following example assumes that the release name is `osclass`): - -```console -$ export APP_HOST=$(kubectl get svc --namespace default osclass --template "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}") -$ export APP_PASSWORD=$(kubectl get secret --namespace default osclass -o jsonpath="{.data.osclass-password}" | base64 --decode) -$ export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default osclass-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -$ export MARIADB_PASSWORD=$(kubectl get secret --namespace default osclass-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -$ kubectl delete deployments.apps osclass -$ helm upgrade osclass bitnami/osclass --set osclassHost=$APP_HOST,osclassPassword=$APP_PASSWORD,mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD,mariadb.auth.password=$MARIADB_PASSWORD -``` - -### To 8.0.0 - -In this major there were two main changes introduced: - -1. Adaptation to Helm v2 EOL -2. Updated MariaDB dependency version - -Please read the update notes carefully. - -**1. Adaptation to Helm v2 EOL** - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -**2. Updated MariaDB dependency version** - -In this major the MariaDB dependency version was also bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -To upgrade to `8.0.0`, it should be done reusing the PVCs used to hold both the MariaDB and Osclass data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `osclass` and that a `rootUser.password` was defined for MariaDB in `values.yaml` when the chart was first installed): - -> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x - -Obtain the credentials and the names of the PVCs used to hold both the MariaDB and Osclass data on your current release: - -```console -export OSCLASS_HOST=$(kubectl get svc --namespace default osclass --template "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}") -export OSCLASS_PASSWORD=$(kubectl get secret --namespace default osclass -o jsonpath="{.data.osclass-password}" | base64 --decode) -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default osclass-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default osclass-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=osclass -o jsonpath="{.items[0].metadata.name}") -``` - -Delete the Osclass deployment and delete the MariaDB statefulset. Notice the option `--cascade=false` in the latter: - -```console - $ kubectl delete deployments.apps osclass - - $ kubectl delete statefulsets.apps osclass-mariadb --cascade=false -``` - -Now the upgrade works: - -```console -$ helm upgrade osclass bitnami/osclass --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set osclassPassword=$OSCLASS_PASSWORD --set osclassHost=$OSCLASS_HOST -``` - -You will have to delete the existing MariaDB pod and the new statefulset is going to create a new one - - ```console - $ kubectl delete pod osclass-mariadb-0 - ``` - -Finally, you should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=osclass,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` - -### To 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17303 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is osclass: - -```console -$ kubectl patch deployment osclass-osclass --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl delete statefulset osclass-mariadb --cascade=false diff --git a/bitnami/osclass/ci/values-with-host-and-ingress.yaml b/bitnami/osclass/ci/values-with-host-and-ingress.yaml deleted file mode 100644 index e738d4a..0000000 --- a/bitnami/osclass/ci/values-with-host-and-ingress.yaml +++ /dev/null @@ -1,17 +0,0 @@ -osclassHost: osclass.local -service: - type: ClusterIP -ingress: - enabled: true - tls: true - hostname: osclass.local -metrics: - enabled: true -# Avoids issues with yamllint -livenessProbe: - httpGet: - httpHeaders: [] -readinessProbe: - httpGet: - httpHeaders: [] - diff --git a/bitnami/osclass/templates/NOTES.txt b/bitnami/osclass/templates/NOTES.txt deleted file mode 100644 index fec4be7..0000000 --- a/bitnami/osclass/templates/NOTES.txt +++ /dev/null @@ -1,82 +0,0 @@ -{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} - -******************************************************************* -*** PLEASE BE PATIENT: Osclass may take a few minutes to install *** -******************************************************************* - -1. Get the Osclass URL: - -{{- if .Values.ingress.enabled }} - - You should be able to access your new Osclass installation through - - http://{{- .Values.ingress.hostname }}/ - -{{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - -{{- $port:=.Values.service.port | toString }} - echo "Osclass URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - -{{- else if eq .Values.service.type "ClusterIP" }} - - echo "Osclass URL: http://127.0.0.1:8080/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }} - -{{- end }} - -{{- if eq .Values.service.type "NodePort" }} - - Or running: - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "Osclass URL: http://$NODE_IP:$NODE_PORT/" - -{{- end }} - -2. Get your Osclass login credentials by running: - - echo Username: {{ .Values.osclassUsername }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "osclass.secretName" . }} -o jsonpath="{.data.osclass-password}" | base64 --decode) - -{{- else -}} - -######################################################################################## -### ERROR: You did not provide an external database host in your 'helm install' call ### -######################################################################################## - -This deployment will be incomplete until you configure Osclass with a resolvable database -host. To configure Osclass to use and external database host: - -1. Complete your Osclass deployment by running: - - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "osclass.secretName" . }} -o jsonpath="{.data.osclass-password}" | base64 --decode) - - ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set osclassPassword=$APP_PASSWORD,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} - -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} - -{{- $passwordValidationErrors := list -}} -{{- if not .Values.existingSecret -}} - {{- $secretName := include "osclass.secretName" . -}} - {{- $requiredOsclassPassword := dict "valueKey" "osclassPassword" "secret" $secretName "field" "osclass-password" "context" $ -}} - {{- $requiredOsclassPasswordError := include "common.validations.values.single.empty" $requiredOsclassPassword -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $requiredOsclassPasswordError -}} -{{- end -}} - -{{- $mariadbSecretName := include "osclass.databaseSecretName" . -}} -{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/osclass/templates/_helpers.tpl b/bitnami/osclass/templates/_helpers.tpl deleted file mode 100644 index 615288b..0000000 --- a/bitnami/osclass/templates/_helpers.tpl +++ /dev/null @@ -1,128 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "osclass.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper certificate image name -*/}} -{{- define "certificates.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Osclass image name -*/}} -{{- define "osclass.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "osclass.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "osclass.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "osclass.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "osclass.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -Osclass credential secret name -*/}} -{{- define "osclass.secretName" -}} -{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "osclass.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "osclass.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "osclass.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "osclass.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "osclass.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "osclass.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "osclass.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "osclass.mariadb.fullname" .) -}} -{{- else if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the database password key -*/}} -{{- define "osclass.databasePasswordKey" -}} -{{- if .Values.mariadb.enabled -}} -mariadb-password -{{- else -}} -db-password -{{- end -}} -{{- end -}} diff --git a/bitnami/osclass/templates/deployment.yaml b/bitnami/osclass/templates/deployment.yaml deleted file mode 100644 index 5b34973..0000000 --- a/bitnami/osclass/templates/deployment.yaml +++ /dev/null @@ -1,291 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "osclass.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "osclass.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p "/bitnami/osclass" - chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/osclass" - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: osclass-data - mountPath: /bitnami/osclass - {{- end }} - {{- if .Values.certificates.customCAs }} - - name: certificates - image: {{ template "certificates.image" . }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }} - imagePullSecrets: - {{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }} - - name: {{ . }} - {{- end }} - command: - {{- if .Values.certificates.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }} - {{- else if .Values.certificates.customCertificate.certificateSecret }} - - sh - - -c - - install_packages ca-certificates openssl - {{- else }} - - sh - - -c - - install_packages ca-certificates openssl - && openssl req -new -x509 -days 3650 -nodes -sha256 - -subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)" - -out /etc/ssl/certs/ssl-cert-snakeoil.pem - -keyout /etc/ssl/private/ssl-cert-snakeoil.key -extensions v3_req - {{- end }} - {{- if .Values.certificates.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }} - {{- end }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }} - envFrom: - {{- if .Values.certificates.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.certificates.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }} - {{- end }} - volumeMounts: - - name: etc-ssl-certs - mountPath: /etc/ssl/certs - readOnly: false - - name: etc-ssl-private - mountPath: /etc/ssl/private - readOnly: false - - name: custom-ca-certificates - mountPath: /usr/local/share/ca-certificates - readOnly: true - {{- end }} - containers: - - name: {{ include "common.names.fullname" . }} - image: {{ template "osclass.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} - - name: APACHE_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: APACHE_HTTPS_PORT_NUMBER - value: {{ .Values.containerPorts.https | quote }} - - name: OSCLASS_DATABASE_HOST - value: {{ include "osclass.databaseHost" . | quote }} - - name: OSCLASS_DATABASE_PORT_NUMBER - value: {{ include "osclass.databasePort" . | quote }} - - name: OSCLASS_DATABASE_NAME - value: {{ include "osclass.databaseName" . | quote }} - - name: OSCLASS_DATABASE_USER - value: {{ include "osclass.databaseUser" . | quote }} - - name: OSCLASS_SITE_TITLE - value: {{ .Values.osclassSiteTitle | quote }} - - name: OSCLASS_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "osclass.databaseSecretName" . }} - key: {{ include "osclass.databasePasswordKey" . | quote }} - - name: OSCLASS_SKIP_BOOTSTRAP - value: {{ ternary "yes" "no" .Values.osclassSkipInstall | quote }} - - name: OSCLASS_USERNAME - value: {{ .Values.osclassUsername | quote }} - - name: OSCLASS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: osclass-password - - name: OSCLASS_EMAIL - value: {{ .Values.osclassEmail | quote }} - {{- if .Values.smtpHost }} - - name: SMTP_HOST - value: {{ .Values.smtpHost | quote }} - {{- end }} - {{- if .Values.smtpPort }} - - name: SMTP_PORT - value: {{ .Values.smtpPort | quote }} - {{- end }} - {{- if .Values.smtpUser }} - - name: SMTP_USER - value: {{ .Values.smtpUser | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: smtp-password - {{- end }} - {{- if .Values.smtpProtocol }} - - name: SMTP_PROTOCOL - value: {{ .Values.smtpProtocol | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: osclass-data - mountPath: /bitnami/osclass - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "osclass.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: ['/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto'] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: osclass-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (printf "%s-osclass" (include "common.names.fullname" .)) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/osclass/templates/externaldb-secrets.yaml b/bitnami/osclass/templates/externaldb-secrets.yaml deleted file mode 100644 index 43e9f4e..0000000 --- a/bitnami/osclass/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if not .Values.mariadb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ include "common.names.fullname" . }}-externaldb" - labels: {{- include "common.labels.standard" . | nindent 4 }} -type: Opaque -data: - db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/osclass/templates/extra-list.yaml b/bitnami/osclass/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/osclass/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/osclass/templates/hpa.yaml b/bitnami/osclass/templates/hpa.yaml deleted file mode 100644 index d9f3131..0000000 --- a/bitnami/osclass/templates/hpa.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ template "common.names.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- end }} - {{- if .Values.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- end }} -{{- end }} diff --git a/bitnami/osclass/templates/ingress.yaml b/bitnami/osclass/templates/ingress.yaml deleted file mode 100644 index 17ed225..0000000 --- a/bitnami/osclass/templates/ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range (coalesce .Values.ingress.extraHosts .Values.ingress.hosts) }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/osclass/templates/metrics-svc.yaml b/bitnami/osclass/templates/metrics-svc.yaml deleted file mode 100644 index 35b847e..0000000 --- a/bitnami/osclass/templates/metrics-svc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{ if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - port: {{ .Values.metrics.service.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} -{{- end }} diff --git a/bitnami/osclass/templates/osclass-pvc.yaml b/bitnami/osclass/templates/osclass-pvc.yaml deleted file mode 100644 index 6a9bb84..0000000 --- a/bitnami/osclass/templates/osclass-pvc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }}-osclass - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.persistence.hostPath }} - storageClassName: "" - {{- end }} - accessModes: - {{- if not (empty .Values.persistence.accessModes) }} - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "osclass.storageClass" . | nindent 2 }} -{{- end -}} diff --git a/bitnami/osclass/templates/pdb.yaml b/bitnami/osclass/templates/pdb.yaml deleted file mode 100644 index c37a3d0..0000000 --- a/bitnami/osclass/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/bitnami/osclass/templates/secrets.yaml b/bitnami/osclass/templates/secrets.yaml deleted file mode 100644 index ebbe5e6..0000000 --- a/bitnami/osclass/templates/secrets.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.osclassPassword }} - osclass-password: {{ default "" .Values.osclassPassword | b64enc | quote }} - {{- else }} - osclass-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - smtp-password: {{ .Values.smtpPassword | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/bitnami/osclass/templates/svc.yaml b/bitnami/osclass/templates/svc.yaml deleted file mode 100644 index 44cf444..0000000 --- a/bitnami/osclass/templates/svc.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} - {{- if (and .Values.service.clusterIP (eq .Values.service.type "ClusterIP")) }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if (and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer")) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: https - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/osclass/templates/tls-secrets.yaml b/bitnami/osclass/templates/tls-secrets.yaml deleted file mode 100644 index c4e793e..0000000 --- a/bitnami/osclass/templates/tls-secrets.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls (not .Values.ingress.certManager) }} -{{- $ca := genCA "osclass-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/osclass/values.yaml b/bitnami/osclass/values.yaml deleted file mode 100644 index 7e86ff1..0000000 --- a/bitnami/osclass/values.yaml +++ /dev/null @@ -1,824 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters -## - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" - -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" - -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" - -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} - -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} - -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section Osclass Image parameters -## - -## Bitnami Osclass image version -## ref: https://hub.docker.com/r/bitnami/osclass/tags/ -## @param image.registry Osclass image registry -## @param image.repository Osclass image repository -## @param image.tag Osclass image tag (immutable tags are recommended) -## @param image.pullPolicy Osclass image pull policy -## @param image.pullSecrets Osclass image pull secrets -## @param image.debug Enable Bitnami debug mode in Osclass image -## -image: - registry: docker.io - repository: bitnami/osclass - tag: 4.4.0-debian-10-r121 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - # - myRegistryKeySecretName - ## Set to true if you would like to see extra information on logs - ## - debug: false - -## @section Osclass Configuration parameters -## - -## @param osclassSkipInstall Skip wizard installation -## NOTE: useful if you use an external database that already contains Osclass data -## ref: https://github.com/bitnami/bitnami-docker-osclass#connect-osclass-docker-container-to-an-existing-database -## -osclassSkipInstall: false - -## @param osclassUsername Osclass username -## -osclassUsername: user - -## @param osclassSiteTitle Osclass site title -## -osclassSiteTitle: user - -## @param osclassPassword Osclass user password -## Defaults to a random 10-character alphanumeric string if not set -## -osclassPassword: "" - -## @param osclassEmail Osclass user email -## -osclassEmail: user@example.com - -## @param existingSecret Name of existing secret containing Osclass credentials -## NOTE: Must contain key `osclass-password` -## NOTE: When it's set, the `osclassPassword` parameter is ignored -## -existingSecret: "" - -## @param allowEmptyPassword Allow the container to be started with blank passwords -## -allowEmptyPassword: true - -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-osclass/#smtp-configuration -## @param smtpHost SMTP server host -## @param smtpPort SMTP server port -## @param smtpUser SMTP username -## @param smtpPassword SMTP user password -## @param smtpProtocol SMTP protocol -## -smtpHost: "" -smtpPort: "" -smtpUser: "" -smtpPassword: "" -smtpProtocol: "" - -## @section Osclass deployment parameters -## - -## @param hostAliases [array] Osclass pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - # Necessary for apache-exporter to work - - ip: "127.0.0.1" - hostnames: - - "status.localhost" - -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled Osclass pods' Security Context -## @param podSecurityContext.fsGroup Set Osclass pod's Security Context fsGroup -## -podSecurityContext: - enabled: true - fsGroup: 1001 - -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled Osclass containers' Security Context -## @param containerSecurityContext.runAsUser Set Osclass container's Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set Osclass container's Security Context runAsNonRoot -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - -## Configure extra options for Osclass containers' liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.path Path for the HTTP probe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: /oc-admin - initialDelaySeconds: 600 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 1 - -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Path for the HTTP probe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: /oc-admin - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 1 - failureThreshold: 5 - successThreshold: 1 - -## @param customLivenessProbe Custom livenessProbe that overrides the default one -## -customLivenessProbe: {} - -## @param customReadinessProbe Custom readinessProbe that overrides the default one -## -customReadinessProbe: {} - -## Add custom certificates and certificate authorities to Osclass container -## -certificates: - customCertificate: - ## @param certificates.customCertificate.certificateSecret name of the secret with custom certificates - ## - certificateSecret: "" - ## @param certificates.customCertificate.chainSecret.name name of the secret with the chain - ## @param certificates.customCertificate.chainSecret.key key of the secret with the chain - ## - chainSecret: - name: "" - key: "" - ## @param certificates.customCertificate.certificateLocation Location of the certificate inside the container - ## - certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem - ## @param certificates.customCertificate.keyLocation Location of the certificate key inside the container - ## - keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key - ## @param certificates.customCertificate.chainLocation Location of the certificate chain inside the container - ## - chainLocation: /etc/ssl/certs/mychain.pem - ## @param certificates.customCAs Array with custom CAs - ## - customCAs: [] - ## @param certificates.command Override certificate container command - ## - command: [] - ## Override container args - ## @param certificates.args Override certificate container args - ## - args: [] - ## @param certificates.extraEnvVars An array to add extra env vars - ## - extraEnvVars: [] - - ## @param certificates.extraEnvVarsCM ConfigMap with extra environment variables - ## - extraEnvVarsCM: "" - - ## @param certificates.extraEnvVarsSecret Secret with extra environment variables - ## - extraEnvVarsSecret: "" - - ## Bitnami Apache Exporter image - ## ref: https://hub.docker.com/r/bitnami/apache-exporter/tags/ - ## @param certificates.image.registry Apache Exporter image registry - ## @param certificates.image.repository Apache Exporter image repository - ## @param certificates.image.tag Apache Exporter image tag (immutable tags are recommended) - ## @param certificates.image.pullPolicy Apache Exporter image pull policy - ## @param certificates.image.pullSecrets Apache Exporter image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r199 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - # pullPolicy: - pullSecrets: [] - # - myRegistryKeySecretName - -## @param lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## @param podAnnotations Annotations for Osclass pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## @param podLabels Extra labels for Osclass pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## @param replicaCount Number of Osclass replicas to deploy -## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 -## -replicaCount: 1 - -## Container ports -## @param containerPorts.http WordPress HTTP container port -## @param containerPorts.https WordPress HTTPS container port -## -containerPorts: - http: 8080 - https: 8443 - -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] - -## @param updateStrategy.type Osclass deployment strategy type -## @param updateStrategy.rollingUpdate Osclass deployment rolling update configuration parameters -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods -## e.g: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate - rollingUpdate: {} - -## @param extraEnvVars Array with extra environment variables to add to the Osclass container -## e.g: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" - -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars -## -extraEnvVarsSecret: "" - -## @param extraVolumes Optionally specify extra list of additional volumes for Osclass pods -## -extraVolumes: [] - -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Osclass container(s) -## -extraVolumeMounts: [] - -## @param initContainers Add additional init containers to the Osclass pods -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## e.g: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## command: ['sh', '-c', 'copy themes and plugins from git and push to /bitnami/osclass/wp-content. Should work with extraVolumeMounts and extraVolumes'] -## -initContainers: [] - -## @param sidecars Add additional sidecar containers to the Osclass pod -## e.g: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] - -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" - -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} - -## @param nodeSelector Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Osclass containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.limits The resources limits for the Osclass container -## @param resources.requests [object] The requested resources for the Osclass container -## -resources: - requests: - memory: 512Mi - cpu: 300m - limits: {} - -## @param tolerations Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## @section Traffic Exposure Parameters -## - -## Osclass service parameters -## -service: - ## @param service.type WordPress service type - ## - type: LoadBalancer - ## @param service.port WordPress service HTTP port - ## - port: 80 - ## @param service.httpsPort WordPress service HTTPS port - ## - httpsPort: 443 - ## @param service.clusterIP WordPress service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerIP Osclass service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Osclass service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - - ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin - ## Values: ClientIP or None - ## ref: https://kubernetes.io/docs/user-guide/services/ - ## - sessionAffinity: "None" - - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.https Node port for HTTPS - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Osclass service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - -## Configure the ingress resource that allows you to access the Osclass installation -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress record generation for Osclass - ## - enabled: false - - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## - certManager: false - - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - - ## @param ingress.hostname Default host for the ingress record - ## - hostname: osclass.local - - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers - ## - path: / - - ## @param ingress.annotations Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## - annotations: {} - - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.tls=true` and `ingress.certManager=false` - ## - tls: false - - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: osclass.local - ## path: / - ## - extraHosts: [] - - ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - - ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - osclass.local - ## secretName: osclass.local-tls - ## - extraTls: [] - - ## @param ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: osclass.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] - -## @section Database Parameters -## - -## External Database Configuration -## All of these values are only used if `mariadb.enabled=false` -## -externalDatabase: - ## @param externalDatabase.host External Database server host - ## - host: "" - - ## @param externalDatabase.port External Database server port - ## - port: 3306 - - ## @param externalDatabase.user External Database username - ## - user: bn_osclass - - ## @param externalDatabase.password External Database user password - ## - password: "" - - ## @param externalDatabase.database External Database database name - ## - database: bitnami_osclass - -## -## MariaDB chart configuration -## -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Deploy a MariaDB server to satisfy the applications database requirements - ## To use an external database set this to false and configure the `externalDatabase.*` parameters - ## - enabled: true - - ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication` - ## - architecture: standalone - - ## MariaDB Authentication parameters - ## @param mariadb.auth.rootPassword MariaDB root password - ## @param mariadb.auth.database MariaDB custom database - ## @param mariadb.auth.username MariaDB custom user name - ## @param mariadb.auth.password MariaDB custom user password - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - auth: - rootPassword: "" - database: bitnami_osclass - username: bn_osclass - password: "" - - ## MariaDB Primary configuration - ## - primary: - ## MariaDB Primary Persistence parameters - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## @param mariadb.primary.persistence.enabled Enable persistence on MariaDB using PVC(s) - ## @param mariadb.primary.persistence.storageClass Persistent Volume storage class - ## @param mariadb.primary.persistence.accessModes [array] Persistent Volume access modes - ## @param mariadb.primary.persistence.size Persistent Volume size - ## - persistence: - enabled: true - storageClass: "" - accessModes: - - ReadWriteOnce - size: 8Gi - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using Persistent Volume Claims - ## - enabled: true - - ## @param persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param persistence.accessModes [array] Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - - ## @param persistence.size Persistent Volume size - ## - size: 8Gi - - ## @param persistence.existingClaim The name of an existing PVC to use for persistence - ## - existingClaim: "" - - ## @param persistence.hostPath If defined, the osclass-data volume will mount to the specified hostPath. - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` - ## - enabled: false - ## Bitnami Shell image - ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ - ## @param volumePermissions.image.registry Bitnami Shell image registry - ## @param volumePermissions.image.repository Bitnami Shell image repository - ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy - ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r199 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resources for the init container - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## @section Other Parameters -## - -## Osclass Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## @param pdb.create Enable a Pod Disruption Budget creation -## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled -## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable -## -pdb: - create: false - minAvailable: 1 - maxUnavailable: "" -## Osclass Autoscaling configuration -## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ -## @param autoscaling.enabled Enable Horizontal POD autoscaling for Osclass -## @param autoscaling.minReplicas Minimum number of Osclass replicas -## @param autoscaling.maxReplicas Maximum number of Osclass replicas -## @param autoscaling.targetCPU Target CPU utilization percentage -## @param autoscaling.targetMemory Target Memory utilization percentage -## -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 11 - targetCPU: 50 - targetMemory: 50 - -## @section Metrics Parameters -## - -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a sidecar prometheus exporter to expose metrics - ## - enabled: false - ## Bitnami Apache Exporter image - ## ref: https://hub.docker.com/r/bitnami/apache-exporter/tags/ - ## @param metrics.image.registry Apache Exporter image registry - ## @param metrics.image.repository Apache Exporter image repository - ## @param metrics.image.tag Apache Exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Apache Exporter image pull policy - ## @param metrics.image.pullSecrets Apache Exporter image pull secrets - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.1-debian-10-r0 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - # - myRegistryKeySecretName - ## Prometheus exporter container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param metrics.resources.limits The resources limits for the Prometheus exporter container - ## @param metrics.resources.requests The requested resources for the Prometheus exporter container - ## - resources: - limits: {} - requests: {} - ## @param metrics.podAnnotations Annotations to add - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## Prometheus exporter service parameters - ## - service: - ## @param metrics.service.type Metrics service type - ## - type: ClusterIP - ## @param metrics.service.port Metrics service port - ## - port: 9117 - ## @param metrics.service.annotations [object] Additional custom annotations for Metrics service - ## - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.port }}" - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created - ## - namespace: "" - ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabellings Metrics relabellings to add to the scrape endpoint - ## - relabellings: [] - ## @param metrics.serviceMonitor.honorLabels Labels to honor to add to the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.additionalLabels Additional custom labels for the ServiceMonitor - ## - additionalLabels: {} diff --git a/bitnami/owncloud/.helmignore b/bitnami/owncloud/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/owncloud/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/owncloud/ci/ct-values.yaml b/bitnami/owncloud/ci/ct-values.yaml deleted file mode 100644 index 046ebf0..0000000 --- a/bitnami/owncloud/ci/ct-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -service: - type: ClusterIP -# Avoids issues with yamllint -livenessProbe: - httpGet: - httpHeaders: [] -readinessProbe: - httpGet: - httpHeaders: [] diff --git a/bitnami/owncloud/templates/_certificates.tpl b/bitnami/owncloud/templates/_certificates.tpl deleted file mode 100644 index 8f3f78b..0000000 --- a/bitnami/owncloud/templates/_certificates.tpl +++ /dev/null @@ -1,123 +0,0 @@ -{{/* Templates for certificates injection */}} - -{{/* -Return the proper image name used for setting up Certificates -*/}} -{{- define "certificates.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.certificates.image "global" .Values.global) }} -{{- end -}} - -{{- define "certificates.initContainer" -}} -{{- if .Values.certificates.customCAs }} -- name: certificates - image: {{ include "certificates.image" . }} - imagePullPolicy: {{ .Values.certificates.image.pullPolicy }} - {{- if .Values.image.pullSecrets}} - imagePullSecrets: - {{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }} - - name: {{ . }} - {{- end }} - {{- end }} - command: - {{- if .Values.certificates.command }} - {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 4 }} - {{- else if .Values.certificates.customCertificate.certificateSecret }} - - sh - - -c - - install_packages ca-certificates openssl - {{- else }} - - sh - - -c - - install_packages ca-certificates openssl - && openssl req -new -x509 -days 3650 -nodes -sha256 - -subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)" - -out {{ .Values.certificates.customCertificate.certificateLocation }} - -keyout {{ .Values.certificates.customCertificate.keyLocation }} -extensions v3_req - {{- end }} - {{- if .Values.certificates.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.certificates.extraEnvVars }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 4 }} - {{- end }} - envFrom: - {{- if .Values.certificates.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.certificates.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }} - {{- end }} - volumeMounts: - - name: etc-ssl-certs - mountPath: /etc/ssl/certs - readOnly: false - - name: etc-ssl-private - mountPath: /etc/ssl/private - readOnly: false - - name: custom-ca-certificates - mountPath: /usr/local/share/ca-certificates - readOnly: true -{{- end }} -{{- end }} - -{{- define "certificates.volumes" -}} -{{- if .Values.certificates.customCAs }} -- name: etc-ssl-certs - emptyDir: - medium: "Memory" -- name: etc-ssl-private - emptyDir: - medium: "Memory" -- name: custom-ca-certificates - projected: - defaultMode: 0400 - sources: - {{- range $index, $customCA := .Values.certificates.customCAs }} - - secret: - name: {{ $customCA.secret }} - # items not specified, will mount all keys - {{- end }} -{{- end -}} -{{- if .Values.certificates.customCertificate.certificateSecret }} -- name: custom-certificate - secret: - secretName: {{ .Values.certificates.customCertificate.certificateSecret }} -{{- if .Values.certificates.customCertificate.chainSecret }} -- name: custom-certificate-chain - secret: - secretName: {{ .Values.certificates.customCertificate.chainSecret.name }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "certificates.volumeMounts" -}} -{{- if .Values.certificates.customCAs }} -- name: etc-ssl-certs - mountPath: /etc/ssl/certs/ - readOnly: false -- name: etc-ssl-private - mountPath: /etc/ssl/private/ - readOnly: false -- name: custom-ca-certificates - mountPath: /usr/local/share/ca-certificates - readOnly: true -{{- end -}} -{{- if .Values.certificates.customCertificate.certificateSecret }} -- name: custom-certificate - mountPath: {{ .Values.certificates.customCertificate.certificateLocation }} - subPath: tls.crt - readOnly: true -- name: custom-certificate - mountPath: {{ .Values.certificates.customCertificate.keyLocation }} - subPath: tls.key - readOnly: true -{{- if .Values.certificates.customCertificate.chainSecret }} -- name: custom-certificate-chain - mountPath: {{ .Values.certificates.customCertificate.chainLocation }} - subPath: {{ .Values.certificates.customCertificate.chainSecret.key }} - readOnly: true -{{- end }} -{{- end -}} -{{- end -}} diff --git a/bitnami/owncloud/templates/externaldb-secrets.yaml b/bitnami/owncloud/templates/externaldb-secrets.yaml deleted file mode 100644 index a8b5019..0000000 --- a/bitnami/owncloud/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-externaldb" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - mariadb-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/owncloud/templates/extra-list.yaml b/bitnami/owncloud/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/owncloud/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/owncloud/templates/metrics-svc.yaml b/bitnami/owncloud/templates/metrics-svc.yaml deleted file mode 100644 index 35b847e..0000000 --- a/bitnami/owncloud/templates/metrics-svc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{ if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - port: {{ .Values.metrics.service.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} -{{- end }} diff --git a/bitnami/owncloud/templates/svc.yaml b/bitnami/owncloud/templates/svc.yaml deleted file mode 100644 index 8c0729f..0000000 --- a/bitnami/owncloud/templates/svc.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} - {{- if (and .Values.service.clusterIP (eq .Values.service.type "ClusterIP")) }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if (and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer")) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: https - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - publishNotReadyAddresses: true diff --git a/bitnami/parse/.helmignore b/bitnami/parse/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/parse/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/parse/ci/ct-values.yaml b/bitnami/parse/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/parse/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/parse/templates/extra-list.yaml b/bitnami/parse/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/parse/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/phabricator/.helmignore b/bitnami/phabricator/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/phabricator/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/phabricator/ci/ct-values.yaml b/bitnami/phabricator/ci/ct-values.yaml deleted file mode 100644 index 046ebf0..0000000 --- a/bitnami/phabricator/ci/ct-values.yaml +++ /dev/null @@ -1,9 +0,0 @@ -service: - type: ClusterIP -# Avoids issues with yamllint -livenessProbe: - httpGet: - httpHeaders: [] -readinessProbe: - httpGet: - httpHeaders: [] diff --git a/bitnami/phabricator/templates/extra-list.yaml b/bitnami/phabricator/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/phabricator/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/phabricator/templates/ingress.yaml b/bitnami/phabricator/templates/ingress.yaml deleted file mode 100644 index e1ad8f3..0000000 --- a/bitnami/phabricator/templates/ingress.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/phpbb/.helmignore b/bitnami/phpbb/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/phpbb/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/phpbb/Chart.lock b/bitnami/phpbb/Chart.lock deleted file mode 100644 index 6473484..0000000 --- a/bitnami/phpbb/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.6.0 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:7fa0b1c1e6d6dd76307a964de21584af18d7300c843aecf220eac7aab4bea197 -generated: "2021-09-24T18:02:54.158745225Z" diff --git a/bitnami/phpbb/Chart.yaml b/bitnami/phpbb/Chart.yaml deleted file mode 100644 index 232a952..0000000 --- a/bitnami/phpbb/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - category: Forum -apiVersion: v2 -appVersion: 3.3.4 -dependencies: - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - version: 1.x.x -description: Community forum that supports the notion of users and groups, file attachments, full-text search, notifications and more. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/phpbb -icon: https://bitnami.com/assets/stacks/phpbb/img/phpbb-stack-220x234.png -keywords: - - phpbb - - forum - - http - - php -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: phpbb -sources: - - https://github.com/bitnami/bitnami-docker-phpbb - - https://www.phpbb.com/ -version: 10.1.20 diff --git a/bitnami/phpbb/README.md b/bitnami/phpbb/README.md deleted file mode 100644 index 9b9cca9..0000000 --- a/bitnami/phpbb/README.md +++ /dev/null @@ -1,412 +0,0 @@ -# phpBB - -[phpBB](https://www.phpbb.com/) is an Internet forum package written in the PHP scripting language. The name "phpBB" is an abbreviation of PHP Bulletin Board. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/phpbb -``` - -## Introduction - -This chart bootstraps a [phpBB](https://github.com/bitnami/bitnami-docker-phpbb) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the phpBB application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/phpbb -``` - -The command deploys phpBB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | --------------------------------------------------------------------------------------------------------- | ----- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `commonAnnotations` | Common annotations to add to all phpBB resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all phpBB resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | - - -### phpBB parameters - -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `image.registry` | phpBB image registry | `docker.io` | -| `image.repository` | phpBB Image repository | `bitnami/phpbb` | -| `image.tag` | phpBB Image tag (immutable tags are recommended) | `3.3.4-debian-10-r129` | -| `image.pullPolicy` | phpBB image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `replicaCount` | Number of replicas (requires ReadWriteMany PVC support) | `1` | -| `phpbbSkipInstall` | Skip phpBB installation wizard. Useful for migrations and restoring from SQL dump | `no` | -| `phpbbDisableSessionValidation` | Disable session validation | `yes` | -| `phpbbUsername` | User of the application | `user` | -| `phpbbPassword` | Application password | `""` | -| `phpbbEmail` | Admin email | `user@example.com` | -| `allowEmptyPassword` | Allow DB blank passwords | `no` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `extraEnvVars` | An array to add extra env vars | `[]` | -| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `extraVolumes` | Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Extra volume mounts to add to the container. Normally used with `extraVolumes` | `[]` | -| `initContainers` | Extra init containers to add to the deployment | `[]` | -| `sidecars` | Extra sidecar containers to add to the deployment | `[]` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `existingSecret` | Use existing secret for the application password | `""` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r202` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | -| `smtpHost` | SMTP host | `""` | -| `smtpPort` | SMTP port | `""` | -| `smtpUser` | SMTP user | `""` | -| `smtpPassword` | SMTP password | `""` | -| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `""` | -| `containerPorts` | Container ports | `{}` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | Database data Persistent Volume Storage Class | `""` | -| `persistence.accessMode` | PVC Access Mode for phpBB volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for phpBB volume | `8Gi` | -| `persistence.existingClaim` | A manually managed Persistent Volume Claim | `""` | -| `persistence.hostPath` | Host mount path for phpBB volume | `""` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `podSecurityContext.enabled` | Enable phpBB pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | phpBB pods' group ID | `1001` | -| `containerSecurityContext.enabled` | Enable phpBB containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | phpBB containers' Security Context | `1001` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `priorityClassName` | Define the priority class name to use for the phpbb pods | `""` | -| `lifecycleHooks` | LifecycleHook to set additional configuration before or after startup | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Pod extra labels | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ------------------------------- | ------------------------------------------------------------------------------------------------------ | ------------------------ | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.nodePorts.http` | Kubernetes HTTP node port | `""` | -| `service.nodePorts.https` | Kubernetes HTTPS node port | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `ingress.enabled` | Set to true to enable ingress record generation | `false` | -| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `phpbb.local` | -| `ingress.path` | The Path to phpBB. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Database parameters - -| Name | Description | Value | -| ------------------------------------------- | ------------------------------------------------------------------------------------ | ------------------- | -| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements | `true` | -| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_phpbb` | -| `mariadb.auth.username` | Database user to create | `bn_phpbb` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | -| `mariadb.primary.persistence.accessModes` | PVC Access Modes for phpBB volume | `["ReadWriteOnce"]` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Host mount path for MariaDB volume | `""` | -| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `externalDatabase.existingSecret` | Use existing secret (ignores previous password) | `""` | -| `externalDatabase.host` | Host of the existing database | `""` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.user` | Existing username in the external db | `bn_phpbb` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_phpbb` | - - -### Metrics parameters - -| Name | Description | Value | -| --------------------------- | ---------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r4` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | -| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` | - - -The above parameters map to the env variables defined in [bitnami/phpbb](http://github.com/bitnami/bitnami-docker-phpbb). For more information please refer to the [bitnami/phpbb](http://github.com/bitnami/bitnami-docker-phpbb) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set phpbbUsername=admin,phpbbPassword=password,mariadb.mariadbRootPassword=secretpassword \ - bitnami/phpbb -``` - -The above command sets the phpBB administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/phpbb -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Ingress without TLS - -For using ingress (example without TLS): - -```console -ingress.enabled=True -ingress.hosts[0]=phpbb.domain.com -serviceType=ClusterIP -phpbbUsername=admin -phpbbPassword=password -mariadb.mariadbRootPassword=secretpassword -``` - -These are the *3 mandatory parameters* when *Ingress* is desired: `ingress.enabled=True`, `ingress.hosts[0]=phpbb.domain.com` and `serviceType=ClusterIP` - -### Ingress TLS - -If your cluster allows automatic creation/retrieval of TLS certificates (e.g. [kube-lego](https://github.com/jetstack/kube-lego)), please refer to the documentation for that mechanism. - -To manually configure TLS, first create/retrieve a key & certificate pair for the address(es) you wish to protect. Then create a TLS secret (named `phpbb-server-tls` in this example) in the namespace. Include the secret's name, along with the desired hostnames, in the Ingress TLS section of your custom `values.yaml` file: - -```yaml -ingress: - ## If true, phpBB server Ingress will be created - ## - enabled: true - - ## phpBB server Ingress annotations - ## - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: 'true' - - ## phpBB server Ingress hostnames - ## Must be provided if Ingress is enabled - ## - hosts: - - phpbb.domain.com - - ## phpBB server Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - tls: - - secretName: phpbb-server-tls - hosts: - - phpbb.domain.com -``` - -## Persistence - -The [Bitnami phpBB](https://github.com/bitnami/bitnami-docker-phpbb) image stores the phpBB data and configurations at the `/bitnami/phpbb` and `/bitnami/apache` paths of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, vpshere, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. -You may want to review the [PV reclaim policy](https://kubernetes.io/docs/tasks/administer-cluster/change-pv-reclaim-policy/) and update as required. By default, it's set to delete, and when phpBB is uninstalled, data is also removed. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 10.0.0 - -This version standardizes the way of defining Ingress rules. When configuring a single hostname for the Ingress rule, set the `ingress.hostname` value. When defining more than one, set the `ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading. - -### To 9.0.0 - -In this major there were two main changes introduced: - -1. Adaptation to Helm v2 EOL -2. Updated MariaDB dependency version - -Please read the update notes carefully. - -**1. Adaptation to Helm v2 EOL** - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -**2. Updated MariaDB dependency version** - -In this major the MariaDB dependency version was also bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -To upgrade to `9.0.0`, it should be done reusing the PVCs used to hold both the MariaDB and phpBB data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `phpbb`): - -> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x - -Obtain the credentials and the names of the PVCs used to hold both the MariaDB and phpBB data on your current release: - -```console -export PHPBB_PASSWORD=$(kubectl get secret --namespace default phpbb -o jsonpath="{.data.phpbb-password}" | base64 --decode) -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default phpbb-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default phpbb-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=phpbb -o jsonpath="{.items[0].metadata.name}") -``` - -Upgrade your release (maintaining the version) disabling MariaDB and scaling phpBB replicas to 0: - -```console -$ helm upgrade phpbb bitnami/phpbb --set phpbbPassword=$PHPBB_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 8.0.5 -``` - -Finally, upgrade you release to 9.0.0 reusing the existing PVC, and enabling back MariaDB: - -```console -$ helm upgrade phpbb bitnami/phpbb --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set phpbbPassword=$PHPBB_PASSWORD -``` - -You should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=phpbb,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` - -### To 8.0.0 - -The [Bitnami phpBB](https://github.com/bitnami/bitnami-docker-phpbb) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by setting the parameters `containerSecurityContext.runAsUser` to `root`. - -Consequences: - -- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. -- Backwards compatibility is not guaranteed. - -To upgrade to `8.0.0`, backup phpBB data and the previous MariaDB databases, install a new phpBB chart and import the backups and data, ensuring the `1001` user has the appropriate permissions on the migrated volume. - -This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information. - -### To 7.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17307 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is phpbb: - -```console -$ kubectl patch deployment phpbb-phpbb --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl delete statefulset phpbb-mariadb --cascade=false -``` diff --git a/bitnami/phpbb/ci/ct-values.yaml b/bitnami/phpbb/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/phpbb/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/phpbb/templates/NOTES.txt b/bitnami/phpbb/templates/NOTES.txt deleted file mode 100644 index 3c7518b..0000000 --- a/bitnami/phpbb/templates/NOTES.txt +++ /dev/null @@ -1,87 +0,0 @@ - -{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} -** Please be patient while the chart is being deployed ** -{{- if and .Values.ingress.enabled (ne .Values.service.type "ClusterIP") }} -** Notice : Usually with ingress the service.type should be set to ClusterIP, which is not the case to this deployment! ** -{{- end }} - -1. Access you phpBB instance with: - -{{- if .Values.ingress.enabled }} - {{ if .Values.ingress.tls }} - {{- range .Values.ingress.hosts }} - - https://{{ . }} - {{- end }} - {{- else }} - {{- range .Values.ingress.hosts }} - - http://{{ . }} - {{- end }} - {{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "phpBB URL: http://$NODE_IP:$NODE_PORT/" - -{{- else if contains "LoadBalancer" .Values.service.type }} - -** Please ensure an external IP is associated to the {{ template "common.names.fullname" . }} service before proceeding ** -** Watch the status using: kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }} ** - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - -{{- $port:=.Values.service.port | toString }} - echo "phpBB URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 8080:{{ .Values.service.port }} - echo "phpBB URL: http://127.0.0.1:8080/" - -{{- end }} - -2. Login with the following credentials - - echo Username: {{ .Values.phpbbUsername }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "phpbb.secretName" . }} -o jsonpath="{.data.phpbb-password}" | base64 --decode) - -{{- else -}} - -######################################################################################## -### ERROR: You did not provide an external database host in your 'helm install' call ### -######################################################################################## - -This deployment will be incomplete until you configure phpBB with a resolvable database -host. To configure phpBB to use and external database host: - -1. Complete your phpBB deployment by running: - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} --set service.type={{ .Values.service.type }},mariadb.enabled=false,externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST bitnami/phpbb - -{{- end }} - -{{- include "phpbb.checkRollingTags" . }} - -{{- $passwordValidationErrors := list -}} -{{- $secretName := include "phpbb.secretName" . -}} - -{{- if not .Values.existingSecret -}} - {{- $requiredphpBBPassword := dict "valueKey" "phpbbPassword" "secret" $secretName "field" "phpbb-password" "context" $ -}} - {{- $requiredphpBBPasswordError := include "common.validations.values.single.empty" $requiredphpBBPassword -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $requiredphpBBPasswordError -}} -{{- end -}} - -{{- $databaseSecretName := include "phpbb.databaseSecretName" . -}} - -{{- if .Values.mariadb.enabled }} - {{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $databaseSecretName "subchart" true "context" $) -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} -{{- end }} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} - -{{- if and (not .Values.mariadb.enabled) .Release.IsUpgrade -}} - {{- $requiredExternalPassword := dict "valueKey" "externalDatabase.password" "secret" $databaseSecretName "field" "db-password" -}} - -WARNING: Review values for the following password in the command, if they are correct please ignore this notice. - {{- include "common.validations.values.multiple.empty" (dict "required" (list $requiredExternalPassword) "context" $) -}} -{{- end -}} diff --git a/bitnami/phpbb/templates/_helpers.tpl b/bitnami/phpbb/templates/_helpers.tpl deleted file mode 100644 index 7a5484d..0000000 --- a/bitnami/phpbb/templates/_helpers.tpl +++ /dev/null @@ -1,114 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "phpbb.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper phpBB image name -*/}} -{{- define "phpbb.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "phpbb.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "phpbb.metrics.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.metrics.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "phpbb.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "phpbb.storageClass" -}} -{{- include "common.storage.class" ( dict "persistence" .Values.persistence "global" .Values.global ) -}} -{{- end -}} - -{{/* phpBB credential secret name */}} -{{- define "phpbb.secretName" -}} -{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "phpbb.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image -}} -{{- include "common.warnings.rollingTag" .Values.metrics.image -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "phpbb.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "phpbb.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "phpbb.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "phpbb.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "phpbb.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "phpbb.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "phpbb.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "phpbb.mariadb.fullname" .) -}} -{{- else if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-%s" .Release.Name "externaldb" -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/phpbb/templates/deployment.yaml b/bitnami/phpbb/templates/deployment.yaml deleted file mode 100644 index 2faecc6..0000000 --- a/bitnami/phpbb/templates/deployment.yaml +++ /dev/null @@ -1,237 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: phpbb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: phpbb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "phpbb.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "phpbb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /bitnami/phpbb - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/phpbb - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: phpbb - image: {{ template "phpbb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ .Values.allowEmptyPassword | quote }} - - name: APACHE_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: APACHE_HTTPS_PORT_NUMBER - value: {{ .Values.containerPorts.https | quote }} - - name: PHPBB_DATABASE_HOST - value: {{ include "phpbb.databaseHost" . | quote }} - - name: PHPBB_DATABASE_PORT_NUMBER - value: {{ include "phpbb.databasePort" . | quote }} - - name: PHPBB_DATABASE_NAME - value: {{ include "phpbb.databaseName" . | quote }} - - name: PHPBB_DATABASE_USER - value: {{ include "phpbb.databaseUser" . | quote }} - - name: PHPBB_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "phpbb.databaseSecretName" . }} - key: mariadb-password - - name: PHPBB_SKIP_BOOTSTRAP - value: {{ default "no" .Values.phpbbSkipInstall | quote }} - - name: PHPBB_USERNAME - value: {{ default "" .Values.phpbbUsername | quote }} - - name: PHPBB_DISABLE_SESSION_VALIDATION - value: {{ default "no" .Values.phpbbDisableSessionValidation | quote }} - - name: PHPBB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "phpbb.secretName" . }} - key: phpbb-password - - name: PHPBB_EMAIL - value: {{ default "" .Values.phpbbEmail | quote }} - - name: SMTP_HOST - value: {{ default "" .Values.smtpHost | quote }} - - name: SMTP_PORT - value: {{ default "" .Values.smtpPort | quote }} - - name: SMTP_USER - value: {{ default "" .Values.smtpUser | quote }} - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "phpbb.secretName" . }} - key: smtp-password - - name: SMTP_PROTOCOL - value: {{ default "" .Values.smtpProtocol | quote }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /app.php/help/faq - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /app.php/help/faq - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{ toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: phpbb-data - mountPath: /bitnami - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "phpbb.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:80/server-status/?auto'] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: {{ toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: phpbb-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" . ) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/phpbb/templates/externaldb-secrets.yaml b/bitnami/phpbb/templates/externaldb-secrets.yaml deleted file mode 100644 index 06e77fb..0000000 --- a/bitnami/phpbb/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if not .Values.mariadb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-%s" .Release.Name "externaldb" }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: phpbb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - mariadb-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/phpbb/templates/extra-list.yaml b/bitnami/phpbb/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/phpbb/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/phpbb/templates/ingress.yaml b/bitnami/phpbb/templates/ingress.yaml deleted file mode 100644 index 7919f75..0000000 --- a/bitnami/phpbb/templates/ingress.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: phpbb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/phpbb/templates/phpbb-pvc.yaml b/bitnami/phpbb/templates/phpbb-pvc.yaml deleted file mode 100644 index 3bbb6d3..0000000 --- a/bitnami/phpbb/templates/phpbb-pvc.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: phpbb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.persistence.hostPath }} - storageClassName: "" - {{- end }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "phpbb.storageClass" . | nindent 2 }} -{{- end -}} diff --git a/bitnami/phpbb/templates/secrets.yaml b/bitnami/phpbb/templates/secrets.yaml deleted file mode 100644 index a74e15d..0000000 --- a/bitnami/phpbb/templates/secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: phpbb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.phpbbPassword }} - phpbb-password: {{ default "" .Values.phpbbPassword | b64enc | quote }} - {{- else }} - phpbb-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - smtp-password: {{ default "" .Values.smtpPassword | b64enc | quote }} -{{- end }} diff --git a/bitnami/phpbb/templates/svc.yaml b/bitnami/phpbb/templates/svc.yaml deleted file mode 100644 index 320e700..0000000 --- a/bitnami/phpbb/templates/svc.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: phpbb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.http)))}} - nodePort: {{ .Values.service.nodePorts.http }} - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: https - {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePorts.https)))}} - nodePort: {{ .Values.service.nodePorts.https }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/phpbb/templates/tls-secrets.yaml b/bitnami/phpbb/templates/tls-secrets.yaml deleted file mode 100644 index 0591618..0000000 --- a/bitnami/phpbb/templates/tls-secrets.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: phpbb - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} -{{- end }} -{{- end }} diff --git a/bitnami/phpbb/values.yaml b/bitnami/phpbb/values.yaml deleted file mode 100644 index 348a1e1..0000000 --- a/bitnami/phpbb/values.yaml +++ /dev/null @@ -1,586 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param commonAnnotations Common annotations to add to all phpBB resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels Common labels to add to all phpBB resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) -## -extraDeploy: [] - -## @section phpBB parameters - -## Bitnami phpBB image version -## ref: https://hub.docker.com/r/bitnami/phpbb/tags/ -## @param image.registry phpBB image registry -## @param image.repository phpBB Image repository -## @param image.tag phpBB Image tag (immutable tags are recommended) -## @param image.pullPolicy phpBB image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/phpbb - tag: 3.3.4-debian-10-r129 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param replicaCount Number of replicas (requires ReadWriteMany PVC support) -## -replicaCount: 1 -## @param phpbbSkipInstall Skip phpBB installation wizard. Useful for migrations and restoring from SQL dump -## ref: https://github.com/bitnami/bitnami-docker-phpbb#configuration -## -phpbbSkipInstall: "no" -## @param phpbbDisableSessionValidation Disable session validation -## ref: https://github.com/bitnami/bitnami-docker-phpbb#configuration -## -phpbbDisableSessionValidation: "yes" -## @param phpbbUsername User of the application -## ref: https://github.com/bitnami/bitnami-docker-phpbb#configuration -## -phpbbUsername: user -## @param phpbbPassword Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-phpbb#configuration -## -phpbbPassword: "" -## @param phpbbEmail Admin email -## ref: https://github.com/bitnami/bitnami-docker-phpbb#configuration -## -phpbbEmail: user@example.com -## @param allowEmptyPassword Allow DB blank passwords -## ref: https://github.com/bitnami/bitnami-docker-phpbb#environment-variables -## -allowEmptyPassword: "no" -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param hostAliases [array] Add deployment host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - ## Necessary for apache-exporter to work - ## - - ip: "127.0.0.1" - hostnames: - - "status.localhost" -## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate -## @param extraEnvVars An array to add extra env vars -## For example: -## - name: BEARER_AUTH -## value: true -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap with extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret with extra environment variables -## -extraEnvVarsSecret: "" -## @param extraVolumes Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Extra volume mounts to add to the container. Normally used with `extraVolumes` -## -extraVolumeMounts: [] -## @param initContainers Extra init containers to add to the deployment -## -initContainers: [] -## @param sidecars Extra sidecar containers to add to the deployment -## -sidecars: [] -## @param tolerations Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param existingSecret Use existing secret for the application password -## -existingSecret: "" -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r202 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-phpbb/#smtp-configuration -## @param smtpHost SMTP host -## @param smtpPort SMTP port -## @param smtpUser SMTP user -## @param smtpPassword SMTP password -## @param smtpProtocol SMTP Protocol (options: ssl,tls, nil) -## -smtpHost: "" -smtpPort: "" -smtpUser: "" -smtpPassword: "" -smtpProtocol: "" -## @param containerPorts [object] Container ports -## -containerPorts: - http: 8080 - https: 8443 -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.storageClass Database data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessMode PVC Access Mode for phpBB volume - ## - accessMode: ReadWriteOnce - ## @param persistence.size PVC Storage Request for phpBB volume - ## - size: 8Gi - ## @param persistence.existingClaim A manually managed Persistent Volume Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - ## @param persistence.hostPath Host mount path for phpBB volume - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.requests [object] The requested resources for the container -## -resources: - requests: - memory: 512Mi - cpu: 300m -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable phpBB pods' Security Context -## @param podSecurityContext.fsGroup phpBB pods' group ID -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable phpBB containers' Security Context -## @param containerSecurityContext.runAsUser phpBB containers' Security Context -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 600 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 6 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param priorityClassName Define the priority class name to use for the phpbb pods -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## @param lifecycleHooks LifecycleHook to set additional configuration before or after startup -## -lifecycleHooks: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## @section Traffic Exposure Parameters - -## Kubernetes configuration -## For minikube, set this to NodePort, for ingress ClusterIP, elsewhere use LoadBalancer -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 80 - ## @param service.httpsPort Service HTTPS port - ## - httpsPort: 443 - ## loadBalancerIP for the phpBB Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## @param service.nodePorts.http Kubernetes HTTP node port - ## @param service.nodePorts.https Kubernetes HTTPS node port - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster -## Configure the ingress resource that allows you to access the -## phpBB installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Set to true to enable ingress record generation - ## - enabled: false - ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: phpbb.local - ## @param ingress.path The Path to phpBB. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: phpbb.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - phpbb.local - ## secretName: phpbb.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: phpbb.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Database parameters - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements - ## To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication` - ## - architecture: standalone - ## MariaDB Authentication parameters - ## - auth: - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param mariadb.auth.database Database name to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - database: bitnami_phpbb - ## @param mariadb.auth.username Database user to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: bn_phpbb - ## @param mariadb.auth.password Password for the database - ## - password: "" - primary: - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## - enabled: true - ## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param mariadb.primary.persistence.accessModes PVC Access Modes for phpBB volume - ## - accessModes: - - ReadWriteOnce - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## - size: 8Gi - ## @param mariadb.primary.persistence.hostPath Host mount path for MariaDB volume - ## - hostPath: "" - ## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas - ## - existingClaim: "" -## External database configuration -## -externalDatabase: - ## @param externalDatabase.existingSecret Use existing secret (ignores previous password) - ## Must contain key `mariadb-password` - ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored - existingSecret: "" - ## @param externalDatabase.host Host of the existing database - ## - host: "" - ## @param externalDatabase.port Port of the existing database - ## - port: 3306 - ## @param externalDatabase.user Existing username in the external db - ## - user: bn_phpbb - ## @param externalDatabase.password Password for the above username - ## - password: "" - ## @param externalDatabase.database Name of the existing database - ## - database: bitnami_phpbb - -## @section Metrics parameters - -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Apache exporter image registry - ## @param metrics.image.repository Apache exporter image repository - ## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.1-debian-10-r4 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.resources Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## @param metrics.podAnnotations [object] Additional annotations for Metrics exporter pod - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" diff --git a/bitnami/phpmyadmin/.helmignore b/bitnami/phpmyadmin/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/phpmyadmin/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/phpmyadmin/Chart.lock b/bitnami/phpmyadmin/Chart.lock deleted file mode 100644 index 3a523d9..0000000 --- a/bitnami/phpmyadmin/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.6.0 -digest: sha256:b9c4cb68ebd33909f6424124bfe176d2fd0f67b5d4abb0c522818920a261f83f -generated: "2021-09-24T15:16:53.240787293Z" diff --git a/bitnami/phpmyadmin/Chart.yaml b/bitnami/phpmyadmin/Chart.yaml deleted file mode 100644 index ffbb12b..0000000 --- a/bitnami/phpmyadmin/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 5.1.1 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x - - condition: db.bundleTestDB - name: mariadb - repository: https://charts.bitnami.com/bitnami - tags: - - phpmyadmin-database - version: 9.x.x -description: phpMyAdmin is an mysql administration frontend -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/phpmyadmin -icon: https://bitnami.com/assets/stacks/phpmyadmin/img/phpmyadmin-stack-220x234.png -keywords: - - mariadb - - mysql - - phpmyadmin -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: phpmyadmin -sources: - - https://github.com/bitnami/bitnami-docker-phpmyadmin - - https://www.phpmyadmin.net/ -version: 8.2.13 diff --git a/bitnami/phpmyadmin/README.md b/bitnami/phpmyadmin/README.md deleted file mode 100644 index a6caa71..0000000 --- a/bitnami/phpmyadmin/README.md +++ /dev/null @@ -1,442 +0,0 @@ -# phpMyAdmin - -[phpMyAdmin](https://www.phpmyadmin.net/) is a free and open source administration tool for MySQL and MariaDB. As a portable web application written primarily in PHP, it has become one of the most popular MySQL administration tools, especially for web hosting services. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/phpmyadmin -``` - -## Introduction - -This chart bootstraps a [phpMyAdmin](https://github.com/bitnami/bitnami-docker-phpmyadmin) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.8+ with Beta APIs enabled -- Helm 3.1.0 - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/phpmyadmin -``` - -The command deploys phpMyAdmin on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | -| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### phpMyAdmin parameters - -| Name | Description | Value | -| -------------------- | -------------------------------------------------------------------- | --------------------- | -| `image.registry` | phpMyAdmin image registry | `docker.io` | -| `image.repository` | phpMyAdmin image repository | `bitnami/phpmyadmin` | -| `image.tag` | phpMyAdmin image tag (immutable tags are recommended) | `5.1.1-debian-10-r98` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraEnvVars` | Extra environment variables to be set on PhpMyAdmin container | `[]` | -| `extraEnvVarsCM` | Name of a existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of a existing Secret containing extra env vars | `""` | - - -### phpMyAdmin deployment parameters - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------------------------------------------------------- | --------------- | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `containerPorts.http` | HTTP port to expose at container level | `8080` | -| `containerPorts.https` | HTTPS port to expose at container level | `8443` | -| `updateStrategy.type` | Strategy to use to update Pods | `RollingUpdate` | -| `podSecurityContext.enabled` | Enable phpMyAdmin pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | User ID for the container | `1001` | -| `containerSecurityContext.enabled` | Enable phpMyAdmin containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Group ID for the volumes of the pod | `1001` | -| `resources.limits` | The resources limits for the PhpMyAdmin container | `{}` | -| `resources.requests` | The requested resources for the PhpMyAdmin container | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.httpGet.path` | Request path for livenessProbe | `/` | -| `livenessProbe.httpGet.port` | Port for livenessProbe | `http` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.httpGet.path` | Request path for readinessProbe | `/` | -| `readinessProbe.httpGet.port` | Port for readinessProbe | `http` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `podLabels` | Extra labels for PhpMyAdmin pods | `{}` | -| `podAnnotations` | Annotations for PhpMyAdmin pods | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes for PhpMyAdmin pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for PhpMyAdmin container(s) | `[]` | -| `initContainers` | Add init containers to the PhpMyAdmin pods | `[]` | -| `sidecars` | Add sidecar containers to the PhpMyAdmin pods | `[]` | - - -### Traffic Exposure parameters - -| Name | Description | Value | -| ---------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.nodePorts.http` | Kubernetes http node port | `""` | -| `service.nodePorts.https` | Kubernetes https node port | `""` | -| `service.clusterIP` | PhpMyAdmin service clusterIP IP | `""` | -| `service.loadBalancerIP` | Load balancer IP for the phpMyAdmin Service (optional, cloud specific) | `""` | -| `service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.annotations` | Provide any additional annotations that may be required for the PhpMyAdmin service | `{}` | -| `ingress.enabled` | Set to true to enable ingress record generation | `false` | -| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `ingress.hostname` | When the ingress is enabled, a host pointing to this will be created | `phpmyadmin.local` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at `ingress.hostname` parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Database parameters - -| Name | Description | Value | -| -------------------------- | ----------------------------------------------------------------- | ------- | -| `db.allowArbitraryServer` | Enable connection to arbitrary MySQL server | `true` | -| `db.port` | Database port to use to connect | `3306` | -| `db.chartName` | Database suffix if included in the same release | `""` | -| `db.host` | Database Hostname. Ignored when `db.chartName` is set. | `""` | -| `db.bundleTestDB` | Deploy a MariaDB instance for testing purposes | `false` | -| `db.enableSsl` | Enable SSL for the connection between phpMyAdmin and the database | `false` | -| `db.ssl.clientKey` | Client key file when using SSL | `""` | -| `db.ssl.clientCertificate` | Client certificate file when using SSL | `""` | -| `db.ssl.caCertificate` | CA file when using SSL | `""` | -| `db.ssl.ciphers` | List of allowable ciphers for connections when using SSL | `[]` | -| `db.ssl.verify` | Enable SSL certificate validation | `true` | -| `mariadb` | MariaDB chart configuration | `{}` | - - -### Metrics parameters - -| Name | Description | Value | -| ------------------------------------------ | --------------------------------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r3` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | -| `metrics.service.type` | Prometheus metrics service type | `ClusterIP` | -| `metrics.service.port` | Prometheus metrics service port | `9117` | -| `metrics.service.annotations` | Annotations for Prometheus metrics service | `{}` | -| `metrics.service.loadBalancerIP` | Load Balancer IP if the Prometheus metrics server type is `LoadBalancer` | `""` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `""` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabellings` | Specify Relabellings to add to the scrape endpoint | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | Specify Metric Relabelings to add to the scrape endpoint | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the installed Prometheus Operator | `{}` | - - -For more information please refer to the [bitnami/phpmyadmin](http://github.com/bitnami/bitnami-docker-Phpmyadmin) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set db.host=mymariadb,db.port=3306 bitnami/phpmyadmin -``` - -The above command sets the phpMyAdmin to connect to a database in `mymariadb` host and `3306` port respectively. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/phpmyadmin -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Ingress - -This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/master/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/master/bitnami/contour) you can utilize the ingress controller to serve your application. - -To enable ingress integration, please set `ingress.enabled` to `true`. - -#### Hosts - -Most likely you will only want to have one hostname that maps to this phpMyAdmin installation. If that's your case, the property `ingress.hostname` will set it. However, it is possible to have more than one host. To facilitate this, the `ingress.extraHosts` object can be specified as an array. You can also use `ingress.extraTLS` to add the TLS configuration for extra hosts. - -For each host indicated at `ingress.extraHosts`, please indicate a `name`, `path`, and any `annotations` that you may want the ingress controller to know about. - -For annotations, please see [this document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. - -### TLS Secrets - -This chart will facilitate the creation of TLS secrets for use with the ingress controller, however, this is not required. There are three common use cases: - -- Helm generates/manages certificate secrets. -- User generates/manages certificates separately. -- An additional tool (like [cert-manager](https://github.com/jetstack/cert-manager/)) manages the secrets for the application. - -In the first two cases, it's needed a certificate and a key. We would expect them to look like this: - -- certificate files should look like (and there can be more than one certificate if there is a certificate chain) - - ```console - -----BEGIN CERTIFICATE----- - MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV - ... - jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 - -----END CERTIFICATE----- - ``` - -- keys should look like: - - ```console - -----BEGIN RSA PRIVATE KEY----- - MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 - ... - wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= - -----END RSA PRIVATE KEY----- - ``` - -If you are going to use Helm to manage the certificates, please copy these values into the `certificate` and `key` values for a given `ingress.secrets` entry. - -If you are going to manage TLS secrets outside of Helm, please know that you can create a TLS secret (named `phpmyadmin.local-tls` for example). - -### Adding extra environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: DEBUG -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as the PhpMyAdmin app (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Deploying extra resources - -There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `XpodAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 8.0.0 - -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). - -Consequences: - -- Backwards compatibility is not guaranteed. However, you can easily workaround this issue by removing PhpMyAdmin deployment before upgrading (the following example assumes that the release name is `phpmyadmin`): - -```console -$ export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default phpmyadmin-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -$ export MARIADB_PASSWORD=$(kubectl get secret --namespace default phpmyadmin-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -$ kubectl delete deployments.apps phpmyadmin -$ helm upgrade phpmyadmin bitnami/phpmyadmin --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD,mariadb.auth.password=$MARIADB_PASSWORD -``` - -### To 7.0.0 - -In this major there were two main changes introduced: - -1. Adaptation to Helm v2 EOL -2. Updated MariaDB dependency version - -Please read the update notes carefully. - -**1. Adaptation to Helm v2 EOL** - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -**2. Updated MariaDB dependency version** - -In this major the MariaDB dependency version was also bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -To upgrade to `7.0.0`, it should be done reusing the PVCs used to hold both the MariaDB and phpMyAdmin data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `phpmyadmin` and that `db.bundleTestDB=true` when the chart was first installed): - -> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x - -Obtain the credentials and the names of the PVCs used to hold both the MariaDB and phpMyAdmin data on your current release: - -```console -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default phpmyadmin-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default phpmyadmin-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=phpmyadmin -o jsonpath="{.items[0].metadata.name}") -``` - -Delete the phpMyAdmin deployment and delete the MariaDB statefulsets: - -```console - $ kubectl delete deployments.apps phpmyadmin - - $ kubectl delete statefulsets.apps phpmyadmin-mariadb-master - - $ kubectl delete statefulsets.apps phpmyadmin-mariadb-slave - -``` - -Now the upgrade works: - -```console -$ helm upgrade phpmyadmin bitnami/phpmyadmin --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set db.bundleTestDB=true -``` - -Finally, you should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=phpmyadmin,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` - -### To 6.0.0 - -The [Bitnami phpMyAdmin](https://github.com/bitnami/bitnami-docker-phpmyadmin) image was migrated to a "non-root" user approach. Previously the container ran as the `root` user and the Apache daemon was started as the `daemon` user. From now on, both the container and the Apache daemon run as user `1001`. You can revert this behavior by setting the parameters `containerSecurityContext.runAsUser` to `root`. -Chart labels and Ingress configuration were also adapted to follow the Helm charts best practices. - -Consequences: - -- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. -- No writing permissions will be granted on `config.inc.php` by default. -- Backwards compatibility is not guaranteed. - -To upgrade to `6.0.0`, backup your previous MariaDB databases, install a new phpMyAdmin chart and import the MariaDB backups. - -This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 1.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to `1.0.0`. The following example assumes that the release name is `phpmyadmin`: - -```console -$ kubectl patch deployment phpmyadmin-phpmyadmin --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` diff --git a/bitnami/phpmyadmin/ci/metrics-and-ingress-values.yaml b/bitnami/phpmyadmin/ci/metrics-and-ingress-values.yaml deleted file mode 100644 index 6a1a63a..0000000 --- a/bitnami/phpmyadmin/ci/metrics-and-ingress-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -service: - type: ClusterIP -ingress: - enabled: true - tls: true - hostname: phpmyadmin.local -metrics: - enabled: true diff --git a/bitnami/phpmyadmin/templates/NOTES.txt b/bitnami/phpmyadmin/templates/NOTES.txt deleted file mode 100644 index de2f7a8..0000000 --- a/bitnami/phpmyadmin/templates/NOTES.txt +++ /dev/null @@ -1,64 +0,0 @@ - -** Please be patient while the chart is being deployed ** - -1. Get the application URL by running these commands: - -{{- if .Values.ingress.enabled }} - - You should be able to access your new phpMyAdmin installation through - - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/ - -{{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{- $port:=.Values.service.port | toString }} - echo "phpMyAdmin URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - -{{- else if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}' - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "phpMyAdmin URL: http://$NODE_IP:$NODE_PORT" - -{{- else if contains "ClusterIP" .Values.service.type }} - - echo "phpMyAdmin URL: http://127.0.0.1:{{ .Values.service.port }}" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} - -{{- end }} - -2. How to log in -{{- if or (.Values.db.chartName) (.Values.db.host) }} - -phpMyAdmin has been configured to connect to a database in {{ if .Values.db.chartName}}{{template "phpmyadmin.dbfullname" .}}{{ else }}{{.Values.db.host}}{{end}} -{{- if .Values.db.port}}with port {{.Values.db.port}} {{end }} -Please login using a database username and password. -{{- else if .Values.db.bundleTestDB }} -For testing purposes, phpMyAdmin has been configured to point to a test MariaDB -instance. Please login using the following credentials: - - Username: root - Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "phpmyadmin.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) - -{{- else }} -phpMyAdmin has not been configure to point to a specific database. Please provide the db host, -username and password at log in or upgrade the release with a specific database: - -$ helm upgrade {{.Release.Name}} bitnami/phpmyadmin --set db.host=mydb - -{{- end }} - -{{- include "phpmyadmin.validateValues" . -}} -{{- include "phpmyadmin.checkRollingTags" . -}} - -{{- $passwordValidationErrors := list -}} -{{- if .Values.mariadb.enabled }} - {{- $mariadbSecretName := include "magento.databaseSecretName" . -}} - {{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} -{{- end }} -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/phpmyadmin/templates/_helpers.tpl b/bitnami/phpmyadmin/templates/_helpers.tpl deleted file mode 100644 index 4004095..0000000 --- a/bitnami/phpmyadmin/templates/_helpers.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper PHPMyAdmin image name -*/}} -{{- define "phpmyadmin.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "phpmyadmin.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "phpmyadmin.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "phpmyadmin.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a fully qualified database name if the database is part of the same release than phpmyadmin. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "phpmyadmin.dbfullname" -}} -{{- printf "%s-%s" .Release.Name .Values.db.chartName | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "phpmyadmin.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "phpmyadmin.validateValues.db.ssl" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of phpMyAdmin - must provide a valid database ssl configuration */}} -{{- define "phpmyadmin.validateValues.db.ssl" -}} -{{- if and .Values.db.enableSsl (empty .Values.db.ssl.clientKey) (empty .Values.db.ssl.clientCertificate) (empty .Values.db.ssl.caCertificate) -}} -phpMyAdmin: db.ssl - Invalid database ssl configuration. You enabled SSL for the connection - between phpMyAdmin and the database but no key/certificates were provided - (--set db.ssl.clientKey="xxxx", --set db.ssl.clientCertificate="yyyy") -{{- end -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "phpmyadmin.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- end -}} diff --git a/bitnami/phpmyadmin/templates/certs.yaml b/bitnami/phpmyadmin/templates/certs.yaml deleted file mode 100644 index 68a9d2e..0000000 --- a/bitnami/phpmyadmin/templates/certs.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.db.enableSsl }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-certs" (include "common.names.fullname" .) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if not (empty .Values.db.ssl.clientKey) }} - server_key.pem: {{ .Values.db.ssl.clientKey | b64enc | quote }} - {{- end }} - {{- if not (empty .Values.db.ssl.clientCertificate) }} - server_certificate.pem: {{ .Values.db.ssl.clientCertificate | b64enc | quote }} - {{- end }} - {{- if not (empty .Values.db.ssl.caCertificate) }} - ca_certificate.pem: {{ .Values.db.ssl.caCertificate | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/bitnami/phpmyadmin/templates/deployment.yaml b/bitnami/phpmyadmin/templates/deployment.yaml deleted file mode 100644 index b5a2116..0000000 --- a/bitnami/phpmyadmin/templates/deployment.yaml +++ /dev/null @@ -1,205 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if or .Values.podAnnotations .Values.metrics.enabled }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "phpmyadmin.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: {{ template "phpmyadmin.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: DATABASE_PORT_NUMBER - value: {{ .Values.db.port | quote }} - {{- if .Values.db.chartName }} - - name: DATABASE_HOST - value: {{ (include "phpmyadmin.dbfullname" .) | quote }} - {{- else if .Values.db.bundleTestDB }} - - name: DATABASE_HOST - value: {{ (include "phpmyadmin.mariadb.fullname" .) | quote }} - {{- else }} - - name: DATABASE_HOST - value: {{ .Values.db.host | quote }} - {{- end }} - {{- if and (not .Values.db.chartName) (not .Values.db.host) }} - - name: PHPMYADMIN_ALLOW_NO_PASSWORD - value: "true" - - name: PHPMYADMIN_ALLOW_ARBITRARY_SERVER - value: {{ .Values.db.allowArbitraryServer | quote }} - {{- else }} - - name: PHPMYADMIN_ALLOW_NO_PASSWORD - value: "false" - {{- end }} - - name: DATABASE_ENABLE_SSL - value: {{ ternary "yes" "no" .Values.db.enableSsl | quote }} - {{- if .Values.db.enableSsl }} - {{- if not (empty .Values.db.ssl.clientKey) }} - - name: DATABASE_SSL_KEY - value: "/db_certs/server_key.pem" - {{- end }} - {{- if not (empty .Values.db.ssl.clientCertificate) }} - - name: DATABASE_SSL_CERT - value: "/db_certs/server_certificate.pem" - {{- end }} - {{- if not (empty .Values.db.ssl.caCertificate) }} - - name: DATABASE_SSL_CA - value: "/db_certs/ca_certificate.pem" - {{- end }} - {{- if .Values.db.ssl.ciphers }} - - name: DATABASE_SSL_CIPHERS - values: {{ .Values.db.ssl.ciphers | quote }} - {{- end }} - - name: DATABASE_SSL_VERIFY - value: {{ ternary "yes" "no" .Values.db.ssl.verify | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - protocol: TCP - - name: https - containerPort: {{ .Values.containerPorts.https }} - protocol: TCP - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.db.enableSsl }} - - name: ssl-certs - mountPath: /db_certs - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "phpmyadmin.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: ['/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:8080/server-status/?auto'] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.db.enableSsl }} - - name: ssl-certs - secret: - secretName: {{ printf "%s-certs" (include "common.names.fullname" .) }} - items: - {{- if not (empty .Values.db.ssl.clientKey) }} - - key: server_key.pem - path: server_key.pem - {{- end }} - {{- if not (empty .Values.db.ssl.clientCertificate) }} - - key: server_certificate.pem - path: server_certificate.pem - {{- end }} - {{- if not (empty .Values.db.ssl.caCertificate) }} - - key: ca_certificate.pem - path: ca_certificate.pem - {{- end }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/phpmyadmin/templates/extra-list.yaml b/bitnami/phpmyadmin/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/phpmyadmin/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/phpmyadmin/templates/ingress.yaml b/bitnami/phpmyadmin/templates/ingress.yaml deleted file mode 100644 index eae3c32..0000000 --- a/bitnami/phpmyadmin/templates/ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/phpmyadmin/templates/metrics-svc.yaml b/bitnami/phpmyadmin/templates/metrics-svc.yaml deleted file mode 100644 index 43931a2..0000000 --- a/bitnami/phpmyadmin/templates/metrics-svc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{ if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - port: {{ .Values.metrics.service.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} -{{- end }} diff --git a/bitnami/phpmyadmin/templates/service.yaml b/bitnami/phpmyadmin/templates/service.yaml deleted file mode 100644 index 9117884..0000000 --- a/bitnami/phpmyadmin/templates/service.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - protocol: TCP - targetPort: http - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - protocol: TCP - targetPort: https - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/phpmyadmin/templates/servicemonitor.yaml b/bitnami/phpmyadmin/templates/servicemonitor.yaml deleted file mode 100644 index e2d8443..0000000 --- a/bitnami/phpmyadmin/templates/servicemonitor.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.serviceMonitor.jobLabel }} - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} - {{- end }} - endpoints: - - port: metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: metrics -{{- end }} diff --git a/bitnami/phpmyadmin/templates/tls-secrets.yaml b/bitnami/phpmyadmin/templates/tls-secrets.yaml deleted file mode 100644 index 8d14258..0000000 --- a/bitnami/phpmyadmin/templates/tls-secrets.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- else if and .Values.ingress.tls (not .Values.ingress.certManager) }} -{{- $ca := genCA "phpmyadmin-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/phpmyadmin/values.yaml b/bitnami/phpmyadmin/values.yaml deleted file mode 100644 index 4e2e99e..0000000 --- a/bitnami/phpmyadmin/values.yaml +++ /dev/null @@ -1,516 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param commonAnnotations Add annotations to all the deployed resources -## -commonAnnotations: {} -## @param clusterDomain Kubernetes Cluster Domain -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section phpMyAdmin parameters - -## Bitnami WordPress image version -## ref: https://hub.docker.com/r/bitnami/phpmyadmin/tags/ -## @param image.registry phpMyAdmin image registry -## @param image.repository phpMyAdmin image repository -## @param image.tag phpMyAdmin image tag (immutable tags are recommended) -## @param image.pullPolicy Image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## -image: - registry: docker.io - repository: bitnami/phpmyadmin - tag: 5.1.1-debian-10-r98 - ## Specify a imagePullPolicy - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param extraEnvVars Extra environment variables to be set on PhpMyAdmin container -## For example: -## extraEnvVars: -## - name: PHP_UPLOAD_MAX_FILESIZE -## value: "80M" -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of a existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of a existing Secret containing extra env vars -## -extraEnvVarsSecret: "" - -## @section phpMyAdmin deployment parameters - -## @param hostAliases [array] Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - ## Necessary for apache-exporter to work - ## - - ip: "127.0.0.1" - hostnames: - - "status.localhost" -## phpMyAdmin container ports to open -## @param containerPorts.http HTTP port to expose at container level -## @param containerPorts.https HTTPS port to expose at container level -## -containerPorts: - http: 8080 - https: 8443 -## @param updateStrategy.type Strategy to use to update Pods -## -updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate -## phpMyAdmin pods' Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable phpMyAdmin pods' Security Context -## @param podSecurityContext.fsGroup User ID for the container -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## phpMyAdmin containers' Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable phpMyAdmin containers' Security Context -## @param containerSecurityContext.runAsUser Group ID for the volumes of the pod -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## phpMyAdmin containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the PhpMyAdmin container -## @param resources.requests The requested resources for the PhpMyAdmin container -## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} -## phpMyAdmin containers' liveness probe. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.httpGet.path Request path for livenessProbe -## @param livenessProbe.httpGet.port Port for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - httpGet: - path: / - port: http -## phpMyAdmin containers' readiness probes. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.httpGet.path Request path for readinessProbe -## @param readinessProbe.httpGet.port Port for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - httpGet: - path: / - port: http -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param podLabels Extra labels for PhpMyAdmin pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Annotations for PhpMyAdmin pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param extraVolumes Optionally specify extra list of additional volumes for PhpMyAdmin pods -## -extraVolumes: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for PhpMyAdmin container(s) -## -extraVolumeMounts: [] -## @param initContainers Add init containers to the PhpMyAdmin pods -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param sidecars Add sidecar containers to the PhpMyAdmin pods -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] - -## @section Traffic Exposure parameters - -## Service configuration -## -service: - ## @param service.type Kubernetes Service type - ## - type: ClusterIP - ## @param service.port Service HTTP port - ## - port: 80 - ## @param service.httpsPort Service HTTPS port - ## - httpsPort: 443 - ## Specify the nodePort values for the LoadBalancer and NodePort service types - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## @param service.nodePorts.http Kubernetes http node port - ## @param service.nodePorts.https Kubernetes https node port - ## - nodePorts: - http: "" - https: "" - ## @param service.clusterIP PhpMyAdmin service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerIP Load balancer IP for the phpMyAdmin Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## Example: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Provide any additional annotations that may be required for the PhpMyAdmin service - ## - annotations: {} -## Ingress configuration -## -ingress: - ## @param ingress.enabled Set to true to enable ingress record generation - ## - enabled: false - ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param ingress.hostname When the ingress is enabled, a host pointing to this will be created - ## - hostname: phpmyadmin.local - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or - ## let the chart create self-signed certificates for you - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## Example: - ## extraHosts: - ## - name: phpmyadmin.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## Example: - ## extraTls: - ## - hosts: - ## - phpmyadmin.local - ## secretName: phpmyadmin.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY----- - ## name should line up with a secretName set further up - ## - ## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - ## Example - ## secrets: - ## - name: phpmyadmin.local-tls - ## key: "" - ## certificate: "" - ## - secrets: [] - -## @section Database parameters - -## Database configuration -## -db: - ## @param db.allowArbitraryServer Enable connection to arbitrary MySQL server - ## If you do not want the user to be able to specify an arbitrary MySQL server at login time, set this to false - ## - allowArbitraryServer: true - ## @param db.port Database port to use to connect - ## - port: 3306 - ## @param db.chartName Database suffix if included in the same release - ## If you are deploying phpMyAdmin as part of a release and the database is part - ## of the release, you can pass a suffix that will be used to find the database - ## in releasename-dbSuffix. Please note that this setting precedes db.host - ## e.g: - ## chartName: mariadb - ## - chartName: "" - ## @param db.host Database Hostname. Ignored when `db.chartName` is set. - ## e.g: - ## host: foo - ## - host: "" - ## @param db.bundleTestDB Deploy a MariaDB instance for testing purposes - ## - bundleTestDB: false - ## @param db.enableSsl Enable SSL for the connection between phpMyAdmin and the database - ## - enableSsl: false - ssl: - ## @param db.ssl.clientKey Client key file when using SSL - ## - clientKey: |- - ## @param db.ssl.clientCertificate Client certificate file when using SSL - ## - clientCertificate: |- - ## @param db.ssl.caCertificate CA file when using SSL - ## - caCertificate: |- - ## @param db.ssl.ciphers List of allowable ciphers for connections when using SSL - ## - ciphers: [] - ## @param db.ssl.verify Enable SSL certificate validation - ## - verify: true -## @param mariadb MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: {} - -## @section Metrics parameters - -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Apache exporter image registry - ## @param metrics.image.repository Apache exporter image repository - ## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.1-debian-10-r3 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.resources Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## Prometheus Exporter service configuration - ## - service: - ## @param metrics.service.type Prometheus metrics service type - ## - type: ClusterIP - ## @param metrics.service.port Prometheus metrics service port - ## - port: 9117 - ## @param metrics.service.annotations [object] Annotations for Prometheus metrics service - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.port }}" - ## @param metrics.service.loadBalancerIP Load Balancer IP if the Prometheus metrics server type is `LoadBalancer` - ## Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank - ## - loadBalancerIP: "" - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created - ## - namespace: "" - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## e.g: - ## scrapeTimeout: 30s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabellings Specify Relabellings to add to the scrape endpoint - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - relabellings: [] - ## @param metrics.serviceMonitor.metricRelabelings Specify Metric Relabelings to add to the scrape endpoint - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.additionalLabels Used to pass Labels that are required by the installed Prometheus Operator - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} diff --git a/bitnami/postgresql-ha/.helmignore b/bitnami/postgresql-ha/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/postgresql-ha/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/postgresql-ha/templates/extra-list.yaml b/bitnami/postgresql-ha/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/postgresql-ha/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/postgresql/.helmignore b/bitnami/postgresql/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/postgresql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/postgresql/templates/extra-list.yaml b/bitnami/postgresql/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/postgresql/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/prestashop/.helmignore b/bitnami/prestashop/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/prestashop/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/prestashop/Chart.lock b/bitnami/prestashop/Chart.lock deleted file mode 100644 index 6edbede..0000000 --- a/bitnami/prestashop/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.5.1 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:2311ed53bf0082f07e424bf19e250d06ce235944c6f0df4e6380c3c93a0062e7 -generated: "2021-09-14T17:37:54.922591991Z" diff --git a/bitnami/prestashop/Chart.yaml b/bitnami/prestashop/Chart.yaml deleted file mode 100644 index 7fbe1a9..0000000 --- a/bitnami/prestashop/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -annotations: - category: E-Commerce -apiVersion: v2 -appVersion: 1.7.7-8 -dependencies: - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: A popular open source ecommerce solution. Professional tools are easily accessible to increase online sales including instant guest checkout, abandoned cart reminders and automated Email marketing. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/prestashop -icon: https://bitnami.com/assets/stacks/prestashop/img/prestashop-stack-220x234.png -keywords: - - prestashop - - e-commerce - - http - - web - - php -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: prestashop -sources: - - https://github.com/bitnami/bitnami-docker-prestashop - - https://prestashop.com/ -version: 13.1.25 diff --git a/bitnami/prestashop/README.md b/bitnami/prestashop/README.md deleted file mode 100644 index 9d8841f..0000000 --- a/bitnami/prestashop/README.md +++ /dev/null @@ -1,479 +0,0 @@ -# PrestaShop - -[PrestaShop](https://prestashop.com/) is a popular open source e-commerce solution. Professional tools are easily accessible to increase online sales including instant guest checkout, abandoned cart reminders and automated Email marketing. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/prestashop -``` - -## Introduction - -This chart bootstraps a [PrestaShop](https://github.com/bitnami/bitnami-docker-prestashop) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the PrestaShop application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/prestashop -``` - -The command deploys PrestaShop on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------------------------------------------------------------------- | ----- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override prestashop.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override prestashop.fullname template | `""` | -| `commonAnnotations` | Common annotations to add to all PrestaShop resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all PrestaShop resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `extraDeploy` | Array with extra yaml to deploy with the chart. Evaluated as a template | `[]` | - - -### PrestaShop parameters - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------------------------------------------------------- | ---------------------- | -| `image.registry` | PrestaShop image registry | `docker.io` | -| `image.repository` | PrestaShop image repository | `bitnami/prestashop` | -| `image.tag` | PrestaShop image tag (immutable tags are recommended) | `1.7.7-8-debian-10-r0` | -| `image.pullPolicy` | PrestaShop image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `replicaCount` | Number of PrestaShop Pods to run (requires ReadWriteMany PVC support) | `1` | -| `prestashopSkipInstall` | Skip PrestaShop installation wizard. Useful for migrations and restoring from SQL dump | `false` | -| `prestashopHost` | PrestaShop host to create application URLs (when ingress, it will be ignored) | `""` | -| `prestashopUsername` | User of the application | `user@example.com` | -| `prestashopPassword` | Application password | `""` | -| `prestashopEmail` | Admin email | `user@example.com` | -| `prestashopFirstName` | First Name | `Bitnami` | -| `prestashopLastName` | Last Name | `User` | -| `prestashopCookieCheckIP` | Whether to check the cookie's IP address or not | `no` | -| `prestashopCountry` | Default country of the store | `us` | -| `prestashopLanguage` | Default language of the store (ISO code) | `en` | -| `allowEmptyPassword` | Allow DB blank passwords | `true` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `extraEnvVars` | An array to add extra environment variables | `[]` | -| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `extraVolumes` | Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Extra volume mounts to add to the container. Normally used with `extraVolumes` | `[]` | -| `initContainers` | Extra init containers to add to the deployment | `[]` | -| `sidecars` | Extra sidecar containers to add to the deployment | `[]` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `existingSecret` | Use existing secret for the application password | `""` | -| `smtpHost` | SMTP host | `""` | -| `smtpPort` | SMTP port | `""` | -| `smtpUser` | SMTP user | `""` | -| `smtpPassword` | SMTP password | `""` | -| `smtpProtocol` | SMTP Protocol (options: ssl,tls, nil) | `""` | -| `containerPorts.http` | Sets HTTP port inside NGINX container | `8080` | -| `containerPorts.https` | Sets HTTPS port inside NGINX container | `8443` | -| `sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PrestaShop Data Persistent Volume Storage Class | `""` | -| `persistence.accessMode` | PVC Access Mode for PrestaShop volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for PrestaShop volume | `8Gi` | -| `persistence.existingClaim` | An Existing PVC name | `""` | -| `persistence.hostPath` | If defined, the prestashop-data volume will mount to the specified hostPath | `""` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `podSecurityContext.enabled` | Enable PrestaShop pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | PrestaShop pods' group ID | `1001` | -| `containerSecurityContext.enabled` | Enable PrestaShop containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | PrestaShop containers' Security Context | `1001` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Request path for livenessProbe | `/` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Request path for readinessProbe | `/` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.path` | Request path for startupProbe | `/` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Pod extra labels | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.clusterIP` | Service Cluster IP | `""` | -| `service.loadBalancerSourceRanges` | Control hosts connecting to "LoadBalancer" only | `[]` | -| `service.loadBalancerIP` | Load balancerIP for the PrestaShop Service (optional, cloud specific) | `""` | -| `service.nodePorts.http` | Kubernetes HTTP node port | `""` | -| `service.nodePorts.https` | Kubernetes HTTPS node port | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `prestashop.local` | -| `ingress.path` | Default path for the ingress resource*' in order to use this | `/` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Create TLS Secret | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | - - -### Database parameters - -| Name | Description | Value | -| ------------------------------------------- | ---------------------------------------------------------------------------------------- | -------------------- | -| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements | `true` | -| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_prestashop` | -| `mariadb.auth.username` | Database user to create | `bn_prestashop` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | -| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` | -| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `externalDatabase.host` | Host of the existing database | `""` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.user` | Existing username in the existing database | `bn_prestashop` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_prestashop` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r192` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | - - -### Metrics parameters - -| Name | Description | Value | -| --------------------------- | ---------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.10.0-debian-10-r46` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | -| `metrics.podAnnotations` | Metrics exporter pod annotations | `{}` | - - -### Certificate injection parameters - -| Name | Description | Value | -| ---------------------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------- | -| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` | -| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` | -| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` | -| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` | -| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` | -| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/mychain.pem` | -| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` | -| `certificates.command` | Override default container command (useful when using custom images) | `[]` | -| `certificates.args` | Override default container args (useful when using custom images) | `[]` | -| `certificates.extraEnvVars` | Container sidecar extra environment variables | `[]` | -| `certificates.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `certificates.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `certificates.image.registry` | Container sidecar registry | `docker.io` | -| `certificates.image.repository` | Container sidecar image repository | `bitnami/bitnami-shell` | -| `certificates.image.tag` | Container sidecar image tag (immutable tags are recommended) | `10-debian-10-r192` | -| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` | -| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `[]` | - - -The above parameters map to the env variables defined in [bitnami/prestashop](http://github.com/bitnami/bitnami-docker-prestashop). For more information please refer to the [bitnami/prestashop](http://github.com/bitnami/bitnami-docker-prestashop) image documentation. - -> **Note**: -> -> For PrestaShop to function correctly, you should specify the `prestashopHost` parameter to specify the FQDN (recommended) or the public IP address of the PrestaShop service. -> -> Optionally, you can specify the `prestashopLoadBalancerIP` parameter to assign a reserved IP address to the PrestaShop service of the chart. However please note that this feature is only available on a few cloud providers (f.e. GKE). -> -> To reserve a public IP address on GKE: -> -> ```bash -> $ gcloud compute addresses create prestashop-public-ip -> ``` -> -> The reserved IP address can be associated to the PrestaShop service by specifying it as the value of the `prestashopLoadBalancerIP` parameter while installing the chart. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set prestashopUsername=admin,prestashopPassword=password,mariadb.auth.rootPassword=secretpassword \ - bitnami/prestashop -``` - -The above command sets the PrestaShop administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/prestashop -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Image - -The `image` parameter allows specifying which image will be pulled for the chart. - -#### Private registry - -If you configure the `image` value to one in a private registry, you will need to [specify an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). - -1. Manually create image pull secret(s) in the namespace. See [this YAML example reference](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config). Consult your image registry's documentation about getting the appropriate secret. -1. Note that the `imagePullSecrets` configuration value cannot currently be passed to helm using the `--set` parameter, so you must supply these using a `values.yaml` file, such as: - -```yaml -imagePullSecrets: - - name: SECRET_NAME -``` - -1. Install the chart - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami PrestaShop](https://github.com/bitnami/bitnami-docker-prestashop) image stores the PrestaShop data and configurations at the `/bitnami/prestashop` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -### Existing PersistentVolumeClaim - -1. Create the PersistentVolume -1. Create the PersistentVolumeClaim -1. Install the chart - -```bash -$ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/prestashop -``` - -### Host path - -#### System compatibility - -- The local filesystem accessibility to a container in a pod with `hostPath` has been tested on OSX/MacOS with xhyve, and Linux with VirtualBox. -- Windows has not been tested with the supported VM drivers. Minikube does however officially support [Mounting Host Folders](https://github.com/kubernetes/minikube/blob/master/docs/host_folder_mount.md) per pod. Or you may manually sync your container whenever host files are changed with tools like [docker-sync](https://github.com/EugenMayer/docker-sync) or [docker-bg-sync](https://github.com/cweagans/docker-bg-sync). - -#### Mounting steps - -1. The specified `hostPath` directory must already exist (create one if it does not). -1. Install the chart - - ```bash - $ helm install my-release --set persistence.hostPath=/PATH/TO/HOST/MOUNT bitnami/prestashop - ``` - - This will mount the `prestashop-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch. -1. Because the container cannot control the host machine's directory permissions, you must set the PrestaShop file directory permissions yourself and disable or clear PrestaShop cache. - -## Troubleshooting - -### SSL - -One needs to explicitly turn on SSL in the Prestashop administration panel, else a `302` redirect to `http` scheme is returned on any page of the site by default. - -To enable SSL on all pages, follow these steps: - -- Browse to the administration panel and log in. -- Click “Shop Parameters” in the left navigation panel. -- Set the option “Enable SSL” to “Yes”. -- Click the “Save” button. -- Set the (now enabled) option “Enable SSL on all pages” to “Yes”. -- Click the “Save” button. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 13.0.0 - -This version standardizes the way of defining Ingress rules. When configuring a single hostname for the Ingress rule, set the `ingress.hostname` value. When defining more than one, set the `ingress.extraHosts` array. Apart from this case, no issues are expected to appear when upgrading. - -### To 12.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 11.0.0 - -MariaDB dependency version was bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -To upgrade to `11.0.0`, you have two alternatives: - -- Install a new Prestashop chart, and migrate your Prestashop site using backup/restore using any [Backup and Restore tool from Prestashop marketplace](https://addons.prestashop.com/en/search?search_query=backup&). -- Reuse the PVC used to hold the MariaDB data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `prestashop`): - -Obtain the credentials and the name of the PVC used to hold the MariaDB data on your current release: - -```console -export PRESTASHOP_PASSWORD=$(kubectl get secret --namespace default prestashop -o jsonpath="{.data.prestashop-password}" | base64 --decode) -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default prestashop-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default prestashop-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=prestashop,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -``` - -Upgrade your release (maintaining the version) disabling MariaDB and scaling Prestashop replicas to 0: - -```console -$ helm upgrade prestashop bitnami/prestashop --set prestashopPassword=$PRESTASHOP_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 10.0.0 -``` - -Finally, upgrade you release to 11.0.0 reusing the existing PVC, and enabling back MariaDB: - -```console -$ helm upgrade prestashop bitnami/prestashop --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set prestashopPassword=$PRESTASHOP_PASSWORD -``` - -You should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=prestashop,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` - -### To 10.0.0 - -The [Bitnami PrestaShop](https://github.com/bitnami/bitnami-docker-prestashop) image was updated to support and enable the "non-root" user approach - -If you want to continue to run the container image as the `root` user, you need to set `podSecurityContext.enabled=false` and `containerSecurity.context.enabled=false`. - -This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information. - -### To 9.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17308 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is prestashop: - -```console -$ kubectl patch deployment prestashop-prestashop --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl delete statefulset prestashop-mariadb --cascade=false -``` diff --git a/bitnami/prestashop/ci/ct-values.yaml b/bitnami/prestashop/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/prestashop/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/prestashop/templates/NOTES.txt b/bitnami/prestashop/templates/NOTES.txt deleted file mode 100644 index d93bcb5..0000000 --- a/bitnami/prestashop/templates/NOTES.txt +++ /dev/null @@ -1,115 +0,0 @@ -{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} - -{{- if empty (include "prestashop.host" .) -}} -############################################################################### -### ERROR: You did not provide an external host in your 'helm install' call ### -############################################################################### - -This deployment will be incomplete until you configure PrestaShop with a resolvable -host. To configure PrestaShop with the URL of your service: - -1. Get the PrestaShop URL by running: - - {{- if eq .Values.service.type "NodePort" }} - - export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.spec.ports[0].nodePort}") - export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - - {{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "prestashop.secretName" . }} -o jsonpath="{.data.prestashop-password}" | base64 --decode) - export DATABASE_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "prestashop.databaseSecretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) - {{- end }} - export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "prestashop.databaseSecretName" . }} -o jsonpath="{.data.{{- include "prestashop.databasePasswordKey" . -}}}" | base64 --decode) - -2. Complete your PrestaShop deployment by running: - -{{- if .Values.mariadb.enabled }} - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set prestashopHost=$APP_HOST,prestashopPassword=$APP_PASSWORD,mariadb.auth.rootPassword=$DATABASE_ROOT_PASSWORD,mariadb.auth.password=$APP_DATABASE_PASSWORD{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- else }} - - ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set prestashopPassword=$APP_PASSWORD,prestashopHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.host) }},externalDatabase.host={{ .Values.externalDatabase.host }}{{- end }}{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }}{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- end }} - -{{- else -}} -1. Get the PrestaShop URL by running: - -{{- if eq .Values.service.type "ClusterIP" }} - - echo "Store URL: http://127.0.0.1:8080/" - echo "Admin URL: http://127.0.0.1:8080/administration" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }} - -{{- else }} - -{{- $port:=.Values.service.port | toString }} - - echo "Store URL: http://{{ include "prestashop.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - echo "Admin URL: http://{{ include "prestashop.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/administration" - -{{- end }} - -2. Get your PrestaShop login credentials by running: - - echo Admin Email : {{ .Values.prestashopEmail }} - echo Admin Username: {{ .Values.prestashopUsername }} - echo Admin Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "prestashop.secretName" . }} -o jsonpath="{.data.prestashop-password}" | base64 --decode) -{{- end }} - -{{- else -}} - -######################################################################################## -### ERROR: You did not provide an external database host in your 'helm install' call ### -######################################################################################## - -This deployment will be incomplete until you configure PrestaShop with a resolvable database -host. To configure PrestaShop to use and external database host: - - -1. Complete your PrestaShop deployment by running: - -{{- if eq .Values.service.type "NodePort" }} - export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") -{{- else }} - - export APP_HOST=127.0.0.1 -{{- end }} - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "prestashop.secretName" . }} -o jsonpath="{.data.prestashop-password}" | base64 --decode) - - ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set prestashopPassword=$APP_PASSWORD,prestashopHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} - -{{- $passwordValidationErrors := list -}} -{{- if not .Values.existingSecret -}} - {{- $secretName := include "prestashop.secretName" . -}} - {{- $requiredPrestashopPassword := dict "valueKey" "prestashopPassword" "secret" $secretName "field" "prestashop-password" "context" $ -}} - {{- $requiredPrestashopPasswordError := include "common.validations.values.single.empty" $requiredPrestashopPassword -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $requiredPrestashopPasswordError -}} -{{- end -}} - -{{- $mariadbSecretName := include "prestashop.databaseSecretName" . -}} -{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/prestashop/templates/_helpers.tpl b/bitnami/prestashop/templates/_helpers.tpl deleted file mode 100644 index b7ab8a1..0000000 --- a/bitnami/prestashop/templates/_helpers.tpl +++ /dev/null @@ -1,155 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "prestashop.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Get the user defined LoadBalancerIP for this release. -Note, returns 127.0.0.1 if using ClusterIP. -*/}} -{{- define "prestashop.serviceIP" -}} -{{- if eq .Values.service.type "ClusterIP" -}} -127.0.0.1 -{{- else -}} -{{- .Values.service.loadBalancerIP | default "" -}} -{{- end -}} -{{- end -}} - -{{/* -Gets the host to be used for this application. -If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty. -When using Ingress, it will be set to the Ingress hostname. -*/}} -{{- define "prestashop.host" -}} -{{- if .Values.ingress.enabled }} -{{- $host := .Values.ingress.hostname | default "" -}} -{{- default (include "prestashop.serviceIP" .) $host -}} -{{- else -}} -{{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}} -{{- default (include "prestashop.serviceIP" .) $host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper certificate image name -*/}} -{{- define "certificates.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper PrestaShop image name -*/}} -{{- define "prestashop.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "prestashop.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "prestashop.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "prestashop.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "prestashop.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -PrestaShop credential secret name -*/}} -{{- define "prestashop.secretName" -}} -{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "prestashop.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "prestashop.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "prestashop.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "prestashop.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "prestashop.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "prestashop.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "prestashop.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "prestashop.mariadb.fullname" .) -}} -{{- else if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the database password key -*/}} -{{- define "prestashop.databasePasswordKey" -}} -{{- if .Values.mariadb.enabled -}} -mariadb-password -{{- else -}} -db-password -{{- end -}} -{{- end -}} diff --git a/bitnami/prestashop/templates/deployment.yaml b/bitnami/prestashop/templates/deployment.yaml deleted file mode 100644 index 6f6a611..0000000 --- a/bitnami/prestashop/templates/deployment.yaml +++ /dev/null @@ -1,334 +0,0 @@ -{{- if include "prestashop.host" . -}} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "prestashop.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "prestashop.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p "/bitnami/prestashop" - chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/prestashop" - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: prestashop-data - mountPath: /bitnami/prestashop - subPath: prestashop - {{- end }} - {{- if .Values.certificates.customCAs }} - - name: certificates - image: {{ template "certificates.image" . }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }} - imagePullSecrets: - {{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }} - - name: {{ . }} - {{- end }} - command: - {{- if .Values.certificates.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }} - {{- else if .Values.certificates.customCertificate.certificateSecret }} - - sh - - -c - - install_packages ca-certificates openssl - {{- else }} - - sh - - -c - - install_packages ca-certificates openssl - && openssl req -new -x509 -days 3650 -nodes -sha256 - -subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)" - -out {{ .Values.certificates.customCertificate.certificateLocation }} - -keyout {{ .Values.certificates.customCertificate.keyLocation }} -extensions v3_req - {{- end }} - {{- if .Values.certificates.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }} - {{- end }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }} - envFrom: - {{- if .Values.certificates.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.certificates.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }} - {{- end }} - volumeMounts: - - name: etc-ssl-certs - mountPath: /etc/ssl/certs - readOnly: false - - name: etc-ssl-private - mountPath: /etc/ssl/private - readOnly: false - - name: custom-ca-certificates - mountPath: /usr/local/share/ca-certificates - readOnly: true - {{- end }} - containers: - - name: {{ include "common.names.fullname" . }} - image: {{ template "prestashop.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} - - name: APACHE_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: APACHE_HTTPS_PORT_NUMBER - value: {{ .Values.containerPorts.https | quote }} - {{- if .Values.prestashopCookieCheckIP }} - - name: PRESTASHOP_COOKIE_CHECK_IP - value: {{ .Values.prestashopCookieCheckIP | quote }} - {{- end }} - {{- if .Values.prestashopCountry }} - - name: PRESTASHOP_COUNTRY - value: {{ .Values.prestashopCountry | quote }} - {{- end }} - {{- if .Values.prestashopLanguage }} - - name: PRESTASHOP_LANGUAGE - value: {{ .Values.prestashopLanguage | quote }} - {{- end }} - - name: PRESTASHOP_DATABASE_HOST - value: {{ include "prestashop.databaseHost" . | quote }} - - name: PRESTASHOP_DATABASE_PORT_NUMBER - value: {{ include "prestashop.databasePort" . | quote }} - - name: PRESTASHOP_DATABASE_NAME - value: {{ include "prestashop.databaseName" . | quote }} - - name: PRESTASHOP_DATABASE_USER - value: {{ include "prestashop.databaseUser" . | quote }} - - name: PRESTASHOP_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "prestashop.databaseSecretName" . }} - key: {{ include "prestashop.databasePasswordKey" . }} - - name: PRESTASHOP_SKIP_BOOTSTRAP - value: {{ ternary "yes" "no" .Values.prestashopSkipInstall | quote }} - {{- $port:=.Values.service.port | toString }} - - name: PRESTASHOP_HOST - value: "{{ include "prestashop.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}" - - name: PRESTASHOP_USERNAME - value: {{ .Values.prestashopUsername | quote }} - - name: PRESTASHOP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: prestashop-password - - name: PRESTASHOP_EMAIL - value: {{ .Values.prestashopEmail | quote }} - - name: PRESTASHOP_FIRST_NAME - value: {{ .Values.prestashopFirstName | quote }} - - name: PRESTASHOP_LAST_NAME - value: {{ .Values.prestashopLastName | quote }} - {{- if .Values.smtpHost }} - - name: SMTP_HOST - value: {{ .Values.smtpHost | quote }} - {{- end }} - {{- if .Values.smtpPort }} - - name: SMTP_PORT - value: {{ .Values.smtpPort | quote }} - {{- end }} - {{- if .Values.smtpUser }} - - name: SMTP_USER - value: {{ .Values.smtpUser | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: smtp-password - {{- end }} - {{- if .Values.smtpProtocol }} - - name: SMTP_PROTOCOL - value: {{ .Values.smtpProtocol | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - httpHeaders: - - name: Host - value: {{ include "prestashop.host" . | quote }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - httpHeaders: - - name: Host - value: {{ include "prestashop.host" . | quote }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.startupProbe.path }} - port: http - httpHeaders: - - name: Host - value: {{ include "prestashop.host" . | quote }} - initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.startupProbe.successThreshold }} - failureThreshold: {{ .Values.startupProbe.failureThreshold }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: prestashop-data - mountPath: /bitnami/prestashop - subPath: prestashop - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "prestashop.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto' ] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: prestashop-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (printf "%s-prestashop" (include "common.names.fullname" .)) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end -}} diff --git a/bitnami/prestashop/templates/externaldb-secrets.yaml b/bitnami/prestashop/templates/externaldb-secrets.yaml deleted file mode 100644 index 43e9f4e..0000000 --- a/bitnami/prestashop/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if not .Values.mariadb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ include "common.names.fullname" . }}-externaldb" - labels: {{- include "common.labels.standard" . | nindent 4 }} -type: Opaque -data: - db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/prestashop/templates/extra-list.yaml b/bitnami/prestashop/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/prestashop/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/prestashop/templates/ingress.yaml b/bitnami/prestashop/templates/ingress.yaml deleted file mode 100644 index 145b9d6..0000000 --- a/bitnami/prestashop/templates/ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/prestashop/templates/pv.yaml b/bitnami/prestashop/templates/pv.yaml deleted file mode 100644 index 4e4eacd..0000000 --- a/bitnami/prestashop/templates/pv.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and (include "prestashop.host" .) .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "common.names.fullname" . }}-prestashop - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - capacity: - storage: {{ .Values.persistence.size | quote }} - hostPath: - path: {{ .Values.persistence.hostPath | quote }} -{{- end -}} diff --git a/bitnami/prestashop/templates/pvc.yaml b/bitnami/prestashop/templates/pvc.yaml deleted file mode 100644 index 2f39117..0000000 --- a/bitnami/prestashop/templates/pvc.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and (include "prestashop.host" .) .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }}-prestashop - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.persistence.hostPath }} - storageClassName: "" - {{- end }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "prestashop.storageClass" . | nindent 2 }} -{{- end -}} diff --git a/bitnami/prestashop/templates/secrets.yaml b/bitnami/prestashop/templates/secrets.yaml deleted file mode 100644 index c1dcfb1..0000000 --- a/bitnami/prestashop/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.prestashopPassword }} - prestashop-password: {{ default "" .Values.prestashopPassword | b64enc | quote }} - {{- else }} - prestashop-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- if .Values.smtpPassword }} - smtp-password: {{ .Values.smtpPassword | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/bitnami/prestashop/templates/svc.yaml b/bitnami/prestashop/templates/svc.yaml deleted file mode 100644 index a680ddf..0000000 --- a/bitnami/prestashop/templates/svc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: https - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/prestashop/templates/tls-secrets.yaml b/bitnami/prestashop/templates/tls-secrets.yaml deleted file mode 100644 index 36742a9..0000000 --- a/bitnami/prestashop/templates/tls-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} -{{- end }} -{{- end }} diff --git a/bitnami/prestashop/values.yaml b/bitnami/prestashop/values.yaml deleted file mode 100644 index d1d5584..0000000 --- a/bitnami/prestashop/values.yaml +++ /dev/null @@ -1,706 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override prestashop.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override prestashop.fullname template -## -fullnameOverride: "" -## @param commonAnnotations Common annotations to add to all PrestaShop resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels Common labels to add to all PrestaShop resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param extraDeploy Array with extra yaml to deploy with the chart. Evaluated as a template -## -extraDeploy: [] - -## @section PrestaShop parameters - -## Bitnami PrestaShop image version -## ref: https://hub.docker.com/r/bitnami/prestashop/tags/ -## @param image.registry PrestaShop image registry -## @param image.repository PrestaShop image repository -## @param image.tag PrestaShop image tag (immutable tags are recommended) -## @param image.pullPolicy PrestaShop image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/prestashop - tag: 1.7.7-8-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param hostAliases [array] Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - ## Necessary for apache-exporter to work - ## - - ip: "127.0.0.1" - hostnames: - - "status.localhost" -## @param replicaCount Number of PrestaShop Pods to run (requires ReadWriteMany PVC support) -## -replicaCount: 1 -## @param prestashopSkipInstall Skip PrestaShop installation wizard. Useful for migrations and restoring from SQL dump -## ref: https://github.com/bitnami/bitnami-docker-prestashop#configuration -## -prestashopSkipInstall: false -## @param prestashopHost PrestaShop host to create application URLs (when ingress, it will be ignored) -## ref: https://github.com/bitnami/bitnami-docker-prestashop#configuration -## -prestashopHost: "" -## @param prestashopUsername User of the application -## ref: https://github.com/bitnami/bitnami-docker-prestashop#configuration -## -prestashopUsername: user@example.com -## @param prestashopPassword Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-prestashop#configuration -## -prestashopPassword: "" -## @param prestashopEmail Admin email -## ref: https://github.com/bitnami/bitnami-docker-prestashop#configuration -## -prestashopEmail: user@example.com -## @param prestashopFirstName First Name -## ref: https://github.com/bitnami/bitnami-docker-prestashop#configuration -## -prestashopFirstName: Bitnami -## @param prestashopLastName Last Name -## ref: https://github.com/bitnami/bitnami-docker-prestashop#configuration -## -prestashopLastName: User -## @param prestashopCookieCheckIP Whether to check the cookie's IP address or not -## ref: https://github.com/bitnami/bitnami-docker-prestashop#configuration -## -prestashopCookieCheckIP: "no" -## @param prestashopCountry Default country of the store -## ref: https://github.com/bitnami/bitnami-docker-prestashop#configuration -## -prestashopCountry: "us" -## @param prestashopLanguage Default language of the store (ISO code) -## ref: https://github.com/bitnami/bitnami-docker-prestashop#configuration -## -prestashopLanguage: "en" -## @param allowEmptyPassword Allow DB blank passwords -## ref: https://github.com/bitnami/bitnami-docker-prestashop#environment-variables -## -allowEmptyPassword: true -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate -## @param extraEnvVars An array to add extra environment variables -## For example: -## - name: BEARER_AUTH -## value: true -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap with extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret with extra environment variables -## -extraEnvVarsSecret: "" -## @param extraVolumes Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Extra volume mounts to add to the container. Normally used with `extraVolumes` -## -extraVolumeMounts: [] -## @param initContainers Extra init containers to add to the deployment -## -initContainers: [] -## @param sidecars Extra sidecar containers to add to the deployment -## -sidecars: [] -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param existingSecret Use existing secret for the application password -## -existingSecret: "" -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-prestashop/#smtp-configuration -## @param smtpHost SMTP host -## @param smtpPort SMTP port -## @param smtpUser SMTP user -## @param smtpPassword SMTP password -## @param smtpProtocol SMTP Protocol (options: ssl,tls, nil) -## -smtpHost: "" -smtpPort: "" -smtpUser: "" -smtpPassword: "" -smtpProtocol: "" -## Container ports -## @param containerPorts.http Sets HTTP port inside NGINX container -## @param containerPorts.https Sets HTTPS port inside NGINX container -## -containerPorts: - http: 8080 - https: 8443 -## @param sessionAffinity Control where client requests go, to the same pod or round-robin -## Values: ClientIP or None -## ref: https://kubernetes.io/docs/user-guide/services/ -## -sessionAffinity: "None" -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.storageClass PrestaShop Data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessMode PVC Access Mode for PrestaShop volume - ## - accessMode: ReadWriteOnce - ## @param persistence.size PVC Storage Request for PrestaShop volume - ## - size: 8Gi - ## @param persistence.existingClaim An Existing PVC name - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - ## @param persistence.hostPath If defined, the prestashop-data volume will mount to the specified hostPath - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.requests [object] The requested resources for the container -## -resources: - requests: - memory: 512Mi - cpu: 300m -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable PrestaShop pods' Security Context -## @param podSecurityContext.fsGroup PrestaShop pods' group ID -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable PrestaShop containers' Security Context -## @param containerSecurityContext.runAsUser PrestaShop containers' Security Context -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.path Request path for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: / - initialDelaySeconds: 600 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Request path for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: / - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for startup probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.path Request path for startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - path: / - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 3 - failureThreshold: 60 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param customStartupProbe Override default startup probe -## -customStartupProbe: {} -## @param lifecycleHooks LifecycleHook to set additional configuration at startup Evaluated as a template -## -lifecycleHooks: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## @section Traffic Exposure Parameters - -## Kubernetes configuration -## For minikube, set this to NodePort, elsewhere use LoadBalancer -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 80 - ## @param service.httpsPort Service HTTPS port - ## - httpsPort: 443 - ## @param service.clusterIP Service Cluster IP - ## - clusterIP: "" - ## @param service.loadBalancerSourceRanges Control hosts connecting to "LoadBalancer" only - ## loadBalancerSourceRanges: - ## - 0.0.0.0/0 - ## - loadBalancerSourceRanges: [] - ## @param service.loadBalancerIP Load balancerIP for the PrestaShop Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.nodePorts.http Kubernetes HTTP node port - ## @param service.nodePorts.https Kubernetes HTTPS node port - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster -## Configure the ingress resource that allows you to access the -## PrestaShop installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: prestashop.local - ## @param ingress.path Default path for the ingress resource*' in order to use this - ## with ALB ingress controllers. - ## - path: / - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Create TLS Secret - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: prestashop.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional arbitrary paths that may need to be added to the ingress under the main host. - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - prestashop.local - ## secretName: prestashop.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: prestashop.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Database parameters - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements - ## To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication` - ## - architecture: standalone - ## MariaDB Authentication parameters - ## - auth: - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param mariadb.auth.database Database name to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - database: bitnami_prestashop - ## @param mariadb.auth.username Database user to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: bn_prestashop - ## @param mariadb.auth.password Password for the database - ## - password: "" - primary: - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## - enabled: true - ## @param mariadb.primary.persistence.storageClass MariaDB primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param mariadb.primary.persistence.accessModes Database Persistent Volume Access Modes - ## - accessModes: - - ReadWriteOnce - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## - size: 8Gi - ## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production) - ## - hostPath: "" - ## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas - ## - existingClaim: "" -## External database configuration -## -externalDatabase: - ## @param externalDatabase.host Host of the existing database - ## - host: "" - ## @param externalDatabase.port Port of the existing database - ## - port: 3306 - ## @param externalDatabase.user Existing username in the existing database - ## - user: bn_prestashop - ## @param externalDatabase.password Password for the above username - ## - password: "" - ## @param externalDatabase.database Name of the existing database - ## - database: bitnami_prestashop - -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r192 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - -## @section Metrics parameters - -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Apache exporter image registry - ## @param metrics.image.repository Apache exporter image repository - ## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.0-debian-10-r46 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.resources Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## @param metrics.podAnnotations [object] Metrics exporter pod annotations - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" -## @section Certificate injection parameters -## Add custom certificates and certificate authorities to PrestaShop container -## -certificates: - ## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add - ## @param certificates.customCertificate.chainSecret.name Name of the secret containing the certificate chain - ## @param certificates.customCertificate.chainSecret.key Key of the certificate chain file inside the secret - ## @param certificates.customCertificate.certificateLocation Location in the container to store the certificate - ## @param certificates.customCertificate.keyLocation Location in the container to store the private key - ## @param certificates.customCertificate.chainLocation Location in the container to store the certificate chain - ## - customCertificate: - certificateSecret: "" - chainSecret: - name: "" - key: "" - certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem - keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key - chainLocation: /etc/ssl/certs/mychain.pem - ## @param certificates.customCAs Defines a list of secrets to import into the container trust store - ## - customCAs: [] - ## @param certificates.command Override default container command (useful when using custom images) - ## - command: [] - ## @param certificates.args Override default container args (useful when using custom images) - ## e.g: - ## - secret: custom-CA - ## - secret: more-custom-CAs - ## - args: [] - ## @param certificates.extraEnvVars Container sidecar extra environment variables - ## - extraEnvVars: [] - ## @param certificates.extraEnvVarsCM ConfigMap with extra environment variables - ## - extraEnvVarsCM: "" - ## @param certificates.extraEnvVarsSecret Secret with extra environment variables - ## - extraEnvVarsSecret: "" - ## @param certificates.image.registry Container sidecar registry - ## @param certificates.image.repository Container sidecar image repository - ## @param certificates.image.tag Container sidecar image tag (immutable tags are recommended) - ## @param certificates.image.pullPolicy Container sidecar image pull policy - ## @param certificates.image.pullSecrets Container sidecar image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r192 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] diff --git a/bitnami/pytorch/.helmignore b/bitnami/pytorch/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/pytorch/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/pytorch/Chart.lock b/bitnami/pytorch/Chart.lock deleted file mode 100644 index 5a07756..0000000 --- a/bitnami/pytorch/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-24T00:06:31.994124506Z" diff --git a/bitnami/pytorch/Chart.yaml b/bitnami/pytorch/Chart.yaml deleted file mode 100644 index df1e82b..0000000 --- a/bitnami/pytorch/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -annotations: - category: MachineLearning -apiVersion: v2 -appVersion: 1.9.0 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Deep learning platform that accelerates the transition from research prototyping to production deployment -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/pytorch -icon: https://bitnami.com/assets/stacks/pytorch/img/pytorch-stack-220x234.png -keywords: - - pytorch - - python - - machine - - learning -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: pytorch -sources: - - https://github.com/bitnami/bitnami-docker-pytorch - - http://pytorch.org/ -version: 2.3.14 diff --git a/bitnami/pytorch/README.md b/bitnami/pytorch/README.md deleted file mode 100644 index 9b70ad3..0000000 --- a/bitnami/pytorch/README.md +++ /dev/null @@ -1,240 +0,0 @@ -# PyTorch - -[PyTorch](http://pytorch.org/) is a deep learning platform that accelerates the transition from research prototyping to production deployment. It is built for full integration into Python that enables you to use it with its libraries and main packages. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/pytorch -``` - -## Introduction - -This chart bootstraps a [PyTorch](https://github.com/bitnami/bitnami-docker-pytorch) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/pytorch -``` - -These commands deploy PyTorch on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------ | -------------------------------------------------------------------------------------------- | ----- | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | - - -### PyTorch parameters - -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `image.registry` | PyTorch image registry | `docker.io` | -| `image.repository` | PyTorch image repository | `bitnami/pytorch` | -| `image.tag` | PyTorch image tag (immutable tags are recommended) | `1.9.0-debian-10-r102` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `git.registry` | Git image registry | `docker.io` | -| `git.repository` | Git image repository | `bitnami/git` | -| `git.tag` | Git image tag (immutable tags are recommended) | `2.33.0-debian-10-r37` | -| `git.pullPolicy` | Git image pull policy | `IfNotPresent` | -| `git.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r201` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.port` | Scheduler Service port | `49875` | -| `service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types. | `""` | -| `service.annotations` | Provide any additional annotations which may be required. This can be used to | `{}` | -| `entrypoint.file` | Main entrypoint to your application | `""` | -| `entrypoint.args` | Args required by your entrypoint | `[]` | -| `mode` | Run PyTorch in standalone or distributed mode. Possible values: `standalone`, `distributed` | `standalone` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `worldSize` | Number of nodes that will run the code | `""` | -| `port` | PyTorch master port. `MASTER_PORT` will be set to this value | `49875` | -| `configMap` | Config map that contains the files you want to load in PyTorch | `""` | -| `cloneFilesFromGit.enabled` | Enable in order to download files from git repository | `false` | -| `cloneFilesFromGit.repository` | Repository that holds the files | `""` | -| `cloneFilesFromGit.revision` | Revision from the repository to checkout | `""` | -| `cloneFilesFromGit.extraVolumeMounts` | Add extra volume mounts for the Git container | `[]` | -| `extraEnvVars` | Additional environment variables | `[]` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `resources.limits` | The resources limits for the container | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `persistence.enabled` | Use a Persistent Volume Claim to persist data | `true` | -| `persistence.mountPath` | Data volume mount path | `/bitnami/pytorch` | -| `persistence.accessModes` | Persistent Volume Access Mode | `["ReadWriteOnce"]` | -| `persistence.size` | Size of data volume | `8Gi` | -| `persistence.storageClass` | Persistent Volume Storage Class | `""` | -| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `extraVolumes` | Array to add extra volumes (evaluated as a template) | `[]` | -| `extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes, evaluated as a template) | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set mode=distributed \ - --set worldSize=4 \ - bitnami/pytorch -``` - -The above command create 4 pods for PyTorch: one master and three workers. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/pytorch -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Loading your files - -The PyTorch chart supports three different ways to load your files. In order of priority, they are: - - 1. Existing config map - 2. Files under the `files` directory - 3. Cloning a git repository - -This means that if you specify a config map with your files, it won't look for the `files/` directory nor the git repository. - -In order to use use an existing config map, set the `configMap=my-config-map` parameter. - -To load your files from the `files/` directory you don't have to set any option. Just copy your files inside and don't specify a `ConfigMap`. - -Finally, if you want to clone a git repository you can use those parameters: - -```console -cloneFilesFromGit.enabled=true -cloneFilesFromGit.repository=https://github.com/my-user/my-repo -cloneFilesFromGit.revision=master -``` - -## Persistence - -The [Bitnami PyTorch](https://github.com/bitnami/bitnami-docker-pytorch) image can persist data. If enabled, the persisted path is `/bitnami/pytorch` by default. - -The chart mounts a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. - -### Adjust permissions of persistent volume mountpoint - -As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. - -By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. -As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. - -You can enable this initContainer by setting `volumePermissions.enabled` to `true`. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 2.1.0 - -This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 2.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/bitnami/pytorch/ci/values-production.yaml b/bitnami/pytorch/ci/values-production.yaml deleted file mode 100644 index 099df13..0000000 --- a/bitnami/pytorch/ci/values-production.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct - -mode: distributed - -worldSize: 4 diff --git a/bitnami/pytorch/templates/NOTES.txt b/bitnami/pytorch/templates/NOTES.txt deleted file mode 100644 index d59180a..0000000 --- a/bitnami/pytorch/templates/NOTES.txt +++ /dev/null @@ -1,38 +0,0 @@ -{{- if or (.Values.configMap) (.Files.Glob "files/*") (.Values.cloneFilesFromGit.enabled) }} -{{- if .Values.entrypoint.file }} -The provided file {{ .Values.entrypoint.file }} is being executed. You can see the logs of each running node with: - kubectl logs [POD_NAME] - -and the list of pods: - kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -{{- else }} -You didn't specify any entrypoint to your code. -To run it, you can either deploy again using the `pytorch.entrypoint.file` option to specify your entrypoint, or execute it manually by jumping into the pods: - -1. Get the running pods - kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" - -2. Get into a pod - kubectl exec -ti [POD_NAME] bash - -3. Execute your script as you would normally do. -{{- end }} -{{- else }} -WARNING: You haven't loaded any file. You can access the Python REPL by jumping into the pods: - -1. Get the running pods - kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "common.names.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" - -2. Run the Python REPL - kubectl exec -ti [POD_NAME] python - -This chart allows three different methods to load your files: - -1. Load the files from an existing ConfigMap, using the `configMap` option. -2. Putting your files in a `files` folder in the root of the Chart. -3. Cloning a Git repository with the `cloneFilesFromGit` option. - -Examples for the different methods can be found in the README. -{{- end }} -{{ include "pytorch.validateValues" . }} -{{ include "pytorch.checkRollingTags" . }} diff --git a/bitnami/pytorch/templates/_helpers.tpl b/bitnami/pytorch/templates/_helpers.tpl deleted file mode 100644 index 6be87d4..0000000 --- a/bitnami/pytorch/templates/_helpers.tpl +++ /dev/null @@ -1,79 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper PyTorch image name -*/}} -{{- define "pytorch.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper git image name -*/}} -{{- define "git.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.git "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "pytorch.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "pytorch.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.git .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "pytorch.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "pytorch.validateValues.mode" .) -}} -{{- $messages := append $messages (include "pytorch.validateValues.worldSize" .) -}} -{{- $messages := append $messages (include "pytorch.validateValues.extraVolumes" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of PyTorch - must provide a valid mode ("distributed" or "standalone") */}} -{{- define "pytorch.validateValues.mode" -}} -{{- if and (ne .Values.mode "distributed") (ne .Values.mode "standalone") -}} -pytorch: mode - Invalid mode selected. Valid values are "distributed" and - "standalone". Please set a valid mode (--set mode="xxxx") -{{- end -}} -{{- end -}} - -{{/* Validate values of PyTorch - number of replicas must be even, greater than 4 and lower than 32 */}} -{{- define "pytorch.validateValues.worldSize" -}} -{{- $replicaCount := int .Values.worldSize }} -{{- if and (eq .Values.mode "distributed") (or (lt $replicaCount 1) (gt $replicaCount 32)) -}} -pytorch: worldSize - World size must be greater than 1 and lower than 32 in distributed mode!! - Please set a valid world size (--set worldSize=X) -{{- end -}} -{{- end -}} - -{{/* Validate values of PyTorch - Incorrect extra volume settings */}} -{{- define "pytorch.validateValues.extraVolumes" -}} -{{- if and (.Values.extraVolumes) (not (or .Values.extraVolumeMounts .Values.cloneFilesFromGit.extraVolumeMounts)) -}} -pytorch: missing-extra-volume-mounts - You specified extra volumes but not mount points for them. Please set - the extraVolumeMounts value -{{- end -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "pytorch.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.git }} -{{- end -}} diff --git a/bitnami/pytorch/templates/configmap.yaml b/bitnami/pytorch/templates/configmap.yaml deleted file mode 100644 index 3c13233..0000000 --- a/bitnami/pytorch/templates/configmap.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Files.Glob "files/*" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-files - labels: {{- include "common.labels.standard" . | nindent 4 }} -data: -{{ (.Files.Glob "files/*").AsConfig | indent 2 }} -{{ end }} diff --git a/bitnami/pytorch/templates/deployment.yaml b/bitnami/pytorch/templates/deployment.yaml deleted file mode 100644 index d5b1aa5..0000000 --- a/bitnami/pytorch/templates/deployment.yaml +++ /dev/null @@ -1,174 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }}{{ if eq .Values.mode "distributed" }}-master{{ end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: master -spec: - replicas: 1 - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: master - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: master - spec: - {{- include "pytorch.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "master" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "master" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - {{- if or .Values.cloneFilesFromGit.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} - initContainers: - {{- if .Values.cloneFilesFromGit.enabled }} - - name: git-clone-repository - image: {{ include "git.image" . }} - imagePullPolicy: {{ .Values.git.pullPolicy | quote }} - command: - - /bin/sh - - -c - - | - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh" - git clone {{ .Values.cloneFilesFromGit.repository }} --branch {{ .Values.cloneFilesFromGit.revision }} /app - volumeMounts: - - name: git-cloned-files - mountPath: /app - {{- if .Values.cloneFilesFromGit.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.cloneFilesFromGit.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: "{{ template "mxnet.volumePermissions.image" . }}" - imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- end }} - containers: - - name: master - image: {{ include "pytorch.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - command: - - bash - - -c - - | - {{- if .Values.entrypoint.file }} - python {{ .Values.entrypoint.file }} {{ if .Values.entrypoint.args }}{{ .Values.entrypoint.args }}{{ end }} - {{- end }} - sleep infinity - env: - {{- if eq .Values.mode "distributed" }} - - name: MASTER_ADDR - value: "127.0.0.1" - - name: MASTER_PORT - value: {{ .Values.port | quote }} - - name: WORLD_SIZE - value: {{ .Values.worldSize | quote }} - - name: RANK - value: "0" - {{- end }} - {{- if .Values.extraEnvVars }} - {{- toYaml .Values.extraEnvVars | nindent 12 }} - {{- end }} - ports: - - name: pytorch - containerPort: {{ .Values.port }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - python - - -c - - import torch; torch.__version__ - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - python - - -c - - import torch; torch.__version__ - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.configMap }} - - name: ext-files - mountPath: /app - {{- else if .Files.Glob "files/*" }} - - name: local-files - mountPath: /app - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - mountPath: /app - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - volumes: - {{- if .Values.configMap }} - - name: ext-files - configMap: - name: {{ .Values.configMap }} - {{- else if .Files.Glob "files/*" }} - - name: local-files - configMap: - name: {{ include "common.names.fullname" . }}-files - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - emptyDir: {} - {{- end }} - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.names.fullname" . }}{{ if eq .Values.mode "distributed" }}-master{{ end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/pytorch/templates/headless-svc.yaml b/bitnami/pytorch/templates/headless-svc.yaml deleted file mode 100644 index eabd176..0000000 --- a/bitnami/pytorch/templates/headless-svc.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if eq .Values.mode "distributed" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-headless - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: worker -spec: - type: ClusterIP - clusterIP: None - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: worker -{{- end }} diff --git a/bitnami/pytorch/templates/pvc.yaml b/bitnami/pytorch/templates/pvc.yaml deleted file mode 100644 index 293fc9d..0000000 --- a/bitnami/pytorch/templates/pvc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.persistence.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }}{{ if eq .Values.mode "distributed" }}-master{{ end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} -{{- end }} diff --git a/bitnami/pytorch/templates/service.yaml b/bitnami/pytorch/templates/service.yaml deleted file mode 100644 index 0f27de4..0000000 --- a/bitnami/pytorch/templates/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: master - {{- if .Values.service.annotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: pytorch - name: pytorch - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} - nodePort: {{ .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: master diff --git a/bitnami/pytorch/templates/statefulset.yaml b/bitnami/pytorch/templates/statefulset.yaml deleted file mode 100644 index 3156b28..0000000 --- a/bitnami/pytorch/templates/statefulset.yaml +++ /dev/null @@ -1,184 +0,0 @@ -{{- if eq .Values.mode "distributed" }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.names.fullname" . }}-worker - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: worker -spec: - serviceName: {{ template "common.names.fullname" . }}-headless - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: worker - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: worker - spec: -{{- include "pytorch.imagePullSecrets" . | nindent 6 }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "worker" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "worker" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - {{- if or .Values.cloneFilesFromGit.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} - initContainers: - {{- if .Values.cloneFilesFromGit.enabled }} - - name: git-clone-repository - image: {{ include "git.image" . }} - imagePullPolicy: {{ .Values.git.pullPolicy | quote }} - command: - - /bin/sh - - -c - - | - [[ -f "/opt/bitnami/scripts/git/entrypoint.sh" ]] && source "/opt/bitnami/scripts/git/entrypoint.sh" - git clone {{ .Values.cloneFilesFromGit.repository }} --branch {{ .Values.cloneFilesFromGit.revision }} /app - volumeMounts: - - name: git-cloned-files - mountPath: /app - {{- if .Values.cloneFilesFromGit.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.cloneFilesFromGit.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: "{{ template "mxnet.volumePermissions.image" . }}" - imagePullPolicy: {{ default "" .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - {{- end }} - containers: - - name: worker - image: {{ include "pytorch.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - command: - - bash - - -c - - | - RANK=${POD_NAME##*-} - ((RANK++)) - export RANK - {{- if .Values.entrypoint.file }} - python {{ .Values.entrypoint.file }} {{ if .Values.entrypoint.args }}{{ .Values.entrypoint.args }}{{ end }} - {{- end }} - sleep infinity - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MASTER_ADDR - value: {{ include "common.names.fullname" . }} - - name: MASTER_PORT - value: {{ .Values.port | quote }} - - name: WORLD_SIZE - value: {{ .Values.worldSize | quote }} - {{- if .Values.extraEnvVars }} - {{- toYaml .Values.extraEnvVars | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - python - - -c - - import torch; torch.__version__ - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - python - - -c - - import torch; torch.__version__ - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.configMap }} - - name: ext-files - mountPath: /app - {{- else if .Files.Glob "files/*" }} - - name: local-files - mountPath: /app - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - mountPath: /app - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - - name: data - mountPath: {{ .Values.persistence.mountPath }} - volumes: - {{- if .Values.configMap }} - - name: ext-files - configMap: - name: {{ .Values.configMap }} - {{- else if .Files.Glob "files/*" }} - - name: local-files - configMap: - name: {{ include "common.names.fullname" . }}-files - {{- else if .Values.cloneFilesFromGit.enabled }} - - name: git-cloned-files - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if not .Values.persistence.enabled }} - - name: data - emptyDir: {} - {{- else }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - {{- if .Values.persistence.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: {{ toYaml .Values.persistence.accessModes | nindent 10 }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- end }} -{{- end }} diff --git a/bitnami/pytorch/values.yaml b/bitnami/pytorch/values.yaml deleted file mode 100644 index 5e36f43..0000000 --- a/bitnami/pytorch/values.yaml +++ /dev/null @@ -1,333 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" - -## @section PyTorch parameters - -## Bitnami PyTorch image version -## ref: https://hub.docker.com/r/bitnami/pytorch/tags/ -## @param image.registry PyTorch image registry -## @param image.repository PyTorch image repository -## @param image.tag PyTorch image tag (immutable tags are recommended) -## @param image.pullPolicy Image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/pytorch - tag: 1.9.0-debian-10-r102 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## It turns BASH and/or NAMI debugging in the image - ## - debug: false -## Bitnami git image version -## ref: https://hub.docker.com/r/bitnami/git/tags/ -## @param git.registry Git image registry -## @param git.repository Git image repository -## @param git.tag Git image tag (immutable tags are recommended) -## @param git.pullPolicy Git image pull policy -## @param git.pullSecrets Specify docker-registry secret names as an array -## -git: - registry: docker.io - repository: bitnami/git - tag: 2.33.0-debian-10-r37 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r201 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} -## Service for the scheduler node -## -service: - ## @param service.type Kubernetes service type - ## - type: ClusterIP - ## @param service.port Scheduler Service port - ## - port: 49875 - ## @param service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param service.annotations Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} -## PyTorch configuration. This will be executed as: python [file] [args] -## @param entrypoint.file Main entrypoint to your application -## @param entrypoint.args Args required by your entrypoint -## -entrypoint: - file: "" - args: [] -## @param mode Run PyTorch in standalone or distributed mode. Possible values: `standalone`, `distributed` -## -mode: standalone -## @param hostAliases Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param worldSize Number of nodes that will run the code -## WORLD_SIZE will be set to this value -## -worldSize: "" -## @param port PyTorch master port. `MASTER_PORT` will be set to this value -## -port: 49875 -## @param configMap Config map that contains the files you want to load in PyTorch -## -configMap: "" -## Enable in order to download files from git repository. -## -cloneFilesFromGit: - ## @param cloneFilesFromGit.enabled Enable in order to download files from git repository - ## - enabled: false - ## @param cloneFilesFromGit.repository Repository that holds the files - ## - repository: "" - ## @param cloneFilesFromGit.revision Revision from the repository to checkout - ## - revision: "" - ## @param cloneFilesFromGit.extraVolumeMounts Add extra volume mounts for the Git container - ## Useful to mount keys to connect through ssh. (normally used with extraVolumes) - ## E.g: - ## extraVolumeMounts: - ## - name: ssh-dir - ## mountPath: /.ssh/ - ## - extraVolumeMounts: [] -## @param extraEnvVars Additional environment variables -## e.g: -## extraEnvVars: -## - name: NCCL_DEBUG -## value: "INFO" -## - name: NCCL_DEBUG_SUBSYS -## value: "ALL" -## -extraEnvVars: [] -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## @param securityContext.enabled Enable security context -## @param securityContext.fsGroup Group ID for the container -## @param securityContext.runAsUser User ID for the container -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the container -## @param resources.requests The requested resources for the container -## -resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Use a Persistent Volume Claim to persist data - ## - enabled: true - ## @param persistence.mountPath Data volume mount path - ## - mountPath: /bitnami/pytorch - ## @param persistence.accessModes Persistent Volume Access Mode - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size Size of data volume - ## - size: 8Gi - ## @param persistence.storageClass Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.annotations Persistent Volume Claim annotations - ## - annotations: {} -## @param extraVolumes Array to add extra volumes (evaluated as a template) -## -extraVolumes: [] -## @param extraVolumeMounts Array to add extra mounts (normally used with extraVolumes, evaluated as a template) -## -extraVolumeMounts: [] diff --git a/bitnami/rabbitmq-cluster-operator/.helmignore b/bitnami/rabbitmq-cluster-operator/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/rabbitmq-cluster-operator/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/rabbitmq-cluster-operator/templates/extra-list.yaml b/bitnami/rabbitmq-cluster-operator/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/rabbitmq-cluster-operator/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/rabbitmq/.helmignore b/bitnami/rabbitmq/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/rabbitmq/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/rabbitmq/templates/extra-list.yaml b/bitnami/rabbitmq/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/rabbitmq/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/redis-cluster/.helmignore b/bitnami/redis-cluster/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/redis-cluster/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/redis-cluster/templates/extra-list.yaml b/bitnami/redis-cluster/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/redis-cluster/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/redis/.helmignore b/bitnami/redis/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/redis/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/redis/img/redis-topology.png b/bitnami/redis/img/redis-topology.png deleted file mode 100644 index 3f5280febe6761d34d6a70fba1190fbe09208997..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9709 zcmb_?cT`hb_ieBMB8n(TFCwTE=_R0ol+Z#A34~q~dI^NyEJ!C51r$&OjhHCS28bwv zfLK68x~TLff+7ki_*T^WeRsSv-ao%P#*N{ez4uvX@3rTgYwo02m>KL~<7Y!45Ic+v z^)Lto6Ar$AW@U!Y=x^d~2*j3yWE7t4A3^l?BOoM{bpL#lP?Yxy3?WM>=}9Omx&{Tw zdU(5f2D|!)$OaI|a0%}F2YPrDy$K$F+9=8^${&_jKCGaGRZx&n(pFN24@E^;byWqs zKkZ#T2?2ixRFRd30S=kEx_bwZ14Fzd|Fj^GT|NJdW~Fl2&%!mz$V#6`a8_3jwp5Pr z{?jIm5FFwi81Sc=0*o&UkNX`DIWmaw=duSO%-fy7xT=JLH~JeoJkk4au+G{41$dfjkSY4t(D}p^=!R^ z)U|CKrYmJoGw(?iivqLLdoBFF*ll?<2 z{d}S{4I;xL&BN8)(F%r&3f=@&csYzVH1I;Yo0Ig+@#@xYm`Gbo z6;m~mpLZnL*4@I=+EvXe#N5m`(AL<@!_3GsBE%yyGAcA&UeVCaP}fffP1ZH`@bDwr zhD2D}kpm6o6;)Mze6)RWD3Yg@kB^c!$`GxJM4>$4F##cp{%-QFkw)lnTQgk~MI&8P z9Tk10zyNPEcN7YiN#By}ZyI8$7_3L|v~!E_G_ke}4lu`u==l2t+o5oZCgwN=4ABVf zui&QcjmD~akyP<08^&v>n44=yl98cgJ8fdPxxR9gqDi2sKN3SAn}o{~-Th!}D@b7- zBK+@V8i5Z|Ggr5W#Ca+Q!5y+WQr{-X&)36BG1AnE5r%G*B_;-qhuCJ z3XxYc5B0Jokc_ z1Ak8sy+8wFWt6*~nwd6M)r1rorlJ;Lr9cdJSMxSgQB?OfRkKvnLmDd)4PlJ%D3S^z zavWp#D8Z=u|LmCG+Xw#siwR1ok~bZf5C~C(k)Ad-qG*2D7mHoyXI?BnJ}PN*Kx35p zB0Edh32l>qHgUl2g57l&%5g8&D_%rGS=zPh21n3VO3m93Nq4b_7)maAO;F`;?+;dI z-ItZmu3&nclXqOPbM=E;&Mi0Mw-@mX$2tScS4HKOIzK$%kW*?FHp&rSe6q*<=x6aE zqfMNg>J+N6p7{PeDbDP4JY7#u(T%p7vpxBL@S=FafS-O?m}=Pk;F*MkEia0-M7p}V zc-4c&*_k(Q+Pt~zwx>CH=JnS3p_-(c8nsiWPJNi4&-gY!bOoI+J3VmwAhdCn=amm0 zH+=HsiKwjX&TZSa_22d72@Vdnu(y|9yOvYvO3Uev{k8tx(8%cV+qw`=LBVvVhN#Cw zLjofsBfQ6=l+*S1@0E2(-XWms^8M5B)An}lxHwI-iyCKMzs6v(*hW9q&9zRg+}zxU z4j*ozS(RlK7iSg~34VOnAdr%hg0FI6f)VsHg)^$E+^rb`NfeiQbaZvIb8=46=~7+QAA^@?ael-1x%chcmnFW9`5+-`|sGz2%raXVf(`V0i3#DLBQH>AZa&2a2=T~O^{ytu7 z_ntkdHWCdMm|YOL>og08J_eIBjl3EpgIlwDo-b!G)p3ziNGKycoxO{cpb_=;P-$uD ztGW=+n+|mtvLNPAp49N0p}>*sdv4gE+APmW+f;m@<~!-shs{^TtOj?H z3|;Z`HzvWsiitagQf-_fQFqNX>Wm2l31a7^jLVlr{RVEKU_915DJBHl_U#HDPj~6* z>wl@t^21tLolZ_>-LiFS-A|R;t4C#UO^_=i3k#WFzmmHwvGX4upPufy!86%eET_S? z?FlB-z0B<5sp4XhVsiFCD!23pXetu_(~``!`vi6N+V0)EUqSA2@$jTkN{!B(Ia51V zQC~$G)9 zYeYmwrckuanlL?8u(o4U#qoQEP6w1;y}D)ie&`;d(?ut!bjv*l&7OQ7YeThN*2=zk zF=KHts7t|+D1+M(wcKMT8s+r`Ah^x8yOs<60_c?`zhDLm8KUmT?H?Qdx5)dH!?D_MFWZI#S$rq1v zB+wAf5s2Dv@Q!zXOEuAN&0x^rX?S5=J_%t|iN3u&ey6>3h?*0=V^7W~8OvepuYS zvHk<{P1I<&Q|vMhYh$B!B)(gK|5{m@Ze`yU$NDe^tnu^n1LmgXJ4J2#wb~hfxo<8z zJA2>w50|v&B#yC>B$0n!H2PB=3kroQb^j@GwmkvTY3y#FQ}dUJ=S&XqN==Q8$Nl=N z9^28KV?J*cH)DPl{V#bM3xnx-yaP3}NgPM4mWxYSY)bJ`M(cy1MRT<`7O_ zS&2B8pFj5K*SZ{Z1c=Sb&E4AIlqrGE!&jnn#BbWy?BtPi;`%AH>U+?v==j3B21pOa zB;M3b+DVT{dILn$>>~eRy6ei~_wNR=vB$oA`NG)Rzt$Jxdojmi*OV2Nl$a1Ul};_= z?PobfL^8X}%yo0bV>VW&u2)vJtu9TGzJ0Vs^!+N3k(S<$a8c%02z+;RZdn)^gotVo z1{PsuXUF#J(aM)~Je8T53HibT`LcEE))dMsv7wqkgPC?Jo;qch5&8iSAKyzjefpBwFgiTI=#4{#8O>d{c3I*NgCZ^R;=lN7vkDzJ4lIuE4zn=j{mtZ1sLs$wt;IpVe=%!g!U@8!+H#$KE(3~X|%7FAQ@$q{#L zN##by{X~*Agp7@i5eV4Hd~3^dNv*B=bB{e__HOSjw`YMB+|DC=`QE*~XAhd|!~FR8 z_+V}5F($YMJYDKqp64&E)$u*PG;18L#Q9MizAjh-arydnR*j20Z7LidKR(S;xIVZ6 z`9qfC6LR8|XW>^5JwXc_wE$g%13l{hqmSaUg!# zjYh}&`Q4OqD)UK$IdQm8ZeP>1$Ki0jow>QWBR~`Kg)d)rbbq~dL*S9w4vw^+7aF3! zkFHJ?GeCl|u~BJzRif_|-WkhKd)EjYCZWMRaFR-QW7#R#SmoLb`}iQQq6h2i?(Vw38r1=E|{@#%l6Kh&4Fnyf}Txn9EYy_yX2aTKPy=i-Trn`)RLyG(v zhK7c_{@|1P?E&_{z(9ao{Y#fFy`)T{W&z(%fKUONXTYj9kmY-06sQ9Jpy^lp^iU|^ z0LAml-n%J+>SBPj0Q#Kf$CkM?*S}f;8ZsRT``FlD?GE9vRAW_2tEzTwY-|9`ZT=c{ z%pwhLE@+L(sUPcZ!V|uOw&fy*U)$7l$KXAGX$WZ>8aE~-EzQZxdq{(M z_%cB3^@<9BqoM@rEVGZV@5szd3Zz&vWwaNvnZ+n4Xns%ys5%8Gx%A;fVU3HFHYaZJ z{rfiq)&V~_0LK%VcM2wh{7I&aSeqQ!!@PqZ0ZFKg)XGhCnc65)a zgoMOM$B_j+ZS9lOhYHStf~;_?cLO{ty^@tyjUDbExb4ZgYu5?F^Sl&FsU)adl#7cf z#BvbSMk7YzNlS}%W#3ri$<3u#t`Fur$E64#i*o5IMM3}LGPq5MqN9k1!n+e z_e)6pl}E#Gjx0Pl4U$XfHu0qn3Uy{0nToNtPQ0MxIZ8S5sgaJmq1U$Wj4SPRu^k}) z{qO}!``Lr_>jJN18T%_eU9Ydgu{vtm2Q*m;XfiP%BTeC$MeVN(??rt3D$caHaSF9d zKwei9U-EyQAL8LS_H|dz*|R7Eu`}+p98=Kmy95NbLynjfAvq76H451}^y<|KfM@rn zgl!DbaLv4!^7gGmSGA!8L(+0+{oGYjQsM=YrZt`K^kMsZ*T1!wr>3%rA3V4piR2X) z7UtE8J9^K5=)fO6>rovtWu~X6ciFsHbGo~XgZSe7NsuS3Q=PDH=dT%~(bfJ#swTyn zLf_v-%Q3U_o_PAy@G6y>LeZCM!$=GWX~hYC{`@&&@`C4wxw*7z_ck$QWv=aeWsdv! zNSPHOM_wNVP?x`8!YB|xWi#pyS;zY>5I+7kaR=~nUIjc z$j!yCUlSg?G$wQI-^I;+W_sF-Q5O}e1?m%t2ZBRFEFB!ub8>c{%grqT!P2;VWilVW zf=+8`X?gncB??-p2EI#=T$*%!c1|)mHMI#wk|&Moff5lF6-B@_C8wpGZuih3k*Yr| zuzK^Ma}yZk1x#G+*(odzxtenD(ut%b7Q31N&?2wyhx&q?YM!r!%8uyc zuo|8;&yf(ILG zbEkIiQGtmc`9lgxfZlG4A09InT-@kXem;+WIxneviCsif5Y`&X7x=9Gwef=l3dePQ zZCTdL{EZ;Is5+y(xN@b7j*~ViRNY}~Yg-$$st6kDG*HbIkl*o98z3MS7z00e@W29x zJM-d&38+x+9Pxbz4lu(jg>)U>x5kamb(pQOpGn*yP!RhN*rw)Plr&kxF-^9!t&JuA z$I$zr**7$zh`EW$_%~ynDr~z%z`fjeCT3=4Y1{7_!7$my#qr&pq-Y5n$oTG`J=U{6 zZ=Kq?@pSR}^z`(-{?yW-XbDd@T8>P>TVoc0ml$b($$(06wLB?xy%~FNG<2~9y^?ivgWfk=c}B{*6FA%m-FDSxA0+prtm z^D;;}bVoqtr!+v&f_txje5%j1ry<@t4R1%|n&awoi9}*5WxThx;XddaW|A~cGoW&? z1=Ev!tsI*p9zd09n#V;0eYcfkkJL8!fHpo;o9iP`V-pHWg|!Cry?GuNi>I@NL)jTX zeKL#_phZ?zR%7`&!5sMK_k~k$ zYjgQC^aH5k+XE^`tFeyh_L6mMH8u)(x-2x*8~rwGCxbgUYHe)XJm0g5rz--(;cu6p zu$PqNtg)GLr9B&OEk7rKplz$MiLAy7L8m(jLpP4%>0w@L?H%w}>d=jKJpJ(3q4IND zE$u=<(RYQ=%W^@|689-XzRzn-X$3EdP$akmBmy%x{#;#R6ua5`4Vql!Mdjsp9gF^^ z2Ws%u!`Nsj;l@7IFC@a&3#gx0Wmq4KyFdlthv-uTQ()163ZOn`f}&T)%xou+7wSD$ ztZ+b4q-How;ONn#LEneNo59@xtelE@d;BbQZT(KuMOI#>eqi_xITRU!GkQTtEHg~dIyyQo^1M~xbpWnHeGnJqeQ9*m?c>|JJs|260Rn4DW3Omd2LTs<>rFE= z3VJCkdMu_kPYQjvx*CX~ea*N11k+}D-(H!RpP$f>Muwe6qm^FCZVl3e(v24I?g1Y}sy)|R&dJZ83RVpkhfARl@^9Ewy1_-(ZQD+Y z8}S|qlhIuHuo-x!1u63E@(RXZgEz&jtoe4QW*Q(CUtGk&nc_tTi8AVxt5?N=7*E1@7dcvTXMu>j!0pg8FxbC; zzb;v@gd%(_6|^|{(_22M#<+x%xK1p6mZo+jxfw6d*Sv2nuX&dWf?;g7=LRtNvs`JL z#n))L5=I^NFs2Tu9x*kRDe147kni(vGlYX)|9_Yv!Au-sF>I$ZEbDY_>6sZ%u~&ArBk|wG!P{`p!p2V&BJGweO`jP?z&+k2NdN@ z=E~um(iJY9Y^GA9X5UDztgcGVY7-9QtKGK#TwnhTHB2f+XXl3)WYUePW&*V!E9(Rh zM`>+s|4iQm1soYtpJTY|SZfBT8X=@e$HcSMAR`)VU)~J;GA9;CHNrElKUz}tLrg72 zda`+jI#?6v9J4l4W>z1w)&K?oJFon4GP@5`N79^nv}Tbtop_s1NP~PlAfV!7zG?j7 zBS!?FE`X}0^vWw!$b{g@7$g<@lBo2cp~2GH`oP>oj=!u!EyCQ~{GqskE3DCno2yw3 zSRg-!d>op{9^15OlZCAu4ajB++Su5z$jQldDX7P_fSLuh;v5nU$7R4FWaZ%C5o$h6 z(mZEgv6@B2Izz=R<9Pqgi2QgAI#1>?6lHqg4i#}MXSr(%%J#(m_~yE@II{DMXkXOV zE`!fKHqI&FDN=`B<6Z?!;)(_jq=xYc{#Oz!Vrzt z4GIEprQpe`g;w-ba|OoK+}wanzVp&X|Jl;pkj|0Ck>*l&FSaS&BOfnt)HBLQQ3;8b zYfD**{sXtRa&mJ1_iiEj?jINCu8M%&y?==bKj{lmCfs zt#LEQhx&zwA>xJ4xp{c(7eq}#J}dYSDucg}>*=2i0xT(o|>K{kpItU_V5C|MX{qks>ED zsDof~;xw~jKaZk*{&@c@(X8zD#<`2?AqQsX<_d?s!K+|IfoKE|SRwL@2iPB1=yW!) zR%T{qs_-%qqbUa$flEq3k>!Ywd>puqII*@C^>a+*m&L@7TIc)ZZQxaxx?ks?I=#fy zkEa8^QO0+d-oMYEFXw!3qyE7IL7)j(5cqugNm*z>w3k-!Fbqu-7TqOUmNyjq|z zNO_NS?;>by79U8MmPx^Gr~-4OTrxk1vjtDydRRPY{K6EMscA0PjwuTSkqEzl$Y zJ-h;(7J$EfvxWra8@?e*1;MaFfKS_^7aEeFG>4UhLj#7-4pIT?)WiY5R!|E;FeCZz z%?wCZp@NLqYahGQ0ZkxMY3rNEq1FW}=HbSgFRU*>f=Ye2$pyu&fe%*?fMABIp?qp{ z+aN`v(R5N#qXKd5PhsHEh!sD_6FzTY0MP8JgL>j}^ITB>#Li~07R zRK(H2;^IzgZEdB03XL#@sy7jI$OyopzQ6yxNSq^NC1WmQolBr@-Rt-bTu>L)Lc;So zA8;yLmO8cMes8{wm0QE!ntoC}V5Ydfdk{&19UcXS%3`m5U<#$gr-)w@netuj+x;;pdLBjKx{+OdZa0uW*APf{{ za2?khGuHi;s2zGJ@RaVc@$($E#@vXe z=4OzFV~Z16OCG;{no~i4NUR*oblJWp;E<$bHiHAfpw!M3J_ao2Tf{Mu69OEGLo9yz zqT}dz(J$YCa)U}y z|MqaEnTt3GLA?x;KRLHhalLyc!p{h7GR0SSeQmlFraAspoDzB)_hX*XKuSsqJf(BDZYjPfQr{E)mc(LRZYQC!b6ex; zio0JunJ}i!|Hdq&O z5Dtc3m6?mcerHi4zGyTMiA`Xz7A4FIxVrzIzW~F60?g*w%*+l)KjN=nzt%I@zhg8e z`N|-sp$ps;#`%EfrAX$74<9n>2ylU_T^?_`dhOcilaxKOFRd&r5Mcal-M&{8tfR+| zA5XugZa-jh{siEysGM9UHIh<^>4V=Bg))8%@U(%X=>SF4nmwGI0JnmNqYDSaupM@Q zR%M(P^D1nDl8wPmU}YqkYp!m&aNz>O5h9Tkz+JZh1FxWfAJLb|<^*5CLIUNmAGilv zt&E>FXE?PF0KotMj!{=7h;wQ?rr`omD@a$t=x-mjF__(up9$XG*G6W_iuIu&TKhJ? zT}w-gJlDH}p}=8Fb8>MdfCX0yx(ZaV0LaQ$Am5=B9b **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` chart: - -```bash -helm uninstall my-release -``` - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------ | ------------------------------------------------------------------------------------- | --------------- | -| `nameOverride` | String to partially override scdf.fullname template (will maintain the release name). | `""` | -| `fullnameOverride` | String to fully override scdf.fullname template. | `""` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### Dataflow Server parameters - -| Name | Description | Value | -| -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------- | -| `server.image.registry` | Spring Cloud Dataflow image registry | `docker.io` | -| `server.image.repository` | Spring Cloud Dataflow image repository | `bitnami/spring-cloud-dataflow` | -| `server.image.tag` | Spring Cloud Dataflow image tag (immutable tags are recommended) | `2.8.2-debian-10-r22` | -| `server.image.pullPolicy` | Spring Cloud Dataflow image pull policy | `IfNotPresent` | -| `server.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `server.image.debug` | Enable image debug mode | `false` | -| `server.hostAliases` | Deployment pod host aliases | `[]` | -| `server.composedTaskRunner.image.registry` | Spring Cloud Dataflow Composed Task Runner image registry | `docker.io` | -| `server.composedTaskRunner.image.repository` | Spring Cloud Dataflow Composed Task Runner image repository | `bitnami/spring-cloud-dataflow-composed-task-runner` | -| `server.composedTaskRunner.image.tag` | Spring Cloud Dataflow Composed Task Runner image tag (immutable tags are recommended) | `2.8.2-debian-10-r22` | -| `server.configuration.streamingEnabled` | Enables or disables streaming data processing | `true` | -| `server.configuration.batchEnabled` | Enables or disables batch data (tasks and schedules) processing | `true` | -| `server.configuration.accountName` | The name of the account to configure for the Kubernetes platform | `default` | -| `server.configuration.trustK8sCerts` | Trust K8s certificates when querying the Kubernetes API | `false` | -| `server.configuration.containerRegistries` | Container registries configuration | `{}` | -| `server.configuration.grafanaInfo` | Endpoint to the grafana instance (Deprecated: use the metricsDashboard instead) | `""` | -| `server.configuration.metricsDashboard` | Endpoint to the metricsDashboard instance | `""` | -| `server.existingConfigmap` | ConfigMap with Spring Cloud Dataflow Server Configuration | `""` | -| `server.extraEnvVars` | Extra environment variables to be set on Dataflow server container | `[]` | -| `server.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `server.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `server.replicaCount` | Number of Dataflow server replicas to deploy | `1` | -| `server.strategyType` | StrategyType, can be set to RollingUpdate or Recreate by default | `RollingUpdate` | -| `server.podAffinityPreset` | Dataflow server pod affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `server.podAntiAffinityPreset` | Dataflow server pod anti-affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `server.containerPort` | Dataflow server port | `8080` | -| `server.nodeAffinityPreset.type` | Dataflow server node affinity preset type. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `server.nodeAffinityPreset.key` | Dataflow server node label key to match Ignored if `server.affinity` is set. | `""` | -| `server.nodeAffinityPreset.values` | Dataflow server node label values to match. Ignored if `server.affinity` is set. | `[]` | -| `server.affinity` | Dataflow server affinity for pod assignment | `{}` | -| `server.nodeSelector` | Dataflow server node labels for pod assignment | `{}` | -| `server.tolerations` | Dataflow server tolerations for pod assignment | `[]` | -| `server.podAnnotations` | Annotations for Dataflow server pods | `{}` | -| `server.priorityClassName` | Dataflow Server pods' priority | `""` | -| `server.podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` | -| `server.containerSecurityContext.runAsUser` | Set Dataflow Server container's Security Context runAsUser | `1001` | -| `server.resources.limits` | The resources limits for the Dataflow server container | `{}` | -| `server.resources.requests` | The requested resources for the Dataflow server container | `{}` | -| `server.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `server.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `server.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `server.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `server.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `server.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `server.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `server.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `120` | -| `server.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | -| `server.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `server.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `server.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `server.customLivenessProbe` | Override default liveness probe | `{}` | -| `server.customReadinessProbe` | Override default readiness probe | `{}` | -| `server.service.type` | Kubernetes service type | `ClusterIP` | -| `server.service.port` | Service HTTP port | `8080` | -| `server.service.nodePort` | Specify the nodePort value for the LoadBalancer and NodePort service types | `""` | -| `server.service.clusterIP` | Dataflow server service cluster IP | `""` | -| `server.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `server.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | -| `server.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `server.service.annotations` | Provide any additional annotations which may be required. Evaluated as a template. | `{}` | -| `server.ingress.enabled` | Enable ingress controller resource | `false` | -| `server.ingress.path` | The Path to WordPress. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `server.ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `server.ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `server.ingress.hostname` | Default host for the ingress resource | `dataflow.local` | -| `server.ingress.annotations` | Ingress annotations | `{}` | -| `server.ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `server.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `server.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `server.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `server.initContainers` | Add init containers to the Dataflow Server pods | `[]` | -| `server.sidecars` | Add sidecars to the Dataflow Server pods | `[]` | -| `server.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `server.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `server.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `server.autoscaling.enabled` | Enable autoscaling for Dataflow server | `false` | -| `server.autoscaling.minReplicas` | Minimum number of Dataflow server replicas | `""` | -| `server.autoscaling.maxReplicas` | Maximum number of Dataflow server replicas | `""` | -| `server.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `server.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | -| `server.extraVolumes` | Extra Volumes to be set on the Dataflow Server Pod | `[]` | -| `server.extraVolumeMounts` | Extra VolumeMounts to be set on the Dataflow Container | `[]` | -| `server.jdwp.enabled` | Set to true to enable Java debugger | `false` | -| `server.jdwp.port` | Specify port for remote debugging | `5005` | -| `server.proxy` | Add proxy configuration for SCDF server | `{}` | - - -### Dataflow Skipper parameters - -| Name | Description | Value | -| -------------------------------------------- | --------------------------------------------------------------------------------------------------------- | ------------------------------ | -| `skipper.enabled` | Enable Spring Cloud Skipper component | `true` | -| `skipper.hostAliases` | Deployment pod host aliases | `[]` | -| `skipper.image.registry` | Spring Cloud Skipper image registry | `docker.io` | -| `skipper.image.repository` | Spring Cloud Skipper image repository | `bitnami/spring-cloud-skipper` | -| `skipper.image.tag` | Spring Cloud Skipper image tag (immutable tags are recommended) | `2.7.2-debian-10-r22` | -| `skipper.image.pullPolicy` | Spring Cloud Skipper image pull policy | `IfNotPresent` | -| `skipper.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `skipper.image.debug` | Enable image debug mode | `false` | -| `skipper.configuration.accountName` | The name of the account to configure for the Kubernetes platform | `default` | -| `skipper.configuration.trustK8sCerts` | Trust K8s certificates when querying the Kubernetes API | `false` | -| `skipper.existingConfigmap` | Name of existing ConfigMap with Skipper server configuration | `""` | -| `skipper.extraEnvVars` | Extra environment variables to be set on Skipper server container | `[]` | -| `skipper.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | -| `skipper.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` | -| `skipper.replicaCount` | Number of Skipper server replicas to deploy | `1` | -| `skipper.strategyType` | Deployment Strategy Type | `RollingUpdate` | -| `skipper.podAffinityPreset` | Skipper pod affinity preset. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `skipper.podAntiAffinityPreset` | Skipper pod anti-affinity preset. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `skipper.nodeAffinityPreset.type` | Skipper node affinity preset type. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `skipper.nodeAffinityPreset.key` | Skipper node label key to match Ignored if `skipper.affinity` is set. | `""` | -| `skipper.nodeAffinityPreset.values` | Skipper node label values to match. Ignored if `skipper.affinity` is set. | `[]` | -| `skipper.affinity` | Skipper affinity for pod assignment | `{}` | -| `skipper.nodeSelector` | Skipper node labels for pod assignment | `{}` | -| `skipper.tolerations` | Skipper tolerations for pod assignment | `[]` | -| `skipper.podAnnotations` | Annotations for Skipper server pods | `{}` | -| `skipper.priorityClassName` | Controller priorityClassName | `""` | -| `skipper.podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` | -| `skipper.containerSecurityContext.runAsUser` | Set Dataflow Skipper container's Security Context runAsUser | `1001` | -| `skipper.resources.limits` | The resources limits for the Skipper server container | `{}` | -| `skipper.resources.requests` | The requested resources for the Skipper server container | `{}` | -| `skipper.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `skipper.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `skipper.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `skipper.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `skipper.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `skipper.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `skipper.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `skipper.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `120` | -| `skipper.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | -| `skipper.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `skipper.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `skipper.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `skipper.customLivenessProbe` | Override default liveness probe | `{}` | -| `skipper.customReadinessProbe` | Override default readiness probe | `{}` | -| `skipper.service.type` | Kubernetes service type | `ClusterIP` | -| `skipper.service.port` | Service HTTP port | `80` | -| `skipper.service.nodePort` | Service HTTP node port | `""` | -| `skipper.service.clusterIP` | Skipper server service cluster IP | `""` | -| `skipper.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `skipper.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | -| `skipper.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | -| `skipper.service.annotations` | Annotations for Skipper server service | `{}` | -| `skipper.initContainers` | Add init containers to the Dataflow Skipper pods | `[]` | -| `skipper.sidecars` | Add sidecars to the Skipper pods | `[]` | -| `skipper.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `skipper.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `skipper.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `skipper.autoscaling.enabled` | Enable autoscaling for Skipper server | `false` | -| `skipper.autoscaling.minReplicas` | Minimum number of Skipper server replicas | `""` | -| `skipper.autoscaling.maxReplicas` | Maximum number of Skipper server replicas | `""` | -| `skipper.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `skipper.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | -| `skipper.extraVolumes` | Extra Volumes to be set on the Skipper Pod | `[]` | -| `skipper.extraVolumeMounts` | Extra VolumeMounts to be set on the Skipper Container | `[]` | -| `skipper.jdwp.enabled` | Enable Java Debug Wire Protocol (JDWP) | `false` | -| `skipper.jdwp.port` | JDWP TCP port for remote debugging | `5005` | -| `externalSkipper.host` | Host of a external Skipper Server | `localhost` | -| `externalSkipper.port` | External Skipper Server port number | `7577` | - - -### Deployer parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------- | ------ | -| `deployer.resources.limits` | Streaming applications resource limits | `{}` | -| `deployer.resources.requests` | Streaming applications resource requests | `{}` | -| `deployer.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `90` | -| `deployer.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `120` | -| `deployer.nodeSelector` | The node selectors to apply to the streaming applications deployments in "key:value" format | `""` | -| `deployer.tolerations` | Streaming applications tolerations | `{}` | -| `deployer.volumeMounts` | Streaming applications extra volume mounts | `{}` | -| `deployer.volumes` | Streaming applications extra volumes | `{}` | -| `deployer.environmentVariables` | Streaming applications environment variables | `""` | -| `deployer.podSecurityContext.runAsUser` | Set Dataflow Streams container's Security Context runAsUser | `1001` | - - -### RBAC parameters - -| Name | Description | Value | -| ----------------------- | ----------------------------------------------------------------------------------- | ------ | -| `serviceAccount.create` | Enable the creation of a ServiceAccount for Dataflow server and Skipper server pods | `true` | -| `serviceAccount.name` | Name of the created serviceAccount | `""` | -| `rbac.create` | Whether to create and use RBAC resources or not | `true` | - - -### Metrics parameters - -| Name | Description | Value | -| -------------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | -| `metrics.enabled` | Enable Prometheus metrics | `false` | -| `metrics.image.registry` | Prometheus Rsocket Proxy image registry | `docker.io` | -| `metrics.image.repository` | Prometheus Rsocket Proxy image repository | `bitnami/prometheus-rsocket-proxy` | -| `metrics.image.tag` | Prometheus Rsocket Proxy image tag (immutable tags are recommended) | `1.3.0-debian-10-r270` | -| `metrics.image.pullPolicy` | Prometheus Rsocket Proxy image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources.limits` | The resources limits for the Prometheus Rsocket Proxy container | `{}` | -| `metrics.resources.requests` | The requested resources for the Prometheus Rsocket Proxy container | `{}` | -| `metrics.replicaCount` | Number of Prometheus Rsocket Proxy replicas to deploy | `1` | -| `metrics.podAffinityPreset` | Prometheus Rsocket Proxy pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `metrics.podAntiAffinityPreset` | Prometheus Rsocket Proxy pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `metrics.nodeAffinityPreset.type` | Prometheus Rsocket Proxy node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `metrics.nodeAffinityPreset.key` | Prometheus Rsocket Proxy node label key to match Ignored if `metrics.affinity` is set. | `""` | -| `metrics.nodeAffinityPreset.values` | Prometheus Rsocket Proxy node label values to match. Ignored if `metrics.affinity` is set. | `[]` | -| `metrics.affinity` | Prometheus Rsocket Proxy affinity for pod assignment | `{}` | -| `metrics.nodeSelector` | Prometheus Rsocket Proxy node labels for pod assignment | `{}` | -| `metrics.tolerations` | Prometheus Rsocket Proxy tolerations for pod assignment | `[]` | -| `metrics.podAnnotations` | Annotations for Prometheus Rsocket Proxy pods | `{}` | -| `metrics.priorityClassName` | Prometheus Rsocket Proxy pods' priority. | `""` | -| `metrics.service.httpPort` | Prometheus Rsocket Proxy HTTP port | `8080` | -| `metrics.service.rsocketPort` | Prometheus Rsocket Proxy Rsocket port | `7001` | -| `metrics.service.annotations` | Annotations for the Prometheus Rsocket Proxy service | `{}` | -| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.extraLabels` | Labels to add to ServiceMonitor, in case prometheus operator is configured with serviceMonitorSelector | `{}` | -| `metrics.serviceMonitor.namespace` | Namespace in which ServiceMonitor is created if different from release | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `metrics.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `metrics.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `metrics.autoscaling.enabled` | Enable autoscaling for Prometheus Rsocket Proxy | `false` | -| `metrics.autoscaling.minReplicas` | Minimum number of Prometheus Rsocket Proxy replicas | `""` | -| `metrics.autoscaling.maxReplicas` | Maximum number of Prometheus Rsocket Proxy replicas | `""` | -| `metrics.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `metrics.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | - - -### Init Container parameters - -| Name | Description | Value | -| ------------------------------------ | ------------------------------------------------------------------------------------------------- | ---------------------- | -| `waitForBackends.enabled` | Wait for the database and other services (such as Kafka or RabbitMQ) used when enabling streaming | `true` | -| `waitForBackends.image.registry` | Init container wait-for-backend image registry | `docker.io` | -| `waitForBackends.image.repository` | Init container wait-for-backend image name | `bitnami/kubectl` | -| `waitForBackends.image.tag` | Init container wait-for-backend image tag | `1.19.15-debian-10-r4` | -| `waitForBackends.image.pullPolicy` | Init container wait-for-backend image pull policy | `IfNotPresent` | -| `waitForBackends.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `waitForBackends.resources.limits` | Init container wait-for-backend resource limits | `{}` | -| `waitForBackends.resources.requests` | Init container wait-for-backend resource requests | `{}` | - - -### Database parameters - -| Name | Description | Value | -| ----------------------------------------- | --------------------------------------------------------------------------------------------------- | ------------ | -| `mariadb.enabled` | Enable/disable MariaDB chart installation | `true` | -| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.username` | Username of new user to create | `dataflow` | -| `mariadb.auth.password` | Password for the new user | `change-me` | -| `mariadb.auth.database` | Database name to create | `dataflow` | -| `mariadb.auth.forcePassword` | Force users to specify required passwords in the database | `false` | -| `mariadb.auth.usePasswordFiles` | Mount credentials as a file instead of using an environment variable | `false` | -| `mariadb.initdbScripts` | Specify dictionary of scripts to be run at first boot | `{}` | -| `flyway.enabled` | Enable/disable flyway running Dataflow and Skipper Database creation scripts on startup | `true` | -| `externalDatabase.host` | Host of the external database | `localhost` | -| `externalDatabase.port` | External database port number | `3306` | -| `externalDatabase.driver` | The fully qualified name of the JDBC Driver class | `""` | -| `externalDatabase.scheme` | The scheme is a vendor-specific or shared protocol string that follows the "jdbc:" of the URL | `""` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.existingPasswordSecret` | Existing secret with database password | `""` | -| `externalDatabase.existingPasswordKey` | Key of the existing secret with database password, defaults to `datasource-password` | `""` | -| `externalDatabase.dataflow.url` | JDBC URL for dataflow server. Overrides external scheme, host, port, database, and jdbc parameters. | `""` | -| `externalDatabase.dataflow.database` | Name of the existing database to be used by Dataflow server | `dataflow` | -| `externalDatabase.dataflow.username` | Existing username in the external db to be used by Dataflow server | `dataflow` | -| `externalDatabase.skipper.url` | JDBC URL for skipper. Overrides external scheme, host, port, database, and jdbc parameters. | `""` | -| `externalDatabase.skipper.database` | Name of the existing database to be used by Skipper server | `skipper` | -| `externalDatabase.skipper.username` | Existing username in the external db to be used by Skipper server | `skipper` | -| `externalDatabase.hibernateDialect` | Hibernate Dialect used by Dataflow/Skipper servers | `""` | - - -### RabbitMQ chart parameters - -| Name | Description | Value | -| ----------------------------------------- | ------------------------------------------------------------------------------- | ----------- | -| `rabbitmq.enabled` | Enable/disable RabbitMQ chart installation | `true` | -| `rabbitmq.auth.username` | RabbitMQ username | `user` | -| `externalRabbitmq.enabled` | Enable/disable external RabbitMQ | `false` | -| `externalRabbitmq.host` | Host of the external RabbitMQ | `localhost` | -| `externalRabbitmq.port` | External RabbitMQ port number | `5672` | -| `externalRabbitmq.username` | External RabbitMQ username | `guest` | -| `externalRabbitmq.password` | External RabbitMQ password. It will be saved in a kubernetes secret | `guest` | -| `externalRabbitmq.vhost` | External RabbitMQ virtual host. It will be saved in a kubernetes secret | `""` | -| `externalRabbitmq.existingPasswordSecret` | Existing secret with RabbitMQ password. It will be saved in a kubernetes secret | `""` | - - -### Kafka chart parameters - -| Name | Description | Value | -| ------------------------------------- | --------------------------------------- | ---------------- | -| `kafka.enabled` | Enable/disable Kafka chart installation | `false` | -| `kafka.replicaCount` | Number of Kafka brokers | `1` | -| `kafka.offsetsTopicReplicationFactor` | Kafka Secret Key | `1` | -| `kafka.zookeeper.replicaCount` | Number of Zookeeper replicas | `1` | -| `externalKafka.enabled` | Enable/disable external Kafka | `false` | -| `externalKafka.brokers` | External Kafka brokers | `localhost:9092` | -| `externalKafka.zkNodes` | External Zookeeper nodes | `localhost:2181` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install my-release --set server.replicaCount=2 bitnami/spring-cloud-dataflow -``` - -The above command install Spring Cloud Data Flow chart with 2 Dataflow server replicas. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install my-release -f values.yaml bitnami/spring-cloud-dataflow -``` - -> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/blob/master/bitnami/spring-cloud-dataflow/values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Features - -If you only need to deploy tasks and schedules, streaming and Skipper can be disabled: - -```console -server.configuration.batchEnabled=true -server.configuration.streamingEnabled=false -skipper.enabled=false -rabbitmq.enabled=false -``` - -If you only need to deploy streams, tasks and schedules can be disabled: - -```console -server.configuration.batchEnabled=false -server.configuration.streamingEnabled=true -skipper.enabled=true -rabbitmq.enabled=true -``` - -NOTE: Both `server.configuration.batchEnabled` and `server.configuration.streamingEnabled` should not be set to `false` at the same time. - -### Messaging solutions - -There are two supported messaging solutions in this chart: - -- RabbitMQ (default) -- Kafka - -To change the messaging layer to Kafka, use the the following parameters: - -```console -rabbitmq.enabled=false -kafka.enabled=true -``` - -Only one messaging layer can be used at a given time. - -### Using an external database - -Sometimes you may want to have Spring Cloud components connect to an external database rather than installing one inside your cluster, e.g. to use a managed database service, or use run a single database server for all your applications. To do this, the chart allows you to specify credentials for an external database under the [`externalDatabase` parameter](#database-parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. For example with the following parameters: - -```console -mariadb.enabled=false -externalDatabase.scheme=mariadb -externalDatabase.host=myexternalhost -externalDatabase.port=3306 -externalDatabase.password=mypassword -externalDatabase.dataflow.user=mydataflowuser -externalDatabase.dataflow.database=mydataflowdatabase -externalDatabase.dataflow.user=myskipperuser -externalDatabase.dataflow.database=myskipperdatabase -``` - -NOTE: When using the indidual properties (scheme, host, port, database, an optional jdbcParameters) this chart will format the JDBC URL as `jdbc:{scheme}://{host}:{port}/{database}{jdbcParameters}`. The URL format follows that of the MariaDB database drive but may not work for other database vendors. - -To use an alternate database vendor (other than MariaDB) you can use the `externalDatabase.dataflow.url` and `externalDatabase.skipper.url` properties to provide the JDBC URLs for the dataflow server and skipper respectively. If these properties are defined, they will take precedence over the individual attributes. As an example of configuring an external MS SQL Server database: - -```console -mariadb.enabled=false -externalDatabase.password=mypassword -externalDatabase.dataflow.url=jdbc:sqlserver://mssql-server:1433 -externalDatabase.dataflow.user=mydataflowuser -externalDatabase.skipper.url=jdbc:sqlserver://mssql-server:1433 -externalDatabase.skipper.user=myskipperuser -externalDatabase.hibernateDialect=org.hibernate.dialect.SQLServer2012Dialect -``` - -NOTE: If you disable MariaDB per above you MUST supply values for the `externalDatabase` connection. - -### Adding extra flags - -In case you want to add extra environment variables to any Spring Cloud component, you can use `XXX.extraEnvs` parameter(s), where XXX is placeholder you need to replace with the actual component(s). For instance, to add extra flags to Spring Cloud Data Flow, use: - -```yaml -server: - extraEnvs: - - name: FOO - value: BAR -``` - -### Using custom Dataflow configuration - -This helm chart supports using custom configuration for Dataflow server. - -You can specify the configuration for Dataflow server setting the `server.existingConfigmap` parameter to an external ConfigMap with the configuration file. - -### Using custom Skipper configuration - -This helm chart supports using custom configuration for Skipper server. - -You can specify the configuration for Skipper server setting the `skipper.existingConfigmap` parameter to an external ConfigMap with the configuration file. - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as Dataflow or Skipper components (e.g. an additional metrics or logging exporter), you can do so via the `XXX.sidecars` parameter(s), where XXX is placeholder you need to replace with the actual component(s). Simply define your container according to the Kubernetes container spec. - -```yaml -server: - sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `XXX.initContainers` parameter(s). - -```yaml -server: - initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -### Ingress - -This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress](https://kubeapps.com/charts/stable/nginx-ingress) or [traefik](https://kubeapps.com/charts/stable/traefik) you can utilize the ingress controller to serve your Spring Cloud Data Flow server. - -To enable ingress integration, please set `server.ingress.enabled` to `true` - -#### Hosts - -Most likely you will only want to have one hostname that maps to this Spring Cloud Data Flow installation. If that's your case, the property `server.ingress.hostname` will set it. However, it is possible to have more than one host. To facilitate this, the `server.ingress.extraHosts` object is can be specified as an array. You can also use `server.ingress.extraTLS` to add the TLS configuration for extra hosts. - -For each host indicated at `server.ingress.extraHosts`, please indicate a `name`, `path`, and any `annotations` that you may want the ingress controller to know about. - -For annotations, please see [this document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. - -#### TLS - -This chart will facilitate the creation of TLS secrets for use with the ingress controller, however, this is not required. There are four common use cases: - -- Helm generates/manages certificate secrets based on the parameters. -- User generates/manages certificates separately. -- Helm creates self-signed certificates and generates/manages certificate secrets. -- An additional tool (like [cert-manager](https://github.com/jetstack/cert-manager/)) manages the secrets for the application. -In the first two cases, it's needed a certificate and a key. We would expect them to look like this: -- certificate files should look like (and there can be more than one certificate if there is a certificate chain) - ```console - -----BEGIN CERTIFICATE----- - MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV - ... - jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7 - -----END CERTIFICATE----- - ``` -- keys should look like: - ```console - -----BEGIN RSA PRIVATE KEY----- - MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4 - ... - wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc= - -----END RSA PRIVATE KEY----- - ``` -- If you are going to use Helm to manage the certificates based on the parameters, please copy these values into the `certificate` and `key` values for a given `server.ingress.secrets` entry. -- In case you are going to manage TLS secrets separately, please know that you must create a TLS secret with name *INGRESS_HOSTNAME-tls* (where *INGRESS_HOSTNAME* is a placeholder to be replaced with the hostname you set using the `server.ingress.hostname` parameter). -- To use self-signed certificates created by Helm, set `server.ingress.tls` to `true` and `server.ingress.certManager` to `false`. -- If your cluster has a [cert-manager](https://github.com/jetstack/cert-manager) add-on to automate the management and issuance of TLS certificates, set `server.ingress.certManager` boolean to true to enable the corresponding annotations for cert-manager. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -If you enabled RabbitMQ chart to be used as the messaging solution for Skipper to manage streaming content, then it's necessary to set the `rabbitmq.auth.password` and `rabbitmq.auth.erlangCookie` parameters when upgrading for readiness/liveness probes to work properly. Inspect the RabbitMQ secret to obtain the password and the Erlang cookie, then you can upgrade your chart using the command below: - -### To 4.0.0 - -This major updates the Kafka subchart its newest major, 14.0.0. [Here](https://github.com/bitnami/charts/tree/master/bitnami/kafka#to-1400) you can find more information about the changes introduced in this version. - -### To 3.0.0 - -This major updates the Kafka subchart to its newest major 13.0.0. For more information on this subchart's major, please refer to [kafka upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/kafka#to-1300). - -### To 2.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### v0.x.x - -```bash -helm upgrade my-release bitnami/spring-cloud-dataflow --set mariadb.rootUser.password=[MARIADB_ROOT_PASSWORD] --set rabbitmq.auth.password=[RABBITMQ_PASSWORD] --set rabbitmq.auth.erlangCookie=[RABBITMQ_ERLANG_COOKIE] -``` - -### v1.x.x - -```bash -helm upgrade my-release bitnami/spring-cloud-dataflow --set mariadb.auth.rootPassword=[MARIADB_ROOT_PASSWORD] --set rabbitmq.auth.password=[RABBITMQ_PASSWORD] --set rabbitmq.auth.erlangCookie=[RABBITMQ_ERLANG_COOKIE] -``` - -## Notable changes - -### v1.0.0 - -MariaDB dependency version was bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -To upgrade to `1.0.0`, you will need to reuse the PVC used to hold the MariaDB data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `dataflow`): - -> NOTE: Please, create a backup of your database before running any of those actions. - -Obtain the credentials and the name of the PVC used to hold the MariaDB data on your current release: - -```console -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default dataflow-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default dataflow-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=dataflow -o jsonpath="{.items[0].metadata.name}") -export RABBITMQ_PASSWORD=$(kubectl get secret --namespace default dataflow-rabbitmq -o jsonpath="{.data.rabbitmq-password}" | base64 --decode) -export RABBITMQ_ERLANG_COOKIE=$(kubectl get secret --namespace default dataflow-rabbitmq -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 --decode) -``` - -Upgrade your release (maintaining the version) disabling MariaDB and scaling Data Flow replicas to 0: - -```console -$ helm upgrade dataflow bitnami/spring-cloud-dataflow --version 0.7.4 \ - --set server.replicaCount=0 \ - --set skipper.replicaCount=0 \ - --set mariadb.enabled=false \ - --set rabbitmq.auth.password=$RABBITMQ_PASSWORD \ - --set rabbitmq.auth.erlangCookie=$RABBITMQ_ERLANG_COOKIE -``` - -Finally, upgrade you release to 1.0.0 reusing the existing PVC, and enabling back MariaDB: - -```console -$ helm upgrade dataflow bitnami/spring-cloud-dataflow \ - --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC \ - --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD \ - --set mariadb.auth.password=$MARIADB_PASSWORD \ - --set rabbitmq.auth.password=$RABBITMQ_PASSWORD \ - --set rabbitmq.auth.erlangCookie=$RABBITMQ_ERLANG_COOKIE -``` - -You should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=dataflow,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` diff --git a/bitnami/spring-cloud-dataflow/templates/NOTES.txt b/bitnami/spring-cloud-dataflow/templates/NOTES.txt deleted file mode 100644 index 9225457..0000000 --- a/bitnami/spring-cloud-dataflow/templates/NOTES.txt +++ /dev/null @@ -1,108 +0,0 @@ - -** Please be patient while the chart is being deployed ** - -{{- if and .Values.waitForBackends.enabled (not .Values.rbac.create) (not .Values.serviceAccount.create) }} ---------------------------------------------------------------------------------------------- - WARNING - - By specifying "rbac.create=false" and "serviceAccount.create=false" it's - likely your pods enter into a "Init:CrashLoopBackOff" status if your - K8s cluster has RBAC enabled. - ---------------------------------------------------------------------------------------------- -{{- end }} - -Spring Cloud Data Flow chart was deployed enabling the following components: - -- Spring Cloud Data Flow server -{{- if or .Values.skipper.enabled .Values.server.configuration.streamingEnabled }} -- Spring Cloud Skipper server -{{- end }} - -Spring Cloud Data Flow can be accessed through the following DNS name from within your cluster: - - {{ include "scdf.fullname" . }}-server.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.server.service.port }}) - -To access Spring Cloud Data Flow dashboard from outside the cluster execute the following commands: - -{{- if .Values.server.ingress.enabled }} - -1. Get the Data Flow dashboard URL and associate its hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "Data Flow dashboard URL: http{{ if .Values.server.ingress.tls }}s{{ end }}://{{ .Values.server.ingress.hostname }}/dashboard" - echo "$CLUSTER_IP {{ .Values.server.ingress.hostname }}" | sudo tee -a /etc/hosts - -{{- else }} - -1. Get the Data Flow dashboard URL by running these commands: - -{{- if contains "NodePort" .Values.server.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "scdf.fullname" . }}-server) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "http://${NODE_IP}:${NODE_PORT}/dashboard" - -{{- else if contains "LoadBalancer" .Values.server.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "scdf.fullname" . }}-server' - - export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "scdf.fullname" . }}-server) - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "scdf.fullname" . }}-server -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo "http://${SERVICE_IP}:${SERVICE_PORT}/dashboard" - -{{- else if contains "ClusterIP" .Values.server.service.type }} - - export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "scdf.fullname" . }}-server) - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "scdf.fullname" . }}-server ${SERVICE_PORT}:${SERVICE_PORT} & - echo "http://127.0.0.1:${SERVICE_PORT}/dashboard" - -{{- end }} -{{- end }} - -2. Open a browser and access the Data Flow dashboard using the obtained URL. - -{{- include "common.warnings.rollingTag" .Values.server.image }} -{{- include "common.warnings.rollingTag" .Values.server.composedTaskRunner.image }} -{{- include "common.warnings.rollingTag" .Values.skipper.image }} -{{- include "common.warnings.rollingTag" .Values.waitForBackends.image }} -{{- include "scdf.validateValues" . }} - -{{- $passwordErrors := list -}} -{{- $secretNameMariadb := include "scdf.mariadb.fullname" . -}} -{{- $secretNameExternalDb := printf "%s-%s" (include "scdf.fullname" .) "externaldb" -}} -{{- $secretNameRabbitmq := include "scdf.rabbitmq.fullname" . -}} -{{- $secretNameExternalRabbitmq := printf "%s-%s" (include "scdf.fullname" .) "externalrabbitmq" -}} - -{{/* Mysql required password */}} -{{- $passwordMysqlErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $secretNameMariadb "subchart" true "context" $) -}} -{{- $passwordErrors = append $passwordErrors $passwordMysqlErrors -}} - -{{/* Rabbitmq required password */}} -{{- if or (.Values.rabbitmq.enabled) (and (.Values.externalRabbitmq.enabled) (not .Values.externalRabbitmq.existingPasswordSecret)) -}} -{{- $requiredRabbitmqPassword := dict "valueKey" "rabbitmq.auth.password" "secret" $secretNameRabbitmq "field" "rabbitmq-password" -}} -{{- $requiredErlangPassword := dict "valueKey" "rabbitmq.auth.erlangCookie" "secret" $secretNameRabbitmq "field" "rabbitmq-erlang-cookie" -}} -{{- $requiredRabbitmqPasswordErrors := include "common.validations.values.multiple.empty" (dict "required" (list $requiredRabbitmqPassword $requiredErlangPassword) "context" $) -}} -{{- $passwordErrors = append $passwordErrors $requiredRabbitmqPasswordErrors -}} -{{- end }} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordErrors "context" $) -}} - -{{- if .Release.IsUpgrade -}} - {{- $passwordWarnings := list -}} - - {{- if not .Values.mariadb.enabled -}} - {{- $requiredExternalDbPassword := dict "valueKey" "externalDatabase.password" "secret" $secretNameExternalDb "field" "mariadb-password" -}} - {{- $passwordWarnings = append $passwordWarnings $requiredExternalDbPassword -}} - {{- end -}} - {{- if and (.Values.externalRabbitmq.enabled) (not .Values.rabbitmq.enabled) (not .Values.externalRabbitmq.existingPasswordSecret) -}} - {{- $requiredExternalRabbitmqPassword := dict "valueKey" "externalRabbitmq.password" "secret" $secretNameExternalRabbitmq "field" "rabbitmq-password" -}} - {{- $passwordWarnings = append $passwordWarnings $requiredExternalRabbitmqPassword -}} - {{- end -}} - - {{- if not (empty $passwordWarnings) -}} -WARNING: Review values for the following password in the command, if they are correct please ignore this notice. - {{- include "common.validations.values.multiple.empty" (dict "required" $passwordWarnings "context" $) -}} - {{- end -}} -{{- end -}} diff --git a/bitnami/spring-cloud-dataflow/templates/_helpers.tpl b/bitnami/spring-cloud-dataflow/templates/_helpers.tpl deleted file mode 100644 index 807bdb2..0000000 --- a/bitnami/spring-cloud-dataflow/templates/_helpers.tpl +++ /dev/null @@ -1,391 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "scdf.fullname" -}} -{{- include "common.names.fullname" . -}} -{{- end }} - -{{/* -Create a default fully qualified app name for MariaDB subchart -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "scdf.mariadb.fullname" -}} -{{- if .Values.mariadb.fullnameOverride -}} -{{- .Values.mariadb.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default "mariadb" .Values.mariadb.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name for RabbitMQ subchart -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "scdf.rabbitmq.fullname" -}} -{{- if .Values.rabbitmq.fullnameOverride -}} -{{- .Values.rabbitmq.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default "rabbitmq" .Values.rabbitmq.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name for Kafka subchart -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "scdf.kafka.fullname" -}} -{{- if .Values.kafka.fullnameOverride -}} -{{- .Values.kafka.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default "kafka" .Values.kafka.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Spring Cloud Dataflow Server image name -*/}} -{{- define "scdf.server.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.server.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Spring Cloud Skipper image name -*/}} -{{- define "scdf.skipper.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.skipper.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Spring Cloud Skipper image name -*/}} -{{- define "scdf.waitForBackends.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.waitForBackends.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Prometheus Rsocket Proxy image name -*/}} -{{- define "scdf.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "scdf.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.server.image .Values.skipper.image .Values.waitForBackends.image .Values.metrics.image) "global" .Values.global) }} -{{- end -}} - -{{/* -Create the name of the Service Account to use -*/}} -{{- define "scdf.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} - {{- default (include "scdf.fullname" .) .Values.serviceAccount.name }} -{{- else }} - {{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Return the Spring Cloud Dataflow Server configuration configmap. -*/}} -{{- define "scdf.server.configmapName" -}} -{{- if .Values.server.existingConfigmap -}} - {{- printf "%s" (tpl .Values.server.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-server" (include "scdf.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for Spring Cloud Dataflow Server -*/}} -{{- define "scdf.server.createConfigmap" -}} -{{- if not .Values.server.existingConfigmap }} - {- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Spring Cloud Skipper configuration configmap. -*/}} -{{- define "scdf.skipper.configmapName" -}} -{{- if .Values.skipper.existingConfigmap -}} - {{- printf "%s" (tpl .Values.skipper.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-skipper" (include "scdf.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for Spring Cloud Skipper -*/}} -{{- define "scdf.skipper.createConfigmap" -}} -{{- if not .Values.skipper.existingConfigmap }} - {- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the database URL used by the dataflow server -*/}} -{{- define "scdf.database.dataflow.url" -}} - {{- if .Values.externalDatabase.dataflow.url }} - {{- printf "%s" .Values.externalDatabase.dataflow.url -}} - {{- else -}} - {{- printf "jdbc:%s://%s:%s/%s%s" (include "scdf.database.scheme" .) (include "scdf.database.host" .) (include "scdf.database.port" .) (include "scdf.database.server.name" .) (include "scdf.database.jdbc.parameters" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Return the database URL used by skipper -*/}} -{{- define "scdf.database.skipper.url" -}} - {{- if .Values.externalDatabase.skipper.url }} - {{- printf "%s" .Values.externalDatabase.skipper.url -}} - {{- else -}} - {{- printf "jdbc:%s://%s:%s/%s%s" (include "scdf.database.scheme" .) (include "scdf.database.host" .) (include "scdf.database.port" .) (include "scdf.database.skipper.name" .) (include "scdf.database.jdbc.parameters" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Return the database Hostname -*/}} -{{- define "scdf.database.host" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "scdf.mariadb.fullname" .) -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the database Port -*/}} -{{- define "scdf.database.port" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the database driver -*/}} -{{- define "scdf.database.driver" -}} - {{- if .Values.mariadb.enabled -}} - {{- printf "org.mariadb.jdbc.Driver" -}} - {{- else -}} - {{- .Values.externalDatabase.driver -}} - {{- end -}} -{{- end -}} - -{{/* -Return the database scheme -*/}} -{{- define "scdf.database.scheme" -}} - {{- if .Values.mariadb.enabled -}} - {{- printf "mariadb" -}} - {{- else -}} - {{- .Values.externalDatabase.scheme -}} - {{- end -}} -{{- end -}} - -{{/* -Return the JDBC URL parameters -*/}} -{{- define "scdf.database.jdbc.parameters" -}} - {{- if .Values.mariadb.enabled -}} - {{- printf "?useMysqlMetadata=true" -}} - {{- else -}} - {{- printf "" -}} - {{- end -}} -{{- end -}} - -{{/* -Return the Data Flow Database Name -*/}} -{{- define "scdf.database.server.name" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.dataflow.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Data Flow Database User -*/}} -{{- define "scdf.database.server.user" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.dataflow.username -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Skipper Database Name -*/}} -{{- define "scdf.database.skipper.name" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "skipper" -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.skipper.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Skipper Database User -*/}} -{{- define "scdf.database.skipper.user" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "skipper" -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.skipper.username -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Database secret name -*/}} -{{- define "scdf.database.secretName" -}} -{{- if .Values.externalDatabase.existingPasswordSecret -}} - {{- printf "%s" .Values.externalDatabase.existingPasswordSecret -}} -{{- else if .Values.mariadb.enabled }} - {{- printf "%s" (include "scdf.mariadb.fullname" .) -}} -{{- else -}} - {{- printf "%s-%s" (include "scdf.fullname" .) "externaldb" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the RabbitMQ host -*/}} -{{- define "scdf.rabbitmq.host" -}} -{{- if .Values.rabbitmq.enabled }} - {{- printf "%s" (include "scdf.rabbitmq.fullname" .) -}} -{{- else -}} - {{- printf "%s" .Values.externalRabbitmq.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the RabbitMQ Port -*/}} -{{- define "scdf.rabbitmq.port" -}} -{{- if .Values.rabbitmq.enabled }} - {{- printf "%d" (.Values.rabbitmq.service.port | int ) -}} -{{- else -}} - {{- printf "%d" (.Values.externalRabbitmq.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the RabbitMQ username -*/}} -{{- define "scdf.rabbitmq.user" -}} -{{- if .Values.rabbitmq.enabled }} - {{- printf "%s" .Values.rabbitmq.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalRabbitmq.username -}} -{{- end -}} -{{- end -}} - -{{/* -Return the RabbitMQ secret name -*/}} -{{- define "scdf.rabbitmq.secretName" -}} -{{- if .Values.externalRabbitmq.existingPasswordSecret -}} - {{- printf "%s" .Values.externalRabbitmq.existingPasswordSecret -}} -{{- else if .Values.rabbitmq.enabled }} - {{- printf "%s" (include "scdf.rabbitmq.fullname" .) -}} -{{- else -}} - {{- printf "%s-%s" (include "scdf.fullname" .) "externalrabbitmq" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the RabbitMQ host -*/}} -{{- define "scdf.rabbitmq.vhost" -}} -{{- if .Values.rabbitmq.enabled }} - {{- printf "/" -}} -{{- else -}} - {{- printf "%s" .Values.externalRabbitmq.vhost -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Hibernate dialect -*/}} -{{- define "scdf.database.hibernate.dialect" -}} - {{- if .Values.mariadb.enabled -}} - {{- printf "org.hibernate.dialect.MariaDB102Dialect" -}} - {{- else -}} - {{- .Values.externalDatabase.hibernateDialect -}} - {{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "scdf.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "scdf.validateValues.features" .) -}} -{{- $messages := append $messages (include "scdf.validateValues.messagingSystem" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Spring Cloud Dataflow - Enabled features */}} -{{- define "scdf.validateValues.features" -}} -{{- if and (not .Values.server.configuration.batchEnabled) (not .Values.server.configuration.streamingEnabled) -}} -scdf: features - You must enabled support for streams or tasks and schedules. - Please enable any of these features setting the parameters below to 'true' - - server.configuration.batchEnabled - - server.configuration.streamingEnabled -{{- end -}} -{{- end -}} - -{{/* Validate values of Spring Cloud Dataflow - Messaging System */}} -{{- define "scdf.validateValues.messagingSystem" -}} -{{- if and (or .Values.kafka.enabled .Values.externalKafka.enabled) .Values.rabbitmq.enabled -}} -scdf: Messaging System - You can only use one messaging system. - Please enable only RabbitMQ or Kafka as messaging system. -{{- else if and .Values.kafka.enabled .Values.externalKafka.enabled -}} -scdf: Messaging System - You can only have one Kafka configuration enabled. - Please ensure only one of the following parameters is set to 'true' - - kafka.enabled - - externalKafka.enabled -{{- end -}} -{{- end -}} - -{{/* -Return Deployer Environment Variables. Empty string or variables started with comma prefix. -*/}} -{{- define "scdf.deployer.environmentVariables" -}} - {{- if .Values.deployer.environmentVariables -}} - {{- printf ",%s" .Values.deployer.environmentVariables | trim -}} - {{- else -}} - {{- printf "" -}} - {{- end -}} -{{- end -}} diff --git a/bitnami/spring-cloud-dataflow/templates/externaldb-secrets.yaml b/bitnami/spring-cloud-dataflow/templates/externaldb-secrets.yaml deleted file mode 100644 index d412297..0000000 --- a/bitnami/spring-cloud-dataflow/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (not .Values.mariadb.enabled) (not .Values.externalDatabase.existingPasswordSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-%s" (include "scdf.fullname" .) "externaldb" }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - mariadb-password: {{ .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/externalrabbitmq-secrets.yaml b/bitnami/spring-cloud-dataflow/templates/externalrabbitmq-secrets.yaml deleted file mode 100644 index 59deafb..0000000 --- a/bitnami/spring-cloud-dataflow/templates/externalrabbitmq-secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and (.Values.externalRabbitmq.enabled) (not .Values.rabbitmq.enabled) (not .Values.externalRabbitmq.existingPasswordSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-%s" (include "scdf.fullname" .) "externalrabbitmq" }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - rabbitmq-password: {{ .Values.externalRabbitmq.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/extra-list.yaml b/bitnami/spring-cloud-dataflow/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/spring-cloud-dataflow/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/deployment.yaml b/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/deployment.yaml deleted file mode 100644 index 1fa3ed2..0000000 --- a/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/deployment.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "scdf.fullname" . }}-prometheus-proxy - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: prometheus-proxy - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.metrics.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: prometheus-proxy - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: prometheus-proxy - annotations: - {{- if .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "scdf.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "scdf.serviceAccountName" . }} - {{- if .Values.metrics.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.podAffinityPreset "component" "prometheus-proxy" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.podAntiAffinityPreset "component" "prometheus-proxy" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.metrics.nodeAffinityPreset.type "key" .Values.metrics.nodeAffinityPreset.key "values" .Values.metrics.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.metrics.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.priorityClassName }} - priorityClassName: {{ .Values.metrics.priorityClassName | quote }} - {{- end }} - containers: - - name: prometheus-proxy - image: {{ include "scdf.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - - name: rsocket - containerPort: 7001 - protocol: TCP - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/hpa.yaml b/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/hpa.yaml deleted file mode 100644 index c547c2a..0000000 --- a/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/hpa.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.metrics.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "scdf.fullname" . }}-prometheus-proxy - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: prometheus-proxy - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ include "scdf.fullname" . }}-prometheus-proxy - minReplicas: {{ .Values.metrics.autoscaling.minReplicas }} - maxReplicas: {{ .Values.metrics.autoscaling.maxReplicas }} - metrics: - {{- if .Values.metrics.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.metrics.autoscaling.targetCPU }} - {{- end }} - {{- if .Values.metrics.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.metrics.autoscaling.targetMemory }} - {{- end }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/pdb.yaml b/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/pdb.yaml deleted file mode 100644 index 5c3e1ba..0000000 --- a/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.metrics.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "scdf.fullname" . }}-prometheus-proxy - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: prometheus-proxy - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.metrics.pdb.minAvailable }} - minAvailable: {{ .Values.metrics.pdb.minAvailable }} - {{- end }} - {{- if .Values.metrics.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.metrics.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: prometheus-proxy -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/service.yaml b/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/service.yaml deleted file mode 100644 index f7273bc..0000000 --- a/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "scdf.fullname" . }}-prometheus-proxy - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: prometheus-proxy - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - ports: - - name: http - port: {{ .Values.metrics.service.httpPort }} - protocol: TCP - targetPort: http - - name: rsocket - port: {{ .Values.metrics.service.rsocketPort }} - protocol: TCP - targetPort: rsocket - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: prometheus-proxy -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/servicemonitor-metrics.yaml b/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/servicemonitor-metrics.yaml deleted file mode 100644 index c92e887..0000000 --- a/bitnami/spring-cloud-dataflow/templates/prometheus-proxy/servicemonitor-metrics.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "scdf.fullname" . }}-prometheus-proxy - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: prometheus-proxy - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.extraLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.extraLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Values.metrics.serviceMonitor.namespace | default .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: prometheus-proxy - endpoints: - - port: http - path: "/metrics/connected" - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - - port: http - path: "/metrics/proxy" - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/role.yaml b/bitnami/spring-cloud-dataflow/templates/role.yaml deleted file mode 100644 index a29253e..0000000 --- a/bitnami/spring-cloud-dataflow/templates/role.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ include "scdf.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - services - - pods - - replicationcontrollers - - persistentvolumeclaims - verbs: - - get - - list - - watch - - create - - delete - - update - - apiGroups: - - "" - resources: - - configmaps - - secrets - - pods/log - - pods/status - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - - deployments - - replicasets - verbs: - - get - - list - - watch - - create - - delete - - update - - patch - - apiGroups: - - extensions - resources: - - deployments - - replicasets - verbs: - - get - - list - - watch - - create - - delete - - update - - patch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - create - - delete - - update - - patch -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/rolebinding.yaml b/bitnami/spring-cloud-dataflow/templates/rolebinding.yaml deleted file mode 100644 index 81b648e..0000000 --- a/bitnami/spring-cloud-dataflow/templates/rolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.rbac.create }} -kind: RoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ include "scdf.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: Role - name: {{ include "scdf.fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: {{ include "scdf.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/scripts-configmap.yaml b/bitnami/spring-cloud-dataflow/templates/scripts-configmap.yaml deleted file mode 100644 index ce63b03..0000000 --- a/bitnami/spring-cloud-dataflow/templates/scripts-configmap.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if .Values.waitForBackends.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "scdf.fullname" . }}-scripts - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - {{- $mariadbFullname := include "scdf.mariadb.fullname" . }} - {{- $rabbitmqFullname := include "scdf.rabbitmq.fullname" . }} - {{- $kafkaFullname := include "scdf.kafka.fullname" . }} - {{- $releaseNamespace := .Release.Namespace }} - wait-for-backends.sh: |- - #!/bin/bash - - set -o errexit - set -o pipefail - set -o nounset - - # Auxiliary functions - k8s_wait_for_statefulset() { - namespace=${1:?namespace is missing} - statefulset=${2:?statefulset name is missing} - local -i return_code=0 - - echo "Waiting for statefulset ${statefulset} to be successfully rolled out..." - kubectl rollout status --namespace "$namespace" statefulset "$statefulset" >/dev/null 2>&1 || return_code=$? - echo "Rollout exit code: '${return_code}'" - return $return_code - } - {{- if .Values.mariadb.enabled }} - k8s_wait_for_statefulset {{ $releaseNamespace }} {{ $mariadbFullname }} - {{- end }} - {{- if or .Values.skipper.enabled .Values.server.configuration.streamingEnabled }} - {{- if .Values.rabbitmq.enabled }} - k8s_wait_for_statefulset {{ $releaseNamespace }} {{ $rabbitmqFullname }} - {{- else if .Values.kafka.enabled }} - k8s_wait_for_statefulset {{ $releaseNamespace }} {{ $kafkaFullname }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/server/configmap.yaml b/bitnami/spring-cloud-dataflow/templates/server/configmap.yaml deleted file mode 100644 index 0f8eeab..0000000 --- a/bitnami/spring-cloud-dataflow/templates/server/configmap.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if (include "scdf.server.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "scdf.fullname" . }}-server - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - application.yaml: |- - {{- if .Values.metrics.enabled }} - {{- $fullname := include "scdf.fullname" . }} - {{- $rsocketPort := int .Values.metrics.service.rsocketPort }} - management: - metrics: - export: - prometheus: - enabled: true - rsocket: - enabled: true - host: {{ $fullname }}-prometheus-proxy - port: {{ $rsocketPort }} - {{- end }} - spring: - cloud: - dataflow: - {{- if .Values.server.configuration.batchEnabled }} - task: - platform: - kubernetes: - accounts: - {{ .Values.server.configuration.accountName }}: - {{- if .Values.deployer.environmentVariables }} - environmentVariables: '{{ .Values.deployer.environmentVariables | trim }}' - {{- end }} - {{- if .Values.deployer.resources.limits }} - limits: {{- toYaml .Values.deployer.resources.limits | trim | nindent 22 }} - {{- end }} - {{- if .Values.deployer.resources.requests }} - requests: {{- toYaml .Values.deployer.resources.requests | trim | nindent 22 }} - {{- end }} - {{- if .Values.deployer.readinessProbe.initialDelaySeconds }} - readinessProbeDelay: {{ .Values.deployer.readinessProbe.initialDelaySeconds }} - {{- end }} - {{- if .Values.deployer.livenessProbe.initialDelaySeconds }} - livenessProbeDelay: {{ .Values.deployer.livenessProbe.initialDelaySeconds }} - {{- end }} - {{- if .Values.deployer.nodeSelector }} - nodeSelector: {{ .Values.deployer.nodeSelector }} - {{- end }} - {{- if .Values.deployer.tolerations }} - tolerations: {{- toYaml .Values.deployer.tolerations | nindent 22 }} - {{- end }} - {{- if .Values.deployer.volumeMounts }} - volumeMounts: {{- toYaml .Values.deployer.volumeMounts | nindent 22 }} - {{- end }} - {{- if .Values.deployer.volumes }} - volumes: {{- toYaml .Values.deployer.volumes | nindent 22 }} - {{- end }} - {{- if .Values.deployer.podSecurityContext }} - podSecurityContext: {{- toYaml .Values.deployer.podSecurityContext | nindent 22 }} - {{- end }} - {{- end }} - {{- if .Values.server.configuration.containerRegistries }} - container: - registry-configurations: {{- include "common.tplvalues.render" (dict "value" .Values.server.configuration.containerRegistries "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.server.configuration.metricsDashboard }} - metrics.dashboard: - url: {{ .Values.server.configuration.metricsDashboard }} - {{- else if .Values.server.configuration.grafanaInfo }} - metrics.dashboard: - url: {{ .Values.server.configuration.grafanaInfo }} - {{- end }} - task: - closecontextEnabled: true - {{- $hibernateDialect := include "scdf.database.hibernate.dialect" . }} - {{- if $hibernateDialect }} - jpa: - properties: - hibernate: - dialect: {{ $hibernateDialect }} - {{- end }} - datasource: - url: '{{ include "scdf.database.dataflow.url" . }}' - driverClassName: {{ include "scdf.database.driver" . }} - username: {{ include "scdf.database.server.user" . }} - {{ if .Values.externalDatabase.existingPasswordSecret }} - password: {{ .Values.externalDatabase.existingPasswordKey | default "datasource-password" | printf "${%s}" }} - {{- else -}} - password: ${mariadb-password} - {{- end }} - testOnBorrow: true - validationQuery: "SELECT 1" - flyway: - enabled: {{ .Values.flyway.enabled }} -{{ end }} diff --git a/bitnami/spring-cloud-dataflow/templates/server/deployment.yaml b/bitnami/spring-cloud-dataflow/templates/server/deployment.yaml deleted file mode 100644 index 2cf66e9..0000000 --- a/bitnami/spring-cloud-dataflow/templates/server/deployment.yaml +++ /dev/null @@ -1,238 +0,0 @@ -{{- $fullname := include "scdf.fullname" . }} -{{- $serverServicePort := int .Values.server.service.port }} -{{- $skipperServicePort := int .Values.skipper.service.port }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "scdf.fullname" . }}-server - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.server.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: server - strategy: - type: {{ .Values.server.strategyType }} - {{- if (eq "Recreate" .Values.server.strategyType) }} - rollingUpdate: null - {{- end }} - template: - metadata: - {{- if or (include "scdf.server.createConfigmap" .) .Values.server.podAnnotations }} - annotations: - {{- if (include "scdf.server.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/server/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.server.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.server.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: server - spec: - {{- include "scdf.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "scdf.serviceAccountName" . }} - {{- if .Values.server.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.server.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.server.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.server.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.server.podAffinityPreset "component" "server" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.server.podAntiAffinityPreset "component" "server" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.server.nodeAffinityPreset.type "key" .Values.server.nodeAffinityPreset.key "values" .Values.server.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.server.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.server.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.server.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.server.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.server.priorityClassName }} - priorityClassName: {{ .Values.server.priorityClassName | quote }} - {{- end }} - {{- if .Values.server.podSecurityContext }} - securityContext: {{- toYaml .Values.server.podSecurityContext | nindent 8 }} - {{- end }} - {{- if or .Values.server.initContainers .Values.waitForBackends.enabled }} - initContainers: - {{- if .Values.waitForBackends.enabled }} - - name: wait-for-backends - image: {{ include "scdf.waitForBackends.image" . }} - imagePullPolicy: {{ .Values.waitForBackends.image.pullPolicy | quote }} - command: - - /scripts/wait-for-backends.sh - {{- if .Values.waitForBackends.resources }} - resources: {{- toYaml .Values.waitForBackends.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: scripts - mountPath: /scripts/wait-for-backends.sh - subPath: wait-for-backends.sh - {{- end }} - {{- if .Values.server.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.server.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: server - image: {{ include "scdf.server.image" . }} - imagePullPolicy: {{ .Values.server.image.pullPolicy | quote }} - {{- if .Values.server.containerSecurityContext }} - securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.server.image.debug | quote }} - - name: SERVER_PORT - value: "8080" - - name: SPRING_CLOUD_CONFIG_ENABLED - value: "false" - - name: SPRING_CLOUD_KUBERNETES_CONFIG_ENABLE_API - value: "false" - - name: SPRING_CLOUD_KUBERNETES_SECRETS_ENABLE_API - value: "false" - - name: SPRING_CLOUD_KUBERNETES_SECRETS_PATHS - value: "/etc/secrets" - - name: SPRING_CLOUD_DATAFLOW_SERVER_URI - {{- if ne $serverServicePort 80 }} - value: {{ printf "http://%s-server.%s.svc.%s:%d" $fullname $releaseNamespace $clusterDomain $serverServicePort | quote }} - {{- else }} - value: {{ printf "http://%s-server.%s.svc.%s" $fullname $releaseNamespace $clusterDomain | quote }} - {{- end }} - - name: SPRING_CLOUD_DATAFLOW_FEATURES_STREAMS_ENABLED - value: {{ ternary "true" "false" .Values.server.configuration.streamingEnabled | quote }} - - name: SPRING_CLOUD_DATAFLOW_FEATURES_TASKS_ENABLED - value: {{ ternary "true" "false" .Values.server.configuration.batchEnabled | quote }} - - name: SPRING_CLOUD_DATAFLOW_FEATURES_SCHEDULES_ENABLED - value: {{ ternary "true" "false" .Values.server.configuration.batchEnabled | quote }} - {{- if .Values.server.configuration.streamingEnabled }} - - name: SPRING_CLOUD_SKIPPER_CLIENT_SERVER_URI - {{- if .Values.skipper.enabled }} - {{- if ne $skipperServicePort 80 }} - value: {{ printf "http://%s-skipper.%s.svc.%s:%d/api" $fullname $releaseNamespace $clusterDomain $skipperServicePort | quote }} - {{- else }} - value: {{ printf "http://%s-skipper.%s.svc.%s/api" $fullname $releaseNamespace $clusterDomain | quote }} - {{- end }} - {{- else }} - value: {{ printf "$s:%d/api" .Values.externalSkipper.host (int .Values.externalSkipper.port) | quote }} - {{- end }} - {{- end }} - - name: SPRING_APPLICATION_JSON - {{- if .Values.server.proxy }} - {{- if .Values.server.proxy.user }} - value: "{ \"maven\": { \"local-repository\": null, \"remote-repositories\": { \"repo1\": { \"url\": \"https://repo.spring.io/libs-snapshot\"} }, \"proxy\": { \"host\": \"{{ .Values.server.proxy.host }}\", \"port\":{{ .Values.server.proxy.port }}, \"auth\": { \"username\": \"{{ .Values.server.proxy.user }}\", \"password\": \"{{ .Values.server.proxy.password }}\"} } } }" - {{- else }} - value: "{ \"maven\": { \"local-repository\": null, \"remote-repositories\": { \"repo1\": { \"url\": \"https://repo.spring.io/libs-snapshot\"} }, \"proxy\": { \"host\": \"{{ .Values.server.proxy.host }}\", \"port\":{{ .Values.server.proxy.port }} } } }" - {{- end }} - {{- else }} - value: "{ \"maven\": { \"local-repository\": null, \"remote-repositories\": { \"repo1\": { \"url\": \"https://repo.spring.io/libs-snapshot\"} } } }" - {{- end }} - - name: KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KUBERNETES_TRUST_CERTIFICATES - value: {{ ternary "true" "false" .Values.server.configuration.trustK8sCerts | quote }} - {{- if .Values.server.jdwp.enabled }} - - name: JAVA_TOOL_OPTIONS - value: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address={{ .Values.server.jdwp.port }}" - {{- end }} - - name: SPRING_CLOUD_DATAFLOW_TASK_COMPOSEDTASKRUNNER_URI - value: 'docker://{{ include "common.images.image" (dict "imageRoot" .Values.server.composedTaskRunner.image) }}' - {{- range $key, $value := .Values.server.extraEnvVars }} - - name: {{ $value.name }} - value: "{{ $value.value }}" - {{- end }} - {{- if or .Values.server.extraEnvVarsCM .Values.server.extraEnvVarsSecret }} - envFrom: - {{- if .Values.server.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.server.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.server.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.server.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.server.containerPort }} - protocol: TCP - {{- if .Values.server.jdwp.enabled }} - - name: jdwp - containerPort: {{ .Values.server.jdwp.port }} - protocol: TCP - {{- end }} - {{- if .Values.server.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /management/health - port: http - initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.server.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }} - {{- else if .Values.server.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.server.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /management/health - port: http - initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.server.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }} - {{- else if .Values.server.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.server.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.server.resources }} - resources: {{- toYaml .Values.server.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: database - mountPath: /etc/secrets/database - readOnly: true - - name: config - mountPath: /opt/bitnami/spring-cloud-dataflow/conf - readOnly: true - {{- if .Values.server.extraVolumeMounts }} - {{- toYaml .Values.server.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.server.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.server.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: database - secret: - secretName: {{ include "scdf.database.secretName" . }} - - name: config - configMap: - name: {{ include "scdf.server.configmapName" . }} - items: - - key: application.yaml - path: application.yml - {{- if .Values.waitForBackends.enabled }} - - name: scripts - configMap: - name: {{ include "scdf.fullname" . }}-scripts - defaultMode: 0755 - {{- end }} - {{- if .Values.server.extraVolumes }} - {{- toYaml .Values.server.extraVolumes | nindent 8 }} - {{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/server/hpa.yaml b/bitnami/spring-cloud-dataflow/templates/server/hpa.yaml deleted file mode 100644 index ee64cfc..0000000 --- a/bitnami/spring-cloud-dataflow/templates/server/hpa.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.server.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "scdf.fullname" . }}-server - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ include "scdf.fullname" . }}-server - minReplicas: {{ .Values.server.autoscaling.minReplicas }} - maxReplicas: {{ .Values.server.autoscaling.maxReplicas }} - metrics: - {{- if .Values.server.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.server.autoscaling.targetCPU }} - {{- end }} - {{- if .Values.server.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.server.autoscaling.targetMemory }} - {{- end }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/server/ingress.yaml b/bitnami/spring-cloud-dataflow/templates/server/ingress.yaml deleted file mode 100644 index f8cfdc3..0000000 --- a/bitnami/spring-cloud-dataflow/templates/server/ingress.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.server.ingress.enabled -}} -apiVersion: {{ template "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "scdf.fullname" . }}-server - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - annotations: - {{- if .Values.server.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.server.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.server.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - rules: - {{- if .Values.server.ingress.hostname }} - - host: {{ .Values.server.ingress.hostname }} - http: - paths: - {{- if .Values.server.ingress.extraPaths }} - {{- toYaml .Values.server.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.server.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.server.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-server" (include "common.names.fullname" .)) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.server.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-server" (include "common.names.fullname" $)) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.server.ingress.tls .Values.server.ingress.extraTls .Values.server.ingress.hosts }} - tls: - {{- if .Values.server.ingress.tls }} - - hosts: - - {{ .Values.server.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.server.ingress.hostname }} - {{- end }} - {{- if .Values.server.ingress.extraTls }} - {{- toYaml .Values.server.ingress.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/server/pdb.yaml b/bitnami/spring-cloud-dataflow/templates/server/pdb.yaml deleted file mode 100644 index 893a449..0000000 --- a/bitnami/spring-cloud-dataflow/templates/server/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.server.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "scdf.fullname" . }}-server - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.server.pdb.minAvailable }} - minAvailable: {{ .Values.server.pdb.minAvailable }} - {{- end }} - {{- if .Values.server.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.server.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: server -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/server/service.yaml b/bitnami/spring-cloud-dataflow/templates/server/service.yaml deleted file mode 100644 index 061b13c..0000000 --- a/bitnami/spring-cloud-dataflow/templates/server/service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "scdf.fullname" . }}-server - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: server - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.server.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.server.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.server.service.type }} - {{- if and .Values.server.service.clusterIP (eq .Values.server.service.type "ClusterIP") }} - clusterIP: {{ .Values.server.service.clusterIP }} - {{- end }} - {{- if and .Values.server.service.loadBalancerIP (eq .Values.server.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.server.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.server.service.type "LoadBalancer") .Values.server.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.server.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if or (eq .Values.server.service.type "LoadBalancer") (eq .Values.server.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.server.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.server.service.port }} - targetPort: http - {{- if (and (or (eq .Values.server.service.type "NodePort") (eq .Values.server.service.type "LoadBalancer")) (not (empty .Values.server.service.nodePort))) }} - nodePort: {{ .Values.server.service.nodePort }} - {{- else if eq .Values.server.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: server diff --git a/bitnami/spring-cloud-dataflow/templates/server/tls-secret.yaml b/bitnami/spring-cloud-dataflow/templates/server/tls-secret.yaml deleted file mode 100644 index 42e84b0..0000000 --- a/bitnami/spring-cloud-dataflow/templates/server/tls-secret.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.server.ingress.enabled }} -{{- if .Values.server.ingress.secrets }} -{{- range .Values.server.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- else if and .Values.server.ingress.tls (not .Values.server.ingress.certManager) }} -{{- $ca := genCA "scdf-ca" 365 }} -{{- $cert := genSignedCert .Values.server.ingress.hostname nil (list .Values.server.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.server.ingress.hostname }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/serviceaccount.yaml b/bitnami/spring-cloud-dataflow/templates/serviceaccount.yaml deleted file mode 100644 index f45963f..0000000 --- a/bitnami/spring-cloud-dataflow/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "scdf.serviceAccountName" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/skipper/configmap.yaml b/bitnami/spring-cloud-dataflow/templates/skipper/configmap.yaml deleted file mode 100644 index fc7baf3..0000000 --- a/bitnami/spring-cloud-dataflow/templates/skipper/configmap.yaml +++ /dev/null @@ -1,101 +0,0 @@ -{{- if (include "scdf.skipper.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "scdf.fullname" . }}-skipper - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: skipper - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - application.yaml: |- - {{- if .Values.metrics.enabled }} - {{- $fullname := include "scdf.fullname" . }} - {{- $rsocketPort := int .Values.metrics.service.rsocketPort }} - management: - metrics: - export: - prometheus: - enabled: true - rsocket: - enabled: true - host: {{ $fullname }}-prometheus-proxy - port: {{ $rsocketPort }} - {{- end }} - spring: - cloud: - skipper: - server: - platform: - kubernetes: - accounts: - {{ .Values.skipper.configuration.accountName }}: - {{- $environmentVariables := include "scdf.deployer.environmentVariables" . }} - {{- if or (.Values.rabbitmq.enabled) (.Values.externalRabbitmq.enabled) }} - {{- $rabbitmqHost := include "scdf.rabbitmq.host" . }} - {{- $rabbitmqPort := include "scdf.rabbitmq.port" . }} - {{- $rabbitmqUser := include "scdf.rabbitmq.user" . }} - {{- $rabbitmqVhost := include "scdf.rabbitmq.vhost" . }} - environmentVariables: 'SPRING_RABBITMQ_HOST={{ $rabbitmqHost }},SPRING_RABBITMQ_PORT={{ $rabbitmqPort }},SPRING_RABBITMQ_USERNAME={{ $rabbitmqUser }},SPRING_RABBITMQ_PASSWORD=${rabbitmq-password},SPRING_RABBITMQ_VIRTUAL_HOST={{ $rabbitmqVhost }}{{ $environmentVariables }}' - {{- else if .Values.kafka.enabled }} - environmentVariables: 'SPRING_CLOUD_STREAM_KAFKA_BINDER_BROKERS=${{ printf "{" }}{{ .Release.Name }}_KAFKA_SERVICE_HOST}:${{ printf "{" }}{{ .Release.Name }}_KAFKA_SERVICE_PORT},SPRING_CLOUD_STREAM_KAFKA_BINDER_ZK_NODES=${{ printf "{" }}{{ .Release.Name }}_ZOOKEEPER_SERVICE_HOST}:${{ printf "{" }}{{ .Release.Name }}_ZOOKEEPER_SERVICE_PORT}{{ $environmentVariables }}' - {{- else if .Values.externalKafka.enabled }} - environmentVariables: 'SPRING_CLOUD_STREAM_KAFKA_BINDER_BROKERS={{ .Values.externalKafka.brokers }},SPRING_CLOUD_STREAM_KAFKA_BINDER_ZK_NODES={{ .Values.externalKafka.zkNodes }}{{ $environmentVariables }}' - {{- else }} - {{- if .Values.deployer.environmentVariables }} - environmentVariables: '{{ .Values.deployer.environmentVariables | trim }}' - {{- end }} - {{- end }} - {{- if .Values.deployer.resources.limits }} - limits: {{- toYaml .Values.deployer.resources.limits | trim | nindent 22 }} - {{- end }} - {{- if .Values.deployer.resources.requests }} - requests: {{- toYaml .Values.deployer.resources.requests | trim | nindent 22 }} - {{- end }} - {{- if .Values.deployer.readinessProbe.initialDelaySeconds }} - readinessProbeDelay: {{ .Values.deployer.readinessProbe.initialDelaySeconds }} - {{- end }} - {{- if .Values.deployer.livenessProbe.initialDelaySeconds }} - livenessProbeDelay: {{ .Values.deployer.livenessProbe.initialDelaySeconds }} - {{- end }} - {{- if .Values.deployer.nodeSelector }} - nodeSelector: {{ .Values.deployer.nodeSelector }} - {{- end }} - {{- if .Values.deployer.tolerations }} - tolerations: {{- toYaml .Values.deployer.tolerations | nindent 22 }} - {{- end }} - {{- if .Values.deployer.volumeMounts }} - volumeMounts: {{- toYaml .Values.deployer.volumeMounts | nindent 22 }} - {{- end }} - {{- if .Values.deployer.volumes }} - volumes: {{- toYaml .Values.deployer.volumes | nindent 22 }} - {{- end }} - {{- if .Values.deployer.podSecurityContext }} - podSecurityContext: {{- toYaml .Values.deployer.podSecurityContext | nindent 22 }} - {{- end }} - {{- $hibernateDialect := include "scdf.database.hibernate.dialect" . }} - {{- if $hibernateDialect }} - jpa: - properties: - hibernate: - dialect: {{ $hibernateDialect }} - {{- end }} - datasource: - url: '{{ include "scdf.database.skipper.url" . }}' - driverClassName: {{ include "scdf.database.driver" . }} - username: {{ include "scdf.database.skipper.user" . }} - {{ if .Values.externalDatabase.existingPasswordSecret }} - password: {{ .Values.externalDatabase.existingPasswordKey | default "datasource-password" | printf "${%s}" }} - {{- else -}} - password: ${mariadb-password} - {{- end }} - testOnBorrow: true - validationQuery: "SELECT 1" - flyway: - enabled: {{ .Values.flyway.enabled }} -{{ end }} diff --git a/bitnami/spring-cloud-dataflow/templates/skipper/deployment.yaml b/bitnami/spring-cloud-dataflow/templates/skipper/deployment.yaml deleted file mode 100644 index 903a1d7..0000000 --- a/bitnami/spring-cloud-dataflow/templates/skipper/deployment.yaml +++ /dev/null @@ -1,209 +0,0 @@ -{{- if or .Values.skipper.enabled .Values.server.configuration.streamingEnabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "scdf.fullname" . }}-skipper - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: skipper - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.skipper.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: skipper - strategy: - type: {{ .Values.skipper.strategyType }} - {{- if (eq "Recreate" .Values.skipper.strategyType) }} - rollingUpdate: null - {{- end }} - template: - metadata: - {{- if or (include "scdf.skipper.createConfigmap" .) .Values.skipper.podAnnotations }} - annotations: - {{- if (include "scdf.skipper.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/skipper/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.skipper.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.skipper.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: skipper - spec: - {{- include "scdf.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "scdf.serviceAccountName" . }} - {{- if .Values.skipper.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.skipper.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.skipper.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.skipper.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.skipper.podAffinityPreset "component" "skipper" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.skipper.podAntiAffinityPreset "component" "skipper" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.skipper.nodeAffinityPreset.type "key" .Values.skipper.nodeAffinityPreset.key "values" .Values.skipper.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.skipper.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.skipper.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.skipper.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.skipper.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.skipper.priorityClassName }} - priorityClassName: {{ .Values.skipper.priorityClassName | quote }} - {{- end }} - {{- if .Values.skipper.podSecurityContext }} - securityContext: {{- toYaml .Values.skipper.podSecurityContext | nindent 8 }} - {{- end }} - {{- if or .Values.skipper.initContainers .Values.waitForBackends.enabled }} - initContainers: - {{- if .Values.waitForBackends.enabled }} - - name: wait-for-backends - image: {{ include "scdf.waitForBackends.image" . }} - imagePullPolicy: {{ .Values.waitForBackends.image.pullPolicy | quote }} - command: - - /scripts/wait-for-backends.sh - {{- if .Values.waitForBackends.resources }} - resources: {{- toYaml .Values.waitForBackends.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: scripts - mountPath: /scripts/wait-for-backends.sh - subPath: wait-for-backends.sh - {{- end }} - {{- if .Values.skipper.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.skipper.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: skipper - image: {{ include "scdf.skipper.image" . }} - imagePullPolicy: {{ .Values.skipper.image.pullPolicy | quote }} - {{- if .Values.skipper.containerSecurityContext }} - securityContext: {{- toYaml .Values.skipper.containerSecurityContext | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.skipper.image.debug | quote }} - - name: SERVER_PORT - value: "7577" - - name: SPRING_CLOUD_CONFIG_ENABLED - value: "false" - - name: SPRING_CLOUD_KUBERNETES_CONFIG_ENABLE_API - value: "false" - - name: SPRING_CLOUD_KUBERNETES_SECRETS_ENABLE_API - value: "false" - - name: SPRING_CLOUD_KUBERNETES_SECRETS_PATHS - value: "/etc/secrets" - - name: KUBERNETES_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KUBERNETES_TRUST_CERTIFICATES - value: {{ ternary "true" "false" .Values.skipper.configuration.trustK8sCerts | quote }} - {{- if .Values.skipper.jdwp.enabled }} - - name: JAVA_TOOL_OPTIONS - value: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address={{ .Values.skipper.jdwp.port }}" - {{- end }} - {{- range $key, $value := .Values.skipper.extraEnvVars }} - - name: {{ $value.name }} - value: "{{ $value.value }}" - {{- end }} - {{- if or .Values.skipper.extraEnvVarsCM .Values.skipper.extraEnvVarsSecret }} - envFrom: - {{- if .Values.skipper.extraEnvVarsCM }} - - configMapRef: - name: {{ tpl .Values.skipper.extraEnvVarsCM . | quote }} - {{- end }} - {{- if .Values.skipper.extraEnvVarsSecret }} - - secretRef: - name: {{ tpl .Values.skipper.extraEnvVarsSecret . | quote }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: 7577 - protocol: TCP - {{- if .Values.skipper.jdwp.enabled }} - - name: jdwp - containerPort: {{ .Values.skipper.jdwp.port }} - protocol: TCP - {{- end }} - {{- if .Values.skipper.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /actuator/health - port: http - initialDelaySeconds: {{ .Values.skipper.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.skipper.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.skipper.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.skipper.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.skipper.livenessProbe.failureThreshold }} - {{- else if .Values.skipper.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.skipper.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.skipper.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /actuator/health - port: http - initialDelaySeconds: {{ .Values.skipper.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.skipper.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.skipper.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.skipper.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.skipper.readinessProbe.failureThreshold }} - {{- else if .Values.skipper.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.skipper.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.skipper.resources }} - resources: {{- toYaml .Values.skipper.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: database - mountPath: /etc/secrets/database - readOnly: true - - name: config - mountPath: /opt/bitnami/spring-cloud-skipper/conf - readOnly: true - {{- if or (.Values.rabbitmq.enabled) (.Values.externalRabbitmq.enabled) }} - - name: rabbitmq - mountPath: /etc/secrets/rabbitmq - readOnly: true - {{- end }} - {{- if .Values.skipper.extraVolumeMounts }} - {{- toYaml .Values.skipper.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.skipper.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.skipper.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: database - secret: - secretName: {{ include "scdf.database.secretName" . }} - - name: config - configMap: - name: {{ include "scdf.skipper.configmapName" . }} - items: - - key: application.yaml - path: application.yml - {{- if or (.Values.rabbitmq.enabled) (.Values.externalRabbitmq.enabled) }} - - name: rabbitmq - secret: - secretName: {{ include "scdf.rabbitmq.secretName" . }} - {{- end }} - {{- if .Values.waitForBackends.enabled }} - - name: scripts - configMap: - name: {{ include "scdf.fullname" . }}-scripts - defaultMode: 0755 - {{- end }} - {{- if .Values.skipper.extraVolumes }} - {{- toYaml .Values.skipper.extraVolumes | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/skipper/hpa.yaml b/bitnami/spring-cloud-dataflow/templates/skipper/hpa.yaml deleted file mode 100644 index 0d9f7cc..0000000 --- a/bitnami/spring-cloud-dataflow/templates/skipper/hpa.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and (or .Values.skipper.enabled .Values.server.configuration.streamingEnabled) .Values.skipper.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "scdf.fullname" . }}-skipper - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: skipper - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ include "scdf.fullname" . }}-skipper - minReplicas: {{ .Values.skipper.autoscaling.minReplicas }} - maxReplicas: {{ .Values.skipper.autoscaling.maxReplicas }} - metrics: - {{- if .Values.skipper.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.skipper.autoscaling.targetCPU }} - {{- end }} - {{- if .Values.skipper.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.skipper.autoscaling.targetMemory }} - {{- end }} -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/skipper/pdb.yaml b/bitnami/spring-cloud-dataflow/templates/skipper/pdb.yaml deleted file mode 100644 index c69e532..0000000 --- a/bitnami/spring-cloud-dataflow/templates/skipper/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (or .Values.skipper.enabled .Values.server.configuration.streamingEnabled) .Values.skipper.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "scdf.fullname" . }}-skipper - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: skipper - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.skipper.pdb.minAvailable }} - minAvailable: {{ .Values.skipper.pdb.minAvailable }} - {{- end }} - {{- if .Values.skipper.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.skipper.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: skipper -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/templates/skipper/service.yaml b/bitnami/spring-cloud-dataflow/templates/skipper/service.yaml deleted file mode 100644 index 17a6052..0000000 --- a/bitnami/spring-cloud-dataflow/templates/skipper/service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if or .Values.skipper.enabled .Values.server.configuration.streamingEnabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "scdf.fullname" . }}-skipper - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: skipper - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.skipper.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.skipper.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.skipper.service.type }} - {{- if and .Values.skipper.service.clusterIP (eq .Values.skipper.service.type "ClusterIP") }} - clusterIP: {{ .Values.skipper.service.clusterIP }} - {{- end }} - {{- if and .Values.skipper.service.loadBalancerIP (eq .Values.skipper.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.skipper.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.skipper.service.type "LoadBalancer") .Values.skipper.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.skipper.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if or (eq .Values.skipper.service.type "LoadBalancer") (eq .Values.skipper.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.skipper.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.skipper.service.port }} - targetPort: http - {{- if (and (or (eq .Values.skipper.service.type "NodePort") (eq .Values.skipper.service.type "LoadBalancer")) (not (empty .Values.skipper.service.nodePort))) }} - nodePort: {{ .Values.skipper.service.nodePort }} - {{- else if eq .Values.skipper.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: skipper -{{- end }} diff --git a/bitnami/spring-cloud-dataflow/values.schema.json b/bitnami/spring-cloud-dataflow/values.schema.json deleted file mode 100644 index 50ee1c9..0000000 --- a/bitnami/spring-cloud-dataflow/values.schema.json +++ /dev/null @@ -1,354 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "server": { - "type": "object", - "form": true, - "title": "Spring Cloud Dataflow Server configuration", - "properties": { - "configuration": { - "type": "object", - "title": "Spring Cloud Dataflow Server configuration", - "properties": { - "streamingEnabled": { - "type": "boolean", - "title": "Enable deploying streaming data", - "form": true, - "description": "Enable support for Stream processing using using RabbitMQ or Kafka" - }, - "batchEnabled": { - "type": "boolean", - "title": "Enable deploying Batch data", - "form": true, - "description": "Enable support for Task and Schedules processing" - } - } - }, - "replicaCount": { - "type": "integer", - "form": true, - "title": "Dataflow server replicas" - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - } - }, - "ingress": { - "type": "object", - "form": true, - "title": "Ingress configuration", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Use a custom hostname", - "description": "Enable the ingress resource that allows you to access the Dataflow Server dashboard." - }, - "hostname": { - "type": "string", - "form": true, - "title": "Hostname", - "hidden": { - "condition": false, - "value": "server/ingress/enabled" - } - }, - "certManager": { - "type": "boolean", - "form": true, - "title": "Enable CertManager", - "description": "This will add the required annotation for CertManager to add certificates.", - "hidden": { - "condition": false, - "value": "server/ingress/enabled" - } - }, - "tls": { - "type": "boolean", - "form": true, - "title": "Create a TLS secret", - "hidden": { - "condition": false, - "value": "server/ingress/enabled" - } - } - } - }, - "service": { - "type": "object", - "form": true, - "title": "Service Configuration", - "properties": { - "type": { - "type": "string", - "form": true, - "title": "Service Type", - "description": "Allowed values: \"ClusterIP\", \"NodePort\" and \"LoadBalancer\"" - } - } - } - } - }, - "skipper": { - "type": "object", - "form": true, - "title": "Spring Cloud Skipper Server configuration", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Skipper", - "description": "Enable Spring Cloud Skipper component" - }, - "replicaCount": { - "type": "integer", - "form": true, - "title": "Skipper server replicas", - "hidden": { - "condition": false, - "value": "skipper/enabled" - } - }, - "resources": { - "type": "object", - "title": "Required Resources", - "description": "Configure resource requests", - "form": true, - "properties": { - "requests": { - "type": "object", - "properties": { - "memory": { - "type": "string", - "form": true, - "render": "slider", - "title": "Memory Request", - "sliderMin": 10, - "sliderMax": 2048, - "sliderUnit": "Mi" - }, - "cpu": { - "type": "string", - "form": true, - "render": "slider", - "title": "CPU Request", - "sliderMin": 10, - "sliderMax": 2000, - "sliderUnit": "m" - } - } - } - }, - "hidden": { - "condition": false, - "value": "skipper/enabled" - } - } - } - }, - "serviceAccount": { - "type": "object", - "title": "ServiceAccount configuration", - "form": true, - "properties": { - "create": { - "type": "boolean", - "form": true, - "title": "Create a ServiceAcccount", - "description": "Specify whether a ServiceAcccount for Spring Cloud pods should be created" - }, - "name": { - "type": "string", - "form": true, - "title": "ServiceAcccount name", - "description": "ServiceAcccount name to use. Auto-generated if not specified", - "hidden": { - "condition": false, - "value": "serviceAccount/create" - } - } - } - }, - "rbac": { - "type": "object", - "title": "RBAC rules configuration", - "form": true, - "properties": { - "create": { - "type": "boolean", - "form": true, - "title": "Create RBAC rules", - "description": "Specify whether RBAC resources should be created and used" - } - } - }, - "metrics": { - "type": "object", - "form": true, - "title": "Prometheus metrics details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus metrics exporter", - "description": "Create a side-car container to expose Prometheus metrics", - "form": true - }, - "serviceMonitor": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus Operator ServiceMonitor", - "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", - "form": true, - "hidden": { - "condition": false, - "value": "metrics/enabled" - } - } - } - } - } - }, - "mariadb": { - "type": "object", - "title": "MariaDB Details", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Use a new MariaDB database hosted in the cluster", - "form": true, - "description": "Whether to deploy a MariaDB server to satisfy the Spring Cloud database requirements. To use an external database switch this off and configure the external database details" - } - } - }, - "flyway": { - "type": "object", - "title": "Flyway Details", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Run or skip Database creation scripts on startup", - "form": true, - "description": "Whether to run or skip running Database creation scripts on startup. This feature can be used in scenario of Database schema and tables already present, when using Mariadb or external database" - } - } - }, - "externalDatabase": { - "type": "object", - "title": "External Database Details", - "description": "If MariaDB is disabled. Use this section to specify the external database details", - "form": true, - "properties": { - "host": { - "type": "string", - "form": true, - "title": "Database Host", - "hidden": "mariadb/enabled" - }, - "port": { - "type": "integer", - "form": true, - "title": "Database Port", - "hidden": "mariadb/enabled" - }, - "password": { - "type": "string", - "form": true, - "title": "Database Password", - "hidden": "mariadb/enabled" - }, - "dataflow": { - "type": "object", - "properties": { - "user": { - "type": "string", - "form": true, - "title": "Database Username for Dataflow server", - "hidden": "mariadb/enabled" - }, - "database": { - "type": "string", - "form": true, - "title": "Database Name for Dataflow server", - "hidden": "mariadb/enabled" - } - } - }, - "skipper": { - "type": "object", - "properties": { - "user": { - "type": "string", - "form": true, - "title": "Database Username for Skipper server", - "hidden": "mariadb/enabled" - }, - "database": { - "type": "string", - "form": true, - "title": "Database Name for Skipper server", - "hidden": "mariadb/enabled" - } - } - } - } - }, - "rabbitmq": { - "type": "object", - "title": "RabbitMQ Details", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Use a new RabbitMQ server hosted in the cluster", - "form": true, - "description": "Whether to deploy a RabbitMQ server to satisfy the Spring Cloud Skipper messaging middleware requirements." - } - } - }, - "kafka": { - "type": "object", - "title": "Kafka Details", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "title": "Use a new Kafka server hosted in the cluster", - "form": true, - "description": "Whether to deploy a Kafka server to satisfy the Spring Cloud Skipper messaging middleware requirements." - } - } - } - } -} diff --git a/bitnami/spring-cloud-dataflow/values.yaml b/bitnami/spring-cloud-dataflow/values.yaml deleted file mode 100644 index e717413..0000000 --- a/bitnami/spring-cloud-dataflow/values.yaml +++ /dev/null @@ -1,1237 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param nameOverride String to partially override scdf.fullname template (will maintain the release name). -## -nameOverride: "" -## @param fullnameOverride String to fully override scdf.fullname template. -## -fullnameOverride: "" -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param clusterDomain Default Kubernetes cluster domain -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section Dataflow Server parameters - -## Spring Cloud Dataflow Server parameters. -## -server: - ## Bitnami Spring Cloud Dataflow Server image - ## ref: https://hub.docker.com/r/bitnami/spring-cloud-dataflow/tags/ - ## @param server.image.registry Spring Cloud Dataflow image registry - ## @param server.image.repository Spring Cloud Dataflow image repository - ## @param server.image.tag Spring Cloud Dataflow image tag (immutable tags are recommended) - ## @param server.image.pullPolicy Spring Cloud Dataflow image pull policy - ## @param server.image.pullSecrets Specify docker-registry secret names as an array - ## @param server.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/spring-cloud-dataflow - tag: 2.8.2-debian-10-r22 - ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false - ## @param server.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - composedTaskRunner: - ## Bitnami Spring Cloud Dataflow Composed Task Runner image - ## ref: https://hub.docker.com/r/bitnami/spring-cloud-dataflow/tags/ - ## @param server.composedTaskRunner.image.registry Spring Cloud Dataflow Composed Task Runner image registry - ## @param server.composedTaskRunner.image.repository Spring Cloud Dataflow Composed Task Runner image repository - ## @param server.composedTaskRunner.image.tag Spring Cloud Dataflow Composed Task Runner image tag (immutable tags are recommended) - ## - image: - registry: docker.io - repository: bitnami/spring-cloud-dataflow-composed-task-runner - tag: 2.8.2-debian-10-r22 - ## Spring Cloud Dataflow Server configuration parameters - ## - configuration: - ## @param server.configuration.streamingEnabled Enables or disables streaming data processing - ## - streamingEnabled: true - ## @param server.configuration.batchEnabled Enables or disables batch data (tasks and schedules) processing - ## - batchEnabled: true - ## @param server.configuration.accountName The name of the account to configure for the Kubernetes platform - ## - accountName: default - ## @param server.configuration.trustK8sCerts Trust K8s certificates when querying the Kubernetes API - ## - trustK8sCerts: false - ## @param server.configuration.containerRegistries Container registries configuration - ## Example: - ## containerRegistries: - ## default: - ## registry-host: registry-1.docker.io - ## authorization-type: dockeroauth2 - ## - containerRegistries: {} - ## @param server.configuration.grafanaInfo Endpoint to the grafana instance (Deprecated: use the metricsDashboard instead) - ## - grafanaInfo: "" - ## @param server.configuration.metricsDashboard Endpoint to the metricsDashboard instance - ## - metricsDashboard: "" - ## @param server.existingConfigmap ConfigMap with Spring Cloud Dataflow Server Configuration - ## NOTE: When it's set the server.configuration.* and deployer.* - ## parameters are ignored, - ## - existingConfigmap: "" - ## @param server.extraEnvVars Extra environment variables to be set on Dataflow server container - ## E.g: - ## extraEnvVars: - ## - name: FOO - ## value: BAR - ## - extraEnvVars: [] - ## @param server.extraEnvVarsCM ConfigMap with extra environment variables - ## - extraEnvVarsCM: "" - ## @param server.extraEnvVarsSecret Secret with extra environment variables - ## - extraEnvVarsSecret: "" - ## @param server.replicaCount Number of Dataflow server replicas to deploy - ## - replicaCount: 1 - ## @param server.strategyType StrategyType, can be set to RollingUpdate or Recreate by default - ## - strategyType: RollingUpdate - ## @param server.podAffinityPreset Dataflow server pod affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param server.podAntiAffinityPreset Dataflow server pod anti-affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## @param server.containerPort Dataflow server port - ## - containerPort: 8080 - ## Dataflow Server node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param server.nodeAffinityPreset.type Dataflow server node affinity preset type. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param server.nodeAffinityPreset.key Dataflow server node label key to match Ignored if `server.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param server.nodeAffinityPreset.values Dataflow server node label values to match. Ignored if `server.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param server.affinity Dataflow server affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: server.podAffinityPreset, server.podAntiAffinityPreset, and server.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param server.nodeSelector Dataflow server node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param server.tolerations Dataflow server tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param server.podAnnotations Annotations for Dataflow server pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param server.priorityClassName Dataflow Server pods' priority - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## Dataflow Server pods' Security Context. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param server.podSecurityContext.fsGroup Group ID for the volumes of the pod - ## - podSecurityContext: - fsGroup: 1001 - ## Dataflow Server containers' Security Context (only main container). - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param server.containerSecurityContext.runAsUser Set Dataflow Server container's Security Context runAsUser - ## - containerSecurityContext: - runAsUser: 1001 - ## Dataflow Server containers' resource requests and limits. - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param server.resources.limits The resources limits for the Dataflow server container - ## @param server.resources.requests The requested resources for the Dataflow server container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Dataflow Server pods' liveness probes. Evaluated as a template. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param server.livenessProbe.enabled Enable livenessProbe - ## @param server.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param server.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param server.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param server.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param server.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - timeoutSeconds: 1 - periodSeconds: 20 - failureThreshold: 6 - successThreshold: 1 - ## Dataflow Server pods' readiness probes. Evaluated as a template. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param server.readinessProbe.enabled Enable readinessProbe - ## @param server.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param server.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param server.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param server.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param server.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 120 - timeoutSeconds: 1 - periodSeconds: 20 - failureThreshold: 6 - successThreshold: 1 - ## @param server.customLivenessProbe Override default liveness probe - ## - customLivenessProbe: {} - ## @param server.customReadinessProbe Override default readiness probe - ## - customReadinessProbe: {} - ## Dataflow Server Service parameters. - ## - service: - ## @param server.service.type Kubernetes service type - ## - type: ClusterIP - ## @param server.service.port Service HTTP port - ## - port: 8080 - ## @param server.service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param server.service.clusterIP Dataflow server service cluster IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param server.service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param server.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param server.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param server.service.annotations Provide any additional annotations which may be required. Evaluated as a template. - ## - annotations: {} - ## Configure the ingress resource that allows you to access Dataflow Server - ## - ingress: - ## @param server.ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param server.ingress.path The Path to WordPress. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - ## @param server.ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param server.ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param server.ingress.hostname Default host for the ingress resource - ## - hostname: dataflow.local - ## @param server.ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param server.ingress.tls Enable TLS configuration for the hostname defined at ingress.hostname parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it - ## - tls: false - ## @param server.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: dataflow.local - ## path: / - ## - extraHosts: [] - ## @param server.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - dataflow.local - ## secretName: dataflow.local-tls - ## - extraTls: [] - ## @param server.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: dataflow.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param server.initContainers Add init containers to the Dataflow Server pods - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param server.sidecars Add sidecars to the Dataflow Server pods - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## Dataflow Server Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param server.pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: false - ## @param server.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## - minAvailable: 1 - ## @param server.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable - ## - maxUnavailable: "" - ## Dataflow Server Autoscaling parameters. - ## - autoscaling: - ## @param server.autoscaling.enabled Enable autoscaling for Dataflow server - ## @param server.autoscaling.minReplicas Minimum number of Dataflow server replicas - ## @param server.autoscaling.maxReplicas Maximum number of Dataflow server replicas - ## @param server.autoscaling.targetCPU Target CPU utilization percentage - ## @param server.autoscaling.targetMemory Target Memory utilization percentage - ## - enabled: false - minReplicas: "" - maxReplicas: "" - targetCPU: "" - targetMemory: "" - ## @param server.extraVolumes Extra Volumes to be set on the Dataflow Server Pod - ## e.g: - ## extraVolumes: - ## - name: sample - ## emptyDir: {} - ## - extraVolumes: [] - ## @param server.extraVolumeMounts Extra VolumeMounts to be set on the Dataflow Container - ## e.g: - ## extraVolumeMounts: - ## - name: sample - ## mountPath: /temp/sample - ## - extraVolumeMounts: [] - ## Java Debug Wire Protocol (JDWP) parameters. - ## - jdwp: - ## @param server.jdwp.enabled Set to true to enable Java debugger - ## - enabled: false - ## @param server.jdwp.port Specify port for remote debugging - ## - port: 5005 - ## @param server.proxy Add proxy configuration for SCDF server - ## Example: - ## proxy: - ## host: "myproxy.com" - ## port: 8080 - ## user: "" - ## password: "" - ## - proxy: {} - -## @section Dataflow Skipper parameters - -## Spring Cloud Skipper parameters. -## -skipper: - ## @param skipper.enabled Enable Spring Cloud Skipper component - ## Note: it'll be also enabled if streams are enabled in Dataflow server configuration. - ## - enabled: true - ## @param skipper.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## Bitnami Spring Cloud Skipper image - ## ref: https://hub.docker.com/r/bitnami/spring-cloud-skipper/tags/ - ## @param skipper.image.registry Spring Cloud Skipper image registry - ## @param skipper.image.repository Spring Cloud Skipper image repository - ## @param skipper.image.tag Spring Cloud Skipper image tag (immutable tags are recommended) - ## @param skipper.image.pullPolicy Spring Cloud Skipper image pull policy - ## @param skipper.image.pullSecrets Specify docker-registry secret names as an array - ## @param skipper.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/spring-cloud-skipper - tag: 2.7.2-debian-10-r22 - ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false - ## Skipper Server configuration parameters - ## - configuration: - ## @param skipper.configuration.accountName The name of the account to configure for the Kubernetes platform - ## - accountName: default - ## @param skipper.configuration.trustK8sCerts Trust K8s certificates when querying the Kubernetes API - ## - trustK8sCerts: false - ## @param skipper.existingConfigmap Name of existing ConfigMap with Skipper server configuration - ## NOTE: When it's set the server.configuration.* and deployer.* - ## parameters are ignored, - ## - existingConfigmap: "" - ## @param skipper.extraEnvVars Extra environment variables to be set on Skipper server container - ## E.g: - ## extraEnvVars: - ## - name: FOO - ## value: BAR - ## - extraEnvVars: [] - ## @param skipper.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables - ## - extraEnvVarsCM: "" - ## @param skipper.extraEnvVarsSecret Name of existing Secret containing extra environment variables - ## - extraEnvVarsSecret: "" - ## @param skipper.replicaCount Number of Skipper server replicas to deploy - ## - replicaCount: 1 - ## @param skipper.strategyType Deployment Strategy Type - ## - strategyType: RollingUpdate - ## @param skipper.podAffinityPreset Skipper pod affinity preset. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param skipper.podAntiAffinityPreset Skipper pod anti-affinity preset. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Skipper node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param skipper.nodeAffinityPreset.type Skipper node affinity preset type. Ignored if `skipper.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param skipper.nodeAffinityPreset.key Skipper node label key to match Ignored if `skipper.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param skipper.nodeAffinityPreset.values Skipper node label values to match. Ignored if `skipper.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param skipper.affinity Skipper affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: skipper.podAffinityPreset, skipper.podAntiAffinityPreset, and skipper.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param skipper.nodeSelector Skipper node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param skipper.tolerations Skipper tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param skipper.podAnnotations Annotations for Skipper server pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param skipper.priorityClassName Controller priorityClassName - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## Skipper pods' Security Context. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param skipper.podSecurityContext.fsGroup Group ID for the volumes of the pod - ## - podSecurityContext: - fsGroup: 1001 - ## Skipper containers' Security Context (only main container). - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param skipper.containerSecurityContext.runAsUser Set Dataflow Skipper container's Security Context runAsUser - ## - containerSecurityContext: - runAsUser: 1001 - ## Skipper containers' resource requests and limits. - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param skipper.resources.limits The resources limits for the Skipper server container - ## @param skipper.resources.requests The requested resources for the Skipper server container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param skipper.livenessProbe.enabled Enable livenessProbe - ## @param skipper.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param skipper.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param skipper.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param skipper.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param skipper.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - timeoutSeconds: 1 - periodSeconds: 20 - failureThreshold: 6 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param skipper.readinessProbe.enabled Enable readinessProbe - ## @param skipper.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param skipper.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param skipper.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param skipper.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param skipper.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 120 - timeoutSeconds: 1 - periodSeconds: 20 - failureThreshold: 6 - successThreshold: 1 - ## @param skipper.customLivenessProbe Override default liveness probe - ## - customLivenessProbe: {} - ## @param skipper.customReadinessProbe Override default readiness probe - ## - customReadinessProbe: {} - ## Skipper Service parameters. - ## - service: - ## @param skipper.service.type Kubernetes service type - ## - type: ClusterIP - ## @param skipper.service.port Service HTTP port - ## - port: 80 - ## @param skipper.service.nodePort Service HTTP node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param skipper.service.clusterIP Skipper server service cluster IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param skipper.service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param skipper.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param skipper.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer - ## Set the LoadBalancer service type to internal only - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param skipper.service.annotations Annotations for Skipper server service - ## - annotations: {} - ## @param skipper.initContainers Add init containers to the Dataflow Skipper pods - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param skipper.sidecars Add sidecars to the Skipper pods - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## Skipper Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param skipper.pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: false - ## @param skipper.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## - minAvailable: 1 - ## @param skipper.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable - ## - maxUnavailable: "" - ## Skipper Autoscaling parameters. - ## - autoscaling: - ## @param skipper.autoscaling.enabled Enable autoscaling for Skipper server - ## @param skipper.autoscaling.minReplicas Minimum number of Skipper server replicas - ## @param skipper.autoscaling.maxReplicas Maximum number of Skipper server replicas - ## @param skipper.autoscaling.targetCPU Target CPU utilization percentage - ## @param skipper.autoscaling.targetMemory Target Memory utilization percentage - ## - enabled: false - minReplicas: "" - maxReplicas: "" - targetCPU: "" - targetMemory: "" - ## @param skipper.extraVolumes Extra Volumes to be set on the Skipper Pod - ## e.g: - ## extraVolumes: - ## - name: sample - ## emptyDir: {} - ## - extraVolumes: [] - ## @param skipper.extraVolumeMounts Extra VolumeMounts to be set on the Skipper Container - ## e.g: - ## extraVolumeMounts: - ## - name: sample - ## mountPath: /temp/sample - ## - extraVolumeMounts: [] - ## Java Debug Wire Protocol (JDWP) parameters. - ## - jdwp: - ## @param skipper.jdwp.enabled Enable Java Debug Wire Protocol (JDWP) - ## - enabled: false - ## @param skipper.jdwp.port JDWP TCP port for remote debugging - ## - port: 5005 -## External Skipper Configuration -## All of these values are ignored when skipper.enabled is set to true -## -externalSkipper: - ## @param externalSkipper.host Host of a external Skipper Server - ## - host: localhost - ## @param externalSkipper.port External Skipper Server port number - ## - port: 7577 - -## @section Deployer parameters - -## Spring Cloud Deployer for Kubernetes parameters. -## -deployer: - ## Streaming applications resource requests and limits. - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param deployer.resources.limits [object] Streaming applications resource limits - ## @param deployer.resources.requests Streaming applications resource requests - ## - resources: - limits: - cpu: 500m - memory: 1024Mi - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param deployer.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## - readinessProbe: - initialDelaySeconds: 120 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param deployer.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## - livenessProbe: - initialDelaySeconds: 90 - ## @param deployer.nodeSelector The node selectors to apply to the streaming applications deployments in "key:value" format - ## Multiple node selectors are comma separated. - ## - nodeSelector: "" - ## @param deployer.tolerations Streaming applications tolerations - ## - tolerations: {} - ## @param deployer.volumeMounts Streaming applications extra volume mounts - ## - volumeMounts: {} - ## @param deployer.volumes Streaming applications extra volumes - ## - volumes: {} - ## @param deployer.environmentVariables Streaming applications environment variables - ## RabbitMQ/Kafka envs. Multiple values are comma separated. - ## - environmentVariables: "" - ## Streams containers' Security Context. This security context will be use in every deployed stream. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param deployer.podSecurityContext.runAsUser Set Dataflow Streams container's Security Context runAsUser - ## - podSecurityContext: - runAsUser: 1001 - -## @section RBAC parameters - -## K8s Service Account. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable the creation of a ServiceAccount for Dataflow server and Skipper server pods - ## - create: true - ## @param serviceAccount.name Name of the created serviceAccount - ## If not set and create is true, a name is generated using the scdf.fullname template - ## - name: "" -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## @param rbac.create Whether to create and use RBAC resources or not - ## binding Spring Cloud Dataflow ServiceAccount to a role - ## that allows pods querying the K8s API - ## - create: true - -## @section Metrics parameters - -## Prometheus metrics -## -metrics: - ## @param metrics.enabled Enable Prometheus metrics - ## - enabled: false - ## Bitnami Prometheus Rsocket Proxy image - ## ref: https://hub.docker.com/r/bitnami/prometheus-rsocket-proxy/tags/ - ## @param metrics.image.registry Prometheus Rsocket Proxy image registry - ## @param metrics.image.repository Prometheus Rsocket Proxy image repository - ## @param metrics.image.tag Prometheus Rsocket Proxy image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Prometheus Rsocket Proxy image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/prometheus-rsocket-proxy - tag: 1.3.0-debian-10-r270 - ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Prometheus Rsocket Proxy containers' resource requests and limits. - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for the Prometheus Rsocket Proxy container - ## @param metrics.resources.requests The requested resources for the Prometheus Rsocket Proxy container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## @param metrics.replicaCount Number of Prometheus Rsocket Proxy replicas to deploy - ## - replicaCount: 1 - ## @param metrics.podAffinityPreset Prometheus Rsocket Proxy pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param metrics.podAntiAffinityPreset Prometheus Rsocket Proxy pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Prometheus Rsocket Proxy node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param metrics.nodeAffinityPreset.type Prometheus Rsocket Proxy node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param metrics.nodeAffinityPreset.key Prometheus Rsocket Proxy node label key to match Ignored if `metrics.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param metrics.nodeAffinityPreset.values Prometheus Rsocket Proxy node label values to match. Ignored if `metrics.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param metrics.affinity Prometheus Rsocket Proxy affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: metrics.podAffinityPreset, metrics.podAntiAffinityPreset, and metrics.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param metrics.nodeSelector Prometheus Rsocket Proxy node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param metrics.tolerations Prometheus Rsocket Proxy tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param metrics.podAnnotations Annotations for Prometheus Rsocket Proxy pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param metrics.priorityClassName Prometheus Rsocket Proxy pods' priority. - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - service: - ## @param metrics.service.httpPort Prometheus Rsocket Proxy HTTP port - ## - httpPort: 8080 - ## @param metrics.service.rsocketPort Prometheus Rsocket Proxy Rsocket port - ## - rsocketPort: 7001 - ## @param metrics.service.annotations [object] Annotations for the Prometheus Rsocket Proxy service - ## - annotations: - prometheus.io/scrape: 'true' - prometheus.io/port: '{{ .Values.metrics.service.httpPort }}' - prometheus.io/path: '/metrics/proxy' - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param metrics.serviceMonitor.extraLabels Labels to add to ServiceMonitor, in case prometheus operator is configured with serviceMonitorSelector - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - extraLabels: {} - ## @param metrics.serviceMonitor.namespace Namespace in which ServiceMonitor is created if different from release - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## Prometheus Rsocket Proxy Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param metrics.pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: false - ## @param metrics.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## - minAvailable: 1 - ## @param metrics.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable - ## - maxUnavailable: "" - ## Prometheus Rsocket Proxy Autoscaling parameters. - ## @param metrics.autoscaling.enabled Enable autoscaling for Prometheus Rsocket Proxy - ## @param metrics.autoscaling.minReplicas Minimum number of Prometheus Rsocket Proxy replicas - ## @param metrics.autoscaling.maxReplicas Maximum number of Prometheus Rsocket Proxy replicas - ## @param metrics.autoscaling.targetCPU Target CPU utilization percentage - ## @param metrics.autoscaling.targetMemory Target Memory utilization percentage - ## - autoscaling: - enabled: false - minReplicas: "" - maxReplicas: "" - targetCPU: "" - targetMemory: "" - -## @section Init Container parameters - -## Init containers parameters: -## wait-for-backends: Wait for the database and other services (such as Kafka or RabbitMQ) used when enabling streaming -## -waitForBackends: - ## @param waitForBackends.enabled Wait for the database and other services (such as Kafka or RabbitMQ) used when enabling streaming - ## - enabled: true - ## @param waitForBackends.image.registry Init container wait-for-backend image registry - ## @param waitForBackends.image.repository Init container wait-for-backend image name - ## @param waitForBackends.image.tag Init container wait-for-backend image tag - ## @param waitForBackends.image.pullPolicy Init container wait-for-backend image pull policy - ## @param waitForBackends.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/kubectl - tag: 1.19.15-debian-10-r4 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container resource requests and limits. - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param waitForBackends.resources.limits Init container wait-for-backend resource limits - ## @param waitForBackends.resources.requests Init container wait-for-backend resource requests - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - -## @section Database parameters - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Enable/disable MariaDB chart installation - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication` - ## - architecture: standalone - ## Custom user/db credentials - ## - auth: - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param mariadb.auth.username Username of new user to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - username: dataflow - ## @param mariadb.auth.password Password for the new user - ## - password: change-me - ## @param mariadb.auth.database Database name to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#creating-a-database-on-first-run - ## - database: dataflow - ## @param mariadb.auth.forcePassword Force users to specify required passwords in the database - ## - forcePassword: false - ## @param mariadb.auth.usePasswordFiles Mount credentials as a file instead of using an environment variable - ## - usePasswordFiles: false - ## @param mariadb.initdbScripts [object] Specify dictionary of scripts to be run at first boot - ## We can only create one database on MariaDB using parameters. However, when streaming - ## is enabled we need a second database for Skipper. - ## Improvements: support creating N users/databases on MariaDB chart. - ## - initdbScripts: - create_databases.sql: | - CREATE OR REPLACE USER 'skipper'@'%' identified by 'change-me'; - CREATE DATABASE IF NOT EXISTS `skipper`; - GRANT ALL ON skipper.* to 'skipper'@'%'; - FLUSH PRIVILEGES; -## Flyway Configuration -## @param flyway.enabled Enable/disable flyway running Dataflow and Skipper Database creation scripts on startup -## All database creation scripts are ignored on startup when flyway.enabled is set to false -## This feature can be used in scenario, where Database tables are already present in Mariadb or ExternalDatabase. -## -flyway: - enabled: true -## External Database Configuration -## All of these values are ignored when mariadb.enabled is set to true -## -externalDatabase: - ## @param externalDatabase.host Host of the external database - ## - host: localhost - ## @param externalDatabase.port External database port number - ## - port: 3306 - ## @param externalDatabase.driver The fully qualified name of the JDBC Driver class - ## - driver: "" - ## @param externalDatabase.scheme The scheme is a vendor-specific or shared protocol string that follows the "jdbc:" of the URL - ## - scheme: "" - ## @param externalDatabase.password Password for the above username - ## - password: "" - ## @param externalDatabase.existingPasswordSecret Existing secret with database password - ## - existingPasswordSecret: "" - ## @param externalDatabase.existingPasswordKey Key of the existing secret with database password, defaults to `datasource-password` - ## - existingPasswordKey: "" - ## Data Flow user and database - ## - dataflow: - ## @param externalDatabase.dataflow.url JDBC URL for dataflow server. Overrides external scheme, host, port, database, and jdbc parameters. - ## This provides a mechanism to define a fully customized JDBC URL for the data flow server rather than having it - ## derived from the common, individual attributes. This property, when defined, has precedence over the - ## individual attributes (scheme, host, port, database) - ## - url: "" - ## @param externalDatabase.dataflow.database Name of the existing database to be used by Dataflow server - ## - database: dataflow - ## @param externalDatabase.dataflow.username Existing username in the external db to be used by Dataflow server - ## - username: dataflow - ## Skipper and database - ## - skipper: - ## @param externalDatabase.skipper.url JDBC URL for skipper. Overrides external scheme, host, port, database, and jdbc parameters. - ## This provides a mechanism to define a fully customized JDBC URL for skipper rather than having it - ## derived from the common, individual attributes. This property, when defined, has precedence over the - ## individual attributes (scheme, host, port, database) - ## - url: "" - ## @param externalDatabase.skipper.database Name of the existing database to be used by Skipper server - ## - database: skipper - ## @param externalDatabase.skipper.username Existing username in the external db to be used by Skipper server - ## - username: skipper - ## @param externalDatabase.hibernateDialect Hibernate Dialect used by Dataflow/Skipper servers - ## e.g: org.hibernate.dialect.MariaDB102Dialect - ## - hibernateDialect: "" - -## @section RabbitMQ chart parameters - -## RabbitMQ chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/rabbitmq/values.yaml -## -rabbitmq: - ## @param rabbitmq.enabled Enable/disable RabbitMQ chart installation - ## - enabled: true - ## @param rabbitmq.auth.username RabbitMQ username - ## - auth: - username: user -## External RabbitMQ Configuration -## All of these values are ignored when rabbitmq.enabled is set to true -## -externalRabbitmq: - ## @param externalRabbitmq.enabled Enable/disable external RabbitMQ - ## - enabled: false - ## @param externalRabbitmq.host Host of the external RabbitMQ - ## - host: localhost - ## @param externalRabbitmq.port External RabbitMQ port number - ## - port: 5672 - ## @param externalRabbitmq.username External RabbitMQ username - ## - username: guest - ## @param externalRabbitmq.password External RabbitMQ password. It will be saved in a kubernetes secret - ## - password: guest - ## @param externalRabbitmq.vhost External RabbitMQ virtual host. It will be saved in a kubernetes secret - ## e.g: - ## vhost: / - ## - vhost: "" - ## @param externalRabbitmq.existingPasswordSecret Existing secret with RabbitMQ password. It will be saved in a kubernetes secret - ## - existingPasswordSecret: "" - -## @section Kafka chart parameters - -## Kafka chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/kafka/values.yaml -## -kafka: - ## @param kafka.enabled Enable/disable Kafka chart installation - ## - enabled: false - ## @param kafka.replicaCount Number of Kafka brokers - ## - replicaCount: 1 - ## @param kafka.offsetsTopicReplicationFactor Kafka Secret Key - ## - offsetsTopicReplicationFactor: 1 - ## Zookeeper chart configuration - ## https://github.com/bitnami/charts/blob/master/bitnami/zookeeper/values.yaml - ## @param kafka.zookeeper.replicaCount Number of Zookeeper replicas - ## - zookeeper: - replicaCount: 1 -## External Kafka Configuration -## All of these values are ignored when kafka.enabled is set to true -## -externalKafka: - ## @param externalKafka.enabled Enable/disable external Kafka - ## - enabled: false - ## @param externalKafka.brokers External Kafka brokers - ## Multiple brokers can be provided in a comma separated list, e.g. host1:port1,host2:port2 - ## - brokers: localhost:9092 - ## @param externalKafka.zkNodes External Zookeeper nodes - ## - zkNodes: localhost:2181 diff --git a/bitnami/suitecrm/.helmignore b/bitnami/suitecrm/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/suitecrm/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/suitecrm/Chart.lock b/bitnami/suitecrm/Chart.lock deleted file mode 100644 index 019b0ab..0000000 --- a/bitnami/suitecrm/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.6.0 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:6d618e256ecb1deea43a6ed15deee9d170e1161e7f94f2b43e2c9da68cb9165d -generated: "2021-09-24T16:00:09.23183594Z" diff --git a/bitnami/suitecrm/Chart.yaml b/bitnami/suitecrm/Chart.yaml deleted file mode 100644 index 4e3078b..0000000 --- a/bitnami/suitecrm/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -annotations: - category: CRM -apiVersion: v2 -appVersion: 7.11.22 -dependencies: - - condition: mariadb.enabled - name: mariadb - repository: https://charts.bitnami.com/bitnami - version: 9.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: SuiteCRM is a completely open source enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a software fork of the popular customer relationship management (CRM) system SugarCRM. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/suitecrm -icon: https://bitnami.com/assets/stacks/suitecrm/img/suitecrm-stack-220x234.png -keywords: - - suitecrm - - crm - - http - - web - - php -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: suitecrm -sources: - - https://github.com/bitnami/bitnami-docker-suitecrm - - https://www.suitecrm.com/ -version: 9.3.22 diff --git a/bitnami/suitecrm/README.md b/bitnami/suitecrm/README.md deleted file mode 100644 index 914ee10..0000000 --- a/bitnami/suitecrm/README.md +++ /dev/null @@ -1,477 +0,0 @@ -# SuiteCRM - -[SuiteCRM](https://www.suitecrm.com) is a completely open source enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a software fork of the popular customer relationship management (CRM) system SugarCRM. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/suitecrm -``` - -## Introduction - -This chart bootstraps a [SuiteCRM](https://github.com/bitnami/bitnami-docker-suitecrm) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/bitnami/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the SuiteCRM application. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm install my-release bitnami/suitecrm -``` - -The command deploys SuiteCRM on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------------------------------------------------------------------------ | ----- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override suitecrm.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override suitecrm.fullname template | `""` | -| `extraDeploy` | Array with extra yaml to deploy with the chart. Evaluated as a template | `[]` | -| `commonAnnotations` | Common annotations to add to all SuiteCRM resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all SuiteCRM resources (sub-charts are not considered). Evaluated as a template | `{}` | - - -### SuiteCRM parameters - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------------------------------------------------------- | ---------------------- | -| `image.registry` | SuiteCRM image registry | `docker.io` | -| `image.repository` | SuiteCRM image repository | `bitnami/suitecrm` | -| `image.tag` | SuiteCRM image tag (immutable tags are recommended) | `7.11.22-debian-10-r0` | -| `image.pullPolicy` | SuiteCRM image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `replicaCount` | Number of replicas (requires ReadWriteMany PVC support) | `1` | -| `suitecrmSkipInstall` | Skip SuiteCRM installation wizard. Useful for migrations and restoring from SQL dump | `false` | -| `suitecrmValidateUserIP` | Whether to validate the user IP address or not | `false` | -| `suitecrmHost` | SuiteCRM host to create application URLs | `""` | -| `suitecrmUsername` | User of the application | `user` | -| `suitecrmPassword` | Application password | `""` | -| `suitecrmEmail` | Admin email | `user@example.com` | -| `allowEmptyPassword` | Allow DB blank passwords | `false` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `extraEnvVars` | An array to add extra environment variables | `[]` | -| `extraEnvVarsCM` | ConfigMap containing extra environment variables | `""` | -| `extraEnvVarsSecret` | Secret containing extra environment variables | `""` | -| `extraVolumes` | Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Extra volume mounts to add to the container. Requires setting `extraVolumeMounts | `[]` | -| `initContainers` | Extra init containers to add to the deployment | `[]` | -| `sidecars` | Extra sidecar containers to add to the deployment | `[]` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `existingSecret` | Name of a secret with the application password | `""` | -| `suitecrmSmtpHost` | SMTP host | `""` | -| `suitecrmSmtpPort` | SMTP port | `""` | -| `suitecrmSmtpUser` | SMTP user | `""` | -| `suitecrmSmtpPassword` | SMTP password | `""` | -| `suitecrmSmtpProtocol` | SMTP protocol [`ssl`, `tls`] | `""` | -| `suitecrmNotifyAddress` | SuiteCRM notify address | `""` | -| `suitecrmNotifyName` | SuiteCRM notify name | `""` | -| `containerPorts` | Container ports | `{}` | -| `sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `podSecurityContext.enabled` | Enable SuiteCRM pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | SuiteCRM pods' group ID | `1001` | -| `containerSecurityContext.enabled` | Enable SuiteCRM containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | SuiteCRM containers' Security Context | `1001` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Request path for livenessProbe | `/index.php` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Request path for readinessProbe | `/index.php` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.path` | Request path for startupProbe | `/index.php` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `60` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Pod extra labels | `{}` | - - -### Database parameters - -| Name | Description | Value | -| ------------------------------------------- | ---------------------------------------------------------------------------------------- | ------------------- | -| `mariadb.enabled` | Whether to deploy a mariadb server to satisfy the applications database requirements | `true` | -| `mariadb.architecture` | MariaDB architecture. Allowed values: `standalone` or `replication` | `standalone` | -| `mariadb.auth.rootPassword` | Password for the MariaDB `root` user | `""` | -| `mariadb.auth.database` | Database name to create | `bitnami_suitecrm` | -| `mariadb.auth.username` | Database user to create | `bn_suitecrm` | -| `mariadb.auth.password` | Password for the database | `""` | -| `mariadb.primary.persistence.enabled` | Enable database persistence using PVC | `true` | -| `mariadb.primary.persistence.storageClass` | MariaDB data Persistent Volume Storage Class | `""` | -| `mariadb.primary.persistence.accessModes` | Database Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `mariadb.primary.persistence.size` | Database Persistent Volume Size | `8Gi` | -| `mariadb.primary.persistence.hostPath` | Set path in case you want to use local host path volumes (not recommended in production) | `""` | -| `mariadb.primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `externalDatabase.host` | Host of the existing database | `""` | -| `externalDatabase.port` | Port of the existing database | `3306` | -| `externalDatabase.user` | Existing username in the external database | `bn_suitecrm` | -| `externalDatabase.password` | Password for the above username | `""` | -| `externalDatabase.database` | Name of the existing database | `bitnami_suitecrm` | - - -### Persistence parameters - -| Name | Description | Value | -| --------------------------- | ---------------------------------------- | --------------- | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for SuiteCRM volume | `""` | -| `persistence.accessMode` | PVC Access Mode for SuiteCRM volume | `ReadWriteOnce` | -| `persistence.accessMode` | PVC Access Mode for SuiteCRM volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for SuiteCRM volume | `8Gi` | -| `persistence.existingClaim` | An Existing PVC name for SuiteCRM volume | `""` | -| `persistence.hostPath` | Host mount path for SuiteCRM volume | `""` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `10-debian-10-r202` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `8080` | -| `service.httpsPort` | Service HTTPS port | `8443` | -| `service.clusterIP` | Static clusterIP or None for headless services | `""` | -| `service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | -| `service.loadBalancerIP` | loadBalancerIP for the SuiteCRM Service (optional, cloud specific) | `""` | -| `service.nodePorts.http` | Kubernetes HTTP node port | `""` | -| `service.nodePorts.https` | Kubernetes HTTPS node port | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `ingress.hostname` | Default host for the ingress resource | `suitecrm.local` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.hosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.tls` | The tls configuration for the ingress | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.path` | Ingress path | `/` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | - - -### Metrics parameters - -| Name | Description | Value | -| --------------------------- | ---------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.10.1-debian-10-r3` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | -| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` | - - -### Certificate injection parameters - -| Name | Description | Value | -| ---------------------------------------------------- | ------------------------------------------------------------------------- | ---------------------------------------- | -| `certificates.customCertificate.certificateSecret` | Secret containing the certificate and key to add | `""` | -| `certificates.customCertificate.chainSecret.name` | Name of the secret containing the certificate chain | `""` | -| `certificates.customCertificate.chainSecret.key` | Key of the certificate chain file inside the secret | `""` | -| `certificates.customCertificate.certificateLocation` | Location in the container to store the certificate | `/etc/ssl/certs/ssl-cert-snakeoil.pem` | -| `certificates.customCertificate.keyLocation` | Location in the container to store the private key | `/etc/ssl/private/ssl-cert-snakeoil.key` | -| `certificates.customCertificate.chainLocation` | Location in the container to store the certificate chain | `/etc/ssl/certs/mychain.pem` | -| `certificates.customCAs` | Defines a list of secrets to import into the container trust store | `[]` | -| `certificates.command` | Override default container command (useful when using custom images) | `[]` | -| `certificates.args` | Override default container args (useful when using custom images) | `[]` | -| `certificates.extraEnvVars` | Container sidecar extra environment variables | `[]` | -| `certificates.extraEnvVarsCM` | ConfigMap containing extra environment variables | `""` | -| `certificates.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) | `""` | -| `certificates.image.registry` | Container sidecar registry | `docker.io` | -| `certificates.image.repository` | Container sidecar image repository | `bitnami/bitnami-shell` | -| `certificates.image.tag` | Container sidecar image tag (immutable tags are recommended) | `10-debian-10-r202` | -| `certificates.image.pullPolicy` | Container sidecar image pull policy | `IfNotPresent` | -| `certificates.image.pullSecrets` | Container sidecar image pull secrets | `[]` | - - -The above parameters map to the env variables defined in [bitnami/suitecrm](http://github.com/bitnami/bitnami-docker-suitecrm). For more information please refer to the [bitnami/suitecrm](http://github.com/bitnami/bitnami-docker-suitecrm) image documentation. - -> **Note**: -> -> For SuiteCRM to function correctly, you should specify the `suitecrmHost` parameter to specify the FQDN (recommended) or the public IP address of the SuiteCRM service. -> -> Optionally, you can specify the `suitecrmLoadBalancerIP` parameter to assign a reserved IP address to the SuiteCRM service of the chart. However please note that this feature is only available on a few cloud providers (f.e. GKE). -> -> To reserve a public IP address on GKE: -> -> ```bash -> $ gcloud compute addresses create suitecrm-public-ip -> ``` -> -> The reserved IP address can be associated to the SuiteCRM service by specifying it as the value of the `suitecrmLoadBalancerIP` parameter while installing the chart. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set suitecrmUsername=admin,suitecrmPassword=password,mariadb.auth.rootPassword=secretpassword \ - bitnami/suitecrm -``` - -The above command sets the SuiteCRM administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/suitecrm -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Image - -The `image` parameter allows specifying which image will be pulled for the chart. - -#### Private registry - -If you configure the `image` value to one in a private registry, you will need to [specify an image pull secret](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). - -1. Manually create image pull secret(s) in the namespace. See [this YAML example reference](https://kubernetes.io/docs/concepts/containers/images/#creating-a-secret-with-a-docker-config). Consult your image registry's documentation about getting the appropriate secret. -1. Note that the `imagePullSecrets` configuration value cannot currently be passed to helm using the `--set` parameter, so you must supply these using a `values.yaml` file, such as: - - ```yaml - imagePullSecrets: - - name: SECRET_NAME - ``` - -1. Install the chart - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` paremeter. Find more infomation about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami SuiteCRM](https://github.com/bitnami/bitnami-docker-suitecrm) image stores the SuiteCRM data and configurations at the `/bitnami/suitecrm` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -### Existing PersistentVolumeClaim - -1. Create the PersistentVolume -1. Create the PersistentVolumeClaim -1. Install the chart - - ```bash - $ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/suitecrm - ``` - -### Host path - -#### System compatibility - -- The local filesystem accessibility to a container in a pod with `hostPath` has been tested on OSX/MacOS with xhyve, and Linux with VirtualBox. -- Windows has not been tested with the supported VM drivers. Minikube does however officially support [Mounting Host Folders](https://github.com/kubernetes/minikube/blob/master/docs/host_folder_mount.md) per pod. Or you may manually sync your container whenever host files are changed with tools like [docker-sync](https://github.com/EugenMayer/docker-sync) or [docker-bg-sync](https://github.com/cweagans/docker-bg-sync). - -#### Mounting steps - -1. The specified `hostPath` directory must already exist (create one if it does not). -1. Install the chart - - ```bash - $ helm install my-release --set persistence.hostPath=/PATH/TO/HOST/MOUNT bitnami/suitecrm - ``` - - This will mount the `suitecrm-data` volume into the `hostPath` directory. The site data will be persisted if the mount path contains valid data, else the site data will be initialized at first launch. -1. Because the container cannot control the host machine's directory permissions, you must set the SuiteCRM file directory permissions yourself and disable or clear SuiteCRM cache. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 9.0.0 - -In this major there were three main changes introduced: - -- Adaptation to Helm v2 EOL -- Updated MariaDB dependency version -- Migration to non-root - -Please read the update notes carefully. - -**1. Adaptation to Helm v2 EOL** - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -**2. Updated MariaDB dependency version** - -In this major the MariaDB dependency version was also bumped to a new major version that introduces several incompatilibites. Therefore, backwards compatibility is not guaranteed unless an external database is used. Check [MariaDB Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/mariadb#to-800) for more information. - -**3. Migration of the SuiteCRM image to non-root ** - -The [Bitnami SuiteCRM](https://github.com/bitnami/bitnami-docker-suitecrm) image was updated to support and enable the "non-root" user approach - -If you want to continue to run the container image as the `root` user, you need to set `podSecurityContext.enabled=false` and `containerSecurity.context.enabled=false`. - -Consequences: - -- The HTTP/HTTPS ports exposed by the container are now `8080/8443` instead of `80/443`. -- Backwards compatibility is not guaranteed. - -To upgrade to `9.0.0`, you can either install a new SuiteCRM chart and migrate your site or reuse the PVCs used to hold both the MariaDB and SuiteCRM data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `suitecrm` and that a `rootUser.password` was defined for MariaDB in `values.yaml` when the chart was first installed): - -> NOTE: Please, create a backup of your database before running any of those actions. The steps below would be only valid if your application (e.g. any plugins or custom code) is compatible with MariaDB 10.5.x - -Obtain the credentials and the names of the PVCs used to hold both the MariaDB and SuiteCRM data on your current release: - -```console -export SUITECRM_HOST=$(kubectl get svc --namespace default suitecrm --template "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}") -export SUITECRM_PASSWORD=$(kubectl get secret --namespace default suitecrm -o jsonpath="{.data.suitecrm-password}" | base64 --decode) -export MARIADB_ROOT_PASSWORD=$(kubectl get secret --namespace default suitecrm-mariadb -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) -export MARIADB_PASSWORD=$(kubectl get secret --namespace default suitecrm-mariadb -o jsonpath="{.data.mariadb-password}" | base64 --decode) -export MARIADB_PVC=$(kubectl get pvc -l app=mariadb,component=master,release=suitecrm -o jsonpath="{.items[0].metadata.name}") -\``` - -Upgrade your release (maintaining the version) disabling MariaDB and scaling SuiteCRM replicas to 0: - -```console -$ helm upgrade suitecrm bitnami/suitecrm --set suitecrmPassword=$SUITECRM_PASSWORD --set replicaCount=0 --set mariadb.enabled=false --version 8.0.26 -\``` - -Finally, upgrade your release to `9.0.0` reusing the existing PVC, and enabling back MariaDB: - -```console -$ helm upgrade suitecrm bitnami/suitecrm --set mariadb.primary.persistence.existingClaim=$MARIADB_PVC --set mariadb.auth.rootPassword=$MARIADB_ROOT_PASSWORD --set mariadb.auth.password=$MARIADB_PASSWORD --set suitecrmPassword=$SUITECRM_PASSWORD --set containerSecurityContext.runAsUser=0 --set podSecurityContext.fsGroup=0 -\``` - -You should see the lines below in MariaDB container logs: - -```console -$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=suitecrm,app.kubernetes.io/name=mariadb,app.kubernetes.io/component=primary -o jsonpath="{.items[0].metadata.name}") -... -mariadb 12:13:24.98 INFO ==> Using persisted data -mariadb 12:13:25.01 INFO ==> Running mysql_upgrade -... -``` - -This upgrade also adapts the chart to the latest Bitnami good practices. Check the Parameters section for more information. - -### To 8.0.0 - -Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. - -In https://github.com/helm/charts/pull/17310 the `apiVersion` of the deployment resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. - -This major version signifies this change. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is suitecrm: - -```console -$ kubectl patch deployment suitecrm-suitecrm --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -$ kubectl delete statefulset suitecrm-mariadb --cascade=false -``` diff --git a/bitnami/suitecrm/ci/ct-values.yaml b/bitnami/suitecrm/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/suitecrm/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/suitecrm/templates/NOTES.txt b/bitnami/suitecrm/templates/NOTES.txt deleted file mode 100644 index ce7837f..0000000 --- a/bitnami/suitecrm/templates/NOTES.txt +++ /dev/null @@ -1,112 +0,0 @@ -{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} - -{{- if empty (include "suitecrm.host" .) -}} -############################################################################### -### ERROR: You did not provide an external host in your 'helm install' call ### -############################################################################### - -This deployment will be incomplete until you configure SuiteCRM with a resolvable -host. To configure SuiteCRM with the URL of your service: - -1. Get the SuiteCRM URL by running: - - {{- if eq .Values.service.type "NodePort" }} - - export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.spec.ports[0].nodePort}") - export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - - {{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "suitecrm.secretName" . }} -o jsonpath="{.data.suitecrm-password}" | base64 --decode) - export DATABASE_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "suitecrm.databaseSecretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) - {{- end }} - export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "suitecrm.databaseSecretName" . }} -o jsonpath="{.data.mariadb-password}" | base64 --decode) - -2. Complete your SuiteCRM deployment by running: - -{{- if .Values.mariadb.enabled }} - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set suitecrmHost=$APP_HOST,suitecrmPassword=$APP_PASSWORD,mariadb.auth.rootPassword=$DATABASE_ROOT_PASSWORD,mariadb.auth.password=$APP_DATABASE_PASSWORD{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- else }} - - ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set suitecrmPassword=$APP_PASSWORD,suitecrmHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.host) }},externalDatabase.host={{ .Values.externalDatabase.host }}{{- end }}{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }}{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- end }} - -{{- else -}} -1. Get the SuiteCRM URL by running: - -{{- if eq .Values.service.type "ClusterIP" }} - - echo "SuiteCRM URL: http://127.0.0.1:8080/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} 8080:{{ .Values.service.port }} - -{{- else }} - -{{- $port:=.Values.service.port | toString }} - - echo "SuiteCRM URL: http://{{ include "suitecrm.host" . }}{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - -{{- end }} - -2. Get your SuiteCRM login credentials by running: - - echo Username : {{ .Values.suitecrmUsername }} - echo Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "suitecrm.secretName" . }} -o jsonpath="{.data.suitecrm-password}" | base64 --decode) -{{- end }} - -{{- else -}} - -######################################################################################## -### ERROR: You did not provide an external database host in your 'helm install' call ### -######################################################################################## - -This deployment will be incomplete until you configure SuiteCRM with a resolvable database -host. To configure SuiteCRM to use and external database host: - - -1. Complete your SuiteCRM deployment by running: - -{{- if eq .Values.service.type "NodePort" }} - export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") -{{- else if eq .Values.service.type "LoadBalancer" }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") -{{- else }} - - export APP_HOST=127.0.0.1 -{{- end }} - export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "suitecrm.secretName" . }} -o jsonpath="{.data.suitecrm-password}" | base64 --decode) - - ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## - - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/{{ .Chart.Name }} \ - --set suitecrmPassword=$APP_PASSWORD,suitecrmHost=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST{{- if .Values.global }}{{- if .Values.global.imagePullSecrets }},global.imagePullSecrets={{ .Values.global.imagePullSecrets }}{{- end }}{{- end }} -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} - -{{- $passwordValidationErrors := list -}} -{{- if not .Values.existingSecret -}} - {{- $secretName := include "suitecrm.secretName" . -}} - {{- $requiredSuiteCRMPassword := dict "valueKey" "suitecrmPassword" "secret" $secretName "field" "suitecrm-password" "context" $ -}} - {{- $requiredSuiteCRMPasswordError := include "common.validations.values.single.empty" $requiredSuiteCRMPassword -}} - {{- $passwordValidationErrors = append $passwordValidationErrors $requiredSuiteCRMPasswordError -}} -{{- end -}} - -{{- $mariadbSecretName := include "suitecrm.databaseSecretName" . -}} -{{- $mariadbPasswordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" $mariadbSecretName "subchart" true "context" $) -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $mariadbPasswordValidationErrors -}} - -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/suitecrm/templates/_helpers.tpl b/bitnami/suitecrm/templates/_helpers.tpl deleted file mode 100644 index 27fbd6c..0000000 --- a/bitnami/suitecrm/templates/_helpers.tpl +++ /dev/null @@ -1,144 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "suitecrm.mariadb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Get the user defined LoadBalancerIP for this release. -Note, returns 127.0.0.1 if using ClusterIP. -*/}} -{{- define "suitecrm.serviceIP" -}} -{{- if eq .Values.service.type "ClusterIP" -}} -127.0.0.1 -{{- else -}} -{{- .Values.service.loadBalancerIP | default "" -}} -{{- end -}} -{{- end -}} - -{{/* -Gets the host to be used for this application. -If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty. -When using Ingress, it will be set to the Ingress hostname. -*/}} -{{- define "suitecrm.host" -}} -{{- if .Values.ingress.enabled }} -{{- $host := .Values.ingress.hostname | default "" -}} -{{- default (include "suitecrm.serviceIP" .) $host -}} -{{- else -}} -{{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}} -{{- default (include "suitecrm.serviceIP" .) $host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper certificate image name -*/}} -{{- define "certificates.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.certificates.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper SuiteCRM image name -*/}} -{{- define "suitecrm.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "suitecrm.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "suitecrm.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "suitecrm.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.certificates.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "suitecrm.storageClass" -}} -{{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) -}} -{{- end -}} - -{{/* -SuiteCRM credential secret name -*/}} -{{- define "suitecrm.secretName" -}} -{{- coalesce .Values.existingSecret (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Return the MariaDB Hostname -*/}} -{{- define "suitecrm.databaseHost" -}} -{{- if .Values.mariadb.enabled }} - {{- if eq .Values.mariadb.architecture "replication" }} - {{- printf "%s-%s" (include "suitecrm.mariadb.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "suitecrm.mariadb.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.host -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Port -*/}} -{{- define "suitecrm.databasePort" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "3306" -}} -{{- else -}} - {{- printf "%d" (.Values.externalDatabase.port | int ) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Database Name -*/}} -{{- define "suitecrm.databaseName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.database -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.database -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB User -*/}} -{{- define "suitecrm.databaseUser" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" .Values.mariadb.auth.username -}} -{{- else -}} - {{- printf "%s" .Values.externalDatabase.user -}} -{{- end -}} -{{- end -}} - -{{/* -Return the MariaDB Secret Name -*/}} -{{- define "suitecrm.databaseSecretName" -}} -{{- if .Values.mariadb.enabled }} - {{- printf "%s" (include "suitecrm.mariadb.fullname" .) -}} -{{- else if .Values.externalDatabase.existingSecret -}} - {{- printf "%s" .Values.externalDatabase.existingSecret -}} -{{- else -}} - {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/suitecrm/templates/deployment.yaml b/bitnami/suitecrm/templates/deployment.yaml deleted file mode 100644 index 30ad426..0000000 --- a/bitnami/suitecrm/templates/deployment.yaml +++ /dev/null @@ -1,316 +0,0 @@ -{{- if include "suitecrm.host" . -}} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "suitecrm.imagePullSecrets" . | nindent 6 }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hostAliases }} - # yamllint disable rule:indentation - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - # yamllint enable rule:indentation - {{- end }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "suitecrm.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p "/bitnami/suitecrm" - chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "/bitnami/suitecrm" - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: suitecrm-data - mountPath: /bitnami/suitecrm - subPath: suitecrm - {{- end }} - {{- if .Values.certificates.customCAs }} - - name: certificates - image: {{ template "certificates.image" . }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.certificates.image.pullPolicy }} - imagePullSecrets: - {{- range (default .Values.image.pullSecrets .Values.certificates.image.pullSecrets) }} - - name: {{ . }} - {{- end }} - command: - {{- if .Values.certificates.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.command "context" $) | nindent 12 }} - {{- else if .Values.certificates.customCertificate.certificateSecret }} - - sh - - -c - - install_packages ca-certificates openssl - {{- else }} - - sh - - -c - - install_packages ca-certificates openssl - && openssl req -new -x509 -days 3650 -nodes -sha256 - -subj "/CN=$(hostname)" -addext "subjectAltName = DNS:$(hostname)" - -out {{ .Values.certificates.customCertificate.certificateLocation }} - -keyout {{ .Values.certificates.customCertificate.keyLocation }} -extensions v3_req - {{- end }} - {{- if .Values.certificates.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.args "context" $) | nindent 12 }} - {{- end }} - env: {{- include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVars "context" $) | nindent 12 }} - envFrom: - {{- if .Values.certificates.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.certificates.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.certificates.extraEnvVarsSecret "context" $) }} - {{- end }} - volumeMounts: - - name: etc-ssl-certs - mountPath: /etc/ssl/certs - readOnly: false - - name: etc-ssl-private - mountPath: /etc/ssl/private - readOnly: false - - name: custom-ca-certificates - mountPath: /usr/local/share/ca-certificates - readOnly: true - {{- end }} - containers: - - name: suitecrm - image: {{ include "suitecrm.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "yes" "no" .Values.allowEmptyPassword | quote }} - - name: APACHE_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: APACHE_HTTPS_PORT_NUMBER - value: {{ .Values.containerPorts.https | quote }} - - name: SUITECRM_VALIDATE_USER_IP - value: {{ .Values.suitecrmValidateUserIP | quote }} - - name: SUITECRM_DATABASE_HOST - value: {{ include "suitecrm.databaseHost" . | quote }} - - name: SUITECRM_DATABASE_PORT_NUMBER - value: {{ include "suitecrm.databasePort" . | quote }} - - name: SUITECRM_DATABASE_NAME - value: {{ include "suitecrm.databaseName" . | quote }} - - name: SUITECRM_DATABASE_USER - value: {{ include "suitecrm.databaseUser" . | quote }} - - name: SUITECRM_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "suitecrm.databaseSecretName" . }} - key: mariadb-password - - name: SUITECRM_SKIP_BOOTSTRAP - value: {{ ternary "yes" "no" .Values.suitecrmSkipInstall | quote }} - {{- $port:=.Values.service.port | toString }} - - name: SUITECRM_HOST - value: {{ include "suitecrm.host" . }} - - name: SUITECRM_USERNAME - value: {{ .Values.suitecrmUsername | quote }} - - name: SUITECRM_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: suitecrm-password - - name: SUITECRM_EMAIL - value: {{ .Values.suitecrmEmail | quote }} - - name: SUITECRM_SMTP_NOTIFY_NAME - value: {{ .Values.suitecrmNotifyName | quote }} - - name: SUITECRM_SMTP_NOTIFY_ADDRESS - value: {{ .Values.suitecrmNotifyAddress | quote }} - - name: SUITECRM_SMTP_HOST - value: {{ .Values.suitecrmSmtpHost | quote }} - - name: SUITECRM_SMTP_PORT_NUMBER - value: {{ .Values.suitecrmSmtpPort | quote }} - - name: SUITECRM_SMTP_USER - value: {{ .Values.suitecrmSmtpUser | quote }} - {{- if .Values.suitecrmSmtpPassword }} - - name: SUITECRM_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: suitecrm-smtp-password - {{- end }} - - name: SUITECRM_SMTP_PROTOCOL - value: {{ .Values.suitecrmSmtpProtocol | quote }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: https - containerPort: {{ .Values.containerPorts.https }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.livenessProbe.path }} - port: http - httpHeaders: - - name: Host - value: {{ include "suitecrm.host" . | quote }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.path }} - port: http - httpHeaders: - - name: Host - value: {{ include "suitecrm.host" . | quote }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: - httpGet: - path: {{ .Values.startupProbe.path }} - port: http - httpHeaders: - - name: Host - value: {{ include "suitecrm.host" . | quote }} - initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.startupProbe.periodSeconds }} - timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} - successThreshold: {{ .Values.startupProbe.successThreshold }} - failureThreshold: {{ .Values.startupProbe.failureThreshold }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- include "common.tplvalues.render" (dict "value" .Values.resources "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: suitecrm-data - mountPath: /bitnami/suitecrm - subPath: suitecrm - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "suitecrm.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - command: [ '/bin/apache_exporter', '--scrape_uri', 'http://status.localhost:{{ .Values.containerPorts.http }}/server-status/?auto' ] - ports: - - name: metrics - containerPort: 9117 - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 - resources: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.resources "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: suitecrm-data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (printf "%s-suitecrm" (include "common.names.fullname" .)) }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end -}} diff --git a/bitnami/suitecrm/templates/externaldb-secrets.yaml b/bitnami/suitecrm/templates/externaldb-secrets.yaml deleted file mode 100644 index 4e40736..0000000 --- a/bitnami/suitecrm/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if not .Values.mariadb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ include "common.names.fullname" . }}-externaldb" - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end }} -type: Opaque -data: - mariadb-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/suitecrm/templates/extra-list.yaml b/bitnami/suitecrm/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/suitecrm/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/suitecrm/templates/metrics-svc.yaml b/bitnami/suitecrm/templates/metrics-svc.yaml deleted file mode 100644 index 43931a2..0000000 --- a/bitnami/suitecrm/templates/metrics-svc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{ if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - ports: - - port: {{ .Values.metrics.service.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} -{{- end }} diff --git a/bitnami/suitecrm/templates/pv.yaml b/bitnami/suitecrm/templates/pv.yaml deleted file mode 100644 index 842ddad..0000000 --- a/bitnami/suitecrm/templates/pv.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.persistence.enabled .Values.persistence.hostPath (not .Values.persistence.existingClaim) -}} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ include "common.names.fullname" . }}-suitecrm - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - capacity: - storage: {{ .Values.persistence.size | quote }} - hostPath: - path: {{ .Values.persistence.hostPath | quote }} -{{- end -}} diff --git a/bitnami/suitecrm/templates/pvc.yaml b/bitnami/suitecrm/templates/pvc.yaml deleted file mode 100644 index 3b7c048..0000000 --- a/bitnami/suitecrm/templates/pvc.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and (include "suitecrm.host" .) .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }}-suitecrm - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.persistence.hostPath }} - storageClassName: "" - {{- end }} - accessModes: - - {{ .Values.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "suitecrm.storageClass" . | nindent 2 }} -{{- end -}} diff --git a/bitnami/suitecrm/templates/secrets.yaml b/bitnami/suitecrm/templates/secrets.yaml deleted file mode 100644 index 7bbfb33..0000000 --- a/bitnami/suitecrm/templates/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if not .Values.existingSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.suitecrmPassword }} - suitecrm-password: {{ default "" .Values.suitecrmPassword | b64enc | quote }} - {{- else }} - suitecrm-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- if .Values.suitecrmSmtpPassword }} - suitecrm-smtp-password: {{ .Values.suitecrmSmtpPassword | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/bitnami/suitecrm/templates/svc.yaml b/bitnami/suitecrm/templates/svc.yaml deleted file mode 100644 index b012d9f..0000000 --- a/bitnami/suitecrm/templates/svc.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} - {{- if (and .Values.service.clusterIP (eq .Values.service.type "ClusterIP")) }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if (and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer")) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: https - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https))) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - publishNotReadyAddresses: true diff --git a/bitnami/suitecrm/templates/tls-secrets.yaml b/bitnami/suitecrm/templates/tls-secrets.yaml deleted file mode 100644 index 36742a9..0000000 --- a/bitnami/suitecrm/templates/tls-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} -{{- end }} -{{- end }} diff --git a/bitnami/suitecrm/values.yaml b/bitnami/suitecrm/values.yaml deleted file mode 100644 index 5ce5f1f..0000000 --- a/bitnami/suitecrm/values.yaml +++ /dev/null @@ -1,696 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override suitecrm.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override suitecrm.fullname template -## -fullnameOverride: "" -## @param extraDeploy Array with extra yaml to deploy with the chart. Evaluated as a template -## -extraDeploy: [] -## @param commonAnnotations Common annotations to add to all SuiteCRM resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels Common labels to add to all SuiteCRM resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} - -## @section SuiteCRM parameters - -## Bitnami SuiteCRM image version -## ref: https://hub.docker.com/r/bitnami/suitecrm/tags/ -## @param image.registry SuiteCRM image registry -## @param image.repository SuiteCRM image repository -## @param image.tag SuiteCRM image tag (immutable tags are recommended) -## @param image.pullPolicy SuiteCRM image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/suitecrm - tag: 7.11.22-debian-10-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param replicaCount Number of replicas (requires ReadWriteMany PVC support) -## -replicaCount: 1 -## @param suitecrmSkipInstall Skip SuiteCRM installation wizard. Useful for migrations and restoring from SQL dump -## ref: https://github.com/bitnami/bitnami-docker-suitecrm#configuration -## -suitecrmSkipInstall: false -## @param suitecrmValidateUserIP Whether to validate the user IP address or not -## ref: https://github.com/bitnami/bitnami-docker-suitecrm#configuration -## -suitecrmValidateUserIP: false -## @param suitecrmHost SuiteCRM host to create application URLs -## ref: https://github.com/bitnami/bitnami-docker-suitecrm#configuration -## -suitecrmHost: "" -## @param suitecrmUsername User of the application -## ref: https://github.com/bitnami/bitnami-docker-suitecrm#configuration -## -suitecrmUsername: user -## @param suitecrmPassword Application password -## Defaults to a random 10-character alphanumeric string if not set -## ref: https://github.com/bitnami/bitnami-docker-suitecrm#configuration -## -suitecrmPassword: "" -## @param suitecrmEmail Admin email -## ref: https://github.com/bitnami/bitnami-docker-suitecrm#configuration -## -suitecrmEmail: user@example.com -## @param allowEmptyPassword Allow DB blank passwords -## ref: https://github.com/bitnami/bitnami-docker-suitecrm#environment-variables -## -allowEmptyPassword: false -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param hostAliases [array] Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: - ## Necessary for apache-exporter to work - ## - - ip: "127.0.0.1" - hostnames: - - "status.localhost" -## @param updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate -## @param extraEnvVars An array to add extra environment variables -## For example: -## - name: BEARER_AUTH -## value: true -## -extraEnvVars: [] -## @param extraEnvVarsCM ConfigMap containing extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret containing extra environment variables -## -extraEnvVarsSecret: "" -## @param extraVolumes Extra volumes to add to the deployment. Requires setting `extraVolumeMounts` -## -extraVolumes: [] -## @param extraVolumeMounts Extra volume mounts to add to the container. Requires setting `extraVolumeMounts -## -extraVolumeMounts: [] -## @param initContainers Extra init containers to add to the deployment -## -initContainers: [] -## @param sidecars Extra sidecar containers to add to the deployment -## -sidecars: [] -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param existingSecret Name of a secret with the application password -## -existingSecret: "" -## SMTP mail delivery configuration -## ref: https://github.com/bitnami/bitnami-docker-suitecrm/#smtp-configuration -## @param suitecrmSmtpHost SMTP host -## @param suitecrmSmtpPort SMTP port -## @param suitecrmSmtpUser SMTP user -## @param suitecrmSmtpPassword SMTP password -## @param suitecrmSmtpProtocol SMTP protocol [`ssl`, `tls`] -## @param suitecrmNotifyAddress SuiteCRM notify address -## @param suitecrmNotifyName SuiteCRM notify name -## -suitecrmSmtpHost: "" -suitecrmSmtpPort: "" -suitecrmSmtpUser: "" -suitecrmSmtpPassword: "" -suitecrmSmtpProtocol: "" -suitecrmNotifyAddress: "" -suitecrmNotifyName: "" -## @param containerPorts [object] Container ports -## -containerPorts: - http: 8080 - https: 8443 -## @param sessionAffinity Control where client requests go, to the same pod or round-robin -## Values: ClientIP or None -## ref: https://kubernetes.io/docs/user-guide/services/ -## -sessionAffinity: "None" -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## Container resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.requests The requested resources for the container -## -resources: - ## Examples: - ## requests: - ## cpu: 300m - ## memory: 512Mi - requests: {} -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable SuiteCRM pods' Security Context -## @param podSecurityContext.fsGroup SuiteCRM pods' group ID -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enable SuiteCRM containers' Security Context -## @param containerSecurityContext.runAsUser SuiteCRM containers' Security Context -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.path Request path for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - path: /index.php - initialDelaySeconds: 600 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.path Request path for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - path: /index.php - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 6 - successThreshold: 1 -## Configure extra options for startupProbe probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.path Request path for startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - path: /index.php - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 3 - failureThreshold: 60 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param customStartupProbe Override default startup probe -## -customStartupProbe: {} -## @param lifecycleHooks lifecycleHooks for the container to automate configuration before or after startup -## -lifecycleHooks: {} -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podLabels Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## @section Database parameters - -## MariaDB chart configuration -## https://github.com/bitnami/charts/blob/master/bitnami/mariadb/values.yaml -## -mariadb: - ## @param mariadb.enabled Whether to deploy a mariadb server to satisfy the applications database requirements - ## To use an external database set this to false and configure the externalDatabase parameters - ## - enabled: true - ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication` - ## - architecture: standalone - ## MariaDB Authentication parameters - ## - auth: - ## @param mariadb.auth.rootPassword Password for the MariaDB `root` user - ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param mariadb.auth.database Database name to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run - ## - database: bitnami_suitecrm - ## @param mariadb.auth.username Database user to create - ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: bn_suitecrm - ## @param mariadb.auth.password Password for the database - ## - password: "" - primary: - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param mariadb.primary.persistence.enabled Enable database persistence using PVC - ## - enabled: true - ## @param mariadb.primary.persistence.storageClass MariaDB data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param mariadb.primary.persistence.accessModes Database Persistent Volume Access Modes - ## - accessModes: - - ReadWriteOnce - ## @param mariadb.primary.persistence.size Database Persistent Volume Size - ## - size: 8Gi - ## @param mariadb.primary.persistence.hostPath Set path in case you want to use local host path volumes (not recommended in production) - ## - hostPath: "" - ## @param mariadb.primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas - ## - existingClaim: "" -## External database configuration -## -externalDatabase: - ## @param externalDatabase.host Host of the existing database - ## - host: "" - ## @param externalDatabase.port Port of the existing database - ## - port: 3306 - ## @param externalDatabase.user Existing username in the external database - ## - user: bn_suitecrm - ## @param externalDatabase.password Password for the above username - ## - password: "" - ## @param externalDatabase.database Name of the existing database - ## - database: bitnami_suitecrm - -## @section Persistence parameters - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using PVC - ## - enabled: true - ## @param persistence.storageClass PVC Storage Class for SuiteCRM volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.accessMode PVC Access Mode for SuiteCRM volume - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - ## @param persistence.accessMode PVC Access Mode for SuiteCRM volume - ## - accessMode: ReadWriteOnce - ## @param persistence.size PVC Storage Request for SuiteCRM volume - ## - size: 8Gi - ## @param persistence.existingClaim An Existing PVC name for SuiteCRM volume - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - existingClaim: "" - ## @param persistence.hostPath Host mount path for SuiteCRM volume - ## Requires persistence.enabled: true - ## Requires persistence.existingClaim: nil|false - ## Default: nil. - ## - hostPath: "" - -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r202 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - -## @section Traffic Exposure Parameters - -## Kubernetes configuration -## For minikube, set this to NodePort, elsewhere use LoadBalancer -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 8080 - ## @param service.httpsPort Service HTTPS port - ## - httpsPort: 8443 - ## @param service.clusterIP Static clusterIP or None for headless services - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerSourceRanges Service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 0.0.0.0/0 - ## - loadBalancerSourceRanges: [] - ## @param service.loadBalancerIP loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - loadBalancerIP: "" - ## @param service.nodePorts.http Kubernetes HTTP node port - ## @param service.nodePorts.https Kubernetes HTTPS node port - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster -## Configure the ingress resource that allows you to access the -## SuiteCRM installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: suitecrm.local - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## e.g: - ## kubernetes.io/ingress.class: nginx - ## - annotations: {} - ## @param ingress.hosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## hosts: - ## - name: suitecrm.local - ## path: / - ## - hosts: [] - ## @param ingress.tls The tls configuration for the ingress - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## tls: - ## - hosts: - ## - suitecrm.local - ## secretName: suitecrm.local-tls - ## - tls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - ## - name: suitecrm.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.path Ingress path - ## - path: / - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - -## @section Metrics parameters - -## Prometheus Exporter / Metrics -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Apache exporter image registry - ## @param metrics.image.repository Apache exporter image repository - ## @param metrics.image.tag Apache exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/apache-exporter - tag: 0.10.1-debian-10-r3 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.resources Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - ## @param metrics.podAnnotations [object] Additional annotations for Metrics exporter pod - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9117" - -## @section Certificate injection parameters - -## Add custom certificates and certificate authorities to SuiteCRM container -## -certificates: - ## @param certificates.customCertificate.certificateSecret Secret containing the certificate and key to add - ## @param certificates.customCertificate.chainSecret.name Name of the secret containing the certificate chain - ## @param certificates.customCertificate.chainSecret.key Key of the certificate chain file inside the secret - ## @param certificates.customCertificate.certificateLocation Location in the container to store the certificate - ## @param certificates.customCertificate.keyLocation Location in the container to store the private key - ## @param certificates.customCertificate.chainLocation Location in the container to store the certificate chain - ## - customCertificate: - certificateSecret: "" - chainSecret: - name: "" - key: "" - certificateLocation: /etc/ssl/certs/ssl-cert-snakeoil.pem - keyLocation: /etc/ssl/private/ssl-cert-snakeoil.key - chainLocation: /etc/ssl/certs/mychain.pem - ## @param certificates.customCAs Defines a list of secrets to import into the container trust store - ## - customCAs: [] - ## @param certificates.command Override default container command (useful when using custom images) - ## - command: [] - ## @param certificates.args Override default container args (useful when using custom images) - ## e.g: - ## - secret: custom-CA - ## - secret: more-custom-CAs - ## - args: [] - ## @param certificates.extraEnvVars Container sidecar extra environment variables - ## - extraEnvVars: [] - ## @param certificates.extraEnvVarsCM ConfigMap containing extra environment variables - ## - extraEnvVarsCM: "" - ## @param certificates.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) - ## - extraEnvVarsSecret: "" - ## @param certificates.image.registry Container sidecar registry - ## @param certificates.image.repository Container sidecar image repository - ## @param certificates.image.tag Container sidecar image tag (immutable tags are recommended) - ## @param certificates.image.pullPolicy Container sidecar image pull policy - ## @param certificates.image.pullSecrets Container sidecar image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r202 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] diff --git a/bitnami/tensorflow-resnet/.helmignore b/bitnami/tensorflow-resnet/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/tensorflow-resnet/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/tensorflow-resnet/Chart.lock b/bitnami/tensorflow-resnet/Chart.lock deleted file mode 100644 index db4df58..0000000 --- a/bitnami/tensorflow-resnet/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-23T16:37:36.277609787Z" diff --git a/bitnami/tensorflow-resnet/Chart.yaml b/bitnami/tensorflow-resnet/Chart.yaml deleted file mode 100644 index 87b10f8..0000000 --- a/bitnami/tensorflow-resnet/Chart.yaml +++ /dev/null @@ -1,30 +0,0 @@ -annotations: - category: MachineLearning -apiVersion: v2 -appVersion: 2.6.0 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Open-source software library serving the ResNet machine learning model. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/tensorflow-resnet -icon: https://bitnami.com/assets/stacks/tensorflow-inception/img/tensorflow-inception-stack-220x234.png -keywords: - - tensorflow - - serving - - resnet - - machine - - learning - - library -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: tensorflow-resnet -sources: - - https://github.com/bitnami/bitnami-docker-tensorflow-serving - - https://github.com/bitnami/bitnami-docker-tensorflow-resnet - - https://www.tensorflow.org/serving/ -version: 3.2.14 diff --git a/bitnami/tensorflow-resnet/README.md b/bitnami/tensorflow-resnet/README.md deleted file mode 100644 index c8f00ce..0000000 --- a/bitnami/tensorflow-resnet/README.md +++ /dev/null @@ -1,199 +0,0 @@ -# TensorFlow Serving ResNet - -TensorFlow Serving is an open-source software library for serving machine learning models. This chart will specifically serve the ResNet model with already trained data. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/tensorflow-resnet -``` - -## Introduction - -This chart bootstraps a TensorFlow Serving ResNet deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Get this chart - -Download the latest release of the chart from the [releases](../../../releases) page. - -Alternatively, clone the repo if you wish to use the development snapshot: - -```console -$ git clone https://github.com/bitnami/charts.git -``` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/tensorflow-resnet -``` - -These commands deploy Tensorflow Serving ResNet model on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` -You can check your releases with: - -```console -$ helm list -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | - - -### Common parameters - -| Name | Description | Value | -| ------------------ | -------------------------------------------------------------------------------------------- | ----- | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | - - -### TensorFlow parameters - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------------------------------------------------------- | ---------------------------- | -| `server.image.registry` | TensorFlow Serving image registry | `docker.io` | -| `server.image.repository` | TensorFlow Serving image repository | `bitnami/tensorflow-serving` | -| `server.image.tag` | TensorFlow Serving Image tag (immutable tags are recommended) | `2.5.1-debian-10-r115` | -| `server.image.pullPolicy` | TensorFlow Serving image pull policy | `IfNotPresent` | -| `server.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `client.image.registry` | TensorFlow ResNet image registry | `docker.io` | -| `client.image.repository` | TensorFlow ResNet image repository | `bitnami/tensorflow-resnet` | -| `client.image.tag` | TensorFlow ResNet Image tag (immutable tags are recommended) | `2.6.0-debian-10-r28` | -| `client.image.pullPolicy` | TensorFlow ResNet image pull policy | `IfNotPresent` | -| `client.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `containerPorts.server` | Tensorflow server port | `8500` | -| `containerPorts.restApi` | TensorFlow Serving Rest API Port | `8501` | -| `replicaCount` | Number of replicas | `1` | -| `podAnnotations` | Pod annotations | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `resources.limits` | The resources limits for the container | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `15` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | TensorFlow Serving server port | `8500` | -| `service.restApiPort` | TensorFlow Serving Rest API port | `8501` | -| `service.nodePorts.server` | Kubernetes server node port | `""` | -| `service.nodePorts.restApi` | Kubernetes Rest API node port | `""` | -| `service.loadBalancerIP` | Set the LoadBalancer service type to internal only. | `""` | -| `service.annotations` | Service annotations | `{}` | -| `metrics.enabled` | Enable Prometheus exporter to expose Tensorflow server metrics | `false` | -| `metrics.podAnnotations` | Prometheus exporter pod annotations | `{}` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release bitnami/tensorflow-resnet --set imagePullPolicy=Always -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/tensorflow-resnet -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 3.1.0 - -This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 3.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 2.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 2.0.0. The following example assumes that the release name is tensorflow-resnet: - -```console -$ kubectl delete deployment tensorflow-resnet --cascade=false -$ helm upgrade tensorflow-resnet bitnami/tensorflow-resnet -$ kubectl delete rs "$(kubectl get rs -l app=tensorflow-resnet -o jsonpath='{.items[0].metadata.name}')" -``` diff --git a/bitnami/tensorflow-resnet/ci/ct-values.yaml b/bitnami/tensorflow-resnet/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/tensorflow-resnet/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/tensorflow-resnet/ci/values-with-metrics.yaml b/bitnami/tensorflow-resnet/ci/values-with-metrics.yaml deleted file mode 100644 index 01c4457..0000000 --- a/bitnami/tensorflow-resnet/ci/values-with-metrics.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct - -metrics: - enabled: true diff --git a/bitnami/tensorflow-resnet/templates/NOTES.txt b/bitnami/tensorflow-resnet/templates/NOTES.txt deleted file mode 100644 index 550069a..0000000 --- a/bitnami/tensorflow-resnet/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -******************************************************************* -*** Please be patient while the chart is being deployed. *** -******************************************************************* - -1. Get the TensorFlow Serving URL by running: - - {{- if contains "NodePort" .Values.service.type }} - - export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.spec.ports[0].nodePort}") - - {{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.spec.ports[0].port}") - - {{- else if contains "ClusterIP" .Values.service.type }} - - export APP_HOST=127.0.0.1 - export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.spec.ports[0].port}") - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} $APP_PORT:$APP_PORT & - - {{- end }} - -2. Test the server with a sample image. - - docker run --rm -it bitnami/tensorflow-resnet bash -c "curl -Lo /tmp/cat.jpg https://tensorflow.org/images/blogs/serving/cat.jpg && resnet_client_cc --server_port=$APP_HOST:$APP_PORT --image_file=/tmp/cat.jpg" - -{{ include "tensorflow-resnet.checkRollingTags" . }} diff --git a/bitnami/tensorflow-resnet/templates/_helpers.tpl b/bitnami/tensorflow-resnet/templates/_helpers.tpl deleted file mode 100644 index 5764d00..0000000 --- a/bitnami/tensorflow-resnet/templates/_helpers.tpl +++ /dev/null @@ -1,28 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper tensorflow-resnet server image name -*/}} -{{- define "tensorflow-resnet.server.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.server.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper tensorflow-resnet client image name -*/}} -{{- define "tensorflow-resnet.client.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.client.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "tensorflow-resnet.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.server.image .Values.client.image) "global" .Values.global) -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "tensorflow-resnet.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.server.image -}} -{{- include "common.warnings.rollingTag" .Values.client.image -}} -{{- end -}} diff --git a/bitnami/tensorflow-resnet/templates/deployment.yaml b/bitnami/tensorflow-resnet/templates/deployment.yaml deleted file mode 100644 index 63c7e3f..0000000 --- a/bitnami/tensorflow-resnet/templates/deployment.yaml +++ /dev/null @@ -1,106 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "tensorflow-resnet.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "master" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "master" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - initContainers: - - name: seed - image: {{ include "tensorflow-resnet.client.image" . }} - imagePullPolicy: {{ .Values.client.image.pullPolicy | quote }} - command: - - "/bin/sh" - - "-c" - - | - if [ -f /seed/.initialized ]; then - echo "Already initialized. Skipping" - else - curl -o /seed/resnet_v2_fp32_savedmodel_NHWC_jpg.tar.gz http://download.tensorflow.org/models/official/20181001_resnet/savedmodels/resnet_v2_fp32_savedmodel_NHWC_jpg.tar.gz - cd /seed/ && tar -xzf resnet_v2_fp32_savedmodel_NHWC_jpg.tar.gz --strip-components=2 - rm resnet_v2_fp32_savedmodel_NHWC_jpg.tar.gz - touch /seed/.initialized - fi - volumeMounts: - - name: seed - mountPath: /seed - containers: - - name: tensorflow-serving - image: {{ include "tensorflow-resnet.server.image" . }} - imagePullPolicy: {{ .Values.server.image.pullPolicy | quote }} - ports: - - name: tf-serving - containerPort: {{ .Values.containerPorts.server }} - - name: tf-serving-api - containerPort: {{ .Values.containerPorts.restApi }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - tcpSocket: - port: tf-serving - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: tf-serving - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - env: - - name: TENSORFLOW_SERVING_MODEL_NAME - value: "resnet" - - name: TENSORFLOW_SERVING_PORT_NUMBER - value: "{{ .Values.server.port }}" - - name: TENSORFLOW_SERVING_REST_API_PORT_NUMBER - value: "{{ .Values.server.restApiPort }}" - - name: TENSORFLOW_SERVING_ENABLE_MONITORING - value: {{ ternary "yes" "no" .Values.metrics.enabled | quote }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: seed - mountPath: "/bitnami/model-data" - volumes: - - name: seed - emptyDir: {} diff --git a/bitnami/tensorflow-resnet/templates/svc.yaml b/bitnami/tensorflow-resnet/templates/svc.yaml deleted file mode 100644 index 5babb85..0000000 --- a/bitnami/tensorflow-resnet/templates/svc.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.service.annotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: tf-serving - port: {{ .Values.service.port }} - targetPort: tf-serving - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.server)) }} - nodePort: {{ .Values.service.nodePorts.server }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: tf-serving-api - port: {{ .Values.service.restApiPort }} - targetPort: tf-serving-api - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.restApi)) }} - nodePort: {{ .Values.service.nodePorts.restApi }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/tensorflow-resnet/values.yaml b/bitnami/tensorflow-resnet/values.yaml deleted file mode 100644 index d651893..0000000 --- a/bitnami/tensorflow-resnet/values.yaml +++ /dev/null @@ -1,231 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - -## @section Common parameters - -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" - -## @section TensorFlow parameters - -## TensorFlow Serving server image version -## ref: https://hub.docker.com/r/bitnami/tensorflow-serving/tags/ -## @param server.image.registry TensorFlow Serving image registry -## @param server.image.repository TensorFlow Serving image repository -## @param server.image.tag TensorFlow Serving Image tag (immutable tags are recommended) -## @param server.image.pullPolicy TensorFlow Serving image pull policy -## @param server.image.pullSecrets Specify docker-registry secret names as an array -## -server: - image: - registry: docker.io - repository: bitnami/tensorflow-serving - tag: 2.5.1-debian-10-r115 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## TensorFlow ResNet image version -## ref: https://hub.docker.com/r/bitnami/tensorflow-resnet/tags/ -## @param client.image.registry TensorFlow ResNet image registry -## @param client.image.repository TensorFlow ResNet image repository -## @param client.image.tag TensorFlow ResNet Image tag (immutable tags are recommended) -## @param client.image.pullPolicy TensorFlow ResNet image pull policy -## @param client.image.pullSecrets Specify docker-registry secret names as an array -## -client: - image: - registry: docker.io - repository: bitnami/tensorflow-resnet - tag: 2.6.0-debian-10-r28 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param hostAliases Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## Container ports -## @param containerPorts.server Tensorflow server port -## @param containerPorts.restApi TensorFlow Serving Rest API Port -## -containerPorts: - server: 8500 - restApi: 8501 -## @param replicaCount Number of replicas -## -replicaCount: 1 -## @param podAnnotations Pod annotations -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## Containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the container -## @param resources.requests The requested resources for the container -## -resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} -## Containers' liveness probe -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Containers' readiness probe -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 5 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## Service for the scheduler node -## -service: - ## @param service.type Kubernetes Service type - ## - type: LoadBalancer - ## @param service.port TensorFlow Serving server port - ## - port: 8500 - ## @param service.restApiPort TensorFlow Serving Rest API port - ## - restApiPort: 8501 - ## Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## @param service.nodePorts.server Kubernetes server node port - ## @param service.nodePorts.restApi Kubernetes Rest API node port - ## - nodePorts: - server: "" - restApi: "" - ## @param service.loadBalancerIP Set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param service.annotations Service annotations - ## This can be used to set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} -## TensorFlow Serving Prometheus exporter configuration -## -metrics: - ## @param metrics.enabled Enable Prometheus exporter to expose Tensorflow server metrics - ## - enabled: false - ## @param metrics.podAnnotations [object] Prometheus exporter pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/path: "/monitoring/prometheus/metrics" - prometheus.io/port: "{{ .Values.containerPorts.restApi }}" diff --git a/bitnami/testlink/.helmignore b/bitnami/testlink/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/testlink/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/testlink/ci/ct-values.yaml b/bitnami/testlink/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/testlink/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/testlink/templates/externaldb-secrets.yaml b/bitnami/testlink/templates/externaldb-secrets.yaml deleted file mode 100644 index b895357..0000000 --- a/bitnami/testlink/templates/externaldb-secrets.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if not .Values.mariadb.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: "{{ include "common.names.fullname" . }}-externaldb" - labels: {{- include "common.labels.standard" . | nindent 4 }} -type: Opaque -data: - mariadb-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} -{{- end }} diff --git a/bitnami/testlink/templates/extra-list.yaml b/bitnami/testlink/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/testlink/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/testlink/templates/ingress.yaml b/bitnami/testlink/templates/ingress.yaml deleted file mode 100644 index 85b0edb..0000000 --- a/bitnami/testlink/templates/ingress.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.hosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: {{- toYaml .Values.ingress.tls | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/testlink/templates/svc.yaml b/bitnami/testlink/templates/svc.yaml deleted file mode 100644 index a680ddf..0000000 --- a/bitnami/testlink/templates/svc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - sessionAffinity: {{ default "None" .Values.service.sessionAffinity }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - name: https - port: {{ .Values.service.httpsPort }} - targetPort: https - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.https)) }} - nodePort: {{ .Values.service.nodePorts.https }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/testlink/templates/tls-secrets.yaml b/bitnami/testlink/templates/tls-secrets.yaml deleted file mode 100644 index 36742a9..0000000 --- a/bitnami/testlink/templates/tls-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} -{{- end }} -{{- end }} diff --git a/bitnami/thanos/.helmignore b/bitnami/thanos/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/thanos/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/thanos/Chart.lock b/bitnami/thanos/Chart.lock deleted file mode 100644 index 7c2269e..0000000 --- a/bitnami/thanos/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -- name: minio - repository: https://charts.bitnami.com/bitnami - version: 8.1.4 -digest: sha256:28bd3826d14b84cdd0d24255588ad860f48fc586f26005677a39b1a15cbc6946 -generated: "2021-09-27T16:44:49.369353614Z" diff --git a/bitnami/thanos/Chart.yaml b/bitnami/thanos/Chart.yaml deleted file mode 100644 index e7a628c..0000000 --- a/bitnami/thanos/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -annotations: - category: Analytics -apiVersion: v2 -appVersion: 0.23.0 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x - - condition: minio.enabled - name: minio - repository: https://charts.bitnami.com/bitnami - version: 8.x.x -description: Thanos is a highly available metrics system that can be added on top of existing Prometheus deployments, providing a global query view across all Prometheus installations. -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/thanos -icon: https://bitnami.com/assets/stacks/thanos/img/thanos-stack-220x234.png -keywords: - - analytics - - monitoring - - prometheus - - thanos -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: thanos -sources: - - https://github.com/bitnami/bitnami-docker-thanos - - https://thanos.io -version: 6.0.3 diff --git a/bitnami/thanos/README.md b/bitnami/thanos/README.md deleted file mode 100644 index e603bfd..0000000 --- a/bitnami/thanos/README.md +++ /dev/null @@ -1,1229 +0,0 @@ -# Thanos - -[Thanos](https://thanos.io/) is a highly available metrics system that can be added on top of existing Prometheus deployments, providing a global query view across all Prometheus installations. - -## TL;DR - -```bash -helm repo add bitnami https://charts.bitnami.com/bitnami -helm install my-release bitnami/thanos -``` - -## Introduction - -This chart bootstraps a [Thanos](https://github.com/bitnami/bitnami-docker-thanos) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -helm repo add bitnami https://charts.bitnami.com/bitnami -helm install my-release bitnami/thanos -``` - -These commands deploy Thanos on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` chart: - -```bash -helm uninstall my-release -``` - -## Architecture - -This charts allows you install several Thanos components, so you deploy an architecture as the one below: - -``` - ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ - │ Thanos │───────────┬────▶ │ Thanos Store │ │ Thanos │ - │ Query │ │ │ Gateway │ │ Compactor │ - └──────────────┘ │ └──────────────┘ └──────────────┘ - push │ │ │ -┌──────────────┐ alerts ┌──────────────┐ │ │ storages │ Downsample & -│ Alertmanager │ ◀──────────│ Thanos │ ◀────┤ │ query metrics │ compact blocks -│ (*) │ │ Ruler │ │ │ │ -└──────────────┘ └──────────────┘ │ ▼ │ - ▲ │ │ ┌────────────────┐ │ - │ push alerts └──────────────│────▶ │ MinIO® (*) │ ◀─────────┘ - │ │ │ │ -┌ ── ── ── ── ── ── ── ── ── ──┐ │ └────────────────┘ -│┌────────────┐ ┌────────────┐│ │ ▲ -││ Prometheus │─▶│ Thanos ││ ◀────────────────┘ │ -││ (*) │◀─│ Sidecar (*)││ query │ inspect -│└────────────┘ └────────────┘│ metrics │ blocks -└ ── ── ── ── ── ── ── ── ── ──┘ │ - ┌──────────────┐ - │ Thanos │ - │ Bucket Web │ - └──────────────┘ -``` - -> Note: Components marked with (*) are provided by subchart(s) (such as the [Bitnami MinIO® chart](https://github.com/bitnami/charts/tree/master/bitnami/minio)) or external charts (such as the [Bitnami kube-prometheus chart](https://github.com/bitnami/charts/tree/master/bitnami/kube-prometheus)). - -Check the section [Integrate Thanos with Prometheus and Alertmanager](#integrate-thanos-with-prometheus-and-alertmanager) for detailed instructions to deploy this architecture. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------ | -------------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | - - -### Thanos common parameters - -| Name | Description | Value | -| ----------------------------- | ----------------------------------------------------------------------------------------- | ------------------- | -| `image.registry` | Thanos image registry | `docker.io` | -| `image.repository` | Thanos image repository | `bitnami/thanos` | -| `image.tag` | Thanos image tag (immutable tags are recommended) | `0.22.0-scratch-r4` | -| `image.pullPolicy` | Thanos image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `objstoreConfig` | The [objstore configuration](https://thanos.io/storage.md/) | `""` | -| `indexCacheConfig` | The [index cache configuration](https://thanos.io/components/store.md/) | `""` | -| `bucketCacheConfig` | The [bucket cache configuration](https://thanos.io/components/store.md/) | `""` | -| `existingObjstoreSecret` | Secret with Objstore Configuration | `""` | -| `existingObjstoreSecretItems` | Optional item list for specifying a custom Secret key. If so, path should be objstore.yml | `[]` | -| `existingServiceAccount` | Provide a common service account to be shared with all components | `""` | - - -### Thanos Query parameters - -| Name | Description | Value | -| --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `query.enabled` | Set to true to enable Thanos Query component | `true` | -| `query.logLevel` | Thanos Query log level | `info` | -| `query.logFormat` | Thanos Query log format | `logfmt` | -| `query.serviceAccount.annotations` | Annotations for Thanos Query Service Account | `{}` | -| `query.serviceAccount.existingServiceAccount` | Provide an existing service account for query | `""` | -| `query.hostAliases` | Deployment pod host aliases | `[]` | -| `query.replicaLabel` | Replica indicator(s) along which data is deduplicated | `["replica"]` | -| `query.dnsDiscovery.enabled` | Enable store APIs discovery via DNS | `true` | -| `query.dnsDiscovery.sidecarsService` | Sidecars service name to discover them using DNS discovery | `""` | -| `query.dnsDiscovery.sidecarsNamespace` | Sidecars namespace to discover them using DNS discovery | `""` | -| `query.stores` | Statically configure store APIs to connect with Thanos Query | `[]` | -| `query.sdConfig` | Query Service Discovery Configuration | `""` | -| `query.existingSDConfigmap` | Name of existing ConfigMap with Ruler configuration | `""` | -| `query.extraContainers` | Extra containers running as sidecars to Thanos query | `[]` | -| `query.extraEnv` | Extra environment variables for Thanos query container | `[]` | -| `query.extraVolumes` | Extra volumes to add to Thanos Query | `[]` | -| `query.extraVolumeMounts` | Extra volume mounts to add to the query container | `[]` | -| `query.extraFlags` | Extra Flags to passed to Thanos Query | `[]` | -| `query.replicaCount` | Number of Thanos Query replicas to deploy | `1` | -| `query.strategyType` | Deployment Strategy Type, can be set to RollingUpdate or Recreate by default | `RollingUpdate` | -| `query.podAffinityPreset` | Thanos Query pod affinity preset | `""` | -| `query.podAntiAffinityPreset` | Thanos Query pod anti-affinity preset. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `query.nodeAffinityPreset.type` | Thanos Query node affinity preset type. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `query.nodeAffinityPreset.key` | Thanos Query node label key to match Ignored if `query.affinity` is set. | `""` | -| `query.nodeAffinityPreset.values` | Thanos Query node label values to match. Ignored if `query.affinity` is set. | `[]` | -| `query.affinity` | Thanos Query affinity for pod assignment | `{}` | -| `query.nodeSelector` | Thanos Query node labels for pod assignment | `{}` | -| `query.tolerations` | Thanos Query tolerations for pod assignment | `[]` | -| `query.podLabels` | Thanos Query pod labels | `{}` | -| `query.podAnnotations` | Annotations for Thanos Query pods | `{}` | -| `query.priorityClassName` | Controller priorityClassName | `""` | -| `query.podSecurityContext.enabled` | Enable security context for the Thanos Query pod | `true` | -| `query.podSecurityContext.fsGroup` | Group ID for the filesystem used by Query container | `1001` | -| `query.podSecurityContext.runAsUser` | User ID for the service user running the Query pod | `1001` | -| `query.containerSecurityContext.enabled` | Enable container security context for Query container | `true` | -| `query.containerSecurityContext.runAsNonRoot` | Force the container Query to run as a non root user | `true` | -| `query.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possiblity on or off for Query | `false` | -| `query.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem of Query container | `false` | -| `query.rbac.create` | Create ClusterRole and ClusterRolebing for the Service account | `false` | -| `query.pspEnabled` | Create PodSecurity Policy | `false` | -| `query.resources.limits` | The resources limits for the Thanos Query container | `{}` | -| `query.resources.requests` | The requested resources for the Thanos Query container | `{}` | -| `query.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `query.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `query.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `query.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | -| `query.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `query.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `query.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `query.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `query.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `query.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | -| `query.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `query.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `query.grpcTLS.server.secure` | Enable TLS for GRPC server | `false` | -| `query.grpcTLS.server.autoGenerated` | Create self-signed TLS certificates. Currently only supports PEM certificates. | `false` | -| `query.grpcTLS.server.cert` | TLS Certificate for gRPC server, leave blank to disable TLS - ignored if existingSecret is provided | `""` | -| `query.grpcTLS.server.key` | TLS Key for the gRPC server, leave blank to disable TLS - ignored if existingSecret is provided | `""` | -| `query.grpcTLS.server.ca` | TLS CA to verify clients against | `""` | -| `query.grpcTLS.server.existingSecret` | Existing secret containing your own TLS certificates. | `{}` | -| `query.grpcTLS.client.secure` | Use TLS when talking to the gRPC server | `false` | -| `query.grpcTLS.client.autoGenerated` | Create self-signed TLS certificates. Currently only supports PEM certificates. | `false` | -| `query.grpcTLS.client.cert` | TLS Certificates to use to identify this client to the server - ignored if existingSecret is provided | `""` | -| `query.grpcTLS.client.key` | TLS Key for the client's certificate - ignored if existingSecret is provided | `""` | -| `query.grpcTLS.client.ca` | TLS CA Certificates to use to verify gRPC servers - ignored if existingSecret is provided | `""` | -| `query.grpcTLS.client.servername` | Server name to verify the hostname on the returned gRPC certificates. See https://tools.ietf.org/html/rfc4366#section-3.1 | `""` | -| `query.grpcTLS.client.existingSecret` | Existing secret containing your own TLS certificates. | `{}` | -| `query.service.type` | Kubernetes service type | `ClusterIP` | -| `query.service.clusterIP` | Thanos Query service clusterIP IP | `""` | -| `query.service.http.port` | Service HTTP port | `9090` | -| `query.service.http.nodePort` | Service HTTP node port | `""` | -| `query.service.targetPort` | Service targetPort override | `http` | -| `query.service.grpc.port` | Service GRPC port | `10901` | -| `query.service.grpc.nodePort` | Service GRPC node port | `""` | -| `query.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | -| `query.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | -| `query.service.externalTrafficPolicy` | Thanos Query service externalTrafficPolicy | `Cluster` | -| `query.service.annotations` | Annotations for Thanos Query service | `{}` | -| `query.service.labelSelectorsOverride` | Selector for Thanos query service | `{}` | -| `query.autoscaling.enabled` | Enable autoscaling for Thanos Query | `false` | -| `query.autoscaling.minReplicas` | Minimum number of Thanos Query replicas | `""` | -| `query.autoscaling.maxReplicas` | Maximum number of Thanos Query replicas | `""` | -| `query.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `query.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | -| `query.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `query.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `query.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `query.ingress.enabled` | Enable ingress controller resource | `false` | -| `query.ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `query.ingress.hostname` | Default host for the ingress resource | `thanos.local` | -| `query.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `query.ingress.annotations` | Ingress annotations | `{}` | -| `query.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `query.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `query.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `query.ingress.tls` | Create ingress TLS section | `false` | -| `query.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `query.ingress.path` | Ingress path | `/` | -| `query.ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `query.ingress.grpc.enabled` | Enable ingress controller resource (GRPC) | `false` | -| `query.ingress.grpc.certManager` | Add annotations for cert-manager (GRPC) | `false` | -| `query.ingress.grpc.hostname` | Default host for the ingress resource (GRPC) | `thanos-grpc.local` | -| `query.ingress.grpc.annotations` | Ingress annotations (GRPC) | `{}` | -| `query.ingress.grpc.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `query.ingress.grpc.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `query.ingress.grpc.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `query.ingress.grpc.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `query.ingress.grpc.path` | Ingress Path | `/` | -| `query.ingress.grpc.pathType` | Ingress Path type | `ImplementationSpecific` | - - -### Thanos Query Frontend parameters - -| Name | Description | Value | -| ----------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `queryFrontend.enabled` | Enable/disable Thanos Query Frontend component | `true` | -| `queryFrontend.logLevel` | Thanos Query Frontend log level | `info` | -| `queryFrontend.logFormat` | Thanos Query Frontend log format | `logfmt` | -| `queryFrontend.serviceAccount.annotations` | Annotations for Thanos Query Frontend Service Account | `{}` | -| `queryFrontend.serviceAccount.existingServiceAccount` | Provide an existing service account for Query Frontend | `""` | -| `queryFrontend.hostAliases` | Deployment pod host aliases | `[]` | -| `queryFrontend.extraContainers` | Extra containers running as sidecars to Thanos Query Frontend container | `[]` | -| `queryFrontend.extraEnv` | Extra environment variables for Thanos Query Frontend container | `[]` | -| `queryFrontend.extraVolumes` | Extra volumes to add to Thanos Query Frontend | `[]` | -| `queryFrontend.extraVolumeMounts` | Extra volume mounts to add to the query-frontend container | `[]` | -| `queryFrontend.extraFlags` | Extra Flags to passed to Thanos Query Frontend | `[]` | -| `queryFrontend.config` | Thanos Query Frontend cache configuration | `""` | -| `queryFrontend.existingConfigmap` | Name of existing ConfigMap with Thanos Query Frontend cache configuration | `""` | -| `queryFrontend.replicaCount` | Number of Thanos Query Frontend replicas to deploy | `1` | -| `queryFrontend.strategyType` | Deployment Strategy Type, can be set to RollingUpdate or Recreate by default | `RollingUpdate` | -| `queryFrontend.podAffinityPreset` | Thanos Query Frontend pod affinity preset | `""` | -| `queryFrontend.podAntiAffinityPreset` | Thanos Query Frontend pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `queryFrontend.nodeAffinityPreset.type` | Thanos Query Frontend node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryFrontend.nodeAffinityPreset.key` | Thanos Query Frontend node label key to match Ignored if `queryFrontend.affinity` is set. | `""` | -| `queryFrontend.nodeAffinityPreset.values` | Thanos Query Frontend node label values to match. Ignored if `queryFrontend.affinity` is set. | `[]` | -| `queryFrontend.affinity` | Thanos Query Frontend affinity for pod assignment | `{}` | -| `queryFrontend.nodeSelector` | Thanos Query Frontend node labels for pod assignment | `{}` | -| `queryFrontend.tolerations` | Thanos Query Frontend tolerations for pod assignment | `[]` | -| `queryFrontend.podLabels` | Thanos Query Frontend pod labels | `{}` | -| `queryFrontend.podAnnotations` | Annotations for Thanos Query Frontend pods | `{}` | -| `queryFrontend.priorityClassName` | Controller priorityClassName | `""` | -| `queryFrontend.podSecurityContext.enabled` | Enable security context for the Thanos Queryfrontend pod | `true` | -| `queryFrontend.podSecurityContext.fsGroup` | Group ID for the filesystem used by Queryfrontend container | `1001` | -| `queryFrontend.podSecurityContext.runAsUser` | User ID for the service user running the Queryfrontend pod | `1001` | -| `queryFrontend.containerSecurityContext.enabled` | Enable container security context for Queryfrontend container | `true` | -| `queryFrontend.containerSecurityContext.runAsNonRoot` | Force the container Queryfrontend to run as a non root user | `true` | -| `queryFrontend.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possiblity on or off for Queryfrontend | `false` | -| `queryFrontend.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem of Queryfrontend container | `false` | -| `queryFrontend.rbac.create` | Create ClusterRole and ClusterRolebing for the Service account | `false` | -| `queryFrontend.pspEnabled` | Create PodSecurity Policy | `false` | -| `queryFrontend.resources.limits` | The resources limits for the Thanos Query Frontend container | `{}` | -| `queryFrontend.resources.requests` | The requested resources for the Thanos Query Frontend container | `{}` | -| `queryFrontend.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `queryFrontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `queryFrontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `queryFrontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | -| `queryFrontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `queryFrontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `queryFrontend.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `queryFrontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `queryFrontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `queryFrontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | -| `queryFrontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `queryFrontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `queryFrontend.service.type` | Kubernetes service type | `ClusterIP` | -| `queryFrontend.service.clusterIP` | Thanos Query Frontend service clusterIP IP | `""` | -| `queryFrontend.service.http.port` | Service HTTP port | `9090` | -| `queryFrontend.service.http.nodePort` | Service HTTP node port | `""` | -| `queryFrontend.service.targetPort` | Service targetPort override | `http` | -| `queryFrontend.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | -| `queryFrontend.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | -| `queryFrontend.service.externalTrafficPolicy` | Thanos Query Frontend service externalTrafficPolicy | `Cluster` | -| `queryFrontend.service.annotations` | Annotations for Thanos Query Frontend service | `{}` | -| `queryFrontend.service.labelSelectorsOverride` | Selector for Thanos query service | `{}` | -| `queryFrontend.autoscaling.enabled` | Enable autoscaling for Thanos Query Frontend | `false` | -| `queryFrontend.autoscaling.minReplicas` | Minimum number of Thanos Query Frontend replicas | `""` | -| `queryFrontend.autoscaling.maxReplicas` | Maximum number of Thanos Query Frontend replicas | `""` | -| `queryFrontend.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `queryFrontend.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | -| `queryFrontend.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `queryFrontend.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `queryFrontend.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `queryFrontend.ingress.enabled` | Enable ingress controller resource | `false` | -| `queryFrontend.ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `queryFrontend.ingress.hostname` | Default host for the ingress resource | `thanos.local` | -| `queryFrontend.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `queryFrontend.ingress.annotations` | Ingress annotations | `{}` | -| `queryFrontend.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `queryFrontend.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `queryFrontend.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `queryFrontend.ingress.tls` | Create ingress TLS section | `false` | -| `queryFrontend.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `queryFrontend.ingress.path` | Ingress path | `/` | -| `queryFrontend.ingress.pathType` | Ingress path type | `ImplementationSpecific` | - - -### Thanos Bucket Web parameters - -| Name | Description | Value | -| ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `bucketweb.enabled` | Enable/disable Thanos Bucket Web component | `false` | -| `bucketweb.logLevel` | Thanos Bucket Web log level | `info` | -| `bucketweb.logFormat` | Thanos Bucket Web log format | `logfmt` | -| `bucketweb.serviceAccount.annotations` | Annotations for Thanos Bucket Web Service Account | `{}` | -| `bucketweb.serviceAccount.existingServiceAccount` | Name for an existing Thanos Bucket Web Service Account | `""` | -| `bucketweb.refresh` | Refresh interval to download metadata from remote storage | `30m` | -| `bucketweb.hostAliases` | Deployment pod host aliases | `[]` | -| `bucketweb.timeout` | Timeout to download metadata from remote storage | `5m` | -| `bucketweb.extraContainers` | Extra containers running as sidecars to Thanos Bucket Web container | `[]` | -| `bucketweb.extraEnv` | Extra environment variables for Thanos Bucket Web container | `[]` | -| `bucketweb.extraVolumes` | Extra volumes to add to Bucket Web | `[]` | -| `bucketweb.extraVolumeMounts` | Extra volume mounts to add to the bucketweb container | `[]` | -| `bucketweb.extraFlags` | Extra Flags to passed to Thanos Bucket Web | `[]` | -| `bucketweb.replicaCount` | Number of Thanos Bucket Web replicas to deploy | `1` | -| `bucketweb.strategyType` | Deployment Strategy Type, can be set to RollingUpdate or Recreate by default | `RollingUpdate` | -| `bucketweb.podAffinityPreset` | Thanos Bucket Web pod affinity preset | `""` | -| `bucketweb.podAntiAffinityPreset` | Thanos Bucket Web pod anti-affinity preset. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `bucketweb.nodeAffinityPreset.type` | Thanos Bucket Web node affinity preset type. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `bucketweb.nodeAffinityPreset.key` | Thanos Bucket Web node label key to match Ignored if `bucketweb.affinity` is set. | `""` | -| `bucketweb.nodeAffinityPreset.values` | Thanos Bucket Web node label values to match. Ignored if `bucketweb.affinity` is set. | `[]` | -| `bucketweb.affinity` | Thanos Bucket Web affinity for pod assignment | `{}` | -| `bucketweb.nodeSelector` | Thanos Bucket Web node labels for pod assignment | `{}` | -| `bucketweb.tolerations` | Thanos Bucket Web tolerations for pod assignment | `[]` | -| `bucketweb.podLabels` | Thanos Bucket Web pod labels | `{}` | -| `bucketweb.podAnnotations` | Annotations for Thanos Bucket Web pods | `{}` | -| `bucketweb.priorityClassName` | Controller priorityClassName | `""` | -| `bucketweb.podSecurityContext.enabled` | Enable security context for the Thanos Bucketweb pod | `true` | -| `bucketweb.podSecurityContext.fsGroup` | Group ID for the filesystem used by Bucketweb container | `1001` | -| `bucketweb.podSecurityContext.runAsUser` | User ID for the service user running the Bucketweb pod | `1001` | -| `bucketweb.containerSecurityContext.enabled` | Enable container security context for Bucketweb container | `true` | -| `bucketweb.containerSecurityContext.runAsNonRoot` | Force the container Bucketweb to run as a non root user | `true` | -| `bucketweb.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possiblity on or off for Bucketweb | `false` | -| `bucketweb.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem of Bucketweb container | `false` | -| `bucketweb.resources.limits` | The resources limits for the Thanos Bucket Web container | `{}` | -| `bucketweb.resources.requests` | The requested resources for the Thanos Bucket Web container | `{}` | -| `bucketweb.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `bucketweb.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `bucketweb.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `bucketweb.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | -| `bucketweb.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `bucketweb.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `bucketweb.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `bucketweb.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `bucketweb.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `bucketweb.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | -| `bucketweb.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `bucketweb.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `bucketweb.service.type` | Kubernetes service type | `ClusterIP` | -| `bucketweb.service.clusterIP` | Thanos Bucket Web service clusterIP IP | `""` | -| `bucketweb.service.http.port` | Service HTTP port | `8080` | -| `bucketweb.service.http.nodePort` | Service HTTP node port | `""` | -| `bucketweb.service.targetPort` | Service targetPort override | `http` | -| `bucketweb.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | -| `bucketweb.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | -| `bucketweb.service.externalTrafficPolicy` | Thanos Bucket Web service externalTrafficPolicy | `Cluster` | -| `bucketweb.service.annotations` | Annotations for Thanos Bucket Web service | `{}` | -| `bucketweb.service.labelSelectorsOverride` | Selector for Thanos query service | `{}` | -| `bucketweb.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `bucketweb.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `bucketweb.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `bucketweb.ingress.enabled` | Enable ingress controller resource | `false` | -| `bucketweb.ingress.certManager` | Add annotations for cert-manager | `false` | -| `bucketweb.ingress.hostname` | Default host for the ingress resource | `thanos-bucketweb.local` | -| `bucketweb.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `bucketweb.ingress.annotations` | Ingress annotations | `{}` | -| `bucketweb.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `bucketweb.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `bucketweb.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `bucketweb.ingress.tls` | Create ingress TLS section | `false` | -| `bucketweb.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `bucketweb.ingress.path` | Ingress path | `/` | -| `bucketweb.ingress.pathType` | Ingress path type | `ImplementationSpecific` | - - -### Thanos Compactor parameters - -| Name | Description | Value | -| ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `compactor.enabled` | Enable/disable Thanos Compactor component | `false` | -| `compactor.logLevel` | Thanos Compactor log level | `info` | -| `compactor.logFormat` | Thanos Compactor log format | `logfmt` | -| `compactor.serviceAccount.annotations` | Annotations for Thanos Compactor Service Account | `{}` | -| `compactor.serviceAccount.existingServiceAccount` | Name for an existing Thanos Compactor Service Account | `""` | -| `compactor.hostAliases` | Deployment pod host aliases | `[]` | -| `compactor.retentionResolutionRaw` | Resolution and Retention flag | `30d` | -| `compactor.retentionResolution5m` | Resolution and Retention flag | `30d` | -| `compactor.retentionResolution1h` | Resolution and Retention flag | `10y` | -| `compactor.consistencyDelay` | Minimum age of fresh (non-compacted) blocks before they are being processed | `30m` | -| `compactor.extraEnv` | Extra environment variables for Thanos Compactor container | `[]` | -| `compactor.extraVolumes` | Extra volumes to add to Thanos Compactor | `[]` | -| `compactor.extraVolumeMounts` | Extra volume mounts to add to the compactor container | `[]` | -| `compactor.extraFlags` | Extra Flags to passed to Thanos Compactor | `[]` | -| `compactor.strategyType` | Deployment Strategy Type, can be set to RollingUpdate or Recreate by default | `RollingUpdate` | -| `compactor.podAffinityPreset` | Thanos Compactor pod affinity preset | `""` | -| `compactor.podAntiAffinityPreset` | Thanos Compactor pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `compactor.nodeAffinityPreset.type` | Thanos Compactor node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `compactor.nodeAffinityPreset.key` | Thanos Compactor node label key to match Ignored if `compactor.affinity` is set. | `""` | -| `compactor.nodeAffinityPreset.values` | Thanos Compactor node label values to match. Ignored if `compactor.affinity` is set. | `[]` | -| `compactor.affinity` | Thanos Compactor affinity for pod assignment | `{}` | -| `compactor.nodeSelector` | Thanos Compactor node labels for pod assignment | `{}` | -| `compactor.tolerations` | Thanos Compactor tolerations for pod assignment | `[]` | -| `compactor.podLabels` | Thanos Compactor pod labels | `{}` | -| `compactor.podAnnotations` | Annotations for Thanos Compactor pods | `{}` | -| `compactor.priorityClassName` | Controller priorityClassName | `""` | -| `compactor.podSecurityContext.enabled` | Enable security context for the Thanos Compactor pod | `true` | -| `compactor.podSecurityContext.fsGroup` | Group ID for the filesystem used by Compactor container | `1001` | -| `compactor.podSecurityContext.runAsUser` | User ID for the service user running the Compactor pod | `1001` | -| `compactor.containerSecurityContext.enabled` | Enable container security context for Compactor container | `true` | -| `compactor.containerSecurityContext.runAsNonRoot` | Force the container Compactor to run as a non root user | `true` | -| `compactor.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possiblity on or off for Compactor | `false` | -| `compactor.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem of Compactor container | `false` | -| `compactor.resources.limits` | The resources limits for the Thanos Compactor container | `{}` | -| `compactor.resources.requests` | The requested resources for the Thanos Compactor container | `{}` | -| `compactor.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `compactor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `compactor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `compactor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | -| `compactor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `compactor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `compactor.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `compactor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `compactor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `compactor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | -| `compactor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `compactor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `compactor.service.type` | Kubernetes service type | `ClusterIP` | -| `compactor.service.clusterIP` | Thanos Compactor service clusterIP IP | `""` | -| `compactor.service.http.port` | Service HTTP port | `9090` | -| `compactor.service.http.nodePort` | Service HTTP node port | `""` | -| `compactor.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | -| `compactor.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `compactor.service.externalTrafficPolicy` | Thanos Compactor service externalTrafficPolicy | `Cluster` | -| `compactor.service.annotations` | Annotations for Thanos Compactor service | `{}` | -| `compactor.service.labelSelectorsOverride` | Selector for Thanos query service | `{}` | -| `compactor.ingress.enabled` | Enable ingress controller resource | `false` | -| `compactor.ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `compactor.ingress.hostname` | Default host for the ingress resource | `thanos-compactor.local` | -| `compactor.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `compactor.ingress.annotations` | Ingress annotations | `{}` | -| `compactor.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `compactor.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `compactor.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `compactor.ingress.tls` | Create ingress TLS section | `false` | -| `compactor.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `compactor.ingress.path` | Ingress path | `/` | -| `compactor.ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `compactor.persistence.enabled` | Enable data persistence | `true` | -| `compactor.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `compactor.persistence.storageClass` | Specify the `storageClass` used to provision the volume | `""` | -| `compactor.persistence.accessModes` | Access modes of data volume | `["ReadWriteOnce"]` | -| `compactor.persistence.size` | Size of data volume | `8Gi` | - - -### Thanos Store Gateway parameters - -| Name | Description | Value | -| ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | -| `storegateway.enabled` | Enable/disable Thanos Store Gateway component | `false` | -| `storegateway.logLevel` | Thanos Store Gateway log level | `info` | -| `storegateway.logFormat` | Thanos Store Gateway log format | `logfmt` | -| `storegateway.serviceAccount.annotations` | Annotations for Thanos Store Gateway Service Account | `{}` | -| `storegateway.serviceAccount.existingServiceAccount` | Name for an existing Thanos Store Gateway Service Account | `""` | -| `storegateway.hostAliases` | Deployment pod host aliases | `[]` | -| `storegateway.extraEnv` | Extra environment variables for Thanos Store Gateway container | `[]` | -| `storegateway.extraVolumes` | Extra volumes to add to Thanos Store Gateway | `[]` | -| `storegateway.extraVolumeMounts` | Extra volume mounts to add to the storegateway container | `[]` | -| `storegateway.extraFlags` | Extra Flags to passed to Thanos Store Gateway | `[]` | -| `storegateway.config` | Thanos Store Gateway cache configuration | `""` | -| `storegateway.existingConfigmap` | Name of existing ConfigMap with Thanos Store Gateway cache configuration | `""` | -| `storegateway.grpc.tls.enabled` | Enable TLS encryption in the GRPC server | `false` | -| `storegateway.grpc.tls.autoGenerated` | Create self-signed TLS certificates. Currently only supports PEM certificates. | `false` | -| `storegateway.grpc.tls.cert` | TLS Certificate for gRPC server, leave blank to disable TLS - ignored if existingSecret is provided | `""` | -| `storegateway.grpc.tls.key` | TLS Key for gRPC server, leave blank to disable TLS - ignored if existingSecret is provided | `""` | -| `storegateway.grpc.tls.ca` | TLS CA to verify clients against - ignored if existingSecret is provided | `""` | -| `storegateway.grpc.tls.existingSecret` | Existing secret containing your own TLS certificates. | `{}` | -| `storegateway.replicaCount` | Number of Thanos Store Gateway replicas to deploy | `1` | -| `storegateway.updateStrategyType` | Statefulset Update Strategy Type, can be set to RollingUpdate or OnDelete by default | `RollingUpdate` | -| `storegateway.podManagementPolicy` | Statefulset Pod management policy: OrderedReady (default) or Parallel | `OrderedReady` | -| `storegateway.podAffinityPreset` | Thanos Store Gateway pod affinity preset | `""` | -| `storegateway.podAntiAffinityPreset` | Thanos Store Gateway pod anti-affinity preset. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `storegateway.nodeAffinityPreset.type` | Thanos Store Gateway node affinity preset type. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `storegateway.nodeAffinityPreset.key` | Thanos Store Gateway node label key to match Ignored if `storegateway.affinity` is set. | `""` | -| `storegateway.nodeAffinityPreset.values` | Thanos Store Gateway node label values to match. Ignored if `storegateway.affinity` is set. | `[]` | -| `storegateway.affinity` | Thanos Store Gateway affinity for pod assignment | `{}` | -| `storegateway.nodeSelector` | Thanos Store Gateway node labels for pod assignment | `{}` | -| `storegateway.tolerations` | Thanos Store Gateway tolerations for pod assignment | `[]` | -| `storegateway.podLabels` | Thanos Store Gateway pod labels | `{}` | -| `storegateway.podAnnotations` | Annotations for Thanos Store Gateway pods | `{}` | -| `storegateway.priorityClassName` | Controller priorityClassName | `""` | -| `storegateway.podSecurityContext.enabled` | Enable security context for the Thanos Storegateway pod | `true` | -| `storegateway.podSecurityContext.fsGroup` | Group ID for the filesystem used by Storegateway container | `1001` | -| `storegateway.podSecurityContext.runAsUser` | User ID for the service user running the Storegateway pod | `1001` | -| `storegateway.containerSecurityContext.enabled` | Enable container security context for Storegateway container | `true` | -| `storegateway.containerSecurityContext.runAsNonRoot` | Force the container Storegateway to run as a non root user | `true` | -| `storegateway.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possiblity on or off for Storegateway | `false` | -| `storegateway.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem of Storegateway container | `false` | -| `storegateway.resources.limits` | The resources limits for the Thanos Store Gateway container | `{}` | -| `storegateway.resources.requests` | The requested resources for the Thanos Store Gateway container | `{}` | -| `storegateway.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `storegateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `storegateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `storegateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | -| `storegateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `storegateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `storegateway.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `storegateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `storegateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `storegateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | -| `storegateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `storegateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `storegateway.service.type` | Kubernetes service type | `ClusterIP` | -| `storegateway.service.clusterIP` | Thanos Store Gateway service clusterIP IP | `""` | -| `storegateway.service.http.port` | Service HTTP port | `9090` | -| `storegateway.service.http.nodePort` | Service HTTP node port | `""` | -| `storegateway.service.grpc.port` | Service GRPC port | `10901` | -| `storegateway.service.grpc.nodePort` | Service GRPC node port | `""` | -| `storegateway.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | -| `storegateway.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `storegateway.service.externalTrafficPolicy` | Thanos Store Gateway service externalTrafficPolicy | `Cluster` | -| `storegateway.service.annotations` | Annotations for Thanos Store Gateway service | `{}` | -| `storegateway.service.labelSelectorsOverride` | Selector for Thanos query service | `{}` | -| `storegateway.service.additionalHeadless` | Additional Headless service | `false` | -| `storegateway.persistence.enabled` | Enable data persistence | `true` | -| `storegateway.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `storegateway.persistence.storageClass` | Specify the `storageClass` used to provision the volume | `""` | -| `storegateway.persistence.accessModes` | Access modes of data volume | `["ReadWriteOnce"]` | -| `storegateway.persistence.size` | Size of data volume | `8Gi` | -| `storegateway.autoscaling.enabled` | Enable autoscaling for Thanos Store Gateway | `false` | -| `storegateway.autoscaling.minReplicas` | Minimum number of Thanos Store Gateway replicas | `""` | -| `storegateway.autoscaling.maxReplicas` | Maximum number of Thanos Store Gateway replicas | `""` | -| `storegateway.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `storegateway.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | -| `storegateway.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `storegateway.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `storegateway.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `storegateway.ingress.enabled` | Enable ingress controller resource | `false` | -| `storegateway.ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `storegateway.ingress.hostname` | Default host for the ingress resource | `thanos-storegateway.local` | -| `storegateway.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `storegateway.ingress.annotations` | Ingress annotations | `{}` | -| `storegateway.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `storegateway.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `storegateway.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `storegateway.ingress.tls` | Create ingress TLS section | `false` | -| `storegateway.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `storegateway.ingress.path` | Ingress path | `/` | -| `storegateway.ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `storegateway.sharded.enabled` | Enable sharding for Thanos Store Gateway | `false` | -| `storegateway.sharded.hashPartitioning.shards` | Setting hashPartitioning will create multiple store statefulsets based on the number of shards specified using the hashmod of the blocks | `""` | -| `storegateway.sharded.timePartitioning` | Setting time timePartitioning will create multiple store deployments based on the number of partitions | `[]` | -| `storegateway.sharded.service.clusterIPs` | Array of cluster IPs for each Store Gateway service. Length must be the same as the number of shards | `[]` | -| `storegateway.sharded.service.loadBalancerIPs` | Array of load balancer IPs for each Store Gateway service. Length must be the same as the number of shards | `[]` | -| `storegateway.sharded.service.http.nodePorts` | Array of http node ports used for Store Gateway service. Length must be the same as the number of shards | `[]` | -| `storegateway.sharded.service.grpc.nodePorts` | Array of grpc node ports used for Store Gateway service. Length must be the same as the number of shards | `[]` | - - -### Thanos Ruler parameters - -| Name | Description | Value | -| --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------ | -| `ruler.enabled` | Enable/disable Thanos Ruler component | `false` | -| `ruler.logLevel` | Thanos Ruler log level | `info` | -| `ruler.logFormat` | Thanos Ruler log format | `logfmt` | -| `ruler.replicaLabel` | Label to treat as a replica indicator along which data is deduplicated | `replica` | -| `ruler.serviceAccount.annotations` | Annotations for Thanos Ruler Service Account | `{}` | -| `ruler.serviceAccount.existingServiceAccount` | Name for an existing Thanos Ruler Service Account | `""` | -| `ruler.hostAliases` | Add deployment host aliases | `[]` | -| `ruler.dnsDiscovery.enabled` | Dynamically configure Query APIs using DNS discovery | `true` | -| `ruler.alertmanagers` | Alermanager URLs array | `[]` | -| `ruler.alertmanagersConfig` | Alertmanagers Configuration | `""` | -| `ruler.evalInterval` | The default evaluation interval to use | `1m` | -| `ruler.clusterName` | Used to set the 'ruler_cluster' label | `""` | -| `ruler.extraContainers` | Extra containers running as sidecars to Thanos Ruler container | `[]` | -| `ruler.extraEnv` | Extra environment variables for Thanos Ruler container | `[]` | -| `ruler.extraVolumes` | Extra volumes to add to Thanos Ruler | `[]` | -| `ruler.extraVolumeMounts` | Extra volume mounts to add to the ruler container | `[]` | -| `ruler.extraFlags` | Extra Flags to passed to Thanos Ruler | `[]` | -| `ruler.config` | Ruler configuration | `""` | -| `ruler.existingConfigmap` | Name of existing ConfigMap with Ruler configuration | `""` | -| `ruler.replicaCount` | Number of Thanos Ruler replicas to deploy | `1` | -| `ruler.updateStrategyType` | Statefulset Update Strategy Type | `RollingUpdate` | -| `ruler.podManagementPolicy` | Statefulset Pod Management Policy Type | `OrderedReady` | -| `ruler.podAffinityPreset` | Thanos Ruler pod affinity preset | `""` | -| `ruler.podAntiAffinityPreset` | Thanos Ruler pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `ruler.nodeAffinityPreset.type` | Thanos Ruler node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ruler.nodeAffinityPreset.key` | Thanos Ruler node label key to match Ignored if `ruler.affinity` is set. | `""` | -| `ruler.nodeAffinityPreset.values` | Thanos Ruler node label values to match. Ignored if `ruler.affinity` is set. | `[]` | -| `ruler.affinity` | Thanos Ruler affinity for pod assignment | `{}` | -| `ruler.nodeSelector` | Thanos Ruler node labels for pod assignment | `{}` | -| `ruler.tolerations` | Thanos Ruler tolerations for pod assignment | `[]` | -| `ruler.podLabels` | Thanos Ruler pod labels | `{}` | -| `ruler.podAnnotations` | Annotations for Thanos Ruler pods | `{}` | -| `ruler.priorityClassName` | Controller priorityClassName | `""` | -| `ruler.podSecurityContext.enabled` | Enable security context for the Thanos Ruler pod | `true` | -| `ruler.podSecurityContext.fsGroup` | Group ID for the filesystem used by Ruler container | `1001` | -| `ruler.podSecurityContext.runAsUser` | User ID for the service user running the Ruler pod | `1001` | -| `ruler.containerSecurityContext.enabled` | Enable container security context for Ruler container | `true` | -| `ruler.containerSecurityContext.runAsNonRoot` | Force the container Ruler to run as a non root user | `true` | -| `ruler.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possiblity on or off for Ruler | `false` | -| `ruler.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem of Ruler container | `false` | -| `ruler.resources.limits` | The resources limits for the Thanos Ruler container | `{}` | -| `ruler.resources.requests` | The requested resources for the Thanos Ruler container | `{}` | -| `ruler.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `ruler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `ruler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `ruler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | -| `ruler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `ruler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `ruler.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `ruler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `ruler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `ruler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | -| `ruler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `ruler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `ruler.service.type` | Kubernetes service type | `ClusterIP` | -| `ruler.service.clusterIP` | Thanos Ruler service clusterIP IP | `""` | -| `ruler.service.http.port` | Service HTTP port | `9090` | -| `ruler.service.http.nodePort` | Service HTTP node port | `""` | -| `ruler.service.targetPort` | Service targetPort override | `http` | -| `ruler.service.grpc.port` | Service GRPC port | `10901` | -| `ruler.service.grpc.nodePort` | Service GRPC node port | `""` | -| `ruler.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | -| `ruler.service.loadBalancerSourceRanges` | Address that are allowed when service is LoadBalancer | `[]` | -| `ruler.service.externalTrafficPolicy` | Thanos Ruler service externalTrafficPolicy | `Cluster` | -| `ruler.service.annotations` | Annotations for Thanos Ruler service | `{}` | -| `ruler.service.labelSelectorsOverride` | Selector for Thanos query service | `{}` | -| `ruler.service.additionalHeadless` | Additional Headless service | `false` | -| `ruler.persistence.enabled` | Enable data persistence | `true` | -| `ruler.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `ruler.persistence.storageClass` | Specify the `storageClass` used to provision the volume | `""` | -| `ruler.persistence.accessModes` | Access modes of data volume | `["ReadWriteOnce"]` | -| `ruler.persistence.size` | Size of data volume | `8Gi` | -| `ruler.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `ruler.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `ruler.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `ruler.ingress.enabled` | Enable ingress controller resource | `false` | -| `ruler.ingress.certManager` | Add annotations for cert-manager | `false` | -| `ruler.ingress.hostname` | Default host for the ingress resource | `thanos-ruler.local` | -| `ruler.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `ruler.ingress.annotations` | Ingress annotations | `{}` | -| `ruler.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ruler.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ruler.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `ruler.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ruler.ingress.path` | Ingress path | `/` | -| `ruler.ingress.pathType` | Ingress path type | `ImplementationSpecific` | - - -### Thanos Receive parameters - -| Name | Description | Value | -| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `receive.enabled` | Enable/disable Thanos Receive component | `false` | -| `receive.mode` | Mode to run receiver in. Valid options are "standalone" or "dual-mode" | `standalone` | -| `receive.distributor.resources.limits` | The resources limits for the Thanos Receive container | `{}` | -| `receive.distributor.resources.requests` | The requested resources for the Thanos Receive container | `{}` | -| `receive.distributor.extraContainers` | Extra containers running as sidecars to Thanos Receive Distributor container | `[]` | -| `receive.distributor.extraEnv` | Extra environment variables for Thanos Receive Distributor container | `[]` | -| `receive.distributor.extraVolumes` | Extra volumes to add to Thanos Receive Distributor | `[]` | -| `receive.distributor.extraVolumeMounts` | Extra volume mounts to add to the receive distributor container | `[]` | -| `receive.distributor.extraFlags` | Extra Flags to passed to Thanos Receive Distributor | `[]` | -| `receive.distributor.replicaCount` | Number of Thanos Receive Distributor replicas to deploy | `1` | -| `receive.distributor.strategyType` | StrategyType, can be set to RollingUpdate or Recreate by default. | `RollingUpdate` | -| `receive.distributor.affinity` | Thanos Receive Distributor affinity for pod assignment | `{}` | -| `receive.distributor.nodeSelector` | Thanos Receive Distributor node labels for pod assignment | `{}` | -| `receive.distributor.tolerations` | Thanos Receive Distributor tolerations for pod assignment | `[]` | -| `receive.logLevel` | Thanos Receive log level | `info` | -| `receive.logFormat` | Thanos Receive log format | `logfmt` | -| `receive.tsdbRetention` | Thanos Receive TSDB retention period | `15d` | -| `receive.replicationFactor` | Thanos Receive replication-factor | `1` | -| `receive.replicaLabel` | Label to treat as a replica indicator along which data is deduplicated | `replica` | -| `receive.serviceAccount.annotations` | Annotations for Thanos Receive Service Account | `{}` | -| `receive.serviceAccount.existingServiceAccount` | Name for an existing Thanos Receive Service Account | `""` | -| `receive.hostAliases` | Deployment pod host aliases | `[]` | -| `receive.config` | Receive Hashring configuration | `[]` | -| `receive.extraContainers` | Extra containers running as sidecars to Thanos Receive container | `[]` | -| `receive.extraEnv` | Extra environment variables for Thanos Receive container | `[]` | -| `receive.extraVolumes` | Extra volumes to add to Thanos Receive | `[]` | -| `receive.extraVolumeMounts` | Extra volume mounts to add to the receive container | `[]` | -| `receive.extraFlags` | Extra Flags to passed to Thanos Receive | `[]` | -| `receive.updateStrategyType` | Statefulset Update Strategy Type, can be set to RollingUpdate or OnDelete by default | `RollingUpdate` | -| `receive.replicaCount` | Number of Thanos Receive replicas to deploy | `1` | -| `receive.strategyType` | StrategyType, can be set to RollingUpdate or Recreate by default. | `RollingUpdate` | -| `receive.podAffinityPreset` | Thanos Receive pod affinity preset | `""` | -| `receive.podAntiAffinityPreset` | Thanos Receive pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `receive.nodeAffinityPreset.type` | Thanos Receive node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `receive.nodeAffinityPreset.key` | Thanos Receive node label key to match Ignored if `ruler.affinity` is set. | `""` | -| `receive.nodeAffinityPreset.values` | Thanos Receive node label values to match. Ignored if `ruler.affinity` is set. | `[]` | -| `receive.affinity` | Thanos Receive affinity for pod assignment | `{}` | -| `receive.nodeSelector` | Thanos Receive node labels for pod assignment | `{}` | -| `receive.tolerations` | Thanos Receive tolerations for pod assignment | `[]` | -| `receive.podLabels` | Thanos Receive pod labels | `{}` | -| `receive.podAnnotations` | Annotations for Thanos Ruler pods | `{}` | -| `receive.priorityClassName` | Controller priorityClassName | `""` | -| `receive.rbac.create` | Create ClusterRole and ClusterRolebing for the Service account | `false` | -| `receive.pspEnabled` | Create PodSecurity Policy | `false` | -| `receive.resources.limits` | The resources limits for the Thanos Receive container | `{}` | -| `receive.resources.requests` | The requested resources for the Thanos Receive container | `{}` | -| `receive.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `receive.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `receive.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `receive.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `30` | -| `receive.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `receive.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `receive.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `receive.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `receive.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `receive.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `30` | -| `receive.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `receive.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `receive.podSecurityContext.enabled` | Enable security context for the Thanos Receive pod | `true` | -| `receive.podSecurityContext.fsGroup` | Group ID for the filesystem used by Receive container | `1001` | -| `receive.podSecurityContext.runAsUser` | User ID for the service user running the Receive pod | `1001` | -| `receive.containerSecurityContext.enabled` | Enable container security context for Receive container | `true` | -| `receive.containerSecurityContext.runAsNonRoot` | Force the container Receive to run as a non root user | `true` | -| `receive.containerSecurityContext.allowPrivilegeEscalation` | Switch privilegeEscalation possiblity on or off for Receive | `false` | -| `receive.containerSecurityContext.readOnlyRootFilesystem` | mount / (root) as a readonly filesystem of Receive container | `false` | -| `receive.grpc.gracePeriod` | Time to wait after an interrupt received for GRPC Server. | `2m` | -| `receive.grpc.server.secure` | enable TLS for GRPC server | `false` | -| `receive.grpc.server.cert` | TLS Certificate for gRPC server, leave blank to disable TLS | `""` | -| `receive.grpc.server.key` | TLS Key for the gRPC server, leave blank to disable TLS | `""` | -| `receive.grpc.server.ca` | TLS CA to verify clients against. If no client CA is specified, there is no client verification on server side. (tls.NoClientCert) | `""` | -| `receive.service.type` | Kubernetes service type | `ClusterIP` | -| `receive.service.clusterIP` | Thanos Ruler service clusterIP IP | `""` | -| `receive.service.http.port` | Service HTTP port | `10902` | -| `receive.service.http.nodePort` | Service HTTP node port | `""` | -| `receive.service.targetPort` | Service targetPort override | `http` | -| `receive.service.grpc.port` | Service GRPC port | `10901` | -| `receive.service.grpc.nodePort` | Service GRPC node port | `""` | -| `receive.service.remoteWrite.port` | Service remote write port | `19291` | -| `receive.service.remoteWrite.nodePort` | Service remote write node port | `""` | -| `receive.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | -| `receive.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `receive.service.externalTrafficPolicy` | Thanos Ruler service externalTrafficPolicy | `Cluster` | -| `receive.service.annotations` | Annotations for Thanos Receive service | `{}` | -| `receive.service.labelSelectorsOverride` | Selector for Thanos receive service | `{}` | -| `receive.service.additionalHeadless` | Additional Headless service | `false` | -| `receive.autoscaling.enabled` | Enable autoscaling for Thanos Receive | `false` | -| `receive.autoscaling.minReplicas` | Minimum number of Thanos Receive replicas | `""` | -| `receive.autoscaling.maxReplicas` | Maximum number of Thanos Receive replicas | `""` | -| `receive.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `receive.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | -| `receive.persistence.enabled` | Enable data persistence | `true` | -| `receive.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `receive.persistence.storageClass` | Specify the `storageClass` used to provision the volume | `""` | -| `receive.persistence.accessModes` | Access modes of data volume | `["ReadWriteOnce"]` | -| `receive.persistence.size` | Size of data volume | `8Gi` | -| `receive.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `receive.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `receive.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `receive.ingress.enabled` | Set to true to enable ingress record generation | `false` | -| `receive.ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `receive.ingress.hostname` | When the ingress is enabled, a host pointing to this will be created | `thanos-receive.local` | -| `receive.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `receive.ingress.annotations` | Ingress annotations done as key:value pairs | `{}` | -| `receive.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `receive.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `receive.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `receive.ingress.tls` | When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress | `false` | -| `receive.ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `receive.ingress.path` | Ingress Path | `/` | -| `receive.ingress.pathType` | Ingress Path type | `ImplementationSpecific` | - - -### Metrics parameters - -| Name | Description | Value | -| ----------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | -| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | -| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `metrics.serviceMonitor.labels` | Additional labels for ServiceMonitor object | `{}` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.prometheusRule.enabled` | If `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.prometheusRule.namespace` | Namespace in which the PrometheusRule CRD is created | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | -| `metrics.prometheusRule.rules` | Prometheus Rules for Thanos components | `[]` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `10-debian-10-r194` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | - - -### MinIO® chart parameters - -| Name | Description | Value | -| -------------------------- | ------------------------------------------------------------------------- | -------- | -| `minio.enabled` | Enable/disable MinIO® chart installation | `false` | -| `minio.accessKey.password` | MinIO® Access Key | `""` | -| `minio.secretKey.password` | MinIO® Secret Key | `""` | -| `minio.defaultBuckets` | Comma, semi-colon or space separated list of MinIO® buckets to create | `thanos` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install my-release --set query.replicaCount=2 bitnami/thanos -``` - -The above command install Thanos chart with 2 Thanos Query replicas. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install my-release -f values.yaml bitnami/thanos -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Adding extra flags - -In case you want to add extra flags to any Thanos component, you can use `XXX.extraFlags` parameter(s), where XXX is placeholder you need to replace with the actual component(s). For instance, to add extra flags to Thanos Store Gateway, use: - -```yaml -storegateway: - extraFlags: - - --sync-block-duration=3m - - --chunk-pool-size=2GB -``` - -This also works for multi-line flags. This can be useful when you want to configure caching for a particular component without using a configMap. For example, to configure the [query-range response cache of the Thanos Query Frontend](https://thanos.io/tip/components/query-frontend.md/#memcached), use: - -```yaml -queryFrontend: - extraFlags: - - | - --query-range.response-cache-config= - type: MEMCACHED - config: - addresses: - - :11211 - timeout: 500ms - max_idle_connections: 100 - max_async_concurrency: 10 - max_async_buffer_size: 10000 - max_get_multi_concurrency: 100 - max_get_multi_batch_size: 0 - dns_provider_update_interval: 10s - expiration: 24h -``` - -### Using custom Objstore configuration - -This helm chart supports using custom Objstore configuration. - -You can specify the Objstore configuration using the `objstoreConfig` parameter. - -In addition, you can also set an external Secret with the configuration file. This is done by setting the `existingObjstoreSecret` parameter. Note that this will override the previous option. If needed you can also provide a custom Secret Key with `existingObjstoreSecretItems`, please be aware that the Path of your Secret should be `objstore.yml`. - -### Using custom Query Service Discovery configuration - -This helm chart supports using custom Service Discovery configuration for Query. - -You can specify the Service Discovery configuration using the `query.sdConfig` parameter. - -In addition, you can also set an external ConfigMap with the Service Discovery configuration file. This is done by setting the `query.existingSDConfigmap` parameter. Note that this will override the previous option. - -### Using custom Ruler configuration - -This helm chart supports using custom Ruler configuration. - -You can specify the Ruler configuration using the `ruler.config` parameter. - -In addition, you can also set an external ConfigMap with the configuration file. This is done by setting the `ruler.existingConfigmap` parameter. Note that this will override the previous option. - -### Store time partitions - -Thanos store supports partion based on time. - -Setting time partitions will create N number of store statefulsets based on the number of items in the `timePartitioning` list. Each item must contain the min and max time for querying in the supported format (find more details at [Thanos documentation](https://thanos.io/tip/components/store.md/#time-based-partitioning)). - -> Note: leaving the `timePartitioning` list empty (`[]`) will create a single store for all data. - -For instance, to use 3 stores you can use a **values.yaml** like the one below: - -```yaml -timePartitioning: - # One store for data older than 6 weeks - - min: "" - max: -6w - # One store for data newer than 6 weeks and older than 2 weeks - - min: -6w - max: -2w - # One store for data newer than 2 weeks - - min: -2w - max: "" -``` - -### Integrate Thanos with Prometheus and Alertmanager - -You can intregrate Thanos with Prometheus & Alertmanager using this chart and the [Bitnami kube-prometheus chart](https://github.com/bitnami/charts/tree/master/bitnami/kube-prometheus) following the steps below: - -> Note: in this example we will use MinIO® (subchart) as the Objstore. Every component will be deployed in the "monitoring" namespace. - -- Create a **values.yaml** like the one below: - -```yaml -objstoreConfig: |- - type: s3 - config: - bucket: thanos - endpoint: {{ include "thanos.minio.fullname" . }}.monitoring.svc.cluster.local:9000 - access_key: minio - secret_key: minio123 - insecure: true -query: - dnsDiscovery: - sidecarsService: kube-prometheus-prometheus-thanos - sidecarsNamespace: monitoring -bucketweb: - enabled: true -compactor: - enabled: true -storegateway: - enabled: true -ruler: - enabled: true - alertmanagers: - - http://kube-prometheus-alertmanager.monitoring.svc.cluster.local:9093 - config: |- - groups: - - name: "metamonitoring" - rules: - - alert: "PrometheusDown" - expr: absent(up{prometheus="monitoring/kube-prometheus"}) -metrics: - enabled: true - serviceMonitor: - enabled: true -minio: - enabled: true - accessKey: - password: "minio" - secretKey: - password: "minio123" - defaultBuckets: "thanos" -``` - -- Install Prometheus Operator and Thanos charts: - -For Helm 3: - -```bash -kubectl create namespace monitoring -helm install kube-prometheus \ - --set prometheus.thanos.create=true \ - --namespace monitoring \ - bitnami/kube-prometheus -helm install thanos \ - --values values.yaml \ - --namespace monitoring \ - bitnami/thanos -``` - -That's all! Now you have Thanos fully integrated with Prometheus and Alertmanager. - -## Persistence - -The data is persisted by default using PVC(s) on Thanos components. You can disable the persistence setting the `XXX.persistence.enabled` parameter(s) to `false`. A default `StorageClass` is needed in the Kubernetes cluster to dynamically provision the volumes. Specify another StorageClass in the `XXX.persistence.storageClass` parameter(s) or set `XXX.persistence.existingClaim` if you have already existing persistent volumes to use. - -> Note: you need to substitute the XXX placeholders above with the actual component(s) you want to configure. - -### Adjust permissions of persistent volume mountpoint - -As the images run as non-root by default, it is necessary to adjust the ownership of the persistent volumes so that the containers can write data into it. - -By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volumes. However, this feature does not work in all Kubernetes distributions. -As an alternative, this chart supports using an initContainer to change the ownership of the volumes before mounting it in the final destination. - -You can enable this initContainer by setting `volumePermissions.enabled` to `true`. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 6.0.0 - -This major updates the MinIO® subchart to its newest major, 8.0.0, which now has two separated services for MinIO® Console and MinIO® API. Check [MinIO® Upgrading Notes](https://github.com/bitnami/charts/tree/master/bitnami/minio#to-800) for more information. - -### To 5.4.0 - -This version introduces support for the receiver dual-mode implementation for Thanos [v0.22+](https://github.com/thanos-io/thanos/releases/tag/v0.22.0) - -### To 5.3.0 - -This version introduces hash and time partitioning for the store gateway. - -### To 5.0.0 - -This major update changes the `securityContext` interface in the `values.yaml` file. - -Please note if you have changes in the `securityContext` fields those need to be migrated to `podSecurityContext`. - -```diff -# ... -- securityContext: -+ podSecurityContext: -# ... -``` - -Other than that a new `securityContext` interface for containers got introduced `containerSecurityContext`. It's default is enabled so if you do not need it you need to opt out of it. - -```diff -# ... -+ containerSecurityContext -+ enabled: true # opt out by enabled: false -+ capabilities: -+ drop: -+ - ALL -+ runAsNonRoot: true -+ allowPrivilegeEscalation: false -+ readOnlyRootFilesystem: false -# ... -``` - -### To 4.0.0 - -This major updates the MinIO subchart to its newest major, 7.0.0, which removes previous configuration of `securityContext` and moves to `podSecurityContext` and `containerSecurityContext`. - -### To 3.3.0 - -This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 3.1.0 - -The querier component and its settings have been renamed to query. Configuration of the query component by using keys under `querier` in your `values.yaml` will continue to work. Support for keys under `querier` will be dropped in a future release. - -``` -querier.enabled -> query.enabled -querier.logLevel -> query.logLevel -querier.replicaLabel -> query.replicaLabel -querier.dnsDiscovery.enabled -> query.dnsDiscovery.enabled -querier.dnsDiscovery.sidecarsService -> query.dnsDiscovery.sidecarsService -querier.dnsDiscovery.sidecarsNamespace -> query.dnsDiscovery.sidecarsNamespace -querier.stores -> query.stores -querier.sdConfig -> query.sdConfig -querier.existingSDConfigmap -> query.existingSDConfigmap -querier.extraFlags -> query.extraFlags -querier.replicaCount -> query.replicaCount -querier.strategyType -> query.strategyType -querier.affinity -> query.affinity -querier.nodeSelector -> query.nodeSelector -querier.tolerations -> query.tolerations -querier.podLabels -> query.podLabels -querier.priorityClassName -> query.priorityClassName -querier.securityContext.enabled -> query.securityContext.enabled -querier.securityContext.fsGroup -> query.securityContext.fsGroup -querier.securityContext.runAsUser -> query.securityContext.runAsUser -querier.resources.limits -> query.resources.limits -querier.resources.requests -> query.resources.requests -querier.podAnnotations -> query.podAnnotations -querier.livenessProbe -> query.livenessProbe -querier.readinessProbe -> query.readinessProbe -querier.grpcTLS.server.secure -> query.grpcTLS.server.secure -querier.grpcTLS.server.cert -> query.grpcTLS.server.cert -querier.grpcTLS.server.key -> query.grpcTLS.server.key -querier.grpcTLS.server.ca -> query.grpcTLS.server.ca -querier.grpcTLS.client.secure -> query.grpcTLS.client.secure -querier.grpcTLS.client.cert -> query.grpcTLS.client.cert -querier.grpcTLS.client.key -> query.grpcTLS.client.key -querier.grpcTLS.client.ca -> query.grpcTLS.client.ca -querier.grpcTLS.client.servername -> query.grpcTLS.client.servername -querier.service.type -> query.service.type -querier.service.clusterIP -> query.service.clusterIP -querier.service.http.port -> query.service.http.port -querier.service.http.nodePort -> query.service.http.nodePort -querier.service.grpc.port -> query.service.grpc.port -querier.service.grpc.nodePort -> query.service.grpc.nodePort -querier.service.loadBalancerIP -> query.service.loadBalancerIP -querier.service.loadBalancerSourceRanges -> query.service.loadBalancerSourceRanges -querier.service.annotations -> query.service.annotations -querier.service.labelSelectorsOverride -> query.service.labelSelectorsOverride -querier.serviceAccount.annotations -> query.serviceAccount.annotations -querier.rbac.create -> query.rbac.create -querier.pspEnabled -> query.pspEnabled -querier.autoscaling.enabled -> query.autoscaling.enabled -querier.autoscaling.minReplicas -> query.autoscaling.minReplicas -querier.autoscaling.maxReplicas -> query.autoscaling.maxReplicas -querier.autoscaling.targetCPU -> query.autoscaling.targetCPU -querier.autoscaling.targetMemory -> query.autoscaling.targetMemory -querier.pdb.create -> query.pdb.create -querier.pdb.minAvailable -> query.pdb.minAvailable -querier.pdb.maxUnavailable -> query.pdb.maxUnavailable -querier.ingress.enabled -> query.ingress.enabled -querier.ingress.certManager -> query.ingress.certManager -querier.ingress.hostname -> query.ingress.hostname -querier.ingress.annotations -> query.ingress.annotations -querier.ingress.tls -> query.ingress.tls -querier.ingress.extraHosts[0].name -> query.ingress.extraHosts[0].name -querier.ingress.extraHosts[0].path -> query.ingress.extraHosts[0].path -querier.ingress.extraTls[0].hosts[0] -> query.ingress.extraTls[0].hosts[0] -querier.ingress.extraTls[0].secretName -> query.ingress.extraTls[0].secretName -querier.ingress.secrets[0].name -> query.ingress.secrets[0].name -querier.ingress.secrets[0].certificate -> query.ingress.secrets[0].certificate -querier.ingress.secrets[0].key -> query.ingress.secrets[0].key -querier.ingress.grpc.enabled -> query.ingress.grpc.enabled -querier.ingress.grpc.certManager -> query.ingress.grpc.certManager -querier.ingress.grpc.hostname -> query.ingress.grpc.hostname -querier.ingress.grpc.annotations -> query.ingress.grpc.annotations -querier.ingress.grpc.extraHosts[0].name -> query.ingress.grpc.extraHosts[0].name -querier.ingress.grpc.extraHosts[0].path -> query.ingress.grpc.extraHosts[0].path -querier.ingress.grpc.extraTls[0].hosts[0] -> query.ingress.grpc.extraTls[0].hosts[0] -querier.ingress.grpc.extraTls[0].secretName -> query.ingress.grpc.extraTls[0].secretName -querier.ingress.grpc.secrets[0].name -> query.ingress.grpc.secrets[0].name -querier.ingress.grpc.secrets[0].certificate -> query.ingress.grpc.secrets[0].certificate -querier.ingress.grpc.secrets[0].key -> query.ingress.grpc.secrets[0].key -``` - -### To 3.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Move dependency information from the *requirements.yaml* to the *Chart.yaml* -- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 2.4.0 - -The Ingress API object name for Querier changes from: - -```yaml -{{ include "common.names.fullname" . }} -``` - -> **NOTE**: Which in most cases (depending on any set values in `fullnameOverride` or `nameOverride`) resolves to the used Helm release name (`.Release.Name`). - -To: - -```yaml -{{ include "common.names.fullname" . }}-querier -``` - -### To 2.0.0 - -The format of the chart's `extraFlags` option has been updated to be an array (instead of an object), to support passing multiple flags with the same name to Thanos. - -Now you need to specify the flags in the following way in your values file (where component is one of `querier/bucketweb/compactor/storegateway/ruler`): - -```yaml -component: - ... - extraFlags - - --sync-block-duration=3m - - --chunk-pool-size=2GB -``` - -To specify the values via CLI:: - -```console ---set 'component.extraFlags[0]=--sync-block-duration=3m' --set 'ruler.extraFlags[1]=--chunk-pool-size=2GB' -``` - -### To 1.0.0 - -If you are upgrading from a `<1.0.0` release you need to move your Querier Ingress information to the new values settings: -``` -ingress.enabled -> querier.ingress.enabled -ingress.certManager -> querier.ingress.certManager -ingress.hostname -> querier.ingress.hostname -ingress.annotations -> querier.ingress.annotations -ingress.extraHosts[0].name -> querier.ingress.extraHosts[0].name -ingress.extraHosts[0].path -> querier.ingress.extraHosts[0].path -ingress.extraHosts[0].hosts[0] -> querier.ingress.extraHosts[0].hosts[0] -ingress.extraHosts[0].secretName -> querier.ingress.extraHosts[0].secretName -ingress.secrets[0].name -> querier.ingress.secrets[0].name -ingress.secrets[0].certificate -> querier.ingress.secrets[0].certificate -ingress.secrets[0].key -> querier.ingress.secrets[0].key - -``` diff --git a/bitnami/thanos/ci/values-with-bucketweb-compactor-storegateway-and-minio.yaml b/bitnami/thanos/ci/values-with-bucketweb-compactor-storegateway-and-minio.yaml deleted file mode 100644 index 6702e14..0000000 --- a/bitnami/thanos/ci/values-with-bucketweb-compactor-storegateway-and-minio.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct - -objstoreConfig: |- - type: s3 - config: - bucket: thanos - endpoint: {{ include "thanos.minio.fullname" . }}.monitoring.svc.cluster.local:9000 - access_key: minio - secret_key: minio123 - insecure: true - -bucketweb: - enabled: true - -compactor: - enabled: true - -storegateway: - enabled: true - -minio: - enabled: true - accessKey: - password: "minio" - secretKey: - password: "minio123" - defaultBuckets: "thanos" diff --git a/bitnami/thanos/ci/values-with-ingress-and-metrics.yaml b/bitnami/thanos/ci/values-with-ingress-and-metrics.yaml deleted file mode 100644 index 5104637..0000000 --- a/bitnami/thanos/ci/values-with-ingress-and-metrics.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct - -ingress: - enabled: true - -metrics: - enabled: true - serviceMonitor: - ## Enable only if you previously installed the Prometheus Operator - ## in your cluster - enabled: true - labels: - release: prometheus-operator diff --git a/bitnami/thanos/templates/NOTES.txt b/bitnami/thanos/templates/NOTES.txt deleted file mode 100644 index 0bcea3e..0000000 --- a/bitnami/thanos/templates/NOTES.txt +++ /dev/null @@ -1,75 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -** Please be patient while the chart is being deployed ** - -Thanos chart was deployed enabling the following components: - -{{- if $query.enabled }} -- Thanos Query -{{- end }} -{{- if .Values.bucketweb.enabled }} -- Thanos Bucket Web -{{- end }} -{{- if .Values.compactor.enabled }} -- Thanos Compactor -{{- end }} -{{- if .Values.ruler.enabled }} -- Thanos Ruler -{{- end }} -{{- if .Values.storegateway.enabled }} -- Thanos Store Gateway -{{- end }} - -{{- if $query.enabled }} - -Thanos Query can be accessed through following DNS name from within your cluster: - - {{ include "common.names.fullname" . }}-query.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ $query.service.http.port }}) - -To access Thanos Query from outside the cluster execute the following commands: - -{{- if $query.ingress.enabled }} - -1. Get the Thanos Query URL and associate Thanos Query hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "Thanos Query URL: http{{ if $query.ingress.tls }}s{{ end }}://{{ $query.ingress.hostname }}/" - echo "$CLUSTER_IP {{ $query.ingress.hostname }}" | sudo tee -a /etc/hosts - -{{- else }} - -1. Get the Thanos Query URL by running these commands: - -{{- if contains "NodePort" $query.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}-query) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "http://${NODE_IP}:${NODE_PORT}" - -{{- else if contains "LoadBalancer" $query.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "common.names.fullname" . }}-query' - - export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}-query) - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }}-query -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo "http://${SERVICE_IP}:${SERVICE_PORT}" - -{{- else if contains "ClusterIP" $query.service.type }} - - export SERVICE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].port}" services {{ include "common.names.fullname" . }}-query) - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }}-query ${SERVICE_PORT}:${SERVICE_PORT} & - echo "http://127.0.0.1:${SERVICE_PORT}" - -{{- end }} -{{- end }} - -2. Open a browser and access Thanos Query using the obtained URL. - -{{- else }} - -WARNING: You deployed Thanos without enabling Thanos Query!! - -{{- end }} - -{{- include "thanos.validateValues" . }} -{{- include "thanos.checkRollingTags" . }} diff --git a/bitnami/thanos/templates/_helpers.tpl b/bitnami/thanos/templates/_helpers.tpl deleted file mode 100644 index 9f69e87..0000000 --- a/bitnami/thanos/templates/_helpers.tpl +++ /dev/null @@ -1,381 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Fully qualified app name for PostgreSQL -*/}} -{{- define "thanos.minio.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- printf "%s-minio" .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-minio" .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-minio" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Thanos image name -*/}} -{{- define "thanos.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper init container volume-permissions image name -*/}} -{{- define "thanos.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "thanos.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the Thanos Objstore configuration secret. -*/}} -{{- define "thanos.objstoreSecretName" -}} -{{- if .Values.existingObjstoreSecret -}} - {{- printf "%s" (tpl .Values.existingObjstoreSecret $) -}} -{{- else -}} - {{- printf "%s-objstore-secret" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created -*/}} -{{- define "thanos.createObjstoreSecret" -}} -{{- if and .Values.objstoreConfig (not .Values.existingObjstoreSecret) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return a YAML of either .Values.query or .Values.querier -If .Values.querier is used, we merge in the defaults from .Values.query, giving preference to .Values.querier -*/}} -{{- define "thanos.query.values" -}} -{{- if .Values.querier -}} - {{- if .Values.query -}} - {{- mergeOverwrite .Values.query .Values.querier | toYaml -}} - {{- else -}} - {{- .Values.querier | toYaml -}} - {{- end -}} -{{- else -}} - {{- .Values.query | toYaml -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Thanos Query Service Discovery configuration configmap. -*/}} -{{- define "thanos.query.SDConfigmapName" -}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if $query.existingSDConfigmap -}} - {{- printf "%s" (tpl $query.existingSDConfigmap $) -}} -{{- else -}} - {{- printf "%s-query-sd-configmap" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created -*/}} -{{- define "thanos.query.createSDConfigmap" -}} -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.sdConfig (not $query.existingSDConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Thanos Ruler configuration configmap. -*/}} -{{- define "thanos.ruler.configmapName" -}} -{{- if .Values.ruler.existingConfigmap -}} - {{- printf "%s" (tpl .Values.ruler.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-ruler-configmap" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created -*/}} -{{- define "thanos.ruler.createConfigmap" -}} -{{- if and .Values.ruler.config (not .Values.ruler.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Thanos storegateway configuration configmap. -*/}} -{{- define "thanos.storegateway.configmapName" -}} -{{- if .Values.storegateway.existingConfigmap -}} - {{- printf "%s" (tpl .Values.storegateway.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-storegateway-configmap" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Thanos Query Frontend configuration configmap. -*/}} -{{- define "thanos.queryFrontend.configmapName" -}} -{{- if .Values.queryFrontend.existingConfigmap -}} - {{- printf "%s" (tpl .Values.queryFrontend.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-query-frontend-configmap" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created -*/}} -{{- define "thanos.queryFrontend.createConfigmap" -}} -{{- if and .Values.queryFrontend.config (not .Values.queryFrontend.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created -*/}} -{{- define "thanos.storegateway.createConfigmap" -}} -{{- if and .Values.storegateway.config (not .Values.storegateway.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the Thanos Compactor pvc name -*/}} -{{- define "thanos.compactor.pvcName" -}} -{{- if .Values.compactor.persistence.existingClaim -}} - {{- printf "%s" (tpl .Values.compactor.persistence.existingClaim $) -}} -{{- else -}} - {{- printf "%s-compactor" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "thanos.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "thanos.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "thanos.validateValues.objstore" .) -}} -{{- $messages := append $messages (include "thanos.validateValues.ruler.alertmanagers" .) -}} -{{- $messages := append $messages (include "thanos.validateValues.ruler.config" .) -}} -{{- $messages := append $messages (include "thanos.validateValues.sharded.service" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Thanos - Objstore configuration */}} -{{- define "thanos.validateValues.objstore" -}} -{{- if and (or .Values.bucketweb.enabled .Values.compactor.enabled .Values.ruler.enabled .Values.storegateway.enabled .Values.receive.enabled) (not (include "thanos.createObjstoreSecret" .)) ( not .Values.existingObjstoreSecret) -}} -thanos: objstore configuration - When enabling Bucket Web, Compactor, Ruler, Store or Receive Gateway component, - you must provide a valid objstore configuration. - There are three alternatives to provide it: - 1) Provide it using the 'objstoreConfig' parameter - 2) Provide it using an existing Secret and using the 'existingObjstoreSecret' parameter - 3) Put your objstore.yml under the 'files/conf/' directory -{{- end -}} -{{- end -}} - -{{/* Validate values of Thanos - Ruler Alertmanager(s) */}} -{{- define "thanos.validateValues.ruler.alertmanagers" -}} -{{/* Check the emptiness of the values */}} -{{- if and .Values.ruler.enabled ( and (empty .Values.ruler.alertmanagers) (empty .Values.ruler.alertmanagersConfig)) -}} -thanos: ruler alertmanagers - When enabling Ruler component, you must provide either alermanagers URL(s) or an alertmanagers configuration. - See https://github.com/thanos-io/thanos/blob/ef94b7e6468d94e2c47943ebf5fc6db24c48d867/docs/components/rule.md#flags and https://github.com/thanos-io/thanos/blob/ef94b7e6468d94e2c47943ebf5fc6db24c48d867/docs/components/rule.md#Configuration for more information. -{{- end -}} -{{/* Check that the values are defined in a mutually exclusive manner */}} -{{- if and .Values.ruler.enabled .Values.ruler.alertmanagers .Values.ruler.alertmanagersConfig -}} -thanos: ruler alertmanagers - Only one of the following can be used at one time: - * .Values.ruler.alertmanagers - * .Values.ruler.alertmanagersConfig - Otherwise, the configurations will collide and Thanos will error out. Please consolidate your configuration - into one of the above options. -{{- end -}} -{{- end -}} - -{{/* Validate values of Thanos - Ruler configuration */}} -{{- define "thanos.validateValues.ruler.config" -}} -{{- if and .Values.ruler.enabled (not (include "thanos.ruler.createConfigmap" .)) (not .Values.ruler.existingConfigmap) -}} -thanos: ruler configuration - When enabling Ruler component, you must provide a valid configuration. - There are three alternatives to provide it: - 1) Provide it using the 'ruler.config' parameter - 2) Provide it using an existing Configmap and using the 'ruler.existingConfigmap' parameter - 3) Put your ruler.yml under the 'files/conf/' directory -{{- end -}} -{{- end -}} - -{{/* Validate values of Thanos - number of sharded service properties */}} -{{- define "thanos.validateValues.sharded.service" -}} -{{- if and .Values.storegateway.sharded.enabled (not (empty .Values.storegateway.sharded.service.clusterIPs) ) -}} -{{- if eq "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.clusterIPs "context" $) ) }} -thanos: storegateway.sharded.service.clusterIPs - The number of shards does not match the number of ClusterIPs $.Values.storegateway.sharded.service.clusterIPs -{{- end -}} -{{- end -}} -{{- if and .Values.storegateway.sharded.enabled (not (empty .Values.storegateway.sharded.service.loadBalancerIPs) ) -}} -{{- if eq "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.loadBalancerIPs "context" $) ) }} -thanos: storegateway.sharded.service.loadBalancerIPs - The number of shards does not match the number of loadBalancerIPs $.Values.storegateway.sharded.service.loadBalancerIPs -{{- end -}} -{{- end -}} -{{- if and .Values.storegateway.sharded.enabled (not (empty .Values.storegateway.sharded.service.http.nodePorts) ) -}} -{{- if eq "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.http.nodePorts "context" $) ) }} -thanos: storegateway.sharded.service.http.nodePorts - The number of shards does not match the number of http.nodePorts $.Values.storegateway.sharded.service.http.nodePorts -{{- end -}} -{{- end -}} -{{- if and .Values.storegateway.sharded.enabled (not (empty .Values.storegateway.sharded.service.grpc.nodePorts) ) -}} -{{- if eq "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.grpc.nodePorts "context" $) ) }} -thanos: storegateway.sharded.service.grpc.nodePorts - The number of shards does not match the number of grpc.nodePorts $.Values.storegateway.sharded.service.grpc.nodePorts -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "thanos.validateValues.storegateway.sharded.length" -}} -{{/* Get number of shards */}} -{{- $shards := int 0 }} -{{- if .context.Values.storegateway.sharded.hashPartitioning.shards }} - {{- $shards = int .context.Values.storegateway.sharded.hashPartitioning.shards }} -{{- else }} - {{- $shards = len .context.Values.storegateway.sharded.timePartitioning }} -{{- end }} -{{- $propertyLength := (len .property) -}} -{{/* Validate property */}} -{{- if ne $shards $propertyLength -}} -false -{{- end }} -{{- end }} - -{{/* Service account name -Usage: -{{ include "thanos.serviceaccount.name" (dict "component" "bucketweb" "context" $) }} -*/}} -{{- define "thanos.serviceaccount.name" -}} -{{- $name := printf "%s-%s" (include "common.names.fullname" .context) .component -}} - -{{- if .context.Values.existingServiceAccount -}} - {{- $name = .context.Values.existingServiceAccount -}} -{{- end -}} - -{{- $component := index .context.Values .component -}} -{{- if $component.serviceAccount.existingServiceAccount -}} - {{- $name = $component.serviceAccount.existingServiceAccount -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* Service account use existing -{{- include "thanos.serviceaccount.use-existing" (dict "component" "bucketweb" "context" $) -}} -*/}} -{{- define "thanos.serviceaccount.use-existing" -}} -{{- $component := index .context.Values .component -}} -{{- if .context.Values.existingServiceAccount -}} - {{- true -}} -{{- else if $component.serviceAccount.existingServiceAccount -}} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a hashring configmap object should be created -*/}} -{{- define "thanos.receive.createConfigmap" -}} -{{- if and .Values.receive.enabled (not .Values.receive.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - - -{{/* Return the proper pod fqdn of the replica. -Usage: -{{ include "thanos.receive.podFqdn" (dict "root" . "extra" $suffix ) }} -*/}} -{{- define "thanos.receive.podFqdn" -}} -{{- printf "\"%s-receive-%d.%s-receive-headless.%s.svc.%s:10901\"" (include "common.names.fullname" .root ) .extra (include "common.names.fullname" .root ) .root.Release.Namespace .root.Values.clusterDomain -}} -{{- end -}} - -{{/* Returns a proper configuration when no config is specified -Usage: -{{ include "thanos.receive.config" . }} -*/}} -{{- define "thanos.receive.config" -}} -{{- if not .Values.receive.config -}} -{{- if .Values.receive.service.additionalHeadless -}} -{{- $count := int .Values.receive.replicaCount -}} -{{- $endpoints_dict := dict "endpoints" (list) -}} -{{- $root := . -}} -{{- range $i := until $count -}} -{{- $data := dict "root" $root "extra" $i -}} -{{- $noop := (include "thanos.receive.podFqdn" $data) | append $endpoints_dict.endpoints | set $endpoints_dict "endpoints" -}} -{{- end -}} -[ - { - "endpoints": [ -{{ join ",\n" $endpoints_dict.endpoints | indent 6 }} - ] - } -] -{{- else -}} -[ - { - "endpoints": [ - "127.0.0.1:10901" - ] - } -] -{{- end -}} -{{- else -}} -{{- if (typeIs "string" .Values.receive.config)}} -{{- .Values.receive.config -}} -{{- else -}} -{{- .Values.receive.config | toPrettyJson -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "thanos.createTlsSecret" -}} -{{- if or (and .Values.query.grpcTLS.server.secure .Values.query.grpcTLS.server.autoGenerated) (and .Values.storegateway.grpc.tls.enabled .Values.storegateway.grpc.tls.autoGenerated) (and .Values.query.grpcTLS.client.secure .Values.query.grpcTLS.client.autoGenerated) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/bitnami/thanos/templates/bucketweb/deployment.yaml b/bitnami/thanos/templates/bucketweb/deployment.yaml deleted file mode 100644 index 4b73087..0000000 --- a/bitnami/thanos/templates/bucketweb/deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{- if .Values.bucketweb.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }}-bucketweb - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: bucketweb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.bucketweb.replicaCount }} - strategy: - type: {{ .Values.bucketweb.strategyType }} - {{- if (eq "Recreate" .Values.bucketweb.strategyType) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: bucketweb - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: bucketweb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.bucketweb.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - checksum/ojbstore-configuration: {{ include (print $.Template.BasePath "/objstore-secret.yaml") . | sha256sum }} - {{- if .Values.bucketweb.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccount: {{ include "thanos.serviceaccount.name" (dict "component" "bucketweb" "context" $) }} - {{- if .Values.bucketweb.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.bucketweb.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.bucketweb.podAffinityPreset "component" "bucketweb" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.bucketweb.podAntiAffinityPreset "component" "bucketweb" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.bucketweb.nodeAffinityPreset.type "key" .Values.bucketweb.nodeAffinityPreset.key "values" .Values.bucketweb.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.bucketweb.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.bucketweb.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.bucketweb.priorityClassName }} - priorityClassName: {{ .Values.bucketweb.priorityClassName | quote }} - {{- end }} - {{- if .Values.bucketweb.podSecurityContext.enabled }} - securityContext: {{- omit .Values.bucketweb.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - {{- if .Values.bucketweb.extraContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.extraContainers "context" $) | nindent 8 }} - {{- end }} - - name: bucketweb - image: {{ include "thanos.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.bucketweb.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.bucketweb.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - - tools - - bucket - - web - - --http-address=0.0.0.0:8080 - - --log.level={{ .Values.bucketweb.logLevel }} - - --log.format={{ .Values.bucketweb.logFormat }} - - --objstore.config-file=/conf/objstore.yml - {{- if .Values.bucketweb.refresh }} - - --refresh={{ .Values.bucketweb.refresh }} - {{- end }} - {{- if .Values.bucketweb.timeout }} - - --timeout={{ .Values.bucketweb.timeout }} - {{- end }} - {{- if .Values.bucketweb.extraFlags }} - {{- .Values.bucketweb.extraFlags | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.bucketweb.extraEnv }} - env: - {{- toYaml .Values.bucketweb.extraEnv | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: 8080 - protocol: TCP - {{- if .Values.bucketweb.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - initialDelaySeconds: {{ .Values.bucketweb.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.bucketweb.livenessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.bucketweb.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.bucketweb.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.bucketweb.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.bucketweb.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /-/ready - port: http - initialDelaySeconds: {{ .Values.bucketweb.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.bucketweb.readinessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.bucketweb.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.bucketweb.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.bucketweb.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.bucketweb.resources }} - resources: {{- toYaml .Values.bucketweb.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: objstore-config - mountPath: /conf - {{- if .Values.bucketweb.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - volumes: - - name: objstore-config - secret: - secretName: {{ include "thanos.objstoreSecretName" . }} - {{- if .Values.existingObjstoreSecretItems }} - items: {{- toYaml .Values.existingObjstoreSecretItems | nindent 14 }} - {{- end }} - {{- if .Values.bucketweb.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/bucketweb/ingress.yaml b/bitnami/thanos/templates/bucketweb/ingress.yaml deleted file mode 100644 index 58fa2ea..0000000 --- a/bitnami/thanos/templates/bucketweb/ingress.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.bucketweb.ingress.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }}-bucketweb - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: bucketweb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.bucketweb.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := .Values.bucketweb.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - {{- if and .Values.bucketweb.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.bucketweb.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.bucketweb.ingress.hostname }} - - host: {{ .Values.bucketweb.ingress.hostname }} - http: - paths: - - path: {{ .Values.bucketweb.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.bucketweb.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "bucketweb") "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.bucketweb.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "bucketweb") "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.bucketweb.ingress.tls .Values.bucketweb.ingress.extraTls .Values.bucketweb.ingress.hosts }} - tls: - {{- if or .Values.bucketweb.ingress.secrets .Values.bucketweb.ingress.tls }} - - hosts: - - {{ .Values.bucketweb.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.bucketweb.ingress.hostname }} - {{- end }} - {{- if .Values.bucketweb.ingress.extraTls }} - {{- toYaml .Values.bucketweb.ingress.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/bucketweb/pdb.yaml b/bitnami/thanos/templates/bucketweb/pdb.yaml deleted file mode 100644 index 5ba434e..0000000 --- a/bitnami/thanos/templates/bucketweb/pdb.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.bucketweb.enabled .Values.bucketweb.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }}-bucketweb - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: bucketweb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.bucketweb.pdb.minAvailable }} - minAvailable: {{ .Values.bucketweb.pdb.minAvailable }} - {{- end }} - {{- if .Values.bucketweb.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.bucketweb.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: bucketweb -{{- end }} diff --git a/bitnami/thanos/templates/bucketweb/service.yaml b/bitnami/thanos/templates/bucketweb/service.yaml deleted file mode 100644 index 7a6f96d..0000000 --- a/bitnami/thanos/templates/bucketweb/service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.bucketweb.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-bucketweb - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: bucketweb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.bucketweb.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.bucketweb.service.type }} - {{- if and .Values.bucketweb.service.clusterIP (eq .Values.bucketweb.service.type "ClusterIP") }} - clusterIP: {{ .Values.bucketweb.service.clusterIP }} - {{- end }} - {{- if ne .Values.bucketweb.service.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.bucketweb.service.externalTrafficPolicy }} - {{- end }} - {{- if and .Values.bucketweb.service.loadBalancerIP (eq .Values.bucketweb.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.bucketweb.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.bucketweb.service.type "LoadBalancer") .Values.bucketweb.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.bucketweb.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - port: {{ .Values.bucketweb.service.http.port }} - targetPort: {{ .Values.bucketweb.service.targetPort | default "http" }} - protocol: TCP - name: http - {{- if (and (or (eq .Values.bucketweb.service.type "NodePort") (eq .Values.bucketweb.service.type "LoadBalancer")) .Values.bucketweb.service.http.nodePort) }} - {{- else if eq .Values.bucketweb.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: - {{- if .Values.bucketweb.service.labelSelectorsOverride }} - {{- include "common.tplvalues.render" (dict "value" .Values.bucketweb.service.labelSelectorsOverride "context" $) | nindent 4 }} - {{- else }} - {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: bucketweb - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/bucketweb/serviceaccount.yaml b/bitnami/thanos/templates/bucketweb/serviceaccount.yaml deleted file mode 100644 index a6350f0..0000000 --- a/bitnami/thanos/templates/bucketweb/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.bucketweb.enabled (not (include "thanos.serviceaccount.use-existing" (dict "component" "bucketweb" "context" $))) -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "thanos.serviceaccount.name" (dict "component" "bucketweb" "context" $) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: bucketweb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.bucketweb.serviceAccount.annotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.bucketweb.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/bucketweb/servicemonitor.yaml b/bitnami/thanos/templates/bucketweb/servicemonitor.yaml deleted file mode 100644 index 350fd96..0000000 --- a/bitnami/thanos/templates/bucketweb/servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and .Values.bucketweb.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-bucketweb - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: bucketweb - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: bucketweb - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/thanos/templates/bucketweb/tls-secrets.yaml b/bitnami/thanos/templates/bucketweb/tls-secrets.yaml deleted file mode 100644 index e919d59..0000000 --- a/bitnami/thanos/templates/bucketweb/tls-secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.bucketweb.ingress.enabled }} -{{- range .Values.bucketweb.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" $ }}-bucketweb - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: bucketweb - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/compactor/deployment.yaml b/bitnami/thanos/templates/compactor/deployment.yaml deleted file mode 100644 index 8010876..0000000 --- a/bitnami/thanos/templates/compactor/deployment.yaml +++ /dev/null @@ -1,159 +0,0 @@ -{{- if .Values.compactor.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }}-compactor - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: compactor - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: 1 - strategy: - type: {{ .Values.compactor.strategyType }} - {{- if (eq "Recreate" .Values.compactor.strategyType) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: compactor - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: compactor - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.compactor.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.compactor.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - checksum/ojbstore-configuration: {{ include (print $.Template.BasePath "/objstore-secret.yaml") . | sha256sum }} - {{- if .Values.compactor.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.compactor.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccount: {{ include "thanos.serviceaccount.name" (dict "component" "compactor" "context" $) }} - {{- if .Values.compactor.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.compactor.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.compactor.podAffinityPreset "component" "compactor" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.compactor.podAntiAffinityPreset "component" "compactor" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.compactor.nodeAffinityPreset.type "key" .Values.compactor.nodeAffinityPreset.key "values" .Values.compactor.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.compactor.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.compactor.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.compactor.priorityClassName }} - priorityClassName: {{ .Values.compactor.priorityClassName | quote }} - {{- end }} - {{- if .Values.compactor.podSecurityContext.enabled }} - securityContext: {{- omit .Values.compactor.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.compactor.persistence.enabled }} - initContainers: - - name: init-chmod-data - image: {{ include "thanos.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p /data - chown -R "{{ .Values.compactor.podSecurityContext.runAsUser }}:{{ .Values.compactor.podSecurityContext.fsGroup }}" /data - securityContext: - runAsUser: 0 - volumeMounts: - - name: data - mountPath: /data - {{- end }} - containers: - - name: compactor - image: {{ include "thanos.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.compactor.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.compactor.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - - compact - - --log.level={{ .Values.compactor.logLevel }} - - --log.format={{ .Values.compactor.logFormat }} - - --http-address=0.0.0.0:10902 - - --data-dir=/data - - --retention.resolution-raw={{ .Values.compactor.retentionResolutionRaw }} - - --retention.resolution-5m={{ .Values.compactor.retentionResolution5m }} - - --retention.resolution-1h={{ .Values.compactor.retentionResolution1h }} - - --consistency-delay={{ .Values.compactor.consistencyDelay }} - - --objstore.config-file=/conf/objstore.yml - {{- if .Values.compactor.extraFlags }} - {{- .Values.compactor.extraFlags | toYaml | nindent 12 }} - {{- end }} - - --wait - {{- if .Values.compactor.extraEnv }} - env: - {{- toYaml .Values.compactor.extraEnv | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: 10902 - protocol: TCP - {{- if .Values.compactor.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - initialDelaySeconds: {{ .Values.compactor.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.compactor.livenessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.compactor.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.compactor.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.compactor.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.compactor.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /-/ready - port: http - initialDelaySeconds: {{ .Values.compactor.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.compactor.readinessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.compactor.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.compactor.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.compactor.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.compactor.resources }} - resources: {{- toYaml .Values.compactor.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: objstore-config - mountPath: /conf - - name: data - mountPath: /data - {{- if .Values.compactor.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.compactor.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - volumes: - - name: objstore-config - secret: - secretName: {{ include "thanos.objstoreSecretName" . }} - {{- if .Values.existingObjstoreSecretItems }} - items: {{- toYaml .Values.existingObjstoreSecretItems | nindent 14 }} - {{- end }} - - name: data - {{- if .Values.compactor.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "thanos.compactor.pvcName" . }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.compactor.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.compactor.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/compactor/ingress.yaml b/bitnami/thanos/templates/compactor/ingress.yaml deleted file mode 100644 index af5d147..0000000 --- a/bitnami/thanos/templates/compactor/ingress.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.compactor.ingress.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: thanos-compactor - labels: {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.compactor.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := .Values.compactor.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - {{- if and .Values.compactor.ingress.ingressClassName }} - ingressClassName: {{ .Values.compactor.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.compactor.ingress.hostname }} - - host: {{ .Values.compactor.ingress.hostname }} - http: - paths: - - path: {{ .Values.compactor.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.compactor.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" "thanos-compactor" "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.compactor.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" "thanos-compactor" "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.compactor.ingress.tls .Values.compactor.ingress.extraTls .Values.compactor.ingress.hosts }} - tls: - {{- if or .Values.compactor.ingress.secrets .Values.compactor.ingress.tls }} - - hosts: - - {{ .Values.compactor.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.compactor.ingress.hostname }} - {{- end }} - {{- if .Values.compactor.ingress.extraTls }} - {{- toYaml .Values.compactor.ingress.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/bitnami/thanos/templates/compactor/pvc.yaml b/bitnami/thanos/templates/compactor/pvc.yaml deleted file mode 100644 index 9dbe052..0000000 --- a/bitnami/thanos/templates/compactor/pvc.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.compactor.persistence.enabled (not .Values.compactor.persistence.existingClaim) .Values.compactor.enabled }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }}-compactor - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: compactor - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.compactor.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.compactor.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.compactor.persistence "global" .Values.global) | nindent 2 }} -{{- end }} diff --git a/bitnami/thanos/templates/compactor/service.yaml b/bitnami/thanos/templates/compactor/service.yaml deleted file mode 100644 index 5320765..0000000 --- a/bitnami/thanos/templates/compactor/service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.compactor.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-compactor - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: compactor - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.compactor.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.compactor.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.compactor.service.type }} - {{- if and .Values.compactor.service.clusterIP (eq .Values.compactor.service.type "ClusterIP") }} - clusterIP: {{ .Values.compactor.service.clusterIP }} - {{- end }} - {{- if ne .Values.compactor.service.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.compactor.service.externalTrafficPolicy }} - {{- end }} - {{- if and .Values.compactor.service.loadBalancerIP (eq .Values.compactor.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.compactor.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.compactor.service.type "LoadBalancer") .Values.compactor.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.compactor.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - port: {{ .Values.compactor.service.http.port }} - targetPort: http - protocol: TCP - name: http - {{- if (and (or (eq .Values.compactor.service.type "NodePort") (eq .Values.compactor.service.type "LoadBalancer")) .Values.compactor.service.http.nodePort) }} - {{- else if eq .Values.compactor.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: - {{- if .Values.compactor.service.labelSelectorsOverride }} - {{- include "common.tplvalues.render" (dict "value" .Values.compactor.service.labelSelectorsOverride "context" $) | nindent 4 }} - {{- else }} - {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: compactor - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/compactor/serviceaccount.yaml b/bitnami/thanos/templates/compactor/serviceaccount.yaml deleted file mode 100644 index bf9f124..0000000 --- a/bitnami/thanos/templates/compactor/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.compactor.enabled (not (include "thanos.serviceaccount.use-existing" (dict "component" "compactor" "context" $))) -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "thanos.serviceaccount.name" (dict "component" "compactor" "context" $) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: compactor - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.compactor.serviceAccount.annotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.compactor.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/compactor/servicemonitor.yaml b/bitnami/thanos/templates/compactor/servicemonitor.yaml deleted file mode 100644 index 3e8dcff..0000000 --- a/bitnami/thanos/templates/compactor/servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and .Values.compactor.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-compactor - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: compactor - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: compactor - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/thanos/templates/objstore-secret.yaml b/bitnami/thanos/templates/objstore-secret.yaml deleted file mode 100644 index 17efc43..0000000 --- a/bitnami/thanos/templates/objstore-secret.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if (include "thanos.createObjstoreSecret" .) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-objstore-secret - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -data: - objstore.yml: |- - {{- include "common.tplvalues.render" (dict "value" .Values.objstoreConfig "context" $) | b64enc | nindent 4 }} -{{- if .Values.indexCacheConfig }} - index-cache.yml: |- - {{- include "common.tplvalues.render" (dict "value" .Values.indexCacheConfig "context" $) | b64enc | nindent 4 }} -{{- end }} -{{- if .Values.bucketCacheConfig }} - bucket-cache.yml: |- - {{- include "common.tplvalues.render" (dict "value" .Values.bucketCacheConfig "context" $) | b64enc | nindent 4 }} -{{- end }} -{{ end }} diff --git a/bitnami/thanos/templates/prometheusrule.yaml b/bitnami/thanos/templates/prometheusrule.yaml deleted file mode 100644 index dd086d7..0000000 --- a/bitnami/thanos/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "common.names.fullname" . }} - {{- if .Values.metrics.prometheusRule.namespace }} - namespace: {{ .Values.metrics.prometheusRule.namespace }} - {{- else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 2 }} -{{- end }} diff --git a/bitnami/thanos/templates/query-frontend/configmap.yaml b/bitnami/thanos/templates/query-frontend/configmap.yaml deleted file mode 100644 index aac2c10..0000000 --- a/bitnami/thanos/templates/query-frontend/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if (include "thanos.queryFrontend.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-query-frontend-configmap - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -data: - config.yml: |- - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.config "context" $) | nindent 4 }} -{{ end }} diff --git a/bitnami/thanos/templates/query-frontend/deployment.yaml b/bitnami/thanos/templates/query-frontend/deployment.yaml deleted file mode 100644 index a4085f2..0000000 --- a/bitnami/thanos/templates/query-frontend/deployment.yaml +++ /dev/null @@ -1,139 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if .Values.queryFrontend.enabled }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.queryFrontend.replicaCount }} - strategy: - type: {{ .Values.queryFrontend.strategyType }} - {{- if (eq "Recreate" .Values.queryFrontend.strategyType) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: query-frontend - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.queryFrontend.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if or .Values.queryFrontend.podAnnotations (include "thanos.queryFrontend.createConfigmap" .) }} - annotations: - {{- if (include "thanos.queryFrontend.createConfigmap" .) }} - checksum/query-frontend-configuration: {{ include (print $.Template.BasePath "/query-frontend/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.queryFrontend.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccount: {{ include "thanos.serviceaccount.name" (dict "component" "query-frontend" "context" $) }} - {{- if .Values.queryFrontend.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.queryFrontend.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.queryFrontend.podAffinityPreset "component" "query-frontend" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.queryFrontend.podAntiAffinityPreset "component" "query-frontend" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.queryFrontend.nodeAffinityPreset.type "key" .Values.queryFrontend.nodeAffinityPreset.key "values" .Values.queryFrontend.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.queryFrontend.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.queryFrontend.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.queryFrontend.priorityClassName }} - priorityClassName: {{ .Values.queryFrontend.priorityClassName | quote }} - {{- end }} - {{- if .Values.queryFrontend.podSecurityContext.enabled }} - securityContext: {{- omit .Values.queryFrontend.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - {{- if .Values.queryFrontend.extraContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraContainers "context" $) | nindent 8 }} - {{- end }} - - name: query-frontend - image: {{ include "thanos.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.queryFrontend.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.queryFrontend.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - - query-frontend - - --log.level={{ .Values.queryFrontend.logLevel }} - - --log.format={{ .Values.queryFrontend.logFormat }} - - --http-address=0.0.0.0:10902 - - --query-frontend.downstream-url=http://{{ include "common.names.fullname" . }}-query:{{ $query.service.http.port }} - {{- if or .Values.queryFrontend.config .Values.queryFrontend.existingConfigmap }} - - --query-range.response-cache-config-file=/conf/cache/config.yml - {{- end }} - {{- if .Values.queryFrontend.extraFlags }} - {{- .Values.queryFrontend.extraFlags | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.queryFrontend.extraEnv }} - env: - {{- toYaml .Values.queryFrontend.extraEnv | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: 10902 - protocol: TCP - {{- if .Values.queryFrontend.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - initialDelaySeconds: {{ .Values.queryFrontend.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.queryFrontend.livenessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.queryFrontend.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.queryFrontend.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.queryFrontend.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.queryFrontend.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /-/ready - port: http - initialDelaySeconds: {{ .Values.queryFrontend.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.queryFrontend.readinessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.queryFrontend.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.queryFrontend.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.queryFrontend.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.queryFrontend.resources }} - resources: {{- toYaml .Values.queryFrontend.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if or .Values.queryFrontend.config .Values.queryFrontend.existingConfigmap }} - - name: cache-config - mountPath: /conf/cache - {{- end }} - {{- if .Values.queryFrontend.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - volumes: - {{- if or .Values.queryFrontend.config .Values.queryFrontend.existingConfigmap }} - - name: cache-config - configMap: - name: {{ include "thanos.queryFrontend.configmapName" . }} - {{- end }} - {{- if .Values.queryFrontend.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query-frontend/hpa.yaml b/bitnami/thanos/templates/query-frontend/hpa.yaml deleted file mode 100644 index 31452c3..0000000 --- a/bitnami/thanos/templates/query-frontend/hpa.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ include "common.names.fullname" . }}-query-frontend - minReplicas: {{ .Values.queryFrontend.autoscaling.minReplicas }} - maxReplicas: {{ .Values.queryFrontend.autoscaling.maxReplicas }} - metrics: - {{- if .Values.queryFrontend.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.queryFrontend.autoscaling.targetMemory }} - {{- end }} - {{- if .Values.queryFrontend.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.queryFrontend.autoscaling.targetCPU }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query-frontend/ingress.yaml b/bitnami/thanos/templates/query-frontend/ingress.yaml deleted file mode 100644 index ee056bd..0000000 --- a/bitnami/thanos/templates/query-frontend/ingress.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.queryFrontend.ingress.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.queryFrontend.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := .Values.queryFrontend.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - {{- if and .Values.queryFrontend.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.queryFrontend.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.queryFrontend.ingress.hostname }} - - host: {{ .Values.queryFrontend.ingress.hostname }} - http: - paths: - - path: {{ .Values.queryFrontend.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.queryFrontend.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "query-frontend") "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.queryFrontend.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "query-frontend") "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.queryFrontend.ingress.tls .Values.queryFrontend.ingress.extraTls .Values.queryFrontend.ingress.hosts }} - tls: - {{- if or .Values.queryFrontend.ingress.secrets .Values.queryFrontend.ingress.tls }} - - hosts: - - {{ .Values.queryFrontend.ingress.hostname }} - secretName: {{ printf "%s-query-frontend" (include "common.names.fullname" .) }} - {{- end }} - {{- if .Values.queryFrontend.ingress.extraTls }} - {{- toYaml .Values.queryFrontend.ingress.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query-frontend/pdb.yaml b/bitnami/thanos/templates/query-frontend/pdb.yaml deleted file mode 100644 index 9c4b83d..0000000 --- a/bitnami/thanos/templates/query-frontend/pdb.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.queryFrontend.pdb.minAvailable }} - minAvailable: {{ .Values.queryFrontend.pdb.minAvailable }} - {{- end }} - {{- if .Values.queryFrontend.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.queryFrontend.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: query-frontend -{{- end }} diff --git a/bitnami/thanos/templates/query-frontend/psp-clusterrole.yaml b/bitnami/thanos/templates/query-frontend/psp-clusterrole.yaml deleted file mode 100644 index 5d384f4..0000000 --- a/bitnami/thanos/templates/query-frontend/psp-clusterrole.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.pspEnabled .Values.queryFrontend.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ include "common.names.fullname" . }}-query-frontend -{{- end -}} diff --git a/bitnami/thanos/templates/query-frontend/psp-clusterrolebinding.yaml b/bitnami/thanos/templates/query-frontend/psp-clusterrolebinding.yaml deleted file mode 100644 index 620925e..0000000 --- a/bitnami/thanos/templates/query-frontend/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.pspEnabled .Values.queryFrontend.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: ClusterRole - name: {{ include "common.names.fullname" . }}-query-frontend - apiGroup: rbac.authorization.k8s.io -subjects: -# Authorize specific service accounts: -- kind: ServiceAccount - name: {{ include "thanos.serviceaccount.name" (dict "component" "query-frontend" "context" $) }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/bitnami/thanos/templates/query-frontend/psp.yaml b/bitnami/thanos/templates/query-frontend/psp.yaml deleted file mode 100644 index ed900d9..0000000 --- a/bitnami/thanos/templates/query-frontend/psp.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.queryFrontend.enabled .Values.queryFrontend.pspEnabled .Values.queryFrontend.rbac.create -}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - fsGroup: - rule: RunAsAny - runAsUser: - ranges: - - max: 1001 - min: 1001 - rule: MustRunAs - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret -{{- end -}} diff --git a/bitnami/thanos/templates/query-frontend/service.yaml b/bitnami/thanos/templates/query-frontend/service.yaml deleted file mode 100644 index 9273107..0000000 --- a/bitnami/thanos/templates/query-frontend/service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.queryFrontend.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.queryFrontend.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.queryFrontend.service.type }} - {{- if and .Values.queryFrontend.service.clusterIP (eq .Values.queryFrontend.service.type "ClusterIP") }} - clusterIP: {{ .Values.queryFrontend.service.clusterIP }} - {{- end }} - {{- if ne .Values.queryFrontend.service.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.queryFrontend.service.externalTrafficPolicy }} - {{- end }} - {{- if and .Values.queryFrontend.service.loadBalancerIP (eq .Values.queryFrontend.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.queryFrontend.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.queryFrontend.service.type "LoadBalancer") .Values.queryFrontend.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.queryFrontend.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - port: {{ .Values.queryFrontend.service.http.port }} - targetPort: {{ .Values.queryFrontend.service.targetPort | default "http" }} - protocol: TCP - name: http - {{- if (and (or (eq .Values.queryFrontend.service.type "NodePort") (eq .Values.queryFrontend.service.type "LoadBalancer")) .Values.queryFrontend.service.http.nodePort) }} - nodePort: {{ .Values.queryFrontend.service.http.nodePort }} - {{- else if eq .Values.queryFrontend.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: - {{- if .Values.queryFrontend.service.labelSelectorsOverride }} - {{- include "common.tplvalues.render" (dict "value" .Values.queryFrontend.service.labelSelectorsOverride "context" $) | nindent 4 }} - {{- else }} - {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query-frontend/serviceaccount.yaml b/bitnami/thanos/templates/query-frontend/serviceaccount.yaml deleted file mode 100644 index 65b8482..0000000 --- a/bitnami/thanos/templates/query-frontend/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.queryFrontend.enabled (not (include "thanos.serviceaccount.use-existing" (dict "component" "query-frontend" "context" $))) -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "thanos.serviceaccount.name" (dict "component" "query-frontend" "context" $) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.queryFrontend.serviceAccount.annotations }} - annotations: - {{ include "common.tplvalues.render" ( dict "value" .Values.queryFrontend.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query-frontend/servicemonitor.yaml b/bitnami/thanos/templates/query-frontend/servicemonitor.yaml deleted file mode 100644 index 5a192d6..0000000 --- a/bitnami/thanos/templates/query-frontend/servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and .Values.queryFrontend.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-query-frontend - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: query-frontend - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/thanos/templates/query-frontend/tls-secrets.yaml b/bitnami/thanos/templates/query-frontend/tls-secrets.yaml deleted file mode 100644 index 040f5ea..0000000 --- a/bitnami/thanos/templates/query-frontend/tls-secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.queryFrontend.ingress.enabled }} -{{- range .Values.queryFrontend.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" $ }}-query-frontend - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: query-frontend - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query/deployment.yaml b/bitnami/thanos/templates/query/deployment.yaml deleted file mode 100644 index 702cc65..0000000 --- a/bitnami/thanos/templates/query/deployment.yaml +++ /dev/null @@ -1,241 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if $query.enabled }} - -{{- $shards := int 0 }} - -{{- if .Values.storegateway.sharded.hashPartitioning.shards }} - {{- $shards = int .Values.storegateway.sharded.hashPartitioning.shards }} -{{- else }} - {{- $shards = len .Values.storegateway.sharded.timePartitioning }} -{{- end }} - -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }}-query - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ $query.replicaCount }} - strategy: - type: {{ $query.strategyType }} - {{- if (eq "Recreate" $query.strategyType) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: query - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $query.podLabels }} - {{- include "common.tplvalues.render" (dict "value" $query.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if or (include "thanos.query.createSDConfigmap" .) $query.existingSDConfigmap $query.podAnnotations }} - annotations: - {{- if or (include "thanos.query.createSDConfigmap" .) $query.existingSDConfigmap }} - checksum/ruler-configuration: {{ include (print $.Template.BasePath "/query/sd-configmap.yaml") . | sha256sum }} - {{- end }} - {{- if $query.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" $query.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- end }} - spec: - {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccount: {{ include "thanos.serviceaccount.name" (dict "component" "query" "context" $) }} - {{- if $query.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" $query.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if $query.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" $query.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" $query.podAffinityPreset "component" "query" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $query.podAntiAffinityPreset "component" "query" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $query.nodeAffinityPreset.type "key" $query.nodeAffinityPreset.key "values" $query.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if $query.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" $query.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if $query.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" $query.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if $query.priorityClassName }} - priorityClassName: {{ $query.priorityClassName | quote }} - {{- end }} - {{- if $query.podSecurityContext.enabled }} - securityContext: {{- omit $query.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - {{- if $query.extraContainers }} - {{- include "common.tplvalues.render" (dict "value" $query.extraContainers "context" $) | nindent 8 }} - {{- end }} - - name: query - image: {{ include "thanos.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if $query.containerSecurityContext.enabled }} - securityContext: {{- omit $query.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - - query - - --log.level={{ $query.logLevel }} - - --log.format={{ $query.logFormat }} - - --grpc-address=0.0.0.0:10901 - - --http-address=0.0.0.0:10902 - {{- if kindIs "string" $query.replicaLabel }} - - --query.replica-label={{ $query.replicaLabel }} - {{- else }} - {{- range $query.replicaLabel }} - - --query.replica-label={{ . }} - {{- end }} - {{- end }} - {{- if or (include "thanos.query.createSDConfigmap" .) $query.existingSDConfigmap }} - - --store.sd-files=/conf/servicediscovery.yml - {{- end }} - {{- if and $query.dnsDiscovery.enabled $query.dnsDiscovery.sidecarsService $query.dnsDiscovery.sidecarsNamespace }} - - --store=dnssrv+_grpc._tcp.{{- include "common.tplvalues.render" ( dict "value" $query.dnsDiscovery.sidecarsService "context" $) -}}.{{- include "common.tplvalues.render" ( dict "value" $query.dnsDiscovery.sidecarsNamespace "context" $) -}}.svc.{{ .Values.clusterDomain }} - {{- end }} - {{- if and .Values.storegateway.enabled .Values.storegateway.sharded.enabled }} - {{- range $index, $_ := until $shards }} - - --store=dnssrv+_grpc._tcp.{{ include "common.names.fullname" $ }}-storegateway-{{ toString $index }}.{{ $.Release.Namespace }}.svc.{{ $.Values.clusterDomain }} - {{- end }} - {{- end }} - {{- if and .Values.storegateway.enabled $query.dnsDiscovery.enabled (not .Values.storegateway.sharded.enabled )}} - - --store=dnssrv+_grpc._tcp.{{ include "common.names.fullname" . }}-storegateway{{ if .Values.storegateway.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - {{- end }} - {{- if and .Values.ruler.enabled $query.dnsDiscovery.enabled }} - - --store=dnssrv+_grpc._tcp.{{ include "common.names.fullname" . }}-ruler{{ if .Values.ruler.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - {{- end }} - {{- if and .Values.receive.enabled $query.dnsDiscovery.enabled }} - - --store=dnssrv+_grpc._tcp.{{ include "common.names.fullname" . }}-receive{{ if .Values.receive.service.additionalHeadless }}-headless{{ end }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - {{- end }} - {{- range $query.stores }} - - --store={{ . }} - {{- end }} - {{- if $query.grpcTLS.server.autoGenerated }} - - --grpc-server-tls-cert=/tls/server/tls.crt - - --grpc-server-tls-key=/tls/server/tls.key - - --grpc-server-tls-client-ca=/tls/server/ca.crt - {{- else }} - {{- if or $query.grpcTLS.server.secure $query.grpcTLS.server.existingSecret}} - - --grpc-server-tls-cert=/tls/server/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpcTLS.server.existingSecret "key" "tls-cert") }} - - --grpc-server-tls-key=/tls/server/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpcTLS.server.existingSecret "key" "tls-key") }} - {{- if or $query.grpcTLS.server.ca $query.grpcTLS.server.existingSecret }} - - --grpc-server-tls-client-ca=/tls/server/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpcTLS.server.existingSecret "key" "ca-cert") }} - {{- end }} - {{- end }} - {{- end }} - {{- if $query.grpcTLS.client.autoGenerated }} - - --grpc-client-tls-secure - - --grpc-client-tls-cert=/tls/client/tls.crt - - --grpc-client-tls-key=/tls/client/tls.key - - --grpc-client-tls-ca=/tls/client/ca.crt - {{- else }} - {{- if or $query.grpcTLS.client.secure $query.grpcTLS.client.existingSecret }} - - --grpc-client-tls-secure - {{- if or $query.grpcTLS.client.cert $query.grpcTLS.client.existingSecret }} - - --grpc-client-tls-cert=/tls/client/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpcTLS.client.existingSecret "key" "tls-cert") }} - {{- end }} - {{- if or $query.grpcTLS.client.key $query.grpcTLS.client.existingSecret }} - - --grpc-client-tls-key=/tls/client/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpcTLS.client.existingSecret "key" "tls-key") }} - {{- end }} - {{- if or $query.grpcTLS.client.ca $query.grpcTLS.client.existingSecret }} - - --grpc-client-tls-ca=/tls/client/{{ include "common.secrets.key" (dict "existingSecret" .Values.query.grpcTLS.client.existingSecret "key" "ca-cert") }} - {{- end }} - {{- end }} - {{- end }} - {{- if $query.grpcTLS.client.servername }} - - --grpc-client-server-name={{$query.grpcTLS.client.servername}} - {{- end }} - {{- if $query.extraFlags }} - {{- $query.extraFlags | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.query.extraEnv }} - env: - {{- toYaml .Values.query.extraEnv | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: 10902 - protocol: TCP - - name: grpc - containerPort: 10901 - protocol: TCP - {{- if $query.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - initialDelaySeconds: {{ $query.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ $query.livenessProbe.timeoutSeconds }} - periodSeconds: {{ $query.livenessProbe.periodSeconds }} - successThreshold: {{ $query.livenessProbe.successThreshold }} - failureThreshold: {{ $query.livenessProbe.failureThreshold }} - {{- end }} - {{- if $query.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /-/ready - port: http - initialDelaySeconds: {{ $query.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ $query.readinessProbe.timeoutSeconds }} - periodSeconds: {{ $query.readinessProbe.periodSeconds }} - successThreshold: {{ $query.readinessProbe.successThreshold }} - failureThreshold: {{ $query.readinessProbe.failureThreshold }} - {{- end }} - {{- if $query.resources }} - resources: {{- toYaml $query.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if or (include "thanos.query.createSDConfigmap" .) $query.existingSDConfigmap }} - - name: sd-config - mountPath: /conf/servicediscovery.yml - subPath: servicediscovery.yml - {{- end }} - {{- if $query.grpcTLS.server.secure }} - - name: tls-server - mountPath: /tls/server - {{- end }} - {{- if $query.grpcTLS.client.secure }} - - name: tls-client - mountPath: /tls/client - {{- end }} - {{- if .Values.query.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.query.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - volumes: - {{- if or (include "thanos.query.createSDConfigmap" .) $query.existingSDConfigmap }} - - name: sd-config - configMap: - name: {{ include "thanos.query.SDConfigmapName" . }} - {{- end }} - {{- if or $query.grpcTLS.server.secure $query.grpcTLS.server.existingSecret $query.grpcTLS.server.autoGenerated }} - - name: tls-server - secret: - {{- if $query.grpcTLS.server.autoGenerated }} - secretName: {{ printf "%s-crt" (include "common.names.fullname" .) }} - {{- else }} - secretName: {{ include "common.secrets.name" (dict "existingSecret" .Values.query.grpcTLS.server.existingSecret "defaultNameSuffix" "query-tls-server" "context" $) }} - {{- end }} - {{- end }} - {{- if or $query.grpcTLS.client.secure $query.grpcTLS.client.existingSecret $query.grpcTLS.client.autoGenerated }} - - name: tls-client - secret: - {{- if $query.grpcTLS.client.autoGenerated }} - secretName: {{ printf "%s-crt" (include "common.names.fullname" .) }} - {{- else }} - secretName: {{ include "common.secrets.name" (dict "existingSecret" .Values.query.grpcTLS.client.existingSecret "defaultNameSuffix" "query-tls-client" "context" $) }} - {{- end }} - {{- end }} - {{- if .Values.query.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.query.extraVolumes "context" $) | nindent 8 }} - {{- end }} - -{{- end }} diff --git a/bitnami/thanos/templates/query/hpa.yaml b/bitnami/thanos/templates/query/hpa.yaml deleted file mode 100644 index aacbfc8..0000000 --- a/bitnami/thanos/templates/query/hpa.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.enabled $query.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "common.names.fullname" . }}-query - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ include "common.names.fullname" . }}-query - minReplicas: {{ $query.autoscaling.minReplicas }} - maxReplicas: {{ $query.autoscaling.maxReplicas }} - metrics: - {{- if $query.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ $query.autoscaling.targetMemory }} - {{- end }} - {{- if $query.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $query.autoscaling.targetCPU }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query/ingress-grpc.yaml b/bitnami/thanos/templates/query/ingress-grpc.yaml deleted file mode 100644 index fa619be..0000000 --- a/bitnami/thanos/templates/query/ingress-grpc.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if $query.ingress.grpc.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }}-grpc - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if $query.ingress.grpc.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := $query.ingress.grpc.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- if $query.ingress.grpc.hostname }} - - host: {{ $query.ingress.grpc.hostname }} - http: - paths: - - path: {{ $query.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ $query.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "query") "servicePort" "grpc" "context" $) | nindent 14 }} - {{- end }} - {{- range $query.ingress.grpc.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "query") "servicePort" "grpc" "context" $) | nindent 14 }} - {{- end }} - {{- if or $query.ingress.grpc.tls $query.ingress.grpc.extraTls $query.ingress.grpc.hosts }} - tls: - {{- if $query.ingress.grpc.tls }} - - hosts: - - {{ $query.ingress.grpc.hostname }} - secretName: {{ printf "%s-tls" $query.ingress.grpc.hostname }} - {{- end }} - {{- if $query.ingress.grpc.extraTls }} - {{- toYaml $query.ingress.grpc.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query/ingress.yaml b/bitnami/thanos/templates/query/ingress.yaml deleted file mode 100644 index c531dea..0000000 --- a/bitnami/thanos/templates/query/ingress.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if $query.ingress.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }}-query - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if $query.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := $query.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - {{- if and $query.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ $query.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if $query.ingress.hostname }} - - host: {{ $query.ingress.hostname }} - http: - paths: - - path: {{ $query.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ $query.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "query") "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range $query.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "query") "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or $query.ingress.tls $query.ingress.extraTls $query.ingress.hosts }} - tls: - {{- if or $query.ingress.secrets $query.ingress.tls }} - - hosts: - - {{ $query.ingress.hostname }} - secretName: {{ printf "%s-tls" $query.ingress.hostname }} - {{- end }} - {{- if $query.ingress.extraTls }} - {{- toYaml $query.ingress.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query/pdb.yaml b/bitnami/thanos/templates/query/pdb.yaml deleted file mode 100644 index ac6b432..0000000 --- a/bitnami/thanos/templates/query/pdb.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.enabled $query.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }}-query - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if $query.pdb.minAvailable }} - minAvailable: {{ $query.pdb.minAvailable }} - {{- end }} - {{- if $query.pdb.maxUnavailable }} - maxUnavailable: {{ $query.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: query -{{- end }} diff --git a/bitnami/thanos/templates/query/psp-clusterrole.yaml b/bitnami/thanos/templates/query/psp-clusterrole.yaml deleted file mode 100644 index 5d2428e..0000000 --- a/bitnami/thanos/templates/query/psp-clusterrole.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.enabled $query.pspEnabled $query.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - name: {{ include "common.names.fullname" . }}-query - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ include "common.names.fullname" . }}-query -{{- end -}} diff --git a/bitnami/thanos/templates/query/psp-clusterrolebinding.yaml b/bitnami/thanos/templates/query/psp-clusterrolebinding.yaml deleted file mode 100644 index 569c58a..0000000 --- a/bitnami/thanos/templates/query/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.enabled $query.pspEnabled $query.rbac.create -}} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRoleBinding -metadata: - name: {{ include "common.names.fullname" . }}-query - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - kind: ClusterRole - name: {{ include "common.names.fullname" . }}-query - apiGroup: rbac.authorization.k8s.io -subjects: -# Authorize specific service accounts: -- kind: ServiceAccount - name: {{ include "thanos.serviceaccount.name" (dict "component" "query" "context" $) }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/bitnami/thanos/templates/query/psp.yaml b/bitnami/thanos/templates/query/psp.yaml deleted file mode 100644 index 807b022..0000000 --- a/bitnami/thanos/templates/query/psp.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.enabled $query.pspEnabled $query.rbac.create -}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ include "common.names.fullname" . }}-query - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - fsGroup: - rule: RunAsAny - runAsUser: - ranges: - - max: 1001 - min: 1001 - rule: MustRunAs - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret -{{- end -}} diff --git a/bitnami/thanos/templates/query/sd-configmap.yaml b/bitnami/thanos/templates/query/sd-configmap.yaml deleted file mode 100644 index 5329e21..0000000 --- a/bitnami/thanos/templates/query/sd-configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if (include "thanos.query.createSDConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-query-sd-configmap - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -data: - servicediscovery.yml: |- - {{- include "common.tplvalues.render" (dict "value" $query.sdConfig "context" $) | nindent 4 }} -{{ end }} diff --git a/bitnami/thanos/templates/query/service.yaml b/bitnami/thanos/templates/query/service.yaml deleted file mode 100644 index f615c56..0000000 --- a/bitnami/thanos/templates/query/service.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if $query.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-query - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $query.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" $query.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $query.service.type }} - {{- if and $query.service.clusterIP (eq $query.service.type "ClusterIP") }} - clusterIP: {{ $query.service.clusterIP }} - {{- end }} - {{- if ne $query.service.type "ClusterIP" }} - externalTrafficPolicy: {{ $query.service.externalTrafficPolicy }} - {{- end }} - {{- if and $query.service.loadBalancerIP (eq $query.service.type "LoadBalancer") }} - loadBalancerIP: {{ $query.service.loadBalancerIP }} - {{- end }} - {{- if and (eq $query.service.type "LoadBalancer") $query.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml $query.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - port: {{ $query.service.http.port }} - targetPort: {{ $query.service.targetPort | default "http" }} - protocol: TCP - name: http - {{- if (and (or (eq $query.service.type "NodePort") (eq $query.service.type "LoadBalancer")) $query.service.http.nodePort) }} - nodePort: {{ $query.service.http.nodePort }} - {{- else if eq $query.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - port: {{ $query.service.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - {{- if (and (or (eq $query.service.type "NodePort") (eq $query.service.type "LoadBalancer")) $query.service.grpc.nodePort) }} - nodePort: {{ $query.service.grpc.nodePort }} - {{- else if eq $query.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: - {{- if $query.service.labelSelectorsOverride }} - {{- include "common.tplvalues.render" (dict "value" $query.service.labelSelectorsOverride "context" $) | nindent 4 }} - {{- else }} - {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: query - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query/serviceaccount.yaml b/bitnami/thanos/templates/query/serviceaccount.yaml deleted file mode 100644 index a89358b..0000000 --- a/bitnami/thanos/templates/query/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.enabled (not (include "thanos.serviceaccount.use-existing" (dict "component" "query" "context" $))) -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "thanos.serviceaccount.name" (dict "component" "query" "context" $) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $query.serviceAccount.annotations }} - annotations: - {{ include "common.tplvalues.render" ( dict "value" $query.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query/servicemonitor.yaml b/bitnami/thanos/templates/query/servicemonitor.yaml deleted file mode 100644 index 39cba7e..0000000 --- a/bitnami/thanos/templates/query/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and $query.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-query - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: query - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/thanos/templates/query/tls-client-secret.yaml b/bitnami/thanos/templates/query/tls-client-secret.yaml deleted file mode 100644 index 73839e0..0000000 --- a/bitnami/thanos/templates/query/tls-client-secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and ($query.grpcTLS.client.secure) (not $query.grpcTLS.client.existingSecret) (not $query.grpcTLS.client.autoGenerated) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.query.grpcTLS.server.existingSecret "defaultNameSuffix" "query-tls-client" "context" $) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: -{{- if $query.grpcTLS.client.cert }} - tls-cert: {{ $query.grpcTLS.client.cert | b64enc | quote }} -{{- end }} -{{- if $query.grpcTLS.client.key }} - tls-key: {{ $query.grpcTLS.client.key | b64enc | quote }} -{{- end }} -{{- if $query.grpcTLS.client.ca }} - ca-cert : {{ $query.grpcTLS.client.ca | b64enc | quote }} -{{- end }} -{{ end }} diff --git a/bitnami/thanos/templates/query/tls-secrets.yaml b/bitnami/thanos/templates/query/tls-secrets.yaml deleted file mode 100644 index d51afa0..0000000 --- a/bitnami/thanos/templates/query/tls-secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if $query.ingress.enabled }} -{{- range $query.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" $ }}-query - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/query/tls-server-secret.yaml b/bitnami/thanos/templates/query/tls-server-secret.yaml deleted file mode 100644 index cdf2622..0000000 --- a/bitnami/thanos/templates/query/tls-server-secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if and ($query.grpcTLS.server.secure) (not $query.grpcTLS.server.existingSecret) (not $query.grpcTLS.server.autoGenerated) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.query.grpcTLS.server.existingSecret "defaultNameSuffix" "query-tls-server" "context" $) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: query - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - tls-cert: {{ $query.grpcTLS.server.cert | b64enc | quote }} - tls-key: {{ $query.grpcTLS.server.key | b64enc | quote }} -{{- if $query.grpcTLS.server.ca }} - ca-cert : {{ $query.grpcTLS.server.ca | b64enc | quote }} -{{- end }} -{{ end }} diff --git a/bitnami/thanos/templates/receive/configmap.yaml b/bitnami/thanos/templates/receive/configmap.yaml deleted file mode 100644 index 01a8899..0000000 --- a/bitnami/thanos/templates/receive/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if (include "thanos.receive.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-receive - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: receive - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -data: - hashrings.json: |- - {{- include "common.tplvalues.render" (dict "value" (include "thanos.receive.config" .) "context" .) | nindent 4 }} -{{ end }} diff --git a/bitnami/thanos/templates/receive/distributor.yaml b/bitnami/thanos/templates/receive/distributor.yaml deleted file mode 100644 index 115c89c..0000000 --- a/bitnami/thanos/templates/receive/distributor.yaml +++ /dev/null @@ -1,153 +0,0 @@ -{{- if and .Values.receive.enabled ( eq .Values.receive.mode "dual-mode" )}} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ include "common.names.fullname" . }}-receive-distributor - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: receive-distributor - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.receive.distributor.replicaCount }} - strategy: - type: {{ .Values.receive.distributor.strategyType }} - {{- if (eq "Recreate" .Values.receive.distributor.strategyType) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: receive-distributor - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: receive-distributor - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.receive.distributor.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.receive.distributor.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - checksum/objstore-configuration: {{ include (print $.Template.BasePath "/objstore-secret.yaml") . | sha256sum }} - {{- if (include "thanos.receive.createConfigmap" .) }} - checksum/receive-configuration: {{ include (print $.Template.BasePath "/receive/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.receive.distributor.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.receive.distributor.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccount: {{ include "thanos.serviceaccount.name" (dict "component" "receive" "context" $) }} - {{- if .Values.receive.distributor.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.receive.distributor.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.receive.distributor.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.receive.distributor.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.receive.podAffinityPreset "component" "receive" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.receive.podAntiAffinityPreset "component" "receive" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.receive.nodeAffinityPreset.type "key" .Values.receive.nodeAffinityPreset.key "values" .Values.receive.distributor.values) | nindent 10 }} - {{- end }} - {{- if .Values.receive.distributor.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.receive.distributor.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.receive.distributor.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.receive.distributor.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.receive.priorityClassName }} - priorityClassName: {{ .Values.receive.priorityClassName | quote }} - {{- end }} - {{- if .Values.receive.podSecurityContext.enabled }} - securityContext: {{- omit .Values.receive.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - {{- if .Values.receive.distributor.extraContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.receive.distributor.extraContainers "context" $) | nindent 8 }} - {{- end }} - - name: receive - image: {{ include "thanos.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.receive.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.receive.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - - receive - - --log.level={{ .Values.receive.logLevel }} - - --log.format={{ .Values.receive.logFormat }} - - --grpc-address=0.0.0.0:{{ .Values.receive.service.grpc.port }} - - --http-address=0.0.0.0:{{ .Values.receive.service.http.port }} - - --remote-write.address=0.0.0.0:{{ .Values.receive.service.remoteWrite.port }} - - --label={{ .Values.receive.replicaLabel }}="$(NAME)" - - --label=receive="true" - - --receive.hashrings-file=/var/lib/thanos-receive/hashrings.json - {{- if .Values.receive.distributor.extraFlags }} - {{- .Values.receive.distributor.extraFlags | toYaml | nindent 12 }} - {{- end }} - env: - - name: NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OBJSTORE_CONFIG - valueFrom: - secretKeyRef: - key: objstore.yml - name: {{ include "thanos.objstoreSecretName" . }} - {{- if .Values.receive.distributor.extraEnv }} - {{- toYaml .Values.receive.distributor.extraEnv | nindent 12 }} - {{- end }} - ports: - - containerPort: {{ .Values.receive.service.grpc.port }} - name: grpc - protocol: TCP - - containerPort: {{ .Values.receive.service.http.port }} - name: http - protocol: TCP - - containerPort: {{ .Values.receive.service.remoteWrite.port }} - name: remote-write - protocol: TCP - {{- if .Values.receive.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - initialDelaySeconds: {{ .Values.receive.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.receive.livenessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.receive.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.receive.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.receive.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.receive.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /-/ready - port: http - initialDelaySeconds: {{ .Values.receive.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.receive.readinessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.receive.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.receive.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.receive.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.receive.distributor.resources }} - resources: {{- toYaml .Values.receive.distributor.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: hashring-config - mountPath: /var/lib/thanos-receive - {{- if .Values.receive.distributor.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.receive.distributor.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - volumes: - - name: hashring-config - configMap: - name: {{ include "common.names.fullname" . }}-receive - {{- if .Values.receive.distributor.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.receive.distributor.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/receive/hpa.yaml b/bitnami/thanos/templates/receive/hpa.yaml deleted file mode 100644 index 074071b..0000000 --- a/bitnami/thanos/templates/receive/hpa.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if and .Values.receive.enabled .Values.receive.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "common.names.fullname" . }}-receive - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: receive - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} - kind: StatefulSet - name: {{ include "common.names.fullname" . }}-receive - minReplicas: {{ .Values.receive.autoscaling.minReplicas }} - maxReplicas: {{ .Values.receive.autoscaling.maxReplicas }} - metrics: - {{- if .Values.receive.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.receive.autoscaling.targetMemory }} - {{- end }} - {{- if .Values.receive.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.receive.autoscaling.targetCPU }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/receive/ingress.yaml b/bitnami/thanos/templates/receive/ingress.yaml deleted file mode 100644 index dced476..0000000 --- a/bitnami/thanos/templates/receive/ingress.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if and .Values.receive.enabled .Values.receive.ingress.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }}-receive - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: receive - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.receive.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := .Values.receive.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - {{- if and .Values.receive.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.receive.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.receive.ingress.hostname }} - - host: {{ .Values.receive.ingress.hostname }} - http: - paths: - - path: /api/v1/receive - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.receive.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "receive") "servicePort" "remote-write" "context" $) | nindent 14 }} - - - path: {{ .Values.receive.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.receive.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "receive") "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.receive.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "receive") "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.receive.ingress.tls .Values.receive.ingress.extraTls .Values.receive.ingress.hosts }} - tls: - {{- if or .Values.receive.ingress.secrets .Values.receive.ingress.tls }} - - hosts: - - {{ .Values.receive.ingress.hostname }} - {{- range .Values.receive.ingress.extraHosts }} - - {{ .name | quote }} - {{- end }} - secretName: {{ printf "%s-tls" .Values.receive.ingress.hostname }} - {{- end }} - {{- if .Values.receive.ingress.extraTls }} - {{- toYaml .Values.receive.ingress.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/receive/pdb.yaml b/bitnami/thanos/templates/receive/pdb.yaml deleted file mode 100644 index 9669422..0000000 --- a/bitnami/thanos/templates/receive/pdb.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.receive.enabled .Values.receive.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }}-receive - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: receive - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.receive.pdb.minAvailable }} - minAvailable: {{ .Values.receive.pdb.minAvailable }} - {{- end }} - {{- if .Values.receive.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.receive.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: receive -{{- end }} diff --git a/bitnami/thanos/templates/receive/service-headless.yaml b/bitnami/thanos/templates/receive/service-headless.yaml deleted file mode 100644 index d631929..0000000 --- a/bitnami/thanos/templates/receive/service-headless.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (.Values.receive.enabled) (.Values.receive.service.additionalHeadless) -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-receive-headless - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: receive - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.receive.service.http.port }} - targetPort: http - protocol: TCP - name: http - - port: {{ .Values.receive.service.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: receive -{{- end }} diff --git a/bitnami/thanos/templates/receive/service.yaml b/bitnami/thanos/templates/receive/service.yaml deleted file mode 100644 index c935ad5..0000000 --- a/bitnami/thanos/templates/receive/service.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if .Values.receive.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-receive - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: receive - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.receive.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.receive.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.receive.service.type }} - {{- if and .Values.receive.service.clusterIP (eq .Values.receive.service.type "ClusterIP") }} - clusterIP: {{ .Values.receive.service.clusterIP }} - {{- end }} - {{- if ne .Values.receive.service.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.receive.service.externalTrafficPolicy }} - {{- end }} - {{- if and .Values.receive.service.loadBalancerIP (eq .Values.receive.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.receive.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.receive.service.type "LoadBalancer") .Values.receive.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.receive.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - port: {{ .Values.receive.service.http.port }} - targetPort: {{ .Values.receive.service.targetPort | default "http" }} - protocol: TCP - name: http - {{- if (and (or (eq .Values.receive.service.type "NodePort") (eq .Values.receive.service.type "LoadBalancer")) .Values.receive.service.http.nodePort) }} - nodePort: {{ .Values.receive.service.http.nodePort }} - {{- else if eq .Values.receive.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - port: {{ .Values.receive.service.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - {{- if (and (or (eq .Values.receive.service.type "NodePort") (eq .Values.receive.service.type "LoadBalancer")) .Values.receive.service.grpc.nodePort) }} - nodePort: {{ .Values.receive.service.grpc.nodePort }} - {{- else if eq .Values.receive.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - port: {{ .Values.receive.service.remoteWrite.port }} - targetPort: remote-write - protocol: TCP - name: remote-write - {{- if (and (or (eq .Values.receive.service.type "NodePort") (eq .Values.receive.service.type "LoadBalancer")) .Values.receive.service.remoteWrite.nodePort) }} - nodePort: {{ .Values.receive.service.remoteWrite.nodePort }} - {{- else if eq .Values.receive.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: - {{- if .Values.receive.service.labelSelectorsOverride }} - {{- include "common.tplvalues.render" (dict "value" .Values.receive.service.labelSelectorsOverride "context" $) | nindent 4 }} - {{- else }} - {{- include "common.labels.matchLabels" . | nindent 4 }} - {{- if eq .Values.receive.mode "dual-mode"}} - app.kubernetes.io/component: receive-distributor - {{ else }} - app.kubernetes.io/component: receive - {{ end }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/receive/serviceaccount.yaml b/bitnami/thanos/templates/receive/serviceaccount.yaml deleted file mode 100644 index 98f88c9..0000000 --- a/bitnami/thanos/templates/receive/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.receive.enabled (not (include "thanos.serviceaccount.use-existing" (dict "component" "receive" "context" $))) -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "thanos.serviceaccount.name" (dict "component" "receive" "context" $) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: receive - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.receive.serviceAccount.annotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.receive.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/receive/servicemonitor.yaml b/bitnami/thanos/templates/receive/servicemonitor.yaml deleted file mode 100644 index 5664c25..0000000 --- a/bitnami/thanos/templates/receive/servicemonitor.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and .Values.receive.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-receive - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: receive - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: receive - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/thanos/templates/receive/statefulset.yaml b/bitnami/thanos/templates/receive/statefulset.yaml deleted file mode 100644 index 2b82a46..0000000 --- a/bitnami/thanos/templates/receive/statefulset.yaml +++ /dev/null @@ -1,189 +0,0 @@ -{{- if .Values.receive.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.names.fullname" . }}-receive - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: receive - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.receive.replicaCount }} - podManagementPolicy: {{ .Values.receive.podManagementPolicy }} - serviceName: {{ include "common.names.fullname" . }}-receive-headless - updateStrategy: - type: {{ .Values.receive.updateStrategyType }} - {{- if (eq "OnDelete" .Values.receive.updateStrategyType) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: receive - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: receive - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.receive.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.receive.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - checksum/ojbstore-configuration: {{ include (print $.Template.BasePath "/objstore-secret.yaml") . | sha256sum }} - {{- if (include "thanos.receive.createConfigmap" .) }} - checksum/receive-configuration: {{ include (print $.Template.BasePath "/receive/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.receive.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.receive.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccount: {{ include "thanos.serviceaccount.name" (dict "component" "receive" "context" $) }} - {{- if .Values.receive.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.receive.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.receive.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.receive.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.receive.podAffinityPreset "component" "receive" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.receive.podAntiAffinityPreset "component" "receive" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.receive.nodeAffinityPreset.type "key" .Values.receive.nodeAffinityPreset.key "values" .Values.receive.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.receive.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.receive.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.receive.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.receive.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.receive.priorityClassName }} - priorityClassName: {{ .Values.receive.priorityClassName | quote }} - {{- end }} - {{- if .Values.receive.podSecurityContext.enabled }} - securityContext: {{- omit .Values.receive.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - {{- if .Values.receive.extraContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.receive.extraContainers "context" $) | nindent 8 }} - {{- end }} - - name: receive - image: {{ include "thanos.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.receive.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.receive.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - - receive - - --log.level={{ .Values.receive.logLevel }} - - --log.format={{ .Values.receive.logFormat }} - - --grpc-address=0.0.0.0:10901 - - --http-address=0.0.0.0:10902 - - --remote-write.address=0.0.0.0:19291 - - --receive.replication-factor={{ .Values.receive.replicationFactor }} - - --objstore.config=$(OBJSTORE_CONFIG) - - --tsdb.path=/var/thanos/receive - - --label={{ .Values.receive.replicaLabel }}="$(NAME)" - - --label=receive="true" - - --tsdb.retention={{ .Values.receive.tsdbRetention }} - {{- if not .Values.receive.service.additionalHeadless }} - - --receive.local-endpoint=127.0.0.1:10901 - {{- else }} - - --receive.local-endpoint=$(NAME).{{ include "common.names.fullname" . }}-receive-headless.$(NAMESPACE).svc.{{ .Values.clusterDomain }}:10901 - {{- end }} - {{- if eq .Values.receive.mode "standalone" }} - - --receive.hashrings-file=/var/lib/thanos-receive/hashrings.json - {{- end }} - {{- if .Values.receive.extraFlags }} - {{- .Values.receive.extraFlags | toYaml | nindent 12 }} - {{- end }} - env: - - name: NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OBJSTORE_CONFIG - valueFrom: - secretKeyRef: - key: objstore.yml - name: {{ include "thanos.objstoreSecretName" . }} - {{- if .Values.receive.extraEnv }} - {{- toYaml .Values.receive.extraEnv | nindent 12 }} - {{- end }} - ports: - - containerPort: 10901 - name: grpc - protocol: TCP - - containerPort: 10902 - name: http - protocol: TCP - - containerPort: 19291 - name: remote-write - protocol: TCP - {{- if .Values.receive.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - initialDelaySeconds: {{ .Values.receive.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.receive.livenessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.receive.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.receive.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.receive.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.receive.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /-/ready - port: http - initialDelaySeconds: {{ .Values.receive.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.receive.readinessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.receive.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.receive.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.receive.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.receive.resources }} - resources: {{- toYaml .Values.receive.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: hashring-config - mountPath: /var/lib/thanos-receive - - name: data - mountPath: /var/thanos/receive - {{- if .Values.receive.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.receive.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - volumes: - - name: hashring-config - configMap: - name: {{ include "common.names.fullname" . }}-receive - {{- if .Values.receive.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.receive.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.receive.persistence.enabled .Values.receive.persistence.existingClaim }} - - name: data - persistentVolumeClaim: - claimName: {{ .Values.receive.persistence.existingClaim }} - {{- else if not .Values.receive.persistence.enabled }} - - name: data - emptyDir: {} - {{- else if and .Values.receive.persistence.enabled (not .Values.receive.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - {{- range .Values.receive.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.receive.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.receive.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/receive/tls-secrets.yaml b/bitnami/thanos/templates/receive/tls-secrets.yaml deleted file mode 100644 index 055c374..0000000 --- a/bitnami/thanos/templates/receive/tls-secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.receive.ingress.enabled .Values.receive.enabled}} -{{- range .Values.receive.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" $ }}-receive - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: receive - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/receive/tls-server-secret.yaml b/bitnami/thanos/templates/receive/tls-server-secret.yaml deleted file mode 100644 index 2ed816e..0000000 --- a/bitnami/thanos/templates/receive/tls-server-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.receive.enabled .Values.receive.grpc.server.secure -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-receive-tls-server - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: receive - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - cert.pem: {{ .Values.receive.grpc.server.cert | b64enc | quote }} - key.pem: {{ .Values.receive.grpc.server.key | b64enc | quote }} - ca.pem : {{ .Values.receive.grpc.server.ca | b64enc | quote }} -{{ end }} diff --git a/bitnami/thanos/templates/ruler/configmap.yaml b/bitnami/thanos/templates/ruler/configmap.yaml deleted file mode 100644 index ef571b1..0000000 --- a/bitnami/thanos/templates/ruler/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if (include "thanos.ruler.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-ruler-configmap - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: ruler - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -data: - ruler.yml: |- - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.config "context" $) | nindent 4 }} -{{ end }} diff --git a/bitnami/thanos/templates/ruler/ingress.yaml b/bitnami/thanos/templates/ruler/ingress.yaml deleted file mode 100644 index 522692d..0000000 --- a/bitnami/thanos/templates/ruler/ingress.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.ruler.ingress.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }}-ruler - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: ruler - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ruler.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := .Values.ruler.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - {{- if and .Values.ruler.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.ruler.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ruler.ingress.hostname }} - - host: {{ .Values.ruler.ingress.hostname }} - http: - paths: - - path: {{ .Values.ruler.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ruler.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" .) "ruler") "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ruler.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (printf "%s-%s" (include "common.names.fullname" $) "ruler") "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ruler.ingress.tls .Values.ruler.ingress.extraTls .Values.ruler.ingress.hosts }} - tls: - {{- if or .Values.ruler.ingress.secrets .Values.ruler.ingress.tls }} - - hosts: - - {{ .Values.ruler.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ruler.ingress.hostname }} - {{- end }} - {{- if .Values.ruler.ingress.extraTls }} - {{- toYaml .Values.ruler.ingress.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/ruler/pdb.yaml b/bitnami/thanos/templates/ruler/pdb.yaml deleted file mode 100644 index b316c36..0000000 --- a/bitnami/thanos/templates/ruler/pdb.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.ruler.enabled .Values.ruler.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }}-ruler - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: ruler - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.ruler.pdb.minAvailable }} - minAvailable: {{ .Values.ruler.pdb.minAvailable }} - {{- end }} - {{- if .Values.ruler.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.ruler.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: ruler -{{- end }} diff --git a/bitnami/thanos/templates/ruler/secret.yaml b/bitnami/thanos/templates/ruler/secret.yaml deleted file mode 100644 index 18cda36..0000000 --- a/bitnami/thanos/templates/ruler/secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.ruler.enabled .Values.ruler.alertmanagersConfig }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-ruler-alertmanagers-config - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: ruler - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -data: - alertmanagers_config.yml: |- - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.alertmanagersConfig "context" $) | b64enc | nindent 4 }} -{{- end }} diff --git a/bitnami/thanos/templates/ruler/service-headless.yaml b/bitnami/thanos/templates/ruler/service-headless.yaml deleted file mode 100644 index 01ba36f..0000000 --- a/bitnami/thanos/templates/ruler/service-headless.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (.Values.ruler.enabled) (.Values.ruler.service.additionalHeadless) -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-ruler-headless - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: ruler - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.ruler.service.http.port }} - targetPort: http - protocol: TCP - name: http - - port: {{ .Values.ruler.service.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: ruler -{{- end }} diff --git a/bitnami/thanos/templates/ruler/service.yaml b/bitnami/thanos/templates/ruler/service.yaml deleted file mode 100644 index fd8ec6c..0000000 --- a/bitnami/thanos/templates/ruler/service.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.ruler.enabled -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-ruler - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: ruler - {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} - prometheus-operator/monitor: 'true' - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.ruler.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.ruler.service.type }} - {{- if and .Values.ruler.service.clusterIP (eq .Values.ruler.service.type "ClusterIP") }} - clusterIP: {{ .Values.ruler.service.clusterIP }} - {{- end }} - {{- if ne .Values.ruler.service.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.ruler.service.externalTrafficPolicy }} - {{- end }} - {{- if and .Values.ruler.service.loadBalancerIP (eq .Values.ruler.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.ruler.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.ruler.service.type "LoadBalancer") .Values.ruler.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.ruler.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - port: {{ .Values.ruler.service.http.port }} - targetPort: {{ .Values.ruler.service.targetPort | default "http" }} - protocol: TCP - name: http - {{- if (and (or (eq .Values.ruler.service.type "NodePort") (eq .Values.ruler.service.type "LoadBalancer")) .Values.ruler.service.http.nodePort) }} - nodePort: {{ .Values.ruler.service.http.nodePort }} - {{- else if eq .Values.ruler.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - port: {{ .Values.ruler.service.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - {{- if (and (or (eq .Values.ruler.service.type "NodePort") (eq .Values.ruler.service.type "LoadBalancer")) .Values.ruler.service.grpc.nodePort) }} - nodePort: {{ .Values.ruler.service.grpc.nodePort }} - {{- else if eq .Values.ruler.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: - {{- if .Values.ruler.service.labelSelectorsOverride }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.service.labelSelectorsOverride "context" $) | nindent 4 }} - {{- else }} - {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: ruler - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/ruler/serviceaccount.yaml b/bitnami/thanos/templates/ruler/serviceaccount.yaml deleted file mode 100644 index 12d88ce..0000000 --- a/bitnami/thanos/templates/ruler/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.ruler.enabled (not (include "thanos.serviceaccount.use-existing" (dict "component" "ruler" "context" $))) -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "thanos.serviceaccount.name" (dict "component" "ruler" "context" $) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: ruler - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.ruler.serviceAccount.annotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.ruler.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/ruler/servicemonitor.yaml b/bitnami/thanos/templates/ruler/servicemonitor.yaml deleted file mode 100644 index 92daf57..0000000 --- a/bitnami/thanos/templates/ruler/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.ruler.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-ruler - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: ruler - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: ruler - prometheus-operator/monitor: 'true' - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/thanos/templates/ruler/statefulset.yaml b/bitnami/thanos/templates/ruler/statefulset.yaml deleted file mode 100644 index 522e9fe..0000000 --- a/bitnami/thanos/templates/ruler/statefulset.yaml +++ /dev/null @@ -1,214 +0,0 @@ -{{- $query := (include "thanos.query.values" . | fromYaml) -}} -{{- if .Values.ruler.enabled }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "common.names.fullname" . }}-ruler - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: ruler - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.ruler.replicaCount }} - podManagementPolicy: {{ .Values.ruler.podManagementPolicy }} - serviceName: {{ include "common.names.fullname" . }}-ruler-headless - updateStrategy: - type: {{ .Values.ruler.updateStrategyType }} - {{- if (eq "OnDelete" .Values.ruler.updateStrategyType) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: ruler - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: ruler - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.ruler.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - checksum/ojbstore-configuration: {{ include (print $.Template.BasePath "/objstore-secret.yaml") . | sha256sum }} - checksum/ruler-configuration: {{ include (print $.Template.BasePath "/ruler/configmap.yaml") . | sha256sum }} - {{- if .Values.ruler.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccount: {{ include "thanos.serviceaccount.name" (dict "component" "ruler" "context" $) }} - {{- if .Values.ruler.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.ruler.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ruler.podAffinityPreset "component" "ruler" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.ruler.podAntiAffinityPreset "component" "ruler" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.ruler.nodeAffinityPreset.type "key" .Values.ruler.nodeAffinityPreset.key "values" .Values.ruler.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.ruler.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.ruler.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.ruler.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.ruler.priorityClassName }} - priorityClassName: {{ .Values.ruler.priorityClassName | quote }} - {{- end }} - {{- if .Values.ruler.podSecurityContext.enabled }} - securityContext: {{- omit .Values.ruler.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.ruler.persistence.enabled }} - initContainers: - - name: init-chmod-data - image: {{ include "thanos.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p /data - chown -R "{{ .Values.ruler.podSecurityContext.runAsUser }}:{{ .Values.ruler.podSecurityContext.fsGroup }}" /data - securityContext: - runAsUser: 0 - volumeMounts: - - name: data - mountPath: /data - {{- end }} - containers: - {{- if .Values.ruler.extraContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraContainers "context" $) | nindent 8 }} - {{- end }} - - name: ruler - image: {{ include "thanos.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.ruler.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.ruler.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - - rule - - --log.level={{ .Values.ruler.logLevel }} - - --log.format={{ .Values.ruler.logFormat }} - - --grpc-address=0.0.0.0:10901 - - --http-address=0.0.0.0:10902 - - --data-dir=/data - - --eval-interval={{ .Values.ruler.evalInterval }} - {{- range .Values.ruler.alertmanagers }} - - --alertmanagers.url={{ . }} - {{- end }} - {{- if .Values.ruler.alertmanagersConfig }} - - --alertmanagers.config-file=/conf/alertmanagers/alertmanagers_config.yml - {{- end }} - {{- if and $query.enabled .Values.ruler.dnsDiscovery.enabled }} - - --query=dnssrv+_http._tcp.{{ include "common.names.fullname" . }}-query.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - {{- end }} - - --label={{ .Values.ruler.replicaLabel }}="$(POD_NAME)" - - --label=ruler_cluster="{{ .Values.ruler.clusterName }}" - - --alert.label-drop={{ .Values.ruler.replicaLabel }} - - --objstore.config-file=/conf/objstore/objstore.yml - - --rule-file=/conf/rules/*.yml - {{- range .Values.ruler.queries }} - - --query={{ . }} - {{- end }} - {{- if .Values.ruler.extraFlags }} - {{- .Values.ruler.extraFlags | toYaml | nindent 12 }} - {{- end }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - {{- if .Values.ruler.extraEnv }} - {{- toYaml .Values.ruler.extraEnv | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: 10902 - protocol: TCP - - name: grpc - containerPort: 10901 - protocol: TCP - {{- if .Values.ruler.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - initialDelaySeconds: {{ .Values.ruler.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.ruler.livenessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.ruler.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.ruler.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.ruler.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.ruler.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /-/ready - port: http - initialDelaySeconds: {{ .Values.ruler.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.ruler.readinessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.ruler.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.ruler.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.ruler.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.ruler.resources }} - resources: {{- toYaml .Values.ruler.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: ruler-config - mountPath: /conf/rules - - name: objstore-config - mountPath: /conf/objstore - - name: data - mountPath: /data - {{- if .Values.ruler.alertmanagersConfig }} - - name: alertmanagers-config - mountPath: /conf/alertmanagers - {{- end }} - {{- if .Values.ruler.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - volumes: - - name: ruler-config - configMap: - name: {{ include "thanos.ruler.configmapName" . }} - - name: objstore-config - secret: - secretName: {{ include "thanos.objstoreSecretName" . }} - {{- if .Values.existingObjstoreSecretItems }} - items: {{- toYaml .Values.existingObjstoreSecretItems | nindent 14 }} - {{- end }} - {{- if .Values.ruler.alertmanagersConfig }} - - name: alertmanagers-config - secret: - secretName: {{ include "common.names.fullname" . }}-ruler-alertmanagers-config - {{- end }} - {{- if .Values.ruler.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.ruler.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.ruler.persistence.enabled .Values.ruler.persistence.existingClaim }} - - name: data - persistentVolumeClaim: - claimName: {{ .Values.ruler.persistence.existingClaim }} - {{- else if not .Values.ruler.persistence.enabled }} - - name: data - emptyDir: {} - {{- else if and .Values.ruler.persistence.enabled (not .Values.ruler.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - {{- range .Values.ruler.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.ruler.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.ruler.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/storegateway/configmap.yaml b/bitnami/thanos/templates/storegateway/configmap.yaml deleted file mode 100644 index e5b0a75..0000000 --- a/bitnami/thanos/templates/storegateway/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if (include "thanos.storegateway.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-storegateway-configmap - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -data: - config.yml: |- - {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.config "context" $) | nindent 4 }} -{{ end }} diff --git a/bitnami/thanos/templates/storegateway/hpa.yaml b/bitnami/thanos/templates/storegateway/hpa.yaml deleted file mode 100644 index 011a02b..0000000 --- a/bitnami/thanos/templates/storegateway/hpa.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if and .Values.storegateway.enabled .Values.storegateway.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "common.names.fullname" . }}-storegateway - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: StatefulSet - name: {{ include "common.names.fullname" . }}-storegateway - minReplicas: {{ .Values.storegateway.autoscaling.minReplicas }} - maxReplicas: {{ .Values.storegateway.autoscaling.maxReplicas }} - metrics: - {{- if .Values.storegateway.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.storegateway.autoscaling.targetMemory }} - {{- end }} - {{- if .Values.storegateway.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.storegateway.autoscaling.targetCPU }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/storegateway/ingress.yaml b/bitnami/thanos/templates/storegateway/ingress.yaml deleted file mode 100644 index e2f7a61..0000000 --- a/bitnami/thanos/templates/storegateway/ingress.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.storegateway.ingress.enabled -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: thanos-storegateway - labels: {{- include "common.labels.standard" . | nindent 4 }} - annotations: - {{- if .Values.storegateway.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := .Values.storegateway.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - {{- if and .Values.storegateway.ingress.ingressClassName }} - ingressClassName: {{ .Values.storegateway.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.storegateway.ingress.hostname }} - - host: {{ .Values.storegateway.ingress.hostname }} - http: - paths: - - path: {{ .Values.storegateway.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.storegateway.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" "thanos-storegateway" "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.storegateway.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" "thanos-storegateway" "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.storegateway.ingress.tls .Values.storegateway.ingress.extraTls .Values.storegateway.ingress.hosts }} - tls: - {{- if or .Values.storegateway.ingress.secrets .Values.storegateway.ingress.tls }} - - hosts: - - {{ .Values.storegateway.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.storegateway.ingress.hostname }} - {{- end }} - {{- if .Values.storegateway.ingress.extraTls }} - {{- toYaml .Values.storegateway.ingress.extraTls | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/bitnami/thanos/templates/storegateway/pdb.yaml b/bitnami/thanos/templates/storegateway/pdb.yaml deleted file mode 100644 index 59dcd7f..0000000 --- a/bitnami/thanos/templates/storegateway/pdb.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.storegateway.enabled .Values.storegateway.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }}-storegateway - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.storegateway.pdb.minAvailable }} - minAvailable: {{ .Values.storegateway.pdb.minAvailable }} - {{- end }} - {{- if .Values.storegateway.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.storegateway.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: storegateway -{{- end }} diff --git a/bitnami/thanos/templates/storegateway/service-headless.yaml b/bitnami/thanos/templates/storegateway/service-headless.yaml deleted file mode 100644 index db4fb72..0000000 --- a/bitnami/thanos/templates/storegateway/service-headless.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (.Values.storegateway.enabled) (.Values.storegateway.service.additionalHeadless) -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-storegateway-headless - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - port: {{ .Values.storegateway.service.http.port }} - targetPort: http - protocol: TCP - name: http - - port: {{ .Values.storegateway.service.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: storegateway -{{- end }} diff --git a/bitnami/thanos/templates/storegateway/service-sharded.yaml b/bitnami/thanos/templates/storegateway/service-sharded.yaml deleted file mode 100644 index 22c80f1..0000000 --- a/bitnami/thanos/templates/storegateway/service-sharded.yaml +++ /dev/null @@ -1,71 +0,0 @@ -{{- if and .Values.storegateway.enabled .Values.storegateway.sharded.enabled }} - -{{- $shards := int 0 }} - -{{- if .Values.storegateway.sharded.hashPartitioning.shards }} - {{- $shards = int .Values.storegateway.sharded.hashPartitioning.shards }} -{{- else }} - {{- $shards = len .Values.storegateway.sharded.timePartitioning }} -{{- end }} - -{{- range $index, $_ := until $shards }} -apiVersion: v1 -kind: Service -metadata: - {{- $svcNamePrefix := printf "%s-storegateway" (include "common.names.fullname" $) | trunc 61 | trimSuffix "-" }} - name: {{ printf "%s-%s" $svcNamePrefix (toString $index) }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if and $.Values.metrics.enabled $.Values.metrics.serviceMonitor.enabled }} - prometheus-operator/monitor: 'true' - {{- end }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.storegateway.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ $.Values.storegateway.service.type }} - {{- if ne "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.clusterIPs "context" $) ) }} - clusterIP: {{ index $.Values.storegateway.sharded.service.clusterIPs $index }} - {{- end }} - {{- if ne $.Values.storegateway.service.type "ClusterIP" }} - externalTrafficPolicy: {{ $.Values.storegateway.service.externalTrafficPolicy }} - {{- end }} - {{- if ne "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.loadBalancerIPs "context" $) ) }} - loadBalancerIP: {{ $.Values.storegateway.sharded.service.loadBalancerIPs }} - {{- end }} - {{- if and (eq $.Values.storegateway.service.type "LoadBalancer") $.Values.storegateway.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml $.Values.storegateway.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - port: {{ $.Values.storegateway.service.http.port }} - targetPort: http - protocol: TCP - name: http - {{- if ne "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.http.nodePorts "context" $) ) }} - nodePort: {{ index $.Values.storegateway.sharded.service.http.nodePorts $index }} - {{- else if eq $.Values.storegateway.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - port: {{ $.Values.storegateway.service.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - {{- if ne "false" (include "thanos.validateValues.storegateway.sharded.length" (dict "property" $.Values.storegateway.sharded.service.grpc.nodePorts "context" $) ) }} - nodePort: {{ index $.Values.storegateway.sharded.service.grpc.nodePorts $index }} - {{- else if eq $.Values.storegateway.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: - {{- if $.Values.storegateway.service.labelSelectorsOverride }} - {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.service.labelSelectorsOverride "context" $) | nindent 4 }} - {{- else }} - {{- include "common.labels.matchLabels" $ | nindent 4 }} - app.kubernetes.io/component: storegateway - shard: {{ $index | quote }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/storegateway/service.yaml b/bitnami/thanos/templates/storegateway/service.yaml deleted file mode 100644 index 1f8fd0c..0000000 --- a/bitnami/thanos/templates/storegateway/service.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if and .Values.storegateway.enabled (not .Values.storegateway.sharded.enabled) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-storegateway - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} - prometheus-operator/monitor: 'true' - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.storegateway.service.annotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.service.annotations "context" $) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.storegateway.service.type }} - {{- if and .Values.storegateway.service.clusterIP (eq .Values.storegateway.service.type "ClusterIP") }} - clusterIP: {{ .Values.storegateway.service.clusterIP }} - {{- end }} - {{- if ne .Values.storegateway.service.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.storegateway.service.externalTrafficPolicy }} - {{- end }} - {{- if and .Values.storegateway.service.loadBalancerIP (eq .Values.storegateway.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.storegateway.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.storegateway.service.type "LoadBalancer") .Values.storegateway.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.storegateway.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - port: {{ .Values.storegateway.service.http.port }} - targetPort: http - protocol: TCP - name: http - {{- if (and (or (eq .Values.storegateway.service.type "NodePort") (eq .Values.storegateway.service.type "LoadBalancer")) .Values.storegateway.service.http.nodePort) }} - nodePort: {{ .Values.storegateway.service.http.nodePort }} - {{- else if eq .Values.storegateway.service.type "ClusterIP" }} - nodePort: null - {{- end }} - - port: {{ .Values.storegateway.service.grpc.port }} - targetPort: grpc - protocol: TCP - name: grpc - {{- if (and (or (eq .Values.storegateway.service.type "NodePort") (eq .Values.storegateway.service.type "LoadBalancer")) .Values.storegateway.service.grpc.nodePort) }} - nodePort: {{ .Values.storegateway.service.grpc.nodePort }} - {{- else if eq .Values.storegateway.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: - {{- if .Values.storegateway.service.labelSelectorsOverride }} - {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.service.labelSelectorsOverride "context" $) | nindent 4 }} - {{- else }} - {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/storegateway/serviceaccount.yaml b/bitnami/thanos/templates/storegateway/serviceaccount.yaml deleted file mode 100644 index b7da495..0000000 --- a/bitnami/thanos/templates/storegateway/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.storegateway.enabled (not (include "thanos.serviceaccount.use-existing" (dict "component" "storegateway" "context" $))) -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "thanos.serviceaccount.name" (dict "component" "storegateway" "context" $) }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.storegateway.serviceAccount.annotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.storegateway.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/storegateway/servicemonitor.yaml b/bitnami/thanos/templates/storegateway/servicemonitor.yaml deleted file mode 100644 index 63c0990..0000000 --- a/bitnami/thanos/templates/storegateway/servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.storegateway.enabled .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }}-storegateway - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: storegateway - prometheus-operator/monitor: 'true' - endpoints: - - port: http - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/thanos/templates/storegateway/statefulset-sharded.yaml b/bitnami/thanos/templates/storegateway/statefulset-sharded.yaml deleted file mode 100644 index 7763269..0000000 --- a/bitnami/thanos/templates/storegateway/statefulset-sharded.yaml +++ /dev/null @@ -1,258 +0,0 @@ -{{- if and .Values.storegateway.enabled .Values.storegateway.sharded.enabled }} - -{{- $shards := int 0 }} -{{- $hashPartitioning := false }} -{{- $timePartitioning := false }} - -{{- if .Values.storegateway.sharded.hashPartitioning.shards }} - {{- $shards = int .Values.storegateway.sharded.hashPartitioning.shards }} - {{- $hashPartitioning = true }} -{{- else }} - {{- $shards = len .Values.storegateway.sharded.timePartitioning }} - {{- $timePartitioning = true }} -{{- end }} - -{{- range $index, $_ := until $shards }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" $ }} -kind: StatefulSet -metadata: - name: {{ printf "%s-storegateway-%s" (include "common.names.fullname" $) (toString $index) | trunc 63 | trimSuffix "-" }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ $.Values.storegateway.replicaCount }} - podManagementPolicy: {{ $.Values.storegateway.podManagementPolicy }} - {{- $svcNamePrefix := printf "%s-storegateway" (include "common.names.fullname" $) | trunc 61 | trimSuffix "-" }} - serviceName: {{ printf "%s-%s" $svcNamePrefix (toString $index)}} - updateStrategy: - type: {{ $.Values.storegateway.updateStrategyType }} - {{- if (eq "OnDelete" $.Values.storegateway.updateStrategyType) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" $ | nindent 6 }} - app.kubernetes.io/component: storegateway - shard: {{ $index | quote }} - template: - metadata: - labels: {{- include "common.labels.standard" $ | nindent 8 }} - app.kubernetes.io/component: storegateway - shard: {{ $index | quote }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.storegateway.podLabels }} - {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - checksum/ojbstore-configuration: {{ include (print $.Template.BasePath "/objstore-secret.yaml") $ | sha256sum }} - {{- if (include "thanos.storegateway.createConfigmap" $) }} - checksum/storegateway-configuration: {{ include (print $.Template.BasePath "/storegateway/configmap.yaml") $ | sha256sum }} - {{- end }} - {{- if $.Values.storegateway.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "thanos.imagePullSecrets" $ | nindent 6 }} - serviceAccount: {{ include "thanos.serviceaccount.name" (dict "component" "storegateway" "context" $) }} - {{- if $.Values.storegateway.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if $.Values.storegateway.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.affinity "context" (set $ "shardLoopId" $index)) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.storegateway.podAffinityPreset "component" "storegateway" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" $.Values.storegateway.podAntiAffinityPreset "component" "storegateway" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" $.Values.storegateway.nodeAffinityPreset.type "key" $.Values.storegateway.nodeAffinityPreset.key "values" $.Values.storegateway.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if $.Values.storegateway.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.nodeSelector "context" (set $ "shardLoopId" $index)) | nindent 8 }} - {{- end }} - {{- if $.Values.storegateway.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.tolerations "context" (set $ "shardLoopId" $index)) | nindent 8 }} - {{- end }} - {{- if $.Values.storegateway.priorityClassName }} - priorityClassName: {{ $.Values.storegateway.priorityClassName | quote }} - {{- end }} - {{- if $.Values.storegateway.podSecurityContext.enabled }} - securityContext: {{- omit $.Values.storegateway.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if and $.Values.volumePermissions.enabled $.Values.storegateway.persistence.enabled }} - initContainers: - - name: init-chmod-data - image: {{ include "thanos.volumePermissions.image" $ }} - imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p /data - chown -R "{{ $.Values.storegateway.podSecurityContext.runAsUser }}:{{ $.Values.storegateway.podSecurityContext.fsGroup }}" /data - securityContext: - runAsUser: 0 - volumeMounts: - - name: data - mountPath: /data - {{- end }} - containers: - - name: storegateway - image: {{ include "thanos.image" $ }} - imagePullPolicy: {{ $.Values.image.pullPolicy | quote }} - {{- if $.Values.storegateway.containerSecurityContext.enabled }} - securityContext: {{- omit $.Values.storegateway.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - - store - - --log.level={{ $.Values.storegateway.logLevel }} - - --log.format={{ $.Values.storegateway.logFormat }} - - --grpc-address=0.0.0.0:10901 - - --http-address=0.0.0.0:10902 - - --data-dir=/data - - --objstore.config-file=/conf/objstore.yml - {{- if $.Values.indexCacheConfig }} - - --index-cache.config-file=/conf/index-cache.yml - {{- end }} - {{- if $.Values.bucketCacheConfig }} - - --store.caching-bucket.config-file=/conf/bucket-cache.yml - {{- end }} - {{- if or $.Values.storegateway.config $.Values.storegateway.existingConfigmap }} - - --index-cache.config-file=/conf/cache/config.yml - {{- end }} - {{- if $.Values.storegateway.grpc.tls.autoGenerated }} - - --grpc-server-tls-cert=/certs/tls.crt - - --grpc-server-tls-key=/certs/tls.key - - --grpc-server-tls-client-ca=/certs/ca.crt - {{- else }} - {{- if or $.Values.storegateway.grpc.tls.enabled $.Values.storegateway.grpc.tls.existingSecret }} - - --grpc-server-tls-cert=/certs/{{ include "common.secrets.key" (dict "existingSecret" $.Values.storegateway.grpc.tls.existingSecret "key" "tls-cert") }} - - --grpc-server-tls-key=/certs/{{ include "common.secrets.key" (dict "existingSecret" $.Values.storegateway.grpc.tls.existingSecret "key" "tls-key") }} - - --grpc-server-tls-client-ca=/certs/{{ include "common.secrets.key" (dict "existingSecret" $.Values.storegateway.grpc.tls.existingSecret "key" "ca-cert") }} - {{- end }} - {{- end }} - {{- if $.Values.storegateway.extraFlags }} - {{- $.Values.storegateway.extraFlags | toYaml | nindent 12 }} - {{- end }} - {{- if $hashPartitioning }} - - | - --selector.relabel-config= - - action: hashmod - source_labels: ["__block_id"] - target_label: shard - modulus: {{ $shards }} - - action: keep - source_labels: ["shard"] - regex: {{ $index }} - {{- end }} - {{- if $timePartitioning }} - {{- $partion := (slice $.Values.storegateway.sharded.timePartitioning $index) | first }} - {{- if $partion.max }} - - --max-time={{ $partion.max }} - {{- end}} - {{- if $partion.min }} - - --min-time={{ $partion.min }} - {{- end}} - {{- end }} - {{- if $.Values.storegateway.extraEnv }} - env: - {{- toYaml $.Values.storegateway.extraEnv | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: 10902 - protocol: TCP - - name: grpc - containerPort: 10901 - protocol: TCP - {{- if $.Values.storegateway.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - initialDelaySeconds: {{ $.Values.storegateway.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ $.Values.storegateway.livenessProbe.timeoutSeconds }} - periodSeconds: {{ $.Values.storegateway.livenessProbe.periodSeconds }} - successThreshold: {{ $.Values.storegateway.livenessProbe.successThreshold }} - failureThreshold: {{ $.Values.storegateway.livenessProbe.failureThreshold }} - {{- end }} - {{- if $.Values.storegateway.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /-/ready - port: http - initialDelaySeconds: {{ $.Values.storegateway.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ $.Values.storegateway.readinessProbe.timeoutSeconds }} - periodSeconds: {{ $.Values.storegateway.readinessProbe.periodSeconds }} - successThreshold: {{ $.Values.storegateway.readinessProbe.successThreshold }} - failureThreshold: {{ $.Values.storegateway.readinessProbe.failureThreshold }} - {{- end }} - {{- if $.Values.storegateway.resources }} - resources: {{- toYaml $.Values.storegateway.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: objstore-config - mountPath: /conf - - name: data - mountPath: /data - {{- if or $.Values.storegateway.config $.Values.storegateway.existingConfigmap }} - - name: cache-config - mountPath: /conf/cache - {{- end }} - {{- if $.Values.storegateway.grpc.tls.enabled }} - - name: tls-server - mountPath: /certs - {{- end }} - {{- if $.Values.storegateway.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - volumes: - - name: objstore-config - secret: - secretName: {{ include "thanos.objstoreSecretName" $ }} - {{- if $.Values.existingObjstoreSecretItems }} - items: {{- toYaml $.Values.existingObjstoreSecretItems | nindent 14 }} - {{- end }} - {{- if $.Values.storegateway.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" $.Values.storegateway.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if or $.Values.storegateway.config $.Values.storegateway.existingConfigmap }} - - name: cache-config - configMap: - name: {{ include "thanos.storegateway.configmapName" $ }} - {{- end }} - {{- if $.Values.storegateway.grpc.tls.enabled }} - - name: tls-server - secret: - {{- if $.Values.storegateway.grpc.tls.autoGenerated }} - secretName: {{ printf "%s-crt" (include "common.names.fullname" .) }} - {{- else }} - secretName: {{ include "common.secrets.name" (dict "existingSecret" $.Values.storegateway.grpc.tls.existingSecret "defaultNameSuffix" "store-tls-server" "context" $) }} - {{- end }} - {{- end }} - {{- if and $.Values.storegateway.persistence.enabled $.Values.storegateway.persistence.existingClaim }} - - name: data - persistentVolumeClaim: - claimName: {{ $.Values.storegateway.persistence.existingClaim }} - {{- else if not $.Values.storegateway.persistence.enabled }} - - name: data - emptyDir: {} - {{- else if and $.Values.storegateway.persistence.enabled (not $.Values.storegateway.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - {{- range $.Values.storegateway.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ $.Values.storegateway.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" $.Values.storegateway.persistence "global" $.Values.global) | nindent 8 }} - {{- end }} ---- -{{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/storegateway/statefulset.yaml b/bitnami/thanos/templates/storegateway/statefulset.yaml deleted file mode 100644 index 362729d..0000000 --- a/bitnami/thanos/templates/storegateway/statefulset.yaml +++ /dev/null @@ -1,219 +0,0 @@ -{{- if and .Values.storegateway.enabled (not .Values.storegateway.sharded.enabled) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "common.names.fullname" . }}-storegateway - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.storegateway.replicaCount }} - podManagementPolicy: {{ .Values.storegateway.podManagementPolicy }} - serviceName: {{ include "common.names.fullname" . }}-storegateway-headless - updateStrategy: - type: {{ .Values.storegateway.updateStrategyType }} - {{- if (eq "OnDelete" .Values.storegateway.updateStrategyType) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: storegateway - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: storegateway - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.storegateway.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - checksum/ojbstore-configuration: {{ include (print $.Template.BasePath "/objstore-secret.yaml") . | sha256sum }} - {{- if (include "thanos.storegateway.createConfigmap" .) }} - checksum/storegateway-configuration: {{ include (print $.Template.BasePath "/storegateway/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.storegateway.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "thanos.imagePullSecrets" . | nindent 6 }} - serviceAccount: {{ include "thanos.serviceaccount.name" (dict "component" "storegateway" "context" $) }} - {{- if .Values.storegateway.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.storegateway.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.storegateway.podAffinityPreset "component" "storegateway" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.storegateway.podAntiAffinityPreset "component" "storegateway" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.storegateway.nodeAffinityPreset.type "key" .Values.storegateway.nodeAffinityPreset.key "values" .Values.storegateway.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.storegateway.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.storegateway.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.storegateway.priorityClassName }} - priorityClassName: {{ .Values.storegateway.priorityClassName | quote }} - {{- end }} - {{- if .Values.storegateway.podSecurityContext.enabled }} - securityContext: {{- omit .Values.storegateway.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.storegateway.persistence.enabled }} - initContainers: - - name: init-chmod-data - image: {{ include "thanos.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - sh - - -c - - | - mkdir -p /data - chown -R "{{ .Values.storegateway.podSecurityContext.runAsUser }}:{{ .Values.storegateway.podSecurityContext.fsGroup }}" /data - securityContext: - runAsUser: 0 - volumeMounts: - - name: data - mountPath: /data - {{- end }} - containers: - - name: storegateway - image: {{ include "thanos.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.storegateway.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.storegateway.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - args: - - store - - --log.level={{ .Values.storegateway.logLevel }} - - --log.format={{ .Values.storegateway.logFormat }} - - --grpc-address=0.0.0.0:10901 - - --http-address=0.0.0.0:10902 - - --data-dir=/data - - --objstore.config-file=/conf/objstore.yml - {{- if .Values.indexCacheConfig }} - - --index-cache.config-file=/conf/index-cache.yml - {{- end }} - {{- if .Values.bucketCacheConfig }} - - --store.caching-bucket.config-file=/conf/bucket-cache.yml - {{- end }} - {{- if or .Values.storegateway.config .Values.storegateway.existingConfigmap }} - - --index-cache.config-file=/conf/cache/config.yml - {{- end }} - {{- if .Values.storegateway.grpc.tls.autoGenerated }} - - --grpc-server-tls-cert=/certs/tls.crt - - --grpc-server-tls-key=/certs/tls.key - - --grpc-server-tls-client-ca=/certs/ca.crt - {{- else }} - {{- if or .Values.storegateway.grpc.tls.enabled .Values.storegateway.grpc.tls.existingSecret }} - - --grpc-server-tls-cert=/certs/{{ include "common.secrets.key" (dict "existingSecret" .Values.storegateway.grpc.tls.existingSecret "key" "tls-cert") }} - - --grpc-server-tls-key=/certs/{{ include "common.secrets.key" (dict "existingSecret" .Values.storegateway.grpc.tls.existingSecret "key" "tls-key") }} - - --grpc-server-tls-client-ca=/certs/{{ include "common.secrets.key" (dict "existingSecret" .Values.storegateway.grpc.tls.existingSecret "key" "ca-cert") }} - {{- end }} - {{- end }} - {{- if .Values.storegateway.extraFlags }} - {{- .Values.storegateway.extraFlags | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.storegateway.extraEnv }} - env: - {{- toYaml .Values.storegateway.extraEnv | nindent 12 }} - {{- end }} - ports: - - name: http - containerPort: 10902 - protocol: TCP - - name: grpc - containerPort: 10901 - protocol: TCP - {{- if .Values.storegateway.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /-/healthy - port: http - initialDelaySeconds: {{ .Values.storegateway.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.storegateway.livenessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.storegateway.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.storegateway.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.storegateway.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.storegateway.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /-/ready - port: http - initialDelaySeconds: {{ .Values.storegateway.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.storegateway.readinessProbe.timeoutSeconds }} - periodSeconds: {{ .Values.storegateway.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.storegateway.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.storegateway.readinessProbe.failureThreshold }} - {{- end }} - {{- if .Values.storegateway.resources }} - resources: {{- toYaml .Values.storegateway.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: objstore-config - mountPath: /conf - - name: data - mountPath: /data - {{- if or .Values.storegateway.config .Values.storegateway.existingConfigmap }} - - name: cache-config - mountPath: /conf/cache - {{- end }} - {{- if .Values.storegateway.grpc.tls.enabled }} - - name: tls-server - mountPath: /certs - {{- end }} - {{- if .Values.storegateway.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - volumes: - - name: objstore-config - secret: - secretName: {{ include "thanos.objstoreSecretName" . }} - {{- if .Values.existingObjstoreSecretItems }} - items: {{- toYaml .Values.existingObjstoreSecretItems | nindent 14 }} - {{- end }} - {{- if .Values.storegateway.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.storegateway.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if or .Values.storegateway.config .Values.storegateway.existingConfigmap }} - - name: cache-config - configMap: - name: {{ include "thanos.storegateway.configmapName" . }} - {{- end }} - {{- if .Values.storegateway.grpc.tls.enabled }} - - name: tls-server - secret: - {{- if .Values.storegateway.grpc.tls.autoGenerated }} - secretName: {{ printf "%s-crt" (include "common.names.fullname" .) }} - {{- else }} - secretName: {{ include "common.secrets.name" (dict "existingSecret" .Values.storegateway.grpc.tls.existingSecret "defaultNameSuffix" "store-tls-server" "context" $) }} - {{- end }} - {{- end }} - {{- if and .Values.storegateway.persistence.enabled .Values.storegateway.persistence.existingClaim }} - - name: data - persistentVolumeClaim: - claimName: {{ .Values.storegateway.persistence.existingClaim }} - {{- else if not .Values.storegateway.persistence.enabled }} - - name: data - emptyDir: {} - {{- else if and .Values.storegateway.persistence.enabled (not .Values.storegateway.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - {{- range .Values.storegateway.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.storegateway.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.storegateway.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/thanos/templates/storegateway/tls-server-secret.yaml b/bitnami/thanos/templates/storegateway/tls-server-secret.yaml deleted file mode 100644 index c60ed8e..0000000 --- a/bitnami/thanos/templates/storegateway/tls-server-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.storegateway.enabled .Values.storegateway.grpc.tls.enabled (not .Values.storegateway.grpc.tls.existingSecret) (not .Values.storegateway.grpc.tls.autoGenerated) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-store-tls-server" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: storegateway - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - tls-cert: {{ .Values.storegateway.grpc.tls.cert | b64enc | quote }} - tls-key: {{ .Values.storegateway.grpc.tls.key | b64enc | quote }} - ca-cert : {{ .Values.storegateway.grpc.tls.ca | b64enc | quote }} -{{ end }} diff --git a/bitnami/thanos/templates/tls-auto-secret.yaml b/bitnami/thanos/templates/tls-auto-secret.yaml deleted file mode 100644 index afa9f8d..0000000 --- a/bitnami/thanos/templates/tls-auto-secret.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if (include "thanos.createTlsSecret" .) }} -{{- $ca := genCA "thanos-ca" 365 }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $fullname := printf "%s-query" (include "common.names.fullname" .) }} -{{- $serviceName := printf "%s-query" (include "common.names.fullname" .) }} -{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-crt - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} -{{- end }} diff --git a/bitnami/thanos/values.yaml b/bitnami/thanos/values.yaml deleted file mode 100644 index cbe2f01..0000000 --- a/bitnami/thanos/values.yaml +++ /dev/null @@ -1,3083 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param clusterDomain Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## @section Thanos common parameters - -## Bitnami Thanos image -## ref: https://hub.docker.com/r/bitnami/thanos/tags/ -## @param image.registry Thanos image registry -## @param image.repository Thanos image repository -## @param image.tag Thanos image tag (immutable tags are recommended) -## @param image.pullPolicy Thanos image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## -image: - registry: docker.io - repository: bitnami/thanos - tag: 0.23.0-scratch-r0 - ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] -## @param objstoreConfig The [objstore configuration](https://thanos.io/storage.md/) -## Specify content for objstore.yml -## -objstoreConfig: "" -## @param indexCacheConfig The [index cache configuration](https://thanos.io/components/store.md/) -## Specify content for index-cache.yml -## -indexCacheConfig: "" -## @param bucketCacheConfig The [bucket cache configuration](https://thanos.io/components/store.md/) -## Specify content for bucket-cache.yml -## -bucketCacheConfig: "" -## @param existingObjstoreSecret Secret with Objstore Configuration -## Note: This will override objstoreConfig -## -existingObjstoreSecret: "" -## @param existingObjstoreSecretItems Optional item list for specifying a custom Secret key. If so, path should be objstore.yml -## -existingObjstoreSecretItems: [] -## @param existingServiceAccount Provide a common service account to be shared with all components -## -existingServiceAccount: "" - -## @section Thanos Query parameters - -query: - ## @param query.enabled Set to true to enable Thanos Query component - ## - enabled: true - ## @param query.logLevel Thanos Query log level - ## - logLevel: info - ## @param query.logFormat Thanos Query log format - ## - logFormat: logfmt - serviceAccount: - ## @param query.serviceAccount.annotations Annotations for Thanos Query Service Account - ## - annotations: {} - ## @param query.serviceAccount.existingServiceAccount Provide an existing service account for query - ## - existingServiceAccount: "" - ## @param query.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param query.replicaLabel Replica indicator(s) along which data is deduplicated - ## - replicaLabel: [replica] - ## Dynamically configure store APIs using DNS discovery - ## - dnsDiscovery: - ## @param query.dnsDiscovery.enabled Enable store APIs discovery via DNS - ## - enabled: true - ## @param query.dnsDiscovery.sidecarsService Sidecars service name to discover them using DNS discovery - ## Evaluated as a template. - ## e.g: - ## sidecarsService: "{{ .Release.Name }}-prometheus-thanos" - ## - sidecarsService: "" - ## @param query.dnsDiscovery.sidecarsNamespace Sidecars namespace to discover them using DNS discovery - ## Evaluated as a template. - ## e.g: - ## sidecarsNamespace: "{{ .Release.Namespace }}" - ## - sidecarsNamespace: "" - ## @param query.stores Statically configure store APIs to connect with Thanos Query - ## - stores: [] - ## @param query.sdConfig Query Service Discovery Configuration - ## Specify content for servicediscovery.yml - ## - sdConfig: "" - ## @param query.existingSDConfigmap Name of existing ConfigMap with Ruler configuration - ## NOTE: This will override query.sdConfig - ## - existingSDConfigmap: "" - ## @param query.extraContainers Extra containers running as sidecars to Thanos query - ## Example: - ## - name: oAuth2-proxy - ## args: - ## - -https-address=:9092 - ## - -upstream=http://localhost:9091 - ## - -skip-auth-regex=^/metrics - ## image: openshift/oauth-proxy:v1.1.0 - ## ports: - ## - containerPort: 9092 - ## name: proxy - ## resources: - ## limits: - ## memory: 16Mi - ## requests: - ## memory: 4Mi - ## cpu: 20m - ## volumeMounts: - ## - mountPath: /secrets/proxy-tls - ## name: secret-proxy-tls - ## - extraContainers: [] - ## @param query.extraEnv Extra environment variables for Thanos query container - ## - ## extraEnv: - ## - name: VARNAME1 - ## value: value1 - ## - name: VARNAME2 - ## valueFrom: - ## secretKeyRef: - ## name: existing-secret - ## key: varname2-key - ## - extraEnv: [] - ## @param query.extraVolumes Extra volumes to add to Thanos Query - ## - extraVolumes: [] - ## @param query.extraVolumeMounts Extra volume mounts to add to the query container - ## - extraVolumeMounts: [] - ## @param query.extraFlags Extra Flags to passed to Thanos Query - ## - extraFlags: [] - ## @param query.replicaCount Number of Thanos Query replicas to deploy - ## - replicaCount: 1 - ## @param query.strategyType Deployment Strategy Type, can be set to RollingUpdate or Recreate by default - ## - strategyType: RollingUpdate - ## @param query.podAffinityPreset Thanos Query pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param query.podAntiAffinityPreset Thanos Query pod anti-affinity preset. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Thanos Query node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param query.nodeAffinityPreset.type Thanos Query node affinity preset type. Ignored if `query.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param query.nodeAffinityPreset.key Thanos Query node label key to match Ignored if `query.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param query.nodeAffinityPreset.values Thanos Query node label values to match. Ignored if `query.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param query.affinity Thanos Query affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: query.podAffinityPreset, query.podAntiAffinityPreset, and query.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param query.nodeSelector Thanos Query node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param query.tolerations Thanos Query tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param query.podLabels Thanos Query pod labels - ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param query.podAnnotations Annotations for Thanos Query pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param query.priorityClassName Controller priorityClassName - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## K8s Pod Security Context for Thanos Query pods - ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param query.podSecurityContext.enabled Enable security context for the Thanos Query pod - ## @param query.podSecurityContext.fsGroup Group ID for the filesystem used by Query container - ## @param query.podSecurityContext.runAsUser User ID for the service user running the Query pod - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - ## K8s containers' Security Context for Thanos Query container - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param query.containerSecurityContext.enabled Enable container security context for Query container - ## @param query.containerSecurityContext.runAsNonRoot Force the container Query to run as a non root user - ## @param query.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possiblity on or off for Query - ## @param query.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem of Query container - ## - containerSecurityContext: - enabled: true - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - ## @param query.rbac.create Create ClusterRole and ClusterRolebing for the Service account - ## - rbac: - create: false - ## @param query.pspEnabled Create PodSecurity Policy - ## - pspEnabled: false - ## Thanos Query containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param query.resources.limits The resources limits for the Thanos Query container - ## @param query.resources.requests The requested resources for the Thanos Query container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Thanos Query pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param query.livenessProbe.enabled Enable livenessProbe - ## @param query.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param query.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param query.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param query.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param query.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Thanos Query pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param query.readinessProbe.enabled Enable readinessProbe - ## @param query.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param query.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param query.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param query.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param query.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Thanos Query GRPC TLS parameters - ## to configure --grpc-server-tls-cert, --grpc-server-tls-key, --grpc-server-tls-client-ca, --grpc-client-tls-secure, --grpc-client-tls-cert, --grpc-client-tls-key, --grpc-client-tls-ca, --grpc-client-server-name - ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/query.md#flags - ## - grpcTLS: - ## TLS server side - ## - server: - ## @param query.grpcTLS.server.secure Enable TLS for GRPC server - ## - secure: false - ## @param query.grpcTLS.server.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates. - ## - autoGenerated: false - ## @param query.grpcTLS.server.cert TLS Certificate for gRPC server, leave blank to disable TLS - ignored if existingSecret is provided - ## - cert: "" - ## @param query.grpcTLS.server.key TLS Key for the gRPC server, leave blank to disable TLS - ignored if existingSecret is provided - ## - key: "" - ## @param query.grpcTLS.server.ca TLS CA to verify clients against - ## TLS client CA for gRPC server used for client verification purposes on the server - ignored if existingSecret is provided - ## - ca: "" - ## @param query.grpcTLS.server.existingSecret Existing secret containing your own TLS certificates. - ## existingSecret: - ## name: - ## keyMapping: - ## ca-cert: ca.pem - ## tls-cert: cert.pem - ## tls-key: key.pem - ## - existingSecret: {} - ## TLS client side - client: - ## @param query.grpcTLS.client.secure Use TLS when talking to the gRPC server - ## - secure: false - ## @param query.grpcTLS.client.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates. - ## - autoGenerated: false - ## @param query.grpcTLS.client.cert TLS Certificates to use to identify this client to the server - ignored if existingSecret is provided - ## - cert: "" - ## @param query.grpcTLS.client.key TLS Key for the client's certificate - ignored if existingSecret is provided - ## - key: "" - ## @param query.grpcTLS.client.ca TLS CA Certificates to use to verify gRPC servers - ignored if existingSecret is provided - ## - ca: "" - ## @param query.grpcTLS.client.servername Server name to verify the hostname on the returned gRPC certificates. See https://tools.ietf.org/html/rfc4366#section-3.1 - ## - servername: "" - ## @param query.grpcTLS.client.existingSecret Existing secret containing your own TLS certificates. - ## existingSecret: - ## name: - ## keyMapping: - ## ca-cert: ca.pem - ## tls-cert: cert.pem - ## tls-key: key.pem - ## - existingSecret: {} - ## Service parameters - ## - service: - ## @param query.service.type Kubernetes service type - ## - type: ClusterIP - ## @param query.service.clusterIP Thanos Query service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - http: - ## @param query.service.http.port Service HTTP port - ## - port: 9090 - ## @param query.service.http.nodePort Service HTTP node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param query.service.targetPort Service targetPort override - ## - targetPort: http - grpc: - ## @param query.service.grpc.port Service GRPC port - ## - port: 10901 - ## @param query.service.grpc.nodePort Service GRPC node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param query.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param query.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param query.service.externalTrafficPolicy Thanos Query service externalTrafficPolicy - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - ## @param query.service.annotations Annotations for Thanos Query service - ## - annotations: {} - ## @param query.service.labelSelectorsOverride Selector for Thanos query service - ## - labelSelectorsOverride: {} - ## Autoscaling parameters - ## @param query.autoscaling.enabled Enable autoscaling for Thanos Query - ## @param query.autoscaling.minReplicas Minimum number of Thanos Query replicas - ## @param query.autoscaling.maxReplicas Maximum number of Thanos Query replicas - ## @param query.autoscaling.targetCPU Target CPU utilization percentage - ## @param query.autoscaling.targetMemory Target Memory utilization percentage - ## - autoscaling: - enabled: false - minReplicas: "" - maxReplicas: "" - targetCPU: "" - targetMemory: "" - ## Query Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param query.pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: false - ## @param query.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## - minAvailable: 1 - ## @param query.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable - ## - maxUnavailable: "" - ## Configure the ingress resource that allows you to access Thanos Query - ## ref: http://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - ## @param query.ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param query.ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param query.ingress.hostname Default host for the ingress resource - ## - hostname: thanos.local - ## @param query.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param query.ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param query.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: thanos.local - ## path: / - ## pathType: ImplementationSpecific - ## - extraHosts: [] - ## @param query.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - thanos.local - ## secretName: thanos.local-tls - ## - extraTls: [] - ## @param query.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: thanos.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param query.ingress.tls Create ingress TLS section - ## When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress - ## - tls: false - ## @param query.ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param query.ingress.path Ingress path - ## - path: / - ## @param query.ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## Create an ingress object for the GRPC service. This requires an HTTP/2 - ## capable Ingress controller (eg. traefik using AWS NLB). Example annotations - ## - ingress.kubernetes.io/protocol: h2c - ## - service.beta.kubernetes.io/aws-load-balancer-type: nlb - ## - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp - ## For more information see https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/ - ## and also the documentation for your ingress controller. - ## - ## The options that are accepted are identical to the HTTP one listed above - ## - grpc: - ## @param query.ingress.grpc.enabled Enable ingress controller resource (GRPC) - ## - enabled: false - ## @param query.ingress.grpc.certManager Add annotations for cert-manager (GRPC) - ## - certManager: false - ## @param query.ingress.grpc.hostname Default host for the ingress resource (GRPC) - ## - hostname: thanos-grpc.local - ## @param query.ingress.grpc.annotations Ingress annotations (GRPC) - ## - annotations: {} - ## @param query.ingress.grpc.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: thanos-grpc.local - ## path: / - ## - extraHosts: [] - ## @param query.ingress.grpc.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - thanos-grpc.local - ## secretName: thanos-grpc.local-tls - ## - extraTls: [] - ## @param query.ingress.grpc.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: thanos-grpc.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param query.ingress.grpc.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param query.ingress.grpc.path Ingress Path - ## - path: / - ## @param query.ingress.grpc.pathType Ingress Path type - ## - pathType: ImplementationSpecific - -## @section Thanos Query Frontend parameters - -queryFrontend: - ## @param queryFrontend.enabled Enable/disable Thanos Query Frontend component - ## - enabled: true - ## @param queryFrontend.logLevel Thanos Query Frontend log level - ## - logLevel: info - ## @param queryFrontend.logFormat Thanos Query Frontend log format - ## - logFormat: logfmt - serviceAccount: - ## @param queryFrontend.serviceAccount.annotations Annotations for Thanos Query Frontend Service Account - ## - annotations: {} - ## @param queryFrontend.serviceAccount.existingServiceAccount Provide an existing service account for Query Frontend - ## - existingServiceAccount: "" - ## @param queryFrontend.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param queryFrontend.extraContainers Extra containers running as sidecars to Thanos Query Frontend container - ## Example: - ## - name: oAuth2-proxy - ## args: - ## - -https-address=:9092 - ## - -upstream=http://localhost:9091 - ## - -skip-auth-regex=^/metrics - ## image: openshift/oauth-proxy:v1.1.0 - ## ports: - ## - containerPort: 9092 - ## name: proxy - ## resources: - ## limits: - ## memory: 16Mi - ## requests: - ## memory: 4Mi - ## cpu: 20m - ## volumeMounts: - ## - mountPath: /secrets/proxy-tls - ## name: secret-proxy-tls - ## - extraContainers: [] - ## @param queryFrontend.extraEnv Extra environment variables for Thanos Query Frontend container - ## - ## extraEnv: - ## - name: VARNAME1 - ## value: value1 - ## - name: VARNAME2 - ## valueFrom: - ## secretKeyRef: - ## name: existing-secret - ## key: varname2-key - ## - extraEnv: [] - ## @param queryFrontend.extraVolumes Extra volumes to add to Thanos Query Frontend - ## - extraVolumes: [] - ## @param queryFrontend.extraVolumeMounts Extra volume mounts to add to the query-frontend container - ## - extraVolumeMounts: [] - ## @param queryFrontend.extraFlags Extra Flags to passed to Thanos Query Frontend - ## - extraFlags: [] - ## @param queryFrontend.config Thanos Query Frontend cache configuration - ## Specify content for config.yml - ## - config: "" - ## @param queryFrontend.existingConfigmap Name of existing ConfigMap with Thanos Query Frontend cache configuration - ## NOTE: This will override queryFrontend.config - ## - existingConfigmap: "" - ## @param queryFrontend.replicaCount Number of Thanos Query Frontend replicas to deploy - ## - replicaCount: 1 - ## @param queryFrontend.strategyType Deployment Strategy Type, can be set to RollingUpdate or Recreate by default - ## - strategyType: RollingUpdate - ## @param queryFrontend.podAffinityPreset Thanos Query Frontend pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param queryFrontend.podAntiAffinityPreset Thanos Query Frontend pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Thanos Query Frontend node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param queryFrontend.nodeAffinityPreset.type Thanos Query Frontend node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param queryFrontend.nodeAffinityPreset.key Thanos Query Frontend node label key to match Ignored if `queryFrontend.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param queryFrontend.nodeAffinityPreset.values Thanos Query Frontend node label values to match. Ignored if `queryFrontend.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param queryFrontend.affinity Thanos Query Frontend affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: queryFrontend.podAffinityPreset, queryFrontend.podAntiAffinityPreset, and queryFrontend.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param queryFrontend.nodeSelector Thanos Query Frontend node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param queryFrontend.tolerations Thanos Query Frontend tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param queryFrontend.podLabels Thanos Query Frontend pod labels - ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param queryFrontend.podAnnotations Annotations for Thanos Query Frontend pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param queryFrontend.priorityClassName Controller priorityClassName - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## K8s Pod Security Context for Thanos Query Frontend pods - ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param queryFrontend.podSecurityContext.enabled Enable security context for the Thanos Queryfrontend pod - ## @param queryFrontend.podSecurityContext.fsGroup Group ID for the filesystem used by Queryfrontend container - ## @param queryFrontend.podSecurityContext.runAsUser User ID for the service user running the Queryfrontend pod - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - ## K8s containers' Security Context for Thanos Query Frontend container - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param queryFrontend.containerSecurityContext.enabled Enable container security context for Queryfrontend container - ## @param queryFrontend.containerSecurityContext.runAsNonRoot Force the container Queryfrontend to run as a non root user - ## @param queryFrontend.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possiblity on or off for Queryfrontend - ## @param queryFrontend.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem of Queryfrontend container - ## - containerSecurityContext: - enabled: true - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - ## @param queryFrontend.rbac.create Create ClusterRole and ClusterRolebing for the Service account - ## - rbac: - create: false - ## @param queryFrontend.pspEnabled Create PodSecurity Policy - pspEnabled: false - ## Thanos Query Frontend containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param queryFrontend.resources.limits The resources limits for the Thanos Query Frontend container - ## @param queryFrontend.resources.requests The requested resources for the Thanos Query Frontend container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Thanos Query Frontend pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param queryFrontend.livenessProbe.enabled Enable livenessProbe - ## @param queryFrontend.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param queryFrontend.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param queryFrontend.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param queryFrontend.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param queryFrontend.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Thanos Query Frontend pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param queryFrontend.readinessProbe.enabled Enable readinessProbe - ## @param queryFrontend.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param queryFrontend.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param queryFrontend.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param queryFrontend.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param queryFrontend.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Service parameters - ## - service: - ## @param queryFrontend.service.type Kubernetes service type - ## - type: ClusterIP - ## @param queryFrontend.service.clusterIP Thanos Query Frontend service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - http: - ## @param queryFrontend.service.http.port Service HTTP port - ## - port: 9090 - ## @param queryFrontend.service.http.nodePort Service HTTP node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param queryFrontend.service.targetPort Service targetPort override - ## - targetPort: http - ## @param queryFrontend.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param queryFrontend.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param queryFrontend.service.externalTrafficPolicy Thanos Query Frontend service externalTrafficPolicy - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - ## @param queryFrontend.service.annotations Annotations for Thanos Query Frontend service - ## - annotations: {} - ## @param queryFrontend.service.labelSelectorsOverride Selector for Thanos query service - ## - labelSelectorsOverride: {} - ## Autoscaling parameters - ## @param queryFrontend.autoscaling.enabled Enable autoscaling for Thanos Query Frontend - ## @param queryFrontend.autoscaling.minReplicas Minimum number of Thanos Query Frontend replicas - ## @param queryFrontend.autoscaling.maxReplicas Maximum number of Thanos Query Frontend replicas - ## @param queryFrontend.autoscaling.targetCPU Target CPU utilization percentage - ## @param queryFrontend.autoscaling.targetMemory Target Memory utilization percentage - ## - autoscaling: - enabled: false - minReplicas: "" - maxReplicas: "" - targetCPU: "" - targetMemory: "" - ## Query Frontend Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param queryFrontend.pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: false - ## @param queryFrontend.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## - minAvailable: 1 - ## @param queryFrontend.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable - ## - maxUnavailable: "" - ## Configure the ingress resource that allows you to access Thanos Query Frontend - ## ref: http://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - ## @param queryFrontend.ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param queryFrontend.ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param queryFrontend.ingress.hostname Default host for the ingress resource - ## - hostname: thanos.local - ## @param queryFrontend.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param queryFrontend.ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param queryFrontend.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: thanos.local - ## path: / - ## pathType: ImplementationSpecific - ## - extraHosts: [] - ## @param queryFrontend.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - thanos.local - ## secretName: thanos.local-tls - ## - extraTls: [] - ## @param queryFrontend.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: thanos.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param queryFrontend.ingress.tls Create ingress TLS section - ## When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress - ## - tls: false - ## @param queryFrontend.ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param queryFrontend.ingress.path Ingress path - ## - path: / - ## @param queryFrontend.ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - -## @section Thanos Bucket Web parameters - -bucketweb: - ## @param bucketweb.enabled Enable/disable Thanos Bucket Web component - ## - enabled: false - ## @param bucketweb.logLevel Thanos Bucket Web log level - ## - logLevel: info - ## @param bucketweb.logFormat Thanos Bucket Web log format - ## - logFormat: logfmt - serviceAccount: - ## @param bucketweb.serviceAccount.annotations Annotations for Thanos Bucket Web Service Account - ## - annotations: {} - ## @param bucketweb.serviceAccount.existingServiceAccount Name for an existing Thanos Bucket Web Service Account - ## - existingServiceAccount: "" - ## @param bucketweb.refresh Refresh interval to download metadata from remote storage - ## - refresh: 30m - ## @param bucketweb.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param bucketweb.timeout Timeout to download metadata from remote storage - ## - timeout: 5m - ## @param bucketweb.extraContainers Extra containers running as sidecars to Thanos Bucket Web container - ## Example: - ## - name: oAuth2-proxy - ## args: - ## - -https-address=:9092 - ## - -upstream=http://localhost:9091 - ## - -skip-auth-regex=^/metrics - ## image: openshift/oauth-proxy:v1.1.0 - ## ports: - ## - containerPort: 9092 - ## name: proxy - ## resources: - ## limits: - ## memory: 16Mi - ## requests: - ## memory: 4Mi - ## cpu: 20m - ## volumeMounts: - ## - mountPath: /secrets/proxy-tls - ## name: secret-proxy-tls - ## - extraContainers: [] - ## @param bucketweb.extraEnv Extra environment variables for Thanos Bucket Web container - ## - ## extraEnv: - ## - name: VARNAME1 - ## value: value1 - ## - name: VARNAME2 - ## valueFrom: - ## secretKeyRef: - ## name: existing-secret - ## key: varname2-key - ## - extraEnv: [] - ## @param bucketweb.extraVolumes Extra volumes to add to Bucket Web - ## - extraVolumes: [] - ## @param bucketweb.extraVolumeMounts Extra volume mounts to add to the bucketweb container - ## - extraVolumeMounts: [] - ## @param bucketweb.extraFlags Extra Flags to passed to Thanos Bucket Web - ## - extraFlags: [] - ## @param bucketweb.replicaCount Number of Thanos Bucket Web replicas to deploy - ## - replicaCount: 1 - ## @param bucketweb.strategyType Deployment Strategy Type, can be set to RollingUpdate or Recreate by default - ## - strategyType: RollingUpdate - ## @param bucketweb.podAffinityPreset Thanos Bucket Web pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param bucketweb.podAntiAffinityPreset Thanos Bucket Web pod anti-affinity preset. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Thanos Bucket Web node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param bucketweb.nodeAffinityPreset.type Thanos Bucket Web node affinity preset type. Ignored if `bucketweb.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param bucketweb.nodeAffinityPreset.key Thanos Bucket Web node label key to match Ignored if `bucketweb.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param bucketweb.nodeAffinityPreset.values Thanos Bucket Web node label values to match. Ignored if `bucketweb.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param bucketweb.affinity Thanos Bucket Web affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: bucketweb.podAffinityPreset, bucketweb.podAntiAffinityPreset, and bucketweb.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param bucketweb.nodeSelector Thanos Bucket Web node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param bucketweb.tolerations Thanos Bucket Web tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param bucketweb.podLabels Thanos Bucket Web pod labels - ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param bucketweb.podAnnotations Annotations for Thanos Bucket Web pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param bucketweb.priorityClassName Controller priorityClassName - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## K8s Pod Security Context for Thanos Bucket Web pods - ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param bucketweb.podSecurityContext.enabled Enable security context for the Thanos Bucketweb pod - ## @param bucketweb.podSecurityContext.fsGroup Group ID for the filesystem used by Bucketweb container - ## @param bucketweb.podSecurityContext.runAsUser User ID for the service user running the Bucketweb pod - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - ## K8s containers' Security Context for Thanos Bucket Web container - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param bucketweb.containerSecurityContext.enabled Enable container security context for Bucketweb container - ## @param bucketweb.containerSecurityContext.runAsNonRoot Force the container Bucketweb to run as a non root user - ## @param bucketweb.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possiblity on or off for Bucketweb - ## @param bucketweb.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem of Bucketweb container - ## - containerSecurityContext: - enabled: true - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - ## Thanos Bucket Web containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param bucketweb.resources.limits The resources limits for the Thanos Bucket Web container - ## @param bucketweb.resources.requests The requested resources for the Thanos Bucket Web container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Thanos Bucket Web pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param bucketweb.livenessProbe.enabled Enable livenessProbe - ## @param bucketweb.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param bucketweb.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param bucketweb.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param bucketweb.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param bucketweb.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Thanos Bucket Web pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param bucketweb.readinessProbe.enabled Enable readinessProbe - ## @param bucketweb.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param bucketweb.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param bucketweb.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param bucketweb.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param bucketweb.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Service parameters - ## - service: - ## @param bucketweb.service.type Kubernetes service type - ## - type: ClusterIP - ## @param bucketweb.service.clusterIP Thanos Bucket Web service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - http: - ## @param bucketweb.service.http.port Service HTTP port - ## - port: 8080 - ## @param bucketweb.service.http.nodePort Service HTTP node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param bucketweb.service.targetPort Service targetPort override - ## - targetPort: http - ## @param bucketweb.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param bucketweb.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param bucketweb.service.externalTrafficPolicy Thanos Bucket Web service externalTrafficPolicy - ## - externalTrafficPolicy: Cluster - ## @param bucketweb.service.annotations Annotations for Thanos Bucket Web service - ## - annotations: {} - ## @param bucketweb.service.labelSelectorsOverride Selector for Thanos query service - ## - labelSelectorsOverride: {} - ## Bucket Web Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param bucketweb.pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: false - ## @param bucketweb.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## - minAvailable: 1 - ## @param bucketweb.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable - ## - maxUnavailable: "" - ## Configure the ingress resource that allows you to access Thanos Bucketweb - ## ref: http://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - ## @param bucketweb.ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param bucketweb.ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param bucketweb.ingress.hostname Default host for the ingress resource - ## - hostname: thanos-bucketweb.local - ## @param bucketweb.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param bucketweb.ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param bucketweb.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: thanos-bucketweb.local - ## path: / - ## pathType: ImplementationSpecific - ## - extraHosts: [] - ## @param bucketweb.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - thanos-bucketweb.local - ## secretName: thanos-bucketweb.local-tls - ## - extraTls: [] - ## @param bucketweb.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: thanos-bucketweb.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param bucketweb.ingress.tls Create ingress TLS section - ## When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress - ## - tls: false - ## @param bucketweb.ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param bucketweb.ingress.path Ingress path - ## - path: / - ## @param bucketweb.ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - -## @section Thanos Compactor parameters - -compactor: - ## @param compactor.enabled Enable/disable Thanos Compactor component - ## - enabled: false - ## @param compactor.logLevel Thanos Compactor log level - ## - logLevel: info - ## @param compactor.logFormat Thanos Compactor log format - ## - logFormat: logfmt - serviceAccount: - ## @param compactor.serviceAccount.annotations Annotations for Thanos Compactor Service Account - ## - annotations: {} - ## @param compactor.serviceAccount.existingServiceAccount Name for an existing Thanos Compactor Service Account - ## - existingServiceAccount: "" - ## @param compactor.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## Resolution and Retention flags - ## @param compactor.retentionResolutionRaw Resolution and Retention flag - ## @param compactor.retentionResolution5m Resolution and Retention flag - ## @param compactor.retentionResolution1h Resolution and Retention flag - ## - retentionResolutionRaw: 30d - retentionResolution5m: 30d - retentionResolution1h: 10y - ## @param compactor.consistencyDelay Minimum age of fresh (non-compacted) blocks before they are being processed - ## - consistencyDelay: 30m - ## @param compactor.extraEnv Extra environment variables for Thanos Compactor container - ## - ## extraEnv: - ## - name: VARNAME1 - ## value: value1 - ## - name: VARNAME2 - ## valueFrom: - ## secretKeyRef: - ## name: existing-secret - ## key: varname2-key - ## - extraEnv: [] - ## @param compactor.extraVolumes Extra volumes to add to Thanos Compactor - ## - extraVolumes: [] - ## @param compactor.extraVolumeMounts Extra volume mounts to add to the compactor container - ## - extraVolumeMounts: [] - ## @param compactor.extraFlags Extra Flags to passed to Thanos Compactor - ## - extraFlags: [] - ## @param compactor.strategyType Deployment Strategy Type, can be set to RollingUpdate or Recreate by default - ## - strategyType: RollingUpdate - ## @param compactor.podAffinityPreset Thanos Compactor pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param compactor.podAntiAffinityPreset Thanos Compactor pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Thanos Compactor node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param compactor.nodeAffinityPreset.type Thanos Compactor node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param compactor.nodeAffinityPreset.key Thanos Compactor node label key to match Ignored if `compactor.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param compactor.nodeAffinityPreset.values Thanos Compactor node label values to match. Ignored if `compactor.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param compactor.affinity Thanos Compactor affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: compactor.podAffinityPreset, compactor.podAntiAffinityPreset, and compactor.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param compactor.nodeSelector Thanos Compactor node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param compactor.tolerations Thanos Compactor tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param compactor.podLabels Thanos Compactor pod labels - ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param compactor.podAnnotations Annotations for Thanos Compactor pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param compactor.priorityClassName Controller priorityClassName - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## K8s Pod Security Context for Thanos Compactor pods - ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param compactor.podSecurityContext.enabled Enable security context for the Thanos Compactor pod - ## @param compactor.podSecurityContext.fsGroup Group ID for the filesystem used by Compactor container - ## @param compactor.podSecurityContext.runAsUser User ID for the service user running the Compactor pod - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - ## K8s containers' Security Context for Thanos Compactor container - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param compactor.containerSecurityContext.enabled Enable container security context for Compactor container - ## @param compactor.containerSecurityContext.runAsNonRoot Force the container Compactor to run as a non root user - ## @param compactor.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possiblity on or off for Compactor - ## @param compactor.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem of Compactor container - ## - containerSecurityContext: - enabled: true - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - ## Thanos Compactor containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param compactor.resources.limits The resources limits for the Thanos Compactor container - ## @param compactor.resources.requests The requested resources for the Thanos Compactor container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Thanos Compactor pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param compactor.livenessProbe.enabled Enable livenessProbe - ## @param compactor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param compactor.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param compactor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param compactor.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param compactor.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Thanos Compactor pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param compactor.readinessProbe.enabled Enable readinessProbe - ## @param compactor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param compactor.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param compactor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param compactor.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param compactor.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Service parameters - ## - service: - ## @param compactor.service.type Kubernetes service type - ## - type: ClusterIP - ## @param compactor.service.clusterIP Thanos Compactor service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - http: - ## @param compactor.service.http.port Service HTTP port - ## - port: 9090 - ## @param compactor.service.http.nodePort Service HTTP node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param compactor.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param compactor.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param compactor.service.externalTrafficPolicy Thanos Compactor service externalTrafficPolicy - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - ## @param compactor.service.annotations Annotations for Thanos Compactor service - ## - annotations: {} - ## @param compactor.service.labelSelectorsOverride Selector for Thanos query service - ## - labelSelectorsOverride: {} - - ## Configure the ingress resource that allows you to access Thanos Query Frontend - ## ref: http://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - ## @param compactor.ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param compactor.ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param compactor.ingress.hostname Default host for the ingress resource - ## - hostname: thanos-compactor.local - ## @param compactor.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param compactor.ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param compactor.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: thanos.local - ## path: / - ## pathType: ImplementationSpecific - ## - extraHosts: [] - ## @param compactor.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - thanos.local - ## secretName: thanos.local-tls - ## - extraTls: [] - ## @param compactor.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: thanos.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param compactor.ingress.tls Create ingress TLS section - ## When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress - ## - tls: false - ## @param compactor.ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param compactor.ingress.path Ingress path - ## - path: / - ## @param compactor.ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - - ## Persistence parameters - ## - persistence: - ## @param compactor.persistence.enabled Enable data persistence - ## - enabled: true - ## @param compactor.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template - ## - existingClaim: "" - ## @param compactor.persistence.storageClass Specify the `storageClass` used to provision the volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param compactor.persistence.accessModes Access modes of data volume - ## - accessModes: - - ReadWriteOnce - ## @param compactor.persistence.size Size of data volume - ## - size: 8Gi - -## @section Thanos Store Gateway parameters - -storegateway: - ## @param storegateway.enabled Enable/disable Thanos Store Gateway component - ## - enabled: false - ## @param storegateway.logLevel Thanos Store Gateway log level - ## - logLevel: info - ## @param storegateway.logFormat Thanos Store Gateway log format - ## - logFormat: logfmt - serviceAccount: - ## @param storegateway.serviceAccount.annotations Annotations for Thanos Store Gateway Service Account - ## - annotations: {} - ## @param storegateway.serviceAccount.existingServiceAccount Name for an existing Thanos Store Gateway Service Account - ## - existingServiceAccount: "" - ## @param storegateway.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param storegateway.extraEnv Extra environment variables for Thanos Store Gateway container - ## - ## extraEnv: - ## - name: VARNAME1 - ## value: value1 - ## - name: VARNAME2 - ## valueFrom: - ## secretKeyRef: - ## name: existing-secret - ## key: varname2-key - ## - extraEnv: [] - ## @param storegateway.extraVolumes Extra volumes to add to Thanos Store Gateway - ## - extraVolumes: [] - ## @param storegateway.extraVolumeMounts Extra volume mounts to add to the storegateway container - ## - extraVolumeMounts: [] - ## @param storegateway.extraFlags Extra Flags to passed to Thanos Store Gateway - ## - extraFlags: [] - ## @param storegateway.config Thanos Store Gateway cache configuration - ## Specify content for config.yml - ## - config: "" - ## @param storegateway.existingConfigmap Name of existing ConfigMap with Thanos Store Gateway cache configuration - ## NOTE: This will override storegateway.config - ## - existingConfigmap: "" - ## Thanos Store GRPC server configuration - ## - grpc: - ## TLS configuration - ## - tls: - ## @param storegateway.grpc.tls.enabled Enable TLS encryption in the GRPC server - ## - enabled: false - ## @param storegateway.grpc.tls.autoGenerated Create self-signed TLS certificates. Currently only supports PEM certificates. - ## - autoGenerated: false - ## @param storegateway.grpc.tls.cert TLS Certificate for gRPC server, leave blank to disable TLS - ignored if existingSecret is provided - ## - cert: "" - ## @param storegateway.grpc.tls.key TLS Key for gRPC server, leave blank to disable TLS - ignored if existingSecret is provided - ## - key: "" - ## @param storegateway.grpc.tls.ca TLS CA to verify clients against - ignored if existingSecret is provided - ## If no client CA is specified, there is no client verification on server side. (tls.NoClientCert) - ## - ca: "" - ## @param storegateway.grpc.tls.existingSecret Existing secret containing your own TLS certificates. - ## Example: - ## existingSecret: - ## name: - ## keyMapping: - ## ca-cert: ca.pem - ## tls-cert: cert.pem - ## tls-key: key.pem - ## - existingSecret: {} - ## @param storegateway.replicaCount Number of Thanos Store Gateway replicas to deploy - ## - replicaCount: 1 - ## @param storegateway.updateStrategyType Statefulset Update Strategy Type, can be set to RollingUpdate or OnDelete by default - ## - updateStrategyType: RollingUpdate - ## @param storegateway.podManagementPolicy Statefulset Pod management policy: OrderedReady (default) or Parallel - ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: OrderedReady - ## @param storegateway.podAffinityPreset Thanos Store Gateway pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param storegateway.podAntiAffinityPreset Thanos Store Gateway pod anti-affinity preset. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Thanos Store Gateway node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param storegateway.nodeAffinityPreset.type Thanos Store Gateway node affinity preset type. Ignored if `storegateway.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param storegateway.nodeAffinityPreset.key Thanos Store Gateway node label key to match Ignored if `storegateway.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param storegateway.nodeAffinityPreset.values Thanos Store Gateway node label values to match. Ignored if `storegateway.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param storegateway.affinity Thanos Store Gateway affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## If you have set storegateway.sharded.enabled: true you can set shardLoopId (or any other parameter) by setting the below code block under this 'affinity' section: - ## affinity: - ## matchLabels: - ## shard: "{{ .shardLoopId }}" - ## Note: storegateway.podAffinityPreset, storegateway.podAntiAffinityPreset, and storegateway.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param storegateway.nodeSelector Thanos Store Gateway node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## If you have set storegateway.sharded.enabled: true you can set shardLoopId (or any other parameter) by setting the below code block under this 'nodeSelector' section: - ## nodeSelector: { shardId: "{{ .shardLoopId }}" } - ## - nodeSelector: {} - ## @param storegateway.tolerations Thanos Store Gateway tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## If you have set storegateway.sharded.enabled: true you can set shardLoopId (or any other parameter) by setting the below code block under this 'nodeSelector' section: - ## tolerations: - ## - key: "shardId" - ## operator: "Equal" - ## value: "{{ .shardLoopId }}" - ## effect: "NoSchedule" - ## - ## - tolerations: [] - ## @param storegateway.podLabels Thanos Store Gateway pod labels - ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param storegateway.podAnnotations Annotations for Thanos Store Gateway pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param storegateway.priorityClassName Controller priorityClassName - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## K8s Pod Security Context for Thanos Store Gateway pods - ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param storegateway.podSecurityContext.enabled Enable security context for the Thanos Storegateway pod - ## @param storegateway.podSecurityContext.fsGroup Group ID for the filesystem used by Storegateway container - ## @param storegateway.podSecurityContext.runAsUser User ID for the service user running the Storegateway pod - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - ## K8s containers' Security Context for Thanos Store Gateway container - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param storegateway.containerSecurityContext.enabled Enable container security context for Storegateway container - ## @param storegateway.containerSecurityContext.runAsNonRoot Force the container Storegateway to run as a non root user - ## @param storegateway.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possiblity on or off for Storegateway - ## @param storegateway.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem of Storegateway container - ## - containerSecurityContext: - enabled: true - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - ## Thanos Store Gateway containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param storegateway.resources.limits The resources limits for the Thanos Store Gateway container - ## @param storegateway.resources.requests The requested resources for the Thanos Store Gateway container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Thanos Store Gateway pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param storegateway.livenessProbe.enabled Enable livenessProbe - ## @param storegateway.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param storegateway.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param storegateway.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param storegateway.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param storegateway.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Thanos Store Gateway pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param storegateway.readinessProbe.enabled Enable readinessProbe - ## @param storegateway.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param storegateway.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param storegateway.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param storegateway.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param storegateway.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Service parameters - ## - service: - ## @param storegateway.service.type Kubernetes service type - ## - type: ClusterIP - ## @param storegateway.service.clusterIP Thanos Store Gateway service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - http: - ## @param storegateway.service.http.port Service HTTP port - ## - port: 9090 - ## @param storegateway.service.http.nodePort Service HTTP node port - ## Specify the nodePort value for the LoadBalancer and NodePort service types - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - grpc: - ## @param storegateway.service.grpc.port Service GRPC port - ## - port: 10901 - ## @param storegateway.service.grpc.nodePort Service GRPC node port - ## Specify the nodePort value for the LoadBalancer and NodePort service types - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param storegateway.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param storegateway.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param storegateway.service.externalTrafficPolicy Thanos Store Gateway service externalTrafficPolicy - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - ## @param storegateway.service.annotations Annotations for Thanos Store Gateway service - ## - annotations: {} - ## @param storegateway.service.labelSelectorsOverride Selector for Thanos query service - ## - labelSelectorsOverride: {} - ## @param storegateway.service.additionalHeadless Additional Headless service - ## - additionalHeadless: false - ## Persistence parameters - ## - persistence: - ## @param storegateway.persistence.enabled Enable data persistence - ## - enabled: true - ## @param storegateway.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template - ## - existingClaim: "" - ## @param storegateway.persistence.storageClass Specify the `storageClass` used to provision the volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param storegateway.persistence.accessModes Access modes of data volume - ## - accessModes: - - ReadWriteOnce - ## @param storegateway.persistence.size Size of data volume - ## - size: 8Gi - ## Autoscaling parameters - ## @param storegateway.autoscaling.enabled Enable autoscaling for Thanos Store Gateway - ## @param storegateway.autoscaling.minReplicas Minimum number of Thanos Store Gateway replicas - ## @param storegateway.autoscaling.maxReplicas Maximum number of Thanos Store Gateway replicas - ## @param storegateway.autoscaling.targetCPU Target CPU utilization percentage - ## @param storegateway.autoscaling.targetMemory Target Memory utilization percentage - ## - autoscaling: - enabled: false - minReplicas: "" - maxReplicas: "" - targetCPU: "" - targetMemory: "" - ## Store Gateway Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param storegateway.pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: false - ## @param storegateway.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## - minAvailable: 1 - ## @param storegateway.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable - ## - maxUnavailable: "" - - ## Configure the ingress resource that allows you to access Thanos Query Frontend - ## ref: http://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - ## @param storegateway.ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param storegateway.ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param storegateway.ingress.hostname Default host for the ingress resource - ## - hostname: thanos-storegateway.local - ## @param storegateway.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param storegateway.ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param storegateway.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: thanos.local - ## path: / - ## pathType: ImplementationSpecific - ## - extraHosts: [] - ## @param storegateway.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - thanos.local - ## secretName: thanos.local-tls - ## - extraTls: [] - ## @param storegateway.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: thanos.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param storegateway.ingress.tls Create ingress TLS section - ## When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress - ## - tls: false - ## @param storegateway.ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param storegateway.ingress.path Ingress path - ## - path: / - ## @param storegateway.ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - - ## Sharded parameters - ## @param storegateway.sharded.enabled Enable sharding for Thanos Store Gateway - ## @param storegateway.sharded.hashPartitioning.shards Setting hashPartitioning will create multiple store statefulsets based on the number of shards specified using the hashmod of the blocks - ## @param storegateway.sharded.timePartitioning [array] Setting time timePartitioning will create multiple store deployments based on the number of partitions - ## @param storegateway.sharded.service.clusterIPs Array of cluster IPs for each Store Gateway service. Length must be the same as the number of shards - ## Example: - ## clusterIPs: - ## - X.X.X.X - ## - Y.Y.Y.Y - ## @param storegateway.sharded.service.loadBalancerIPs Array of load balancer IPs for each Store Gateway service. Length must be the same as the number of shards - ## Example: - ## loadBalancerIPs: - ## - X.X.X.X - ## - Y.Y.Y.Y - ## @param storegateway.sharded.service.http.nodePorts Array of http node ports used for Store Gateway service. Length must be the same as the number of shards - ## Example: - ## nodePorts: - ## - 30001 - ## - 30002 - ## @param storegateway.sharded.service.grpc.nodePorts Array of grpc node ports used for Store Gateway service. Length must be the same as the number of shards - ## Example: - ## nodePorts: - ## - 30011 - ## - 30012 - ## - sharded: - enabled: false - hashPartitioning: - shards: "" - timePartitioning: - - min: "" - max: "" - service: - clusterIPs: [] - loadBalancerIPs: [] - http: - nodePorts: [] - grpc: - nodePorts: [] - -## @section Thanos Ruler parameters - -ruler: - ## @param ruler.enabled Enable/disable Thanos Ruler component - ## - enabled: false - ## @param ruler.logLevel Thanos Ruler log level - ## - logLevel: info - ## @param ruler.logFormat Thanos Ruler log format - ## - logFormat: logfmt - ## @param ruler.replicaLabel Label to treat as a replica indicator along which data is deduplicated - ## - replicaLabel: replica - serviceAccount: - ## @param ruler.serviceAccount.annotations Annotations for Thanos Ruler Service Account - ## - annotations: {} - ## @param ruler.serviceAccount.existingServiceAccount Name for an existing Thanos Ruler Service Account - ## - existingServiceAccount: "" - ## @param ruler.hostAliases Add deployment host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param ruler.dnsDiscovery.enabled Dynamically configure Query APIs using DNS discovery - ## - dnsDiscovery: - enabled: true - ## @param ruler.alertmanagers Alermanager URLs array - ## - alertmanagers: [] - ## @param ruler.alertmanagersConfig Alertmanagers Configuration - ## - ## Creates a secret from the config which is then mounted to the pod - ## for more complicated alertmanager setups. - ## e.g: - ## alertmanagers: - ## - http_config: - ## basic_auth: - ## username: some_user - ## password: some_pass - ## static_configs: - ## - alertmanager.thanos.io - ## scheme: http - ## timeout: 10s - ## api_version: v2 - ## - alertmanagersConfig: "" - ## @param ruler.evalInterval The default evaluation interval to use - ## - evalInterval: 1m - ## @param ruler.clusterName Used to set the 'ruler_cluster' label - ## - clusterName: "" - ## @param ruler.extraContainers Extra containers running as sidecars to Thanos Ruler container - ## Example: - ## - name: oAuth2-proxy - ## args: - ## - -https-address=:9092 - ## - -upstream=http://localhost:9091 - ## - -skip-auth-regex=^/metrics - ## image: openshift/oauth-proxy:v1.1.0 - ## ports: - ## - containerPort: 9092 - ## name: proxy - ## resources: - ## limits: - ## memory: 16Mi - ## requests: - ## memory: 4Mi - ## cpu: 20m - ## volumeMounts: - ## - mountPath: /secrets/proxy-tls - ## name: secret-proxy-tls - ## - extraContainers: [] - ## @param ruler.extraEnv Extra environment variables for Thanos Ruler container - ## - ## extraEnv: - ## - name: VARNAME1 - ## value: value1 - ## - name: VARNAME2 - ## valueFrom: - ## secretKeyRef: - ## name: existing-secret - ## key: varname2-key - ## - extraEnv: [] - ## @param ruler.extraVolumes Extra volumes to add to Thanos Ruler - ## - extraVolumes: [] - ## @param ruler.extraVolumeMounts Extra volume mounts to add to the ruler container - ## - extraVolumeMounts: [] - ## @param ruler.extraFlags Extra Flags to passed to Thanos Ruler - ## - extraFlags: [] - ## @param ruler.config Ruler configuration - ## Specify content for ruler.yml - ## - config: "" - ## @param ruler.existingConfigmap Name of existing ConfigMap with Ruler configuration - ## NOTE: This will override ruler.config - ## - existingConfigmap: "" - ## @param ruler.replicaCount Number of Thanos Ruler replicas to deploy - ## - replicaCount: 1 - ## @param ruler.updateStrategyType Statefulset Update Strategy Type - ## - updateStrategyType: RollingUpdate - ## @param ruler.podManagementPolicy Statefulset Pod Management Policy Type - ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: OrderedReady - ## @param ruler.podAffinityPreset Thanos Ruler pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param ruler.podAntiAffinityPreset Thanos Ruler pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Thanos Ruler node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param ruler.nodeAffinityPreset.type Thanos Ruler node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param ruler.nodeAffinityPreset.key Thanos Ruler node label key to match Ignored if `ruler.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param ruler.nodeAffinityPreset.values Thanos Ruler node label values to match. Ignored if `ruler.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param ruler.affinity Thanos Ruler affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: ruler.podAffinityPreset, ruler.podAntiAffinityPreset, and ruler.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param ruler.nodeSelector Thanos Ruler node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param ruler.tolerations Thanos Ruler tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param ruler.podLabels Thanos Ruler pod labels - ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param ruler.podAnnotations Annotations for Thanos Ruler pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param ruler.priorityClassName Controller priorityClassName - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## K8s Pod Security Context for Thanos Ruler pods - ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param ruler.podSecurityContext.enabled Enable security context for the Thanos Ruler pod - ## @param ruler.podSecurityContext.fsGroup Group ID for the filesystem used by Ruler container - ## @param ruler.podSecurityContext.runAsUser User ID for the service user running the Ruler pod - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - ## K8s containers' Security Context for Thanos Ruler container - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param ruler.containerSecurityContext.enabled Enable container security context for Ruler container - ## @param ruler.containerSecurityContext.runAsNonRoot Force the container Ruler to run as a non root user - ## @param ruler.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possiblity on or off for Ruler - ## @param ruler.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem of Ruler container - ## - containerSecurityContext: - enabled: true - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - ## Thanos Ruler containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param ruler.resources.limits The resources limits for the Thanos Ruler container - ## @param ruler.resources.requests The requested resources for the Thanos Ruler container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Thanos Ruler pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param ruler.livenessProbe.enabled Enable livenessProbe - ## @param ruler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param ruler.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param ruler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param ruler.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param ruler.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Thanos Ruler pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param ruler.readinessProbe.enabled Enable readinessProbe - ## @param ruler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param ruler.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param ruler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param ruler.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param ruler.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Service parameters - ## - service: - ## @param ruler.service.type Kubernetes service type - ## - type: ClusterIP - ## @param ruler.service.clusterIP Thanos Ruler service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - http: - ## @param ruler.service.http.port Service HTTP port - ## - port: 9090 - ## @param ruler.service.http.nodePort Service HTTP node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param ruler.service.targetPort Service targetPort override - ## - targetPort: http - grpc: - ## @param ruler.service.grpc.port Service GRPC port - ## - port: 10901 - ## @param ruler.service.grpc.nodePort Service GRPC node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param ruler.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param ruler.service.loadBalancerSourceRanges Address that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param ruler.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - ## @param ruler.service.annotations Annotations for Thanos Ruler service - ## - annotations: {} - ## @param ruler.service.labelSelectorsOverride Selector for Thanos query service - ## - labelSelectorsOverride: {} - ## @param ruler.service.additionalHeadless Additional Headless service - ## - additionalHeadless: false - ## Persistence parameters - ## - persistence: - ## @param ruler.persistence.enabled Enable data persistence - ## - enabled: true - ## @param ruler.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template - ## - existingClaim: "" - ## @param ruler.persistence.storageClass Specify the `storageClass` used to provision the volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param ruler.persistence.accessModes Access modes of data volume - ## - accessModes: - - ReadWriteOnce - ## @param ruler.persistence.size Size of data volume - ## - size: 8Gi - ## Ruler Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param ruler.pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: false - ## @param ruler.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## - minAvailable: 1 - ## @param ruler.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable - ## - maxUnavailable: "" - ## Configure the ingress resource that allows you to access Thanos Ruler - ## ref: http://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - ## @param ruler.ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ruler.ingress.certManager Add annotations for cert-manager - ## - certManager: false - ## @param ruler.ingress.hostname Default host for the ingress resource - ## - hostname: thanos-ruler.local - ## @param ruler.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param ruler.ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ruler.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: thanos.local - ## path: / - ## pathType: ImplementationSpecific - ## - extraHosts: [] - ## @param ruler.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - thanos.local - ## secretName: thanos.local-tls - ## - extraTls: [] - ## @param ruler.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: thanos.local-tls - ## key: - ## certificate: - ## - secrets: [] - ## @param ruler.ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ruler.ingress.path Ingress path - ## - path: / - ## @param ruler.ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - -## @section Thanos Receive parameters - -receive: - ## @param receive.enabled Enable/disable Thanos Receive component - ## - enabled: false - ## @param receive.mode Mode to run receiver in. Valid options are "standalone" or "dual-mode" - ## ref: https://github.com/thanos-io/thanos/blob/release-0.22/docs/proposals-accepted/202012-receive-split.md - ## Enables running the Thanos Receiver in dual mode. Setting this to "dual-mode" will create a deployment for - ## the stateless thanos distributor. - mode: standalone - - distributor: - ## Thanos Receive Distributor containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param receive.distributor.resources.limits The resources limits for the Thanos Receive container - ## @param receive.distributor.resources.requests The requested resources for the Thanos Receive container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## @param receive.distributor.extraContainers Extra containers running as sidecars to Thanos Receive Distributor container - ## Example: - ## - name: oAuth2-proxy - ## args: - ## - -https-address=:9092 - ## - -upstream=http://localhost:9091 - ## - -skip-auth-regex=^/metrics - ## image: openshift/oauth-proxy:v1.1.0 - ## ports: - ## - containerPort: 9092 - ## name: proxy - ## resources: - ## limits: - ## memory: 16Mi - ## requests: - ## memory: 4Mi - ## cpu: 20m - ## volumeMounts: - ## - mountPath: /secrets/proxy-tls - ## name: secret-proxy-tls - ## - extraContainers: [] - ## @param receive.distributor.extraEnv Extra environment variables for Thanos Receive Distributor container - ## Example: - ## extraEnv: - ## - name: VARNAME1 - ## value: value1 - ## - name: VARNAME2 - ## valueFrom: - ## secretKeyRef: - ## name: existing-secret - ## key: varname2-key - ## - extraEnv: [] - ## @param receive.distributor.extraVolumes Extra volumes to add to Thanos Receive Distributor - ## - extraVolumes: [] - ## @param receive.distributor.extraVolumeMounts Extra volume mounts to add to the receive distributor container - ## - extraVolumeMounts: [] - ## @param receive.distributor.extraFlags Extra Flags to passed to Thanos Receive Distributor - ## - extraFlags: [] - ## @param receive.distributor.replicaCount Number of Thanos Receive Distributor replicas to deploy - ## - replicaCount: 1 - ## @param receive.distributor.strategyType StrategyType, can be set to RollingUpdate or Recreate by default. - ## - strategyType: RollingUpdate - ## @param receive.distributor.affinity Thanos Receive Distributor affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: receive.podAffinityPreset, receive.podAntiAffinityPreset, and receive.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param receive.distributor.nodeSelector Thanos Receive Distributor node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param receive.distributor.tolerations Thanos Receive Distributor tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - - ## @param receive.logLevel Thanos Receive log level - ## - logLevel: info - ## @param receive.logFormat Thanos Receive log format - ## - logFormat: logfmt - ## @param receive.tsdbRetention Thanos Receive TSDB retention period - ## - tsdbRetention: 15d - ## @param receive.replicationFactor Thanos Receive replication-factor - ## - replicationFactor: 1 - ## @param receive.replicaLabel Label to treat as a replica indicator along which data is deduplicated - ## - replicaLabel: replica - serviceAccount: - ## @param receive.serviceAccount.annotations Annotations for Thanos Receive Service Account - ## - annotations: {} - ## @param receive.serviceAccount.existingServiceAccount Name for an existing Thanos Receive Service Account - ## - existingServiceAccount: "" - ## @param receive.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param receive.config Receive Hashring configuration - ## json formatted string and yaml allowed. - ## Specify content for receive hashring - ## e.g: - ## config: - ## - endpoints: - ## - "127.0.0.1:10901" - ## - config: [] - ## @param receive.extraContainers Extra containers running as sidecars to Thanos Receive container - ## Example: - ## - name: oAuth2-proxy - ## args: - ## - -https-address=:9092 - ## - -upstream=http://localhost:9091 - ## - -skip-auth-regex=^/metrics - ## image: openshift/oauth-proxy:v1.1.0 - ## ports: - ## - containerPort: 9092 - ## name: proxy - ## resources: - ## limits: - ## memory: 16Mi - ## requests: - ## memory: 4Mi - ## cpu: 20m - ## volumeMounts: - ## - mountPath: /secrets/proxy-tls - ## name: secret-proxy-tls - ## - extraContainers: [] - ## @param receive.extraEnv Extra environment variables for Thanos Receive container - ## - ## extraEnv: - ## - name: VARNAME1 - ## value: value1 - ## - name: VARNAME2 - ## valueFrom: - ## secretKeyRef: - ## name: existing-secret - ## key: varname2-key - ## - extraEnv: [] - ## @param receive.extraVolumes Extra volumes to add to Thanos Receive - ## - extraVolumes: [] - ## @param receive.extraVolumeMounts Extra volume mounts to add to the receive container - ## - extraVolumeMounts: [] - ## @param receive.extraFlags Extra Flags to passed to Thanos Receive - ## - extraFlags: [] - ## @param receive.updateStrategyType Statefulset Update Strategy Type, can be set to RollingUpdate or OnDelete by default - ## - updateStrategyType: RollingUpdate - ## @param receive.replicaCount Number of Thanos Receive replicas to deploy - ## - replicaCount: 1 - ## @param receive.strategyType StrategyType, can be set to RollingUpdate or Recreate by default. - ## - strategyType: RollingUpdate - ## @param receive.podAffinityPreset Thanos Receive pod affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAffinityPreset: "" - ## @param receive.podAntiAffinityPreset Thanos Receive pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Thanos Receive node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param receive.nodeAffinityPreset.type Thanos Receive node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param receive.nodeAffinityPreset.key Thanos Receive node label key to match Ignored if `ruler.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param receive.nodeAffinityPreset.values Thanos Receive node label values to match. Ignored if `ruler.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param receive.affinity Thanos Receive affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: receive.podAffinityPreset, receive.podAntiAffinityPreset, and receive.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param receive.nodeSelector Thanos Receive node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param receive.tolerations Thanos Receive tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param receive.podLabels Thanos Receive pod labels - ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param receive.podAnnotations Annotations for Thanos Ruler pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param receive.priorityClassName Controller priorityClassName - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param receive.rbac.create Create ClusterRole and ClusterRolebing for the Service account - ## - rbac: - create: false - ## @param receive.pspEnabled Create PodSecurity Policy - ## - pspEnabled: false - ## Thanos Receive containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param receive.resources.limits The resources limits for the Thanos Receive container - ## @param receive.resources.requests The requested resources for the Thanos Receive container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - ## Thanos Receive pods' liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param receive.livenessProbe.enabled Enable livenessProbe - ## @param receive.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param receive.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param receive.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param receive.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param receive.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## Thanos Receive pods' readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param receive.readinessProbe.enabled Enable readinessProbe - ## @param receive.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param receive.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param receive.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param receive.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param receive.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - timeoutSeconds: 30 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 6 - ## K8s Security Context for Thanos Receive pods - ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param receive.podSecurityContext.enabled Enable security context for the Thanos Receive pod - ## @param receive.podSecurityContext.fsGroup Group ID for the filesystem used by Receive container - ## @param receive.podSecurityContext.runAsUser User ID for the service user running the Receive pod - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - ## K8s containers' Security Context for Thanos Receive container - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param receive.containerSecurityContext.enabled Enable container security context for Receive container - ## @param receive.containerSecurityContext.runAsNonRoot Force the container Receive to run as a non root user - ## @param receive.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possiblity on or off for Receive - ## @param receive.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem of Receive container - ## - containerSecurityContext: - enabled: true - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: false - ## Thanos Receive GRPC TLS parameters - ## ref: https://github.com/thanos-io/thanos/blob/master/docs/components/receive.md#flags - ## - grpc: - ## @param receive.grpc.gracePeriod Time to wait after an interrupt received for GRPC Server. - ## - gracePeriod: 2m - ## TLS server side - ## - server: - ## @param receive.grpc.server.secure enable TLS for GRPC server - ## - secure: false - ## @param receive.grpc.server.cert TLS Certificate for gRPC server, leave blank to disable TLS - ## - cert: "" - ## @param receive.grpc.server.key TLS Key for the gRPC server, leave blank to disable TLS - ## - key: "" - ## @param receive.grpc.server.ca TLS CA to verify clients against. If no client CA is specified, there is no client verification on server side. (tls.NoClientCert) - ## - ca: "" - ## Service parameters - ## - service: - ## @param receive.service.type Kubernetes service type - ## - type: ClusterIP - ## @param receive.service.clusterIP Thanos Ruler service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - http: - ## @param receive.service.http.port Service HTTP port - ## - port: 10902 - ## @param receive.service.http.nodePort Service HTTP node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param receive.service.targetPort Service targetPort override - ## - targetPort: http - grpc: - ## @param receive.service.grpc.port Service GRPC port - ## - port: 10901 - ## @param receive.service.grpc.nodePort Service GRPC node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - remoteWrite: - ## @param receive.service.remoteWrite.port Service remote write port - ## - port: 19291 - ## @param receive.service.remoteWrite.nodePort Service remote write node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param receive.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param receive.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param receive.service.externalTrafficPolicy Thanos Ruler service externalTrafficPolicy - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - ## @param receive.service.annotations Annotations for Thanos Receive service - ## - annotations: {} - ## @param receive.service.labelSelectorsOverride Selector for Thanos receive service - ## - labelSelectorsOverride: {} - ## @param receive.service.additionalHeadless Additional Headless service - ## - additionalHeadless: false - ## @param receive.autoscaling.enabled Enable autoscaling for Thanos Receive - ## @param receive.autoscaling.minReplicas Minimum number of Thanos Receive replicas - ## @param receive.autoscaling.maxReplicas Maximum number of Thanos Receive replicas - ## @param receive.autoscaling.targetCPU Target CPU utilization percentage - ## @param receive.autoscaling.targetMemory Target Memory utilization percentage - ## - autoscaling: - enabled: false - minReplicas: "" - maxReplicas: "" - targetCPU: "" - targetMemory: "" - ## Persistence parameters - ## - persistence: - ## @param receive.persistence.enabled Enable data persistence - ## - enabled: true - ## @param receive.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## If defined, PVC must be created manually before volume will be bound - ## The value is evaluated as a template - ## - existingClaim: "" - ## @param receive.persistence.storageClass Specify the `storageClass` used to provision the volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. - ## - storageClass: "" - ## @param receive.persistence.accessModes Access modes of data volume - ## - accessModes: - - ReadWriteOnce - ## @param receive.persistence.size Size of data volume - ## - size: 8Gi - ## Receive Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param receive.pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: false - ## @param receive.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## - minAvailable: 1 - ## @param receive.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable - ## - maxUnavailable: "" - ## Configure the ingress resource that allows you to access Thanos Receive - ## ref: http://kubernetes.io/docs/user-guide/ingress/ - ## - ingress: - ## @param receive.ingress.enabled Set to true to enable ingress record generation - ## - enabled: false - ## @param receive.ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param receive.ingress.hostname When the ingress is enabled, a host pointing to this will be created - ## - hostname: thanos-receive.local - ## @param receive.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param receive.ingress.annotations Ingress annotations done as key:value pairs - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param receive.ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## extraHosts: - ## - name: thanos.local - ## path: / - ## pathType: ImplementationSpecific - ## - extraHosts: [] - ## @param receive.ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## extraTls: - ## - hosts: - ## - thanos.local - ## secretName: thanos.local-tls - ## - extraTls: [] - ## @param receive.ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## - name: thanos.local-tls - ## key: - ## certificate: - ## - ## @param receive.ingress.tls When specifying cert-manager.io/cluster-issuer: nameOfClusterIssuer annotation, enable tls for ingress - ## - tls: false - secrets: [] - ## @param receive.ingress.apiVersion Override API Version (automatically detected if not set) - ## - apiVersion: "" - ## @param receive.ingress.path Ingress Path - ## - path: / - ## @param receive.ingress.pathType Ingress Path type - ## - pathType: ImplementationSpecific - -## @section Metrics parameters - -## Prometheus metrics -## -metrics: - ## @param metrics.enabled Enable the export of Prometheus metrics - ## - enabled: false - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: "" - ## @param metrics.serviceMonitor.labels Additional labels for ServiceMonitor object - ## - labels: {} - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - - ## PrometheusRule CRD configuration - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled If `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param metrics.prometheusRule.namespace Namespace in which the PrometheusRule CRD is created - ## - namespace: "" - ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule - ## - additionalLabels: {} - ## @param metrics.prometheusRule.rules Prometheus Rules for Thanos components - ## These are just examples rules, please adapt them to your needs. - ## rules: | - ## groups: - ## - name: Compactor - ## rules: - ## - alert: ThanosCompactMultipleRunning - ## annotations: - ## description: No more than one Thanos Compact instance should be running at once. There are {{`{{`}}$value{{`}}`}} instances running. - ## runbook_url: https://github.com/thanos-io/thanos/tree/main/mixin/runbook.md#alert-name-thanoscompactmultiplerunning - ## summary: Thanos Compact has multiple instances running. - ## expr: sum by (job) (up{job=~"{{ template "common.names.fullname" . }}-compact.*"}) > 1 - ## for: 5m - ## labels: - ## severity: warning - rules: [] - -## @section Volume Permissions parameters - -## Init Container parameters -## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component -## values from the securityContext section of the component -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r205 - ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - -## @section MinIO® chart parameters - -minio: - ## @param minio.enabled Enable/disable MinIO® chart installation - ## to be used as an objstore for Thanos - ## - enabled: false - ## MinIO® credentials - ## @param minio.accessKey.password MinIO® Access Key - ## @param minio.secretKey.password MinIO® Secret Key - ## - accessKey: - password: "" - secretKey: - password: "" - ## @param minio.defaultBuckets Comma, semi-colon or space separated list of MinIO® buckets to create - ## - defaultBuckets: 'thanos' diff --git a/bitnami/tomcat/.helmignore b/bitnami/tomcat/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/tomcat/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/tomcat/Chart.lock b/bitnami/tomcat/Chart.lock deleted file mode 100644 index 6c23fda..0000000 --- a/bitnami/tomcat/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-23T13:57:04.804119958Z" diff --git a/bitnami/tomcat/Chart.yaml b/bitnami/tomcat/Chart.yaml deleted file mode 100644 index e2c524a..0000000 --- a/bitnami/tomcat/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - category: ApplicationServer -apiVersion: v2 -appVersion: 10.0.11 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Chart for Apache Tomcat -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/tomcat -icon: https://bitnami.com/assets/stacks/tomcat/img/tomcat-stack-220x234.png -keywords: - - tomcat - - java - - http - - web - - application server - - jsp -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: tomcat -sources: - - https://github.com/bitnami/bitnami-docker-tomcat - - http://tomcat.apache.org -version: 9.3.0 diff --git a/bitnami/tomcat/README.md b/bitnami/tomcat/README.md deleted file mode 100644 index 7dec372..0000000 --- a/bitnami/tomcat/README.md +++ /dev/null @@ -1,315 +0,0 @@ -# Tomcat - -[Apache Tomcat](http://tomcat.apache.org/), often referred to as Tomcat, is an open-source web server and servlet container developed by the Apache Software Foundation. Tomcat implements several Java EE specifications including Java Servlet, JavaServer Pages, Java EL, and WebSocket, and provides a "pure Java" HTTP web server environment for Java code to run in. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/tomcat -``` - -## Introduction - -This chart bootstraps a [Tomcat](https://github.com/bitnami/bitnami-docker-tomcat) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/tomcat -``` - -These commands deploy Tomcat on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | -| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### Tomcat parameters - -| Name | Description | Value | -| ----------------------------- | -------------------------------------------------------------------- | ----------------------- | -| `image.registry` | Tomcat image registry | `docker.io` | -| `image.repository` | Tomcat image repository | `bitnami/tomcat` | -| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.0.11-debian-10-r10` | -| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `tomcatUsername` | Tomcat admin user | `user` | -| `tomcatPassword` | Tomcat admin password | `""` | -| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraEnvVars` | Extra environment variables to be set on Tomcat container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` | - - -### Tomcat deployment parameters - -| Name | Description | Value | -| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | ------------------- | -| `replicaCount` | Specify number of Tomcat replicas | `1` | -| `deployment.type` | Use Deployment or StatefulSet | `deployment` | -| `updateStrategy.type` | StrategyType | `RollingUpdate` | -| `containerPort` | HTTP port to expose at container level | `8080` | -| `containerExtraPorts` | Extra ports to expose at container level | `{}` | -| `podSecurityContext.enabled` | Enable Tomcat pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Set Tomcat pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enable Tomcat containers' SecurityContext | `true` | -| `containerSecurityContext.runAsUser` | User ID for the Tomcat container | `1001` | -| `resources.limits` | The resources limits for the Tomcat container | `{}` | -| `resources.requests` | The requested resources for the Tomcat container | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.httpGet.path` | Request path for livenessProbe | `/` | -| `livenessProbe.httpGet.port` | Port for livenessProbe | `http` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.httpGet.path` | Request path for readinessProbe | `/` | -| `readinessProbe.httpGet.port` | Port for readinessProbe | `http` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `podLabels` | Extra labels for Tomcat pods | `{}` | -| `podAnnotations` | Annotations for Tomcat pods | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes for Tomcat pods in Deployment | `[]` | -| `extraVolumeClaimTemplates` | Optionally specify extra list of additional volume claim templates for Tomcat pods in StatefulSet | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Tomcat container(s) | `[]` | -| `initContainers` | Add init containers to the Tomcat pods. | `[]` | -| `sidecars` | Add sidecars to the Tomcat pods. | `[]` | -| `persistence.enabled` | Enable persistence | `true` | -| `persistence.storageClass` | PVC Storage Class for Tomcat volume | `""` | -| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `persistence.accessModes` | PVC Access Modes for Tomcat volume | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for Tomcat volume | `8Gi` | -| `persistence.existingClaim` | An Existing PVC name for Tomcat volume | `""` | -| `persistence.selectorLabels` | Selector labels to use in volume claim template in statefulset | `{}` | - - -### Traffic Exposure parameters - -| Name | Description | Value | -| ------------------------------- | --------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.nodePort` | Kubernetes http node port | `""` | -| `service.loadBalancerIP` | Port Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.annotations` | Annotations for Tomcat service | `{}` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `ingress.hostname` | Default host for the ingress resource | `tomcat.local` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at `ingress.hostname` parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.path` | Ingress path | `/` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `10-debian-10-r201` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | -| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | - - -The above parameters map to the env variables defined in [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat). For more information please refer to the [bitnami/tomcat](http://github.com/bitnami/bitnami-docker-tomcat) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set tomcatUser=manager,tomcatPassword=password bitnami/tomcat -``` - -The above command sets the Tomcat management username and password to `manager` and `password` respectively. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/tomcat -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different Tomcat version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/tomcat/configuration/change-image-version/). - -### Add extra environment variables - -To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: DEBUG -``` - -Alternatively, define a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Use Sidecars and Init Containers - -If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. - -Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.bitnami.com/kubernetes/infrastructure/tomcat/configuration/configure-sidecar-init-containers/). - -### Set Pod affinity - -This chart allows you to set custom Pod affinity using the `affinity` parameter. Find more information about Pod's affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Persistence - -The [Bitnami Tomcat](https://github.com/bitnami/bitnami-docker-tomcat) image stores the Tomcat data and configurations at the `/bitnami/tomcat` path of the container. - -Persistent Volume Claims (PVCs) are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. - -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -### Adjust permissions of persistent volume mountpoint - -As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. - -By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. -As an alternative, this chart supports using an init container to change the ownership of the volume before mounting it in the final destination. - -You can enable this init container by setting `volumePermissions.enabled` to `true`. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 8.0.0 - -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- Ingress configuration was also adapted to follow the Helm charts best practices. -- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -Consequences: - -- Backwards compatibility is not guaranteed. However, you can easily workaround this issue by removing Tomcat deployment before upgrading (the following example assumes that the release name is `tomcat`): - -```console -$ export TOMCAT_PASSWORD=$(kubectl get secret --namespace default tomcat -o jsonpath="{.data.tomcat-password}" | base64 --decode) -$ kubectl delete deployments.apps tomcat -$ helm upgrade tomcat bitnami/tomcat --set tomcatPassword=$TOMCAT_PASSWORD -``` - -### To 7.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/tomcat/administration/upgrade-helm3/). - -### To 5.0.0 - -This release updates the Bitnami Tomcat container to `9.0.26-debian-9-r0`, which is based on Bash instead of Node.js. - -### To 2.1.0 - -Tomcat container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below: - -``` -$ helm upgrade my-release bitnami/tomcat -``` - -If you use a previous container image (previous to **8.5.35-r26**) disable the `securityContext` by running the command below: - -``` -$ helm upgrade my-release bitnami/tomcat --set securityContext.enabled=false,image.tag=XXX -``` - -### To 1.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is tomcat: - -```console -$ kubectl patch deployment tomcat --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` diff --git a/bitnami/tomcat/ci/ct-values.yaml b/bitnami/tomcat/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/tomcat/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/tomcat/ci/values-with-ingress-and-initcontainers.yaml b/bitnami/tomcat/ci/values-with-ingress-and-initcontainers.yaml deleted file mode 100644 index 61f4b53..0000000 --- a/bitnami/tomcat/ci/values-with-ingress-and-initcontainers.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct -service: - type: ClusterIP -ingress: - enabled: true - tls: true - hostname: tomcat.local -volumePermissions: - enabled: true diff --git a/bitnami/tomcat/templates/NOTES.txt b/bitnami/tomcat/templates/NOTES.txt deleted file mode 100644 index 1b0a648..0000000 --- a/bitnami/tomcat/templates/NOTES.txt +++ /dev/null @@ -1,53 +0,0 @@ - -** Please be patient while the chart is being deployed ** - -{{- if .Values.ingress.enabled }} - -1. Get the Tomcat URL and associate its hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "Tomcat URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}" - echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts - -{{- else }} - -1. Get the Tomcat URL by running: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "Tomcat URL: http://$NODE_IP:$NODE_PORT" - echo "Tomcat Management URL: http://$NODE_IP:$NODE_PORT/manager" - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{- $port:=.Values.service.port | toString }} - echo "Tomcat URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/" - echo "Tomcat Management URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/manager" - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 8080:{{ .Values.service.port }} & - echo "Tomcat URL: http://127.0.0.1:8080/" - echo "Tomcat Management URL: http://127.0.0.1:8080/manager" - -{{- end }} -{{- end }} - -2. Login with the following credentials - - echo Username: {{ .Values.tomcatUsername }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.data.tomcat-password}" | base64 --decode) - -{{- include "tomcat.checkRollingTags" . }} -{{- $passwordValidationErrors := list -}} -{{- $secretName := include "common.names.fullname" . -}} -{{- $requiredTomcatPassword := dict "valueKey" "tomcatPassword" "secret" $secretName "field" "tomcat-password" "context" $ -}} -{{- $requiredTomcatPasswordError := include "common.validations.values.single.empty" $requiredTomcatPassword -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $requiredTomcatPasswordError -}} -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/tomcat/templates/_helpers.tpl b/bitnami/tomcat/templates/_helpers.tpl deleted file mode 100644 index 8fad75e..0000000 --- a/bitnami/tomcat/templates/_helpers.tpl +++ /dev/null @@ -1,36 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Tomcat image name -*/}} -{{- define "tomcat.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "tomcat.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "tomcat.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "tomcat.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "tomcat.pvc" -}} -{{- coalesce .Values.persistence.existingClaim (include "common.names.fullname" .) -}} -{{- end -}} diff --git a/bitnami/tomcat/templates/_pod.tpl b/bitnami/tomcat/templates/_pod.tpl deleted file mode 100644 index 795e45d..0000000 --- a/bitnami/tomcat/templates/_pod.tpl +++ /dev/null @@ -1,132 +0,0 @@ -{{/* -Pod Spec -*/}} -{{- define "tomcat.pod" -}} -{{- include "tomcat.imagePullSecrets" . }} -{{- if .Values.hostAliases }} -hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 2 }} -{{- end }} -{{- if .Values.affinity }} -affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 2 }} -{{- else }} -affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 4 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 4 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 4 }} -{{- end }} -{{- if .Values.nodeSelector }} -nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 2 }} -{{- end }} -{{- if .Values.tolerations }} -tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 2 }} -{{- end }} -{{- if .Values.podSecurityContext.enabled }} -securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 2 }} -{{- end }} -{{- if .Values.topologySpreadConstraints }} -topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 2 }} -{{- end }} -initContainers: -{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} -- name: volume-permissions - image: {{ template "tomcat.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /bitnami/tomcat - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 4 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/tomcat -{{- end }} -{{- if .Values.initContainers }} -{{ include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) }} -{{- end }} -containers: -- name: tomcat - image: {{ template "tomcat.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 4 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 4 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: TOMCAT_USERNAME - value: {{ .Values.tomcatUsername | quote }} - - name: TOMCAT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - key: tomcat-password - - name: TOMCAT_ALLOW_REMOTE_MANAGEMENT - value: {{ .Values.tomcatAllowRemoteManagement | quote }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 2 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPort }} - {{- if .Values.containerExtraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.containerExtraPorts "context" $) | nindent 2 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 4 }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 4 }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 4 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/tomcat - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 2 }} - {{- end }} -{{- if .Values.sidecars }} -{{ include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) }} -{{- end }} -volumes: -{{- if and .Values.persistence.enabled (eq .Values.deployment.type "deployment") }} -- name: data - persistentVolumeClaim: - claimName: {{ template "tomcat.pvc" . }} -{{- else if and .Values.persistence.enabled (eq .Values.deployment.type "statefulset") }} -# nothing -{{- else }} -- name: data - emptyDir: {} -{{- end }} -{{- if .Values.extraVolumes }} -{{ include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) }} -{{- end }} -{{- end -}} diff --git a/bitnami/tomcat/templates/deployment.yaml b/bitnami/tomcat/templates/deployment.yaml deleted file mode 100644 index b240d99..0000000 --- a/bitnami/tomcat/templates/deployment.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{ if (or (not .Values.persistence.enabled) (eq .Values.deployment.type "deployment")) }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: {{- include "tomcat.pod" . | nindent 6 }} -{{- end }} diff --git a/bitnami/tomcat/templates/extra-list.yaml b/bitnami/tomcat/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/tomcat/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/tomcat/templates/ingress.yaml b/bitnami/tomcat/templates/ingress.yaml deleted file mode 100644 index 4cf0308..0000000 --- a/bitnami/tomcat/templates/ingress.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/tomcat/templates/pvc.yaml b/bitnami/tomcat/templates/pvc.yaml deleted file mode 100644 index dc48909..0000000 --- a/bitnami/tomcat/templates/pvc.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.deployment.type "deployment") -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} -{{- end -}} diff --git a/bitnami/tomcat/templates/secrets.yaml b/bitnami/tomcat/templates/secrets.yaml deleted file mode 100644 index 429a8f7..0000000 --- a/bitnami/tomcat/templates/secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.tomcatPassword }} - tomcat-password: {{ .Values.tomcatPassword | b64enc | quote }} - {{- else }} - tomcat-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} diff --git a/bitnami/tomcat/templates/statefulset.yaml b/bitnami/tomcat/templates/statefulset.yaml deleted file mode 100644 index c54aee5..0000000 --- a/bitnami/tomcat/templates/statefulset.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.deployment.type "statefulset")}} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - updateStrategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} - serviceName: {{ template "common.names.fullname" . }}-headless - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: {{- include "tomcat.pod" . | nindent 6 }} - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 6 }} - {{- with .Values.persistence.selectorLabels }} - selector: - matchLabels: {{- toYaml . | nindent 10 }} - {{- end }} - {{- if .Values.extraVolumeClaimTemplates }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeClaimTemplates "context" $) | nindent 2 }} - {{- end }} -{{- end }} diff --git a/bitnami/tomcat/templates/svc-headless.yaml b/bitnami/tomcat/templates/svc-headless.yaml deleted file mode 100644 index dd5a21a..0000000 --- a/bitnami/tomcat/templates/svc-headless.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.deployment.type "statefulset") }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }}-headless - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - clusterIP: None - type: ClusterIP - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} -{{- end }} diff --git a/bitnami/tomcat/templates/svc.yaml b/bitnami/tomcat/templates/svc.yaml deleted file mode 100644 index a536487..0000000 --- a/bitnami/tomcat/templates/svc.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} - nodePort: {{ .Values.service.nodePort }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/tomcat/templates/tls-secrets.yaml b/bitnami/tomcat/templates/tls-secrets.yaml deleted file mode 100644 index 8b9c6ee..0000000 --- a/bitnami/tomcat/templates/tls-secrets.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- else if and .Values.ingress.tls (not .Values.ingress.certManager) }} -{{- $ca := genCA "tomcat-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/tomcat/values.yaml b/bitnami/tomcat/values.yaml deleted file mode 100644 index 5f6ceca..0000000 --- a/bitnami/tomcat/values.yaml +++ /dev/null @@ -1,480 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param commonAnnotations Add annotations to all the deployed resources -## -commonAnnotations: {} -## @param clusterDomain Kubernetes Cluster Domain -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section Tomcat parameters - -## Bitnami Tomcat image version -## ref: https://hub.docker.com/r/bitnami/tomcat/tags/ -## @param image.registry Tomcat image registry -## @param image.repository Tomcat image repository -## @param image.tag Tomcat image tag (immutable tags are recommended) -## @param image.pullPolicy Tomcat image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/tomcat - tag: 10.0.11-debian-10-r10 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## - debug: false -## @param hostAliases Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param tomcatUsername Tomcat admin user -## ref: https://github.com/bitnami/bitnami-docker-tomcat#creating-a-custom-user -## -tomcatUsername: user -## @param tomcatPassword Tomcat admin password -## ref: https://github.com/bitnami/bitnami-docker-tomcat#creating-a-custom-user -## -tomcatPassword: "" -## @param tomcatAllowRemoteManagement Enable remote access to management interface -## ref: https://github.com/bitnami/charts/tree/master/bitnami/tomcat#configuration -## -tomcatAllowRemoteManagement: 0 -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param extraEnvVars Extra environment variables to be set on Tomcat container -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra environment variables -## -extraEnvVarsSecret: "" - -## @section Tomcat deployment parameters - -## @param replicaCount Specify number of Tomcat replicas -## -replicaCount: 1 -## Deployment -## -deployment: - ## @param deployment.type Use Deployment or StatefulSet - ## - type: deployment -## Strategy to use to update Pods -## -updateStrategy: - ## @param updateStrategy.type StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate -## @param containerPort HTTP port to expose at container level -## -containerPort: 8080 -## @param containerExtraPorts Extra ports to expose at container level -## -## Example: -## containerExtraPorts: -## - name: ajp -## containerPort: 8081 -## -containerExtraPorts: {} -## Tomcat pods' Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param podSecurityContext.enabled Enable Tomcat pods' Security Context -## @param podSecurityContext.fsGroup Set Tomcat pod's Security Context fsGroup -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Tomcat containers' SecurityContext -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param containerSecurityContext.enabled Enable Tomcat containers' SecurityContext -## @param containerSecurityContext.runAsUser User ID for the Tomcat container -## -containerSecurityContext: - enabled: true - runAsUser: 1001 -## Tomcat containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the Tomcat container -## @param resources.requests [object] The requested resources for the Tomcat container -## -resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - limits: {} - requests: - cpu: 300m - memory: 512Mi -## Configure extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.httpGet.path Request path for livenessProbe -## @param livenessProbe.httpGet.port Port for livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - httpGet: - path: / - port: http - initialDelaySeconds: 120 - periodSeconds: 10 - failureThreshold: 6 - timeoutSeconds: 5 - successThreshold: 1 -## Configure extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.httpGet.path Request path for readinessProbe -## @param readinessProbe.httpGet.port Port for readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - httpGet: - path: / - port: http - initialDelaySeconds: 30 - periodSeconds: 5 - failureThreshold: 3 - timeoutSeconds: 3 - successThreshold: 1 -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param podLabels Extra labels for Tomcat pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Annotations for Tomcat pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods -## -topologySpreadConstraints: [] -## @param extraVolumes Optionally specify extra list of additional volumes for Tomcat pods in Deployment -## -extraVolumes: [] -## @param extraVolumeClaimTemplates Optionally specify extra list of additional volume claim templates for Tomcat pods in StatefulSet -## -extraVolumeClaimTemplates: [] -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Tomcat container(s) -## -extraVolumeMounts: [] -## @param initContainers Add init containers to the Tomcat pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param sidecars Add sidecars to the Tomcat pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence - ## - enabled: true - ## @param persistence.storageClass PVC Storage Class for Tomcat volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param persistence.annotations Persistent Volume Claim annotations - ## - annotations: {} - ## @param persistence.accessModes PVC Access Modes for Tomcat volume - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size PVC Storage Request for Tomcat volume - ## - size: 8Gi - ## @param persistence.existingClaim An Existing PVC name for Tomcat volume - ## - existingClaim: "" - ## @param persistence.selectorLabels Selector labels to use in volume claim template in statefulset - ## Applicable when deployment.type is statefulset - ## - selectorLabels: {} - -## @section Traffic Exposure parameters - -## Service parameters -## -service: - ## @param service.type Kubernetes Service type - ## For minikube, set this to NodePort, elsewhere use LoadBalancer - ## - type: LoadBalancer - ## @param service.port Service HTTP port - ## - port: 80 - ## @param service.nodePort Kubernetes http node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param service.loadBalancerIP Port Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank - ## - loadBalancerIP: "" - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations Annotations for Tomcat service - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} -## Ingress configuratiom -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: false - ## @param ingress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: tomcat.local - ## @param ingress.annotations Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can use the ingress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or - ## let the chart create self-signed certificates for you - ## - tls: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## Example: - ## extraHosts: - ## - name: tomcat.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## Example: - ## extraTls: - ## - hosts: - ## - tomcat.local - ## secretName: tomcat.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY----- - ## name should line up with a secretName set further up - ## - ## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - ## Example - ## secrets: - ## - name: tomcat.local-tls - ## key: "" - ## certificate: "" - ## - secrets: [] - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.path Ingress path - ## - path: / - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes volume permissions in the data directory - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r201 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits Init container volume-permissions resource limits - ## @param volumePermissions.resources.requests Init container volume-permissions resource requests - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} diff --git a/bitnami/wavefront-adapter-for-istio/Chart.lock b/bitnami/wavefront-adapter-for-istio/Chart.lock deleted file mode 100644 index 6e84ff5..0000000 --- a/bitnami/wavefront-adapter-for-istio/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: wavefront - repository: https://charts.bitnami.com/bitnami - version: 3.1.11 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:07ef843353e48a994c7a75f7549a8af7ffe281616f3d9a8a3305a5fb672b187f -generated: "2021-09-21T13:15:43.560833216Z" diff --git a/bitnami/wavefront-adapter-for-istio/Chart.yaml b/bitnami/wavefront-adapter-for-istio/Chart.yaml deleted file mode 100644 index a433091..0000000 --- a/bitnami/wavefront-adapter-for-istio/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 0.1.5 -dependencies: - - condition: wavefront.enabled - name: wavefront - repository: https://charts.bitnami.com/bitnami - version: 3.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Wavefront Adapter for Istio is a lightweight Istio adapter that exposes Istio metrics to Wavefront. It supports Istio v1.4+ and Kubernetes v1.15+. -engine: gotpl -home: https://github.com/vmware/wavefront-adapter-for-istio/ -icon: https://bitnami.com/assets/stacks/wavefront-adapter-for-istio/img/wavefront-adapter-for-istio-stack-220x234.png -keywords: - - alerting - - adapter - - istio - - metrics - - monitoring - - observability - - wavefront -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: wavefront-adapter-for-istio -sources: - - https://github.com/bitnami/bitnami-docker-wavefront-adapter-for-istio -version: 1.0.8 diff --git a/bitnami/wavefront-adapter-for-istio/README.md b/bitnami/wavefront-adapter-for-istio/README.md deleted file mode 100644 index 1c4edc4..0000000 --- a/bitnami/wavefront-adapter-for-istio/README.md +++ /dev/null @@ -1,219 +0,0 @@ -# Wavefront Adapter for Istio - -[Wavefront Adapter for Istio](https://github.com/vmware/wavefront-adapter-for-istio/) is a lightweight Istio adapter that exposes Istio metrics to Wavefront. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/wavefront-adapter-for-istio -``` - -## Introduction -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - -This will deploy a [Wavefront Adapter for Istio](https://github.com/vmware/wavefront-adapter-for-istio/) Deployment in a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.15+ -- Helm 3.1.0 -- Istio v1.4, v1.5 and v1.6 with `Mixer` support - -In order to enable the `Mixer` in Istio versions starting from v1.5, execute the following commands: - -##### Istio v1.5.x -```console -istioctl manifest apply --set values.prometheus.enabled=true --set values.telemetry.v1.enabled=true --set values.telemetry.v2.enabled=false --set components.citadel.enabled=true --set components.telemetry.enabled=true -``` - -##### Istio v1.6.x -```console -istioctl install --set values.prometheus.enabled=true --set values.telemetry.v1.enabled=true --set values.telemetry.v2.enabled=false --set components.citadel.enabled=true --set components.telemetry.enabled=true -``` - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/wavefront-adapter-for-istio -``` - -These commands deploy wavefront-adapter-for-istio on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` helm release: - -```console -$ helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | -------------------------------------------------- | --------------- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### Wavefront Adapter for Istio deployment parameters - -| Name | Description | Value | -| --------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------- | -| `image.registry` | Adapter image registry | `docker.io` | -| `image.repository` | Adapter image repository | `bitnami/wavefront-adapter-for-istio` | -| `image.tag` | Adapter image tag (immutabe tags are recommended) | `0.1.5-debian-10-r161` | -| `image.pullPolicy` | Adapter image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Adapter image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `resources.limits` | The resources limits for the Adapter container | `{}` | -| `resources.requests` | The requested resourcesc for the Adapter container | `{}` | -| `containerSecurityContext.enabled` | Enabled Adapter containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set Adapter container's Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set Adapter container's Security Context runAsNonRoot | `true` | -| `podSecurityContext.enabled` | Enabled Adapter pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Set Adapter pod's Security Context fsGroup | `1001` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `podLabels` | Extra labels for Adapter pods | `{}` | -| `priorityClassName` | Adapter pod priority | `""` | -| `lifecycleHooks` | Add lifecycle hooks to the Adapter deployment | `{}` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `updateStrategy.type` | Adapter deployment update strategy | `RollingUpdate` | -| `containerPort` | Adapter container port | `8000` | -| `extraEnvVars` | Add extra environment variables to the Adapter container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | -| `extraVolumes` | Optionally specify extra list of additional volumes for Adapter pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Adapter container(s) | `[]` | -| `initContainers` | Add additional init containers to the Adapter pods | `[]` | -| `sidecars` | Add additional sidecar containers to the Adapter pod | `[]` | -| `externalProxy.host` | Host of a wavefront-proxy instance (required if wavefront.enabled = false) | `""` | -| `externalProxy.port` | Host of a wavefront-proxy instance (required if wavefront.enabled = false) | `2878` | -| `adapterLogLevel` | Adapter log level | `info` | -| `istio.create` | Deploy istio objects | `true` | -| `istio.namespace` | Namespace to deploy the Istio objects | `istio-system` | -| `istio.apiVersion` | Override Istio API version | `""` | -| `metrics.flushInterval` | Interval to flush the metrics | `5s` | -| `metrics.source` | Source tag for all metrics handled by the adapter | `istio` | -| `metrics.prefix` | Prefix to prepend to all metrics handled by the adapter | `istio` | -| `metrics.http` | Enable the collection of http metrics | `true` | -| `metrics.tcp` | Enable the collection of tcp metrics | `true` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | -------------------------------------------- | ----------- | -| `service.type` | Adapter service type | `ClusterIP` | -| `service.port` | Adapter service port | `8000` | -| `service.loadBalancerIP` | Adapter service LoadBalancer IP | `""` | -| `service.loadBalancerSourceRanges` | loadBalancerIP source ranges for the Service | `[]` | -| `service.nodePorts.http` | NodePort for the HTTP endpoint | `""` | -| `service.externalTrafficPolicy` | External traffic policy for the service | `Cluster` | - - -### Wavefront sub-chart parameters - -| Name | Description | Value | -| --------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------ | -| `wavefront.enabled` | Deploy Wavefront chart (necessary if externalProxyHost is not set) | `true` | -| `wavefront.wavefront.url` | Wavefront SAAS service URL | `https://YOUR_CLUSTER.wavefront.com` | -| `wavefront.wavefront.token` | Wavefront SAAS token | `YOUR_API_TOKEN` | -| `wavefront.collector.enabled` | Deploy Wavefront collector (not used by the Adapter pod) | `false` | -| `wavefront.rbac.create` | Create RBAC rules (not necessary as the Adapter only uses wavefront-proxy) | `false` | -| `wavefront.proxy.enabled` | Deploy Wavefront Proxy (required if externalProxyHost is not set) | `true` | -| `wavefront.proxy.port` | Deployed Wavefront Proxy port (required if externalProxyHost is not set) | `2878` | -| `wavefront.serviceAccount.create` | Create Wavefront serivce account (not necessary as the Adapter only uses wavefront-proxy) | `false` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set livenessProbe.successThreshold=5 \ - bitnami/wavefront-adapter-for-istio -``` - -The above command sets the `livenessProbe.successThreshold` to `5`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/wavefront-adapter-for-istio -``` - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Connect to Wavefront - -The Wavefront Adapter for Istio chart needs to be connected to a Wavefront instance. This can be done in three different ways: - -- Deploying the Wavefront subchart, using only the Wavefront Proxy component (default behavior): This is done by setting `wavefront.enabled=true` and `wavefront.proxy.enabled=true`, but leaving the `externalProxy.host` value unset. We recommend disabling the rest of the Wavefront sub-chart resources as they would not be used by the Prometheus Storage Adapter. You also need to configure the Wavefront SaaS URL and token using the `wavefont.wavefront.url` and `wavefront.wavefront.token` parameters. - -- Using an external Wavefront Proxy instance: This is done by setting the `externalProxy.host` and `externalProxy.port` values. In this case, you should set the `wavefront.enabled` value to `false`. You also need to configure the Wavefront SaaS URL and token using the `wavefront.wavefront.url` and `wavefront.wavefront.token` parameters. - -- Use direct ingestion without a Wavefront Proxy instance. This is done by not setting the `externalProxy` values and setting the `wavefront.enabled` value to false. - -Refer to the [chart documentation for more detailed configuration examples](https://docs.bitnami.com/kubernetes/apps/wavefront-adapter-for-istio/get-started/configure-connection/). - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -```bash -$ helm upgrade my-release bitnami/wavefront-adapter-for-istio -``` - -### To 1.0.0 - -This major updates the wavefront subchart to it newest major, 3.0.0, which contains a new major for kube-state-metrics. For more information on this subchart's major, please refer to [wavefront upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/wavefront#to-300). diff --git a/bitnami/wavefront-adapter-for-istio/ci/values-external.yaml b/bitnami/wavefront-adapter-for-istio/ci/values-external.yaml deleted file mode 100644 index 9ad2a40..0000000 --- a/bitnami/wavefront-adapter-for-istio/ci/values-external.yaml +++ /dev/null @@ -1,6 +0,0 @@ -wavefront: - enabled: false - -externalProxy: - host: test-proxy - port: 1234 diff --git a/bitnami/wavefront-adapter-for-istio/templates/NOTES.txt b/bitnami/wavefront-adapter-for-istio/templates/NOTES.txt deleted file mode 100644 index ff31a12..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/NOTES.txt +++ /dev/null @@ -1,20 +0,0 @@ -** Please be patient while the chart is being deployed ** - -1. Get the application URL by running these commands: - -{{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ template "common.names.fullname" . }} - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - echo "The renconciler is available at http://127.0.0.1:{{ .Values.service.port }}" - kubectl port-forward svc/{{ template "common.names.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} & -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "wfafi.validateValues" . }} diff --git a/bitnami/wavefront-adapter-for-istio/templates/_helpers.tpl b/bitnami/wavefront-adapter-for-istio/templates/_helpers.tpl deleted file mode 100644 index fc7e016..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/_helpers.tpl +++ /dev/null @@ -1,87 +0,0 @@ -{{/* -Return the proper wavefront-adapter-for-istio image name -*/}} -{{- define "wfafi.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "wfafi.proxy.fullname" -}} -{{- printf "%s-%s" .Release.Name "wavefront-proxy" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "wfafi.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "wfafi.istio.apiVersion" -}} -{{- if .Values.istio.apiVersion -}} -{{- .Values.istio.apiVersion -}} -{{- else -}} -{{ print "config.istio.io/v1alpha2" }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "wfafi.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "wfafi.validateValues.proxy" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Wavefront Adapter for Istio - Wavefront Proxy configuration */}} -{{- define "wfafi.validateValues.proxy" -}} -{{- if and (.Values.wavefront.enabled) (not .Values.wavefront.proxy.enabled) -}} -wavefront-adapter-for-istio: SubchartProxyNotDeployed - The Wavefront subchart is being deployed without the mandatory Wavefront Proxy instance. Set wavefront.proxy.enabled=true. We recommend the following values: - - wavefront: - enabled: true - collector: - enabled: false - rbac: - create: false - serviceAccount: - create: false - proxy: - enabled: true -{{- end }} - -{{- if and .Values.wavefront.enabled .Values.externalProxy.host -}} -wavefront-adapter-for-istio: ConflictingProxies - The Wavefront subchart is being deployed and an external Wavefront Proxy is set. Select ONLY one of the following options: - - 1) Deploy the Wavefront subchart with the Wavefront Proxy. Recommended values: - - wavefront: - enabled: true - collector: - enabled: false - rbac: - create: false - serviceAccount: - create: false - proxy: - enabled: true - - 2) Use an existing Wavefront Proxy instance. Set the externalProxy.host and externalProxy.port values - - 3) Do not use Wavefront Proxy and connect directly to Wavefront by setting wavefront.enabled=false and not setting the externalProxy.host value -{{- end }} -{{- end -}} diff --git a/bitnami/wavefront-adapter-for-istio/templates/deployment.yaml b/bitnami/wavefront-adapter-for-istio/templates/deployment.yaml deleted file mode 100644 index efc2c9e..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/deployment.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - template: - metadata: - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "wfafi.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "wavefront-adapter-for-istio" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "wavefront-adapter-for-istio" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: wavefront-adapter-for-istio - image: {{ template "wfafi.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- else }} - command: - - wavefront - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- else }} - args: - - {{ .Values.containerPort | quote }} - {{- end }} - env: - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - ports: - - containerPort: {{ .Values.containerPort }} - name: grpc - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - # As it is a grpc port, we cannot httpGet. tcpSocket cannot be used either - # because it adds noise in the logs - command: - - bash - - -ec - - | - ps auxf | grep wavefront - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - # As it is a grpc port, we cannot httpGet. tcpSocket cannot be used either - # because it adds noise in the logs - command: - - bash - - -ec - - | - ps auxf | grep wavefront - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.extraVolumes }} - volumes: {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/wavefront-adapter-for-istio/templates/extra-list.yaml b/bitnami/wavefront-adapter-for-istio/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/wavefront-adapter-for-istio/templates/istio/adapter.yaml b/bitnami/wavefront-adapter-for-istio/templates/istio/adapter.yaml deleted file mode 100644 index 1c87fa1..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/istio/adapter.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.istio.create }} -# this config is created through command -# mixgen adapter -c $GOPATH/src/istio.io/istio/mixer/adapter/wavefront/config/config.proto_descriptor -o $GOPATH/src/istio.io/istio/mixer/adapter/wavefront/config -s=false -n wavefront -t metric -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: adapter -metadata: - name: {{ include "common.names.fullname" . }}-wavefront - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Values.istio.namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - description: - session_based: false - templates: - - {{ include "common.names.fullname" . }}-metric.{{ .Release.Namespace }} - config: CvD6AgogZ29vZ2xlL3Byb3RvYnVmL2Rlc2NyaXB0b3IucHJvdG8SD2dvb2dsZS5wcm90b2J1ZiJNChFGaWxlRGVzY3JpcHRvclNldBI4CgRmaWxlGAEgAygLMiQuZ29vZ2xlLnByb3RvYnVmLkZpbGVEZXNjcmlwdG9yUHJvdG9SBGZpbGUi5AQKE0ZpbGVEZXNjcmlwdG9yUHJvdG8SEgoEbmFtZRgBIAEoCVIEbmFtZRIYCgdwYWNrYWdlGAIgASgJUgdwYWNrYWdlEh4KCmRlcGVuZGVuY3kYAyADKAlSCmRlcGVuZGVuY3kSKwoRcHVibGljX2RlcGVuZGVuY3kYCiADKAVSEHB1YmxpY0RlcGVuZGVuY3kSJwoPd2Vha19kZXBlbmRlbmN5GAsgAygFUg53ZWFrRGVwZW5kZW5jeRJDCgxtZXNzYWdlX3R5cGUYBCADKAsyIC5nb29nbGUucHJvdG9idWYuRGVzY3JpcHRvclByb3RvUgttZXNzYWdlVHlwZRJBCgllbnVtX3R5cGUYBSADKAsyJC5nb29nbGUucHJvdG9idWYuRW51bURlc2NyaXB0b3JQcm90b1IIZW51bVR5cGUSQQoHc2VydmljZRgGIAMoCzInLmdvb2dsZS5wcm90b2J1Zi5TZXJ2aWNlRGVzY3JpcHRvclByb3RvUgdzZXJ2aWNlEkMKCWV4dGVuc2lvbhgHIAMoCzIlLmdvb2dsZS5wcm90b2J1Zi5GaWVsZERlc2NyaXB0b3JQcm90b1IJZXh0ZW5zaW9uEjYKB29wdGlvbnMYCCABKAsyHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnNSB29wdGlvbnMSSQoQc291cmNlX2NvZGVfaW5mbxgJIAEoCzIfLmdvb2dsZS5wcm90b2J1Zi5Tb3VyY2VDb2RlSW5mb1IOc291cmNlQ29kZUluZm8SFgoGc3ludGF4GAwgASgJUgZzeW50YXgiuQYKD0Rlc2NyaXB0b3JQcm90bxISCgRuYW1lGAEgASgJUgRuYW1lEjsKBWZpZWxkGAIgAygLMiUuZ29vZ2xlLnByb3RvYnVmLkZpZWxkRGVzY3JpcHRvclByb3RvUgVmaWVsZBJDCglleHRlbnNpb24YBiADKAsyJS5nb29nbGUucHJvdG9idWYuRmllbGREZXNjcmlwdG9yUHJvdG9SCWV4dGVuc2lvbhJBCgtuZXN0ZWRfdHlwZRgDIAMoCzIgLmdvb2dsZS5wcm90b2J1Zi5EZXNjcmlwdG9yUHJvdG9SCm5lc3RlZFR5cGUSQQoJZW51bV90eXBlGAQgAygLMiQuZ29vZ2xlLnByb3RvYnVmLkVudW1EZXNjcmlwdG9yUHJvdG9SCGVudW1UeXBlElgKD2V4dGVuc2lvbl9yYW5nZRgFIAMoCzIvLmdvb2dsZS5wcm90b2J1Zi5EZXNjcmlwdG9yUHJvdG8uRXh0ZW5zaW9uUmFuZ2VSDmV4dGVuc2lvblJhbmdlEkQKCm9uZW9mX2RlY2wYCCADKAsyJS5nb29nbGUucHJvdG9idWYuT25lb2ZEZXNjcmlwdG9yUHJvdG9SCW9uZW9mRGVjbBI5CgdvcHRpb25zGAcgASgLMh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zUgdvcHRpb25zElUKDnJlc2VydmVkX3JhbmdlGAkgAygLMi4uZ29vZ2xlLnByb3RvYnVmLkRlc2NyaXB0b3JQcm90by5SZXNlcnZlZFJhbmdlUg1yZXNlcnZlZFJhbmdlEiMKDXJlc2VydmVkX25hbWUYCiADKAlSDHJlc2VydmVkTmFtZRp6Cg5FeHRlbnNpb25SYW5nZRIUCgVzdGFydBgBIAEoBVIFc3RhcnQSEAoDZW5kGAIgASgFUgNlbmQSQAoHb3B0aW9ucxgDIAEoCzImLmdvb2dsZS5wcm90b2J1Zi5FeHRlbnNpb25SYW5nZU9wdGlvbnNSB29wdGlvbnMaNwoNUmVzZXJ2ZWRSYW5nZRIUCgVzdGFydBgBIAEoBVIFc3RhcnQSEAoDZW5kGAIgASgFUgNlbmQifAoVRXh0ZW5zaW9uUmFuZ2VPcHRpb25zElgKFHVuaW50ZXJwcmV0ZWRfb3B0aW9uGOcHIAMoCzIkLmdvb2dsZS5wcm90b2J1Zi5VbmludGVycHJldGVkT3B0aW9uUhN1bmludGVycHJldGVkT3B0aW9uKgkI6AcQgICAgAIimAYKFEZpZWxkRGVzY3JpcHRvclByb3RvEhIKBG5hbWUYASABKAlSBG5hbWUSFgoGbnVtYmVyGAMgASgFUgZudW1iZXISQQoFbGFiZWwYBCABKA4yKy5nb29nbGUucHJvdG9idWYuRmllbGREZXNjcmlwdG9yUHJvdG8uTGFiZWxSBWxhYmVsEj4KBHR5cGUYBSABKA4yKi5nb29nbGUucHJvdG9idWYuRmllbGREZXNjcmlwdG9yUHJvdG8uVHlwZVIEdHlwZRIbCgl0eXBlX25hbWUYBiABKAlSCHR5cGVOYW1lEhoKCGV4dGVuZGVlGAIgASgJUghleHRlbmRlZRIjCg1kZWZhdWx0X3ZhbHVlGAcgASgJUgxkZWZhdWx0VmFsdWUSHwoLb25lb2ZfaW5kZXgYCSABKAVSCm9uZW9mSW5kZXgSGwoJanNvbl9uYW1lGAogASgJUghqc29uTmFtZRI3CgdvcHRpb25zGAggASgLMh0uZ29vZ2xlLnByb3RvYnVmLkZpZWxkT3B0aW9uc1IHb3B0aW9ucyK2AgoEVHlwZRIPCgtUWVBFX0RPVUJMRRABEg4KClRZUEVfRkxPQVQQAhIOCgpUWVBFX0lOVDY0EAMSDwoLVFlQRV9VSU5UNjQQBBIOCgpUWVBFX0lOVDMyEAUSEAoMVFlQRV9GSVhFRDY0EAYSEAoMVFlQRV9GSVhFRDMyEAcSDQoJVFlQRV9CT09MEAgSDwoLVFlQRV9TVFJJTkcQCRIOCgpUWVBFX0dST1VQEAoSEAoMVFlQRV9NRVNTQUdFEAsSDgoKVFlQRV9CWVRFUxAMEg8KC1RZUEVfVUlOVDMyEA0SDQoJVFlQRV9FTlVNEA4SEQoNVFlQRV9TRklYRUQzMhAPEhEKDVRZUEVfU0ZJWEVENjQQEBIPCgtUWVBFX1NJTlQzMhAREg8KC1RZUEVfU0lOVDY0EBIiQwoFTGFiZWwSEgoOTEFCRUxfT1BUSU9OQUwQARISCg5MQUJFTF9SRVFVSVJFRBACEhIKDkxBQkVMX1JFUEVBVEVEEAMiYwoUT25lb2ZEZXNjcmlwdG9yUHJvdG8SEgoEbmFtZRgBIAEoCVIEbmFtZRI3CgdvcHRpb25zGAIgASgLMh0uZ29vZ2xlLnByb3RvYnVmLk9uZW9mT3B0aW9uc1IHb3B0aW9ucyLjAgoTRW51bURlc2NyaXB0b3JQcm90bxISCgRuYW1lGAEgASgJUgRuYW1lEj8KBXZhbHVlGAIgAygLMikuZ29vZ2xlLnByb3RvYnVmLkVudW1WYWx1ZURlc2NyaXB0b3JQcm90b1IFdmFsdWUSNgoHb3B0aW9ucxgDIAEoCzIcLmdvb2dsZS5wcm90b2J1Zi5FbnVtT3B0aW9uc1IHb3B0aW9ucxJdCg5yZXNlcnZlZF9yYW5nZRgEIAMoCzI2Lmdvb2dsZS5wcm90b2J1Zi5FbnVtRGVzY3JpcHRvclByb3RvLkVudW1SZXNlcnZlZFJhbmdlUg1yZXNlcnZlZFJhbmdlEiMKDXJlc2VydmVkX25hbWUYBSADKAlSDHJlc2VydmVkTmFtZRo7ChFFbnVtUmVzZXJ2ZWRSYW5nZRIUCgVzdGFydBgBIAEoBVIFc3RhcnQSEAoDZW5kGAIgASgFUgNlbmQigwEKGEVudW1WYWx1ZURlc2NyaXB0b3JQcm90bxISCgRuYW1lGAEgASgJUgRuYW1lEhYKBm51bWJlchgCIAEoBVIGbnVtYmVyEjsKB29wdGlvbnMYAyABKAsyIS5nb29nbGUucHJvdG9idWYuRW51bVZhbHVlT3B0aW9uc1IHb3B0aW9ucyKnAQoWU2VydmljZURlc2NyaXB0b3JQcm90bxISCgRuYW1lGAEgASgJUgRuYW1lEj4KBm1ldGhvZBgCIAMoCzImLmdvb2dsZS5wcm90b2J1Zi5NZXRob2REZXNjcmlwdG9yUHJvdG9SBm1ldGhvZBI5CgdvcHRpb25zGAMgASgLMh8uZ29vZ2xlLnByb3RvYnVmLlNlcnZpY2VPcHRpb25zUgdvcHRpb25zIokCChVNZXRob2REZXNjcmlwdG9yUHJvdG8SEgoEbmFtZRgBIAEoCVIEbmFtZRIdCgppbnB1dF90eXBlGAIgASgJUglpbnB1dFR5cGUSHwoLb3V0cHV0X3R5cGUYAyABKAlSCm91dHB1dFR5cGUSOAoHb3B0aW9ucxgEIAEoCzIeLmdvb2dsZS5wcm90b2J1Zi5NZXRob2RPcHRpb25zUgdvcHRpb25zEjAKEGNsaWVudF9zdHJlYW1pbmcYBSABKAg6BWZhbHNlUg9jbGllbnRTdHJlYW1pbmcSMAoQc2VydmVyX3N0cmVhbWluZxgGIAEoCDoFZmFsc2VSD3NlcnZlclN0cmVhbWluZyK5CAoLRmlsZU9wdGlvbnMSIQoMamF2YV9wYWNrYWdlGAEgASgJUgtqYXZhUGFja2FnZRIwChRqYXZhX291dGVyX2NsYXNzbmFtZRgIIAEoCVISamF2YU91dGVyQ2xhc3NuYW1lEjUKE2phdmFfbXVsdGlwbGVfZmlsZXMYCiABKAg6BWZhbHNlUhFqYXZhTXVsdGlwbGVGaWxlcxJECh1qYXZhX2dlbmVyYXRlX2VxdWFsc19hbmRfaGFzaBgUIAEoCEICGAFSGWphdmFHZW5lcmF0ZUVxdWFsc0FuZEhhc2gSOgoWamF2YV9zdHJpbmdfY2hlY2tfdXRmOBgbIAEoCDoFZmFsc2VSE2phdmFTdHJpbmdDaGVja1V0ZjgSUwoMb3B0aW1pemVfZm9yGAkgASgOMikuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zLk9wdGltaXplTW9kZToFU1BFRURSC29wdGltaXplRm9yEh0KCmdvX3BhY2thZ2UYCyABKAlSCWdvUGFja2FnZRI1ChNjY19nZW5lcmljX3NlcnZpY2VzGBAgASgIOgVmYWxzZVIRY2NHZW5lcmljU2VydmljZXMSOQoVamF2YV9nZW5lcmljX3NlcnZpY2VzGBEgASgIOgVmYWxzZVITamF2YUdlbmVyaWNTZXJ2aWNlcxI1ChNweV9nZW5lcmljX3NlcnZpY2VzGBIgASgIOgVmYWxzZVIRcHlHZW5lcmljU2VydmljZXMSNwoUcGhwX2dlbmVyaWNfc2VydmljZXMYKiABKAg6BWZhbHNlUhJwaHBHZW5lcmljU2VydmljZXMSJQoKZGVwcmVjYXRlZBgXIAEoCDoFZmFsc2VSCmRlcHJlY2F0ZWQSLwoQY2NfZW5hYmxlX2FyZW5hcxgfIAEoCDoFZmFsc2VSDmNjRW5hYmxlQXJlbmFzEioKEW9iamNfY2xhc3NfcHJlZml4GCQgASgJUg9vYmpjQ2xhc3NQcmVmaXgSKQoQY3NoYXJwX25hbWVzcGFjZRglIAEoCVIPY3NoYXJwTmFtZXNwYWNlEiEKDHN3aWZ0X3ByZWZpeBgnIAEoCVILc3dpZnRQcmVmaXgSKAoQcGhwX2NsYXNzX3ByZWZpeBgoIAEoCVIOcGhwQ2xhc3NQcmVmaXgSIwoNcGhwX25hbWVzcGFjZRgpIAEoCVIMcGhwTmFtZXNwYWNlElgKFHVuaW50ZXJwcmV0ZWRfb3B0aW9uGOcHIAMoCzIkLmdvb2dsZS5wcm90b2J1Zi5VbmludGVycHJldGVkT3B0aW9uUhN1bmludGVycHJldGVkT3B0aW9uIjoKDE9wdGltaXplTW9kZRIJCgVTUEVFRBABEg0KCUNPREVfU0laRRACEhAKDExJVEVfUlVOVElNRRADKgkI6AcQgICAgAJKBAgmECci0QIKDk1lc3NhZ2VPcHRpb25zEjwKF21lc3NhZ2Vfc2V0X3dpcmVfZm9ybWF0GAEgASgIOgVmYWxzZVIUbWVzc2FnZVNldFdpcmVGb3JtYXQSTAofbm9fc3RhbmRhcmRfZGVzY3JpcHRvcl9hY2Nlc3NvchgCIAEoCDoFZmFsc2VSHG5vU3RhbmRhcmREZXNjcmlwdG9yQWNjZXNzb3ISJQoKZGVwcmVjYXRlZBgDIAEoCDoFZmFsc2VSCmRlcHJlY2F0ZWQSGwoJbWFwX2VudHJ5GAcgASgIUghtYXBFbnRyeRJYChR1bmludGVycHJldGVkX29wdGlvbhjnByADKAsyJC5nb29nbGUucHJvdG9idWYuVW5pbnRlcnByZXRlZE9wdGlvblITdW5pbnRlcnByZXRlZE9wdGlvbioJCOgHEICAgIACSgQICBAJSgQICRAKIuIDCgxGaWVsZE9wdGlvbnMSQQoFY3R5cGUYASABKA4yIy5nb29nbGUucHJvdG9idWYuRmllbGRPcHRpb25zLkNUeXBlOgZTVFJJTkdSBWN0eXBlEhYKBnBhY2tlZBgCIAEoCFIGcGFja2VkEkcKBmpzdHlwZRgGIAEoDjIkLmdvb2dsZS5wcm90b2J1Zi5GaWVsZE9wdGlvbnMuSlNUeXBlOglKU19OT1JNQUxSBmpzdHlwZRIZCgRsYXp5GAUgASgIOgVmYWxzZVIEbGF6eRIlCgpkZXByZWNhdGVkGAMgASgIOgVmYWxzZVIKZGVwcmVjYXRlZBIZCgR3ZWFrGAogASgIOgVmYWxzZVIEd2VhaxJYChR1bmludGVycHJldGVkX29wdGlvbhjnByADKAsyJC5nb29nbGUucHJvdG9idWYuVW5pbnRlcnByZXRlZE9wdGlvblITdW5pbnRlcnByZXRlZE9wdGlvbiIvCgVDVHlwZRIKCgZTVFJJTkcQABIICgRDT1JEEAESEAoMU1RSSU5HX1BJRUNFEAIiNQoGSlNUeXBlEg0KCUpTX05PUk1BTBAAEg0KCUpTX1NUUklORxABEg0KCUpTX05VTUJFUhACKgkI6AcQgICAgAJKBAgEEAUicwoMT25lb2ZPcHRpb25zElgKFHVuaW50ZXJwcmV0ZWRfb3B0aW9uGOcHIAMoCzIkLmdvb2dsZS5wcm90b2J1Zi5VbmludGVycHJldGVkT3B0aW9uUhN1bmludGVycHJldGVkT3B0aW9uKgkI6AcQgICAgAIiwAEKC0VudW1PcHRpb25zEh8KC2FsbG93X2FsaWFzGAIgASgIUgphbGxvd0FsaWFzEiUKCmRlcHJlY2F0ZWQYAyABKAg6BWZhbHNlUgpkZXByZWNhdGVkElgKFHVuaW50ZXJwcmV0ZWRfb3B0aW9uGOcHIAMoCzIkLmdvb2dsZS5wcm90b2J1Zi5VbmludGVycHJldGVkT3B0aW9uUhN1bmludGVycHJldGVkT3B0aW9uKgkI6AcQgICAgAJKBAgFEAYingEKEEVudW1WYWx1ZU9wdGlvbnMSJQoKZGVwcmVjYXRlZBgBIAEoCDoFZmFsc2VSCmRlcHJlY2F0ZWQSWAoUdW5pbnRlcnByZXRlZF9vcHRpb24Y5wcgAygLMiQuZ29vZ2xlLnByb3RvYnVmLlVuaW50ZXJwcmV0ZWRPcHRpb25SE3VuaW50ZXJwcmV0ZWRPcHRpb24qCQjoBxCAgICAAiKcAQoOU2VydmljZU9wdGlvbnMSJQoKZGVwcmVjYXRlZBghIAEoCDoFZmFsc2VSCmRlcHJlY2F0ZWQSWAoUdW5pbnRlcnByZXRlZF9vcHRpb24Y5wcgAygLMiQuZ29vZ2xlLnByb3RvYnVmLlVuaW50ZXJwcmV0ZWRPcHRpb25SE3VuaW50ZXJwcmV0ZWRPcHRpb24qCQjoBxCAgICAAiLgAgoNTWV0aG9kT3B0aW9ucxIlCgpkZXByZWNhdGVkGCEgASgIOgVmYWxzZVIKZGVwcmVjYXRlZBJxChFpZGVtcG90ZW5jeV9sZXZlbBgiIAEoDjIvLmdvb2dsZS5wcm90b2J1Zi5NZXRob2RPcHRpb25zLklkZW1wb3RlbmN5TGV2ZWw6E0lERU1QT1RFTkNZX1VOS05PV05SEGlkZW1wb3RlbmN5TGV2ZWwSWAoUdW5pbnRlcnByZXRlZF9vcHRpb24Y5wcgAygLMiQuZ29vZ2xlLnByb3RvYnVmLlVuaW50ZXJwcmV0ZWRPcHRpb25SE3VuaW50ZXJwcmV0ZWRPcHRpb24iUAoQSWRlbXBvdGVuY3lMZXZlbBIXChNJREVNUE9URU5DWV9VTktOT1dOEAASEwoPTk9fU0lERV9FRkZFQ1RTEAESDgoKSURFTVBPVEVOVBACKgkI6AcQgICAgAIimgMKE1VuaW50ZXJwcmV0ZWRPcHRpb24SQQoEbmFtZRgCIAMoCzItLmdvb2dsZS5wcm90b2J1Zi5VbmludGVycHJldGVkT3B0aW9uLk5hbWVQYXJ0UgRuYW1lEikKEGlkZW50aWZpZXJfdmFsdWUYAyABKAlSD2lkZW50aWZpZXJWYWx1ZRIsChJwb3NpdGl2ZV9pbnRfdmFsdWUYBCABKARSEHBvc2l0aXZlSW50VmFsdWUSLAoSbmVnYXRpdmVfaW50X3ZhbHVlGAUgASgDUhBuZWdhdGl2ZUludFZhbHVlEiEKDGRvdWJsZV92YWx1ZRgGIAEoAVILZG91YmxlVmFsdWUSIQoMc3RyaW5nX3ZhbHVlGAcgASgMUgtzdHJpbmdWYWx1ZRInCg9hZ2dyZWdhdGVfdmFsdWUYCCABKAlSDmFnZ3JlZ2F0ZVZhbHVlGkoKCE5hbWVQYXJ0EhsKCW5hbWVfcGFydBgBIAIoCVIIbmFtZVBhcnQSIQoMaXNfZXh0ZW5zaW9uGAIgAigIUgtpc0V4dGVuc2lvbiKnAgoOU291cmNlQ29kZUluZm8SRAoIbG9jYXRpb24YASADKAsyKC5nb29nbGUucHJvdG9idWYuU291cmNlQ29kZUluZm8uTG9jYXRpb25SCGxvY2F0aW9uGs4BCghMb2NhdGlvbhIWCgRwYXRoGAEgAygFQgIQAVIEcGF0aBIWCgRzcGFuGAIgAygFQgIQAVIEc3BhbhIpChBsZWFkaW5nX2NvbW1lbnRzGAMgASgJUg9sZWFkaW5nQ29tbWVudHMSKwoRdHJhaWxpbmdfY29tbWVudHMYBCABKAlSEHRyYWlsaW5nQ29tbWVudHMSOgoZbGVhZGluZ19kZXRhY2hlZF9jb21tZW50cxgGIAMoCVIXbGVhZGluZ0RldGFjaGVkQ29tbWVudHMi0QEKEUdlbmVyYXRlZENvZGVJbmZvEk0KCmFubm90YXRpb24YASADKAsyLS5nb29nbGUucHJvdG9idWYuR2VuZXJhdGVkQ29kZUluZm8uQW5ub3RhdGlvblIKYW5ub3RhdGlvbhptCgpBbm5vdGF0aW9uEhYKBHBhdGgYASADKAVCAhABUgRwYXRoEh8KC3NvdXJjZV9maWxlGAIgASgJUgpzb3VyY2VGaWxlEhQKBWJlZ2luGAMgASgFUgViZWdpbhIQCgNlbmQYBCABKAVSA2VuZEKPAQoTY29tLmdvb2dsZS5wcm90b2J1ZkIQRGVzY3JpcHRvclByb3Rvc0gBWj5naXRodWIuY29tL2dvbGFuZy9wcm90b2J1Zi9wcm90b2MtZ2VuLWdvL2Rlc2NyaXB0b3I7ZGVzY3JpcHRvcvgBAaICA0dQQqoCGkdvb2dsZS5Qcm90b2J1Zi5SZWZsZWN0aW9uSqrAAgoHEgUnAOcGAQqqDwoBDBIDJwASMsEMIFByb3RvY29sIEJ1ZmZlcnMgLSBHb29nbGUncyBkYXRhIGludGVyY2hhbmdlIGZvcm1hdAogQ29weXJpZ2h0IDIwMDggR29vZ2xlIEluYy4gIEFsbCByaWdodHMgcmVzZXJ2ZWQuCiBodHRwczovL2RldmVsb3BlcnMuZ29vZ2xlLmNvbS9wcm90b2NvbC1idWZmZXJzLwoKIFJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAogbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zIGFyZQogbWV0OgoKICAgICAqIFJlZGlzdHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFpbiB0aGUgYWJvdmUgY29weXJpZ2h0CiBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgICAgKiBSZWRpc3RyaWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlCiBjb3B5cmlnaHQgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyCiBpbiB0aGUgZG9jdW1lbnRhdGlvbiBhbmQvb3Igb3RoZXIgbWF0ZXJpYWxzIHByb3ZpZGVkIHdpdGggdGhlCiBkaXN0cmlidXRpb24uCiAgICAgKiBOZWl0aGVyIHRoZSBuYW1lIG9mIEdvb2dsZSBJbmMuIG5vciB0aGUgbmFtZXMgb2YgaXRzCiBjb250cmlidXRvcnMgbWF5IGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbQogdGhpcyBzb2Z0d2FyZSB3aXRob3V0IHNwZWNpZmljIHByaW9yIHdyaXR0ZW4gcGVybWlzc2lvbi4KCiBUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiAiQVMgSVMiIEFORCBBTlkgRVhQUkVTUyBPUiBJTVBMSUVEIFdBUlJBTlRJRVMsIElOQ0xVRElORywgQlVUIE5PVAogTElNSVRFRCBUTywgVEhFIElNUExJRUQgV0FSUkFOVElFUyBPRiBNRVJDSEFOVEFCSUxJVFkgQU5EIEZJVE5FU1MgRk9SCiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgVEhFIENPUFlSSUdIVAogT1dORVIgT1IgQ09OVFJJQlVUT1JTIEJFIExJQUJMRSBGT1IgQU5ZIERJUkVDVCwgSU5ESVJFQ1QsIElOQ0lERU5UQUwsCiBTUEVDSUFMLCBFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UCiBMSU1JVEVEIFRPLCBQUk9DVVJFTUVOVCBPRiBTVUJTVElUVVRFIEdPT0RTIE9SIFNFUlZJQ0VTOyBMT1NTIE9GIFVTRSwKIERBVEEsIE9SIFBST0ZJVFM7IE9SIEJVU0lORVNTIElOVEVSUlVQVElPTikgSE9XRVZFUiBDQVVTRUQgQU5EIE9OIEFOWQogVEhFT1JZIE9GIExJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVAogKElOQ0xVRElORyBORUdMSUdFTkNFIE9SIE9USEVSV0lTRSkgQVJJU0lORyBJTiBBTlkgV0FZIE9VVCBPRiBUSEUgVVNFCiBPRiBUSElTIFNPRlRXQVJFLCBFVkVOIElGIEFEVklTRUQgT0YgVEhFIFBPU1NJQklMSVRZIE9GIFNVQ0ggREFNQUdFLgoy2wIgQXV0aG9yOiBrZW50b25AZ29vZ2xlLmNvbSAoS2VudG9uIFZhcmRhKQogIEJhc2VkIG9uIG9yaWdpbmFsIFByb3RvY29sIEJ1ZmZlcnMgZGVzaWduIGJ5CiAgU2FuamF5IEdoZW1hd2F0LCBKZWZmIERlYW4sIGFuZCBvdGhlcnMuCgogVGhlIG1lc3NhZ2VzIGluIHRoaXMgZmlsZSBkZXNjcmliZSB0aGUgZGVmaW5pdGlvbnMgZm91bmQgaW4gLnByb3RvIGZpbGVzLgogQSB2YWxpZCAucHJvdG8gZmlsZSBjYW4gYmUgdHJhbnNsYXRlZCBkaXJlY3RseSB0byBhIEZpbGVEZXNjcmlwdG9yUHJvdG8KIHdpdGhvdXQgYW55IG90aGVyIGluZm9ybWF0aW9uIChlLmcuIHdpdGhvdXQgcmVhZGluZyBpdHMgaW1wb3J0cykuCgoICgECEgMpCBcKCAoBCBIDKgBVCgsKBAjnBwASAyoAVQoMCgUI5wcAAhIDKgcRCg0KBgjnBwACABIDKgcRCg4KBwjnBwACAAESAyoHEQoMCgUI5wcABxIDKhRUCggKAQgSAysALAoLCgQI5wcBEgMrACwKDAoFCOcHAQISAysHEwoNCgYI5wcBAgASAysHEwoOCgcI5wcBAgABEgMrBxMKDAoFCOcHAQcSAysWKwoICgEIEgMsADEKCwoECOcHAhIDLAAxCgwKBQjnBwICEgMsBxsKDQoGCOcHAgIAEgMsBxsKDgoHCOcHAgIAARIDLAcbCgwKBQjnBwIHEgMsHjAKCAoBCBIDLQA3CgsKBAjnBwMSAy0ANwoMCgUI5wcDAhIDLQcXCg0KBgjnBwMCABIDLQcXCg4KBwjnBwMCAAESAy0HFwoMCgUI5wcDBxIDLRo2CggKAQgSAy4AIQoLCgQI5wcEEgMuACEKDAoFCOcHBAISAy4HGAoNCgYI5wcEAgASAy4HGAoOCgcI5wcEAgABEgMuBxgKDAoFCOcHBAcSAy4bIAoICgEIEgMvAB8KCwoECOcHBRIDLwAfCgwKBQjnBwUCEgMvBxcKDQoGCOcHBQIAEgMvBxcKDgoHCOcHBQIAARIDLwcXCgwKBQjnBwUDEgMvGh4KCAoBCBIDMwAcCoEBCgQI5wcGEgMzABwadCBkZXNjcmlwdG9yLnByb3RvIG11c3QgYmUgb3B0aW1pemVkIGZvciBzcGVlZCBiZWNhdXNlIHJlZmxlY3Rpb24tYmFzZWQKIGFsZ29yaXRobXMgZG9uJ3Qgd29yayBkdXJpbmcgYm9vdHN0cmFwcGluZy4KCgwKBQjnBwYCEgMzBxMKDQoGCOcHBgIAEgMzBxMKDgoHCOcHBgIAARIDMwcTCgwKBQjnBwYDEgMzFhsKagoCBAASBDcAOQEaXiBUaGUgcHJvdG9jb2wgY29tcGlsZXIgY2FuIG91dHB1dCBhIEZpbGVEZXNjcmlwdG9yU2V0IGNvbnRhaW5pbmcgdGhlIC5wcm90bwogZmlsZXMgaXQgcGFyc2VzLgoKCgoDBAABEgM3CBkKCwoEBAACABIDOAIoCgwKBQQAAgAEEgM4AgoKDAoFBAACAAYSAzgLHgoMCgUEAAIAARIDOB8jCgwKBQQAAgADEgM4JicKLwoCBAESBDwAWQEaIyBEZXNjcmliZXMgYSBjb21wbGV0ZSAucHJvdG8gZmlsZS4KCgoKAwQBARIDPAgbCjkKBAQBAgASAz0CGyIsIGZpbGUgbmFtZSwgcmVsYXRpdmUgdG8gcm9vdCBvZiBzb3VyY2UgdHJlZQoKDAoFBAECAAQSAz0CCgoMCgUEAQIABRIDPQsRCgwKBQQBAgABEgM9EhYKDAoFBAECAAMSAz0ZGgoqCgQEAQIBEgM+Ah4iHSBlLmcuICJmb28iLCAiZm9vLmJhciIsIGV0Yy4KCgwKBQQBAgEEEgM+AgoKDAoFBAECAQUSAz4LEQoMCgUEAQIBARIDPhIZCgwKBQQBAgEDEgM+HB0KNAoEBAECAhIDQQIhGicgTmFtZXMgb2YgZmlsZXMgaW1wb3J0ZWQgYnkgdGhpcyBmaWxlLgoKDAoFBAECAgQSA0ECCgoMCgUEAQICBRIDQQsRCgwKBQQBAgIBEgNBEhwKDAoFBAECAgMSA0EfIApRCgQEAQIDEgNDAigaRCBJbmRleGVzIG9mIHRoZSBwdWJsaWMgaW1wb3J0ZWQgZmlsZXMgaW4gdGhlIGRlcGVuZGVuY3kgbGlzdCBhYm92ZS4KCgwKBQQBAgMEEgNDAgoKDAoFBAECAwUSA0MLEAoMCgUEAQIDARIDQxEiCgwKBQQBAgMDEgNDJScKegoEBAECBBIDRgImGm0gSW5kZXhlcyBvZiB0aGUgd2VhayBpbXBvcnRlZCBmaWxlcyBpbiB0aGUgZGVwZW5kZW5jeSBsaXN0LgogRm9yIEdvb2dsZS1pbnRlcm5hbCBtaWdyYXRpb24gb25seS4gRG8gbm90IHVzZS4KCgwKBQQBAgQEEgNGAgoKDAoFBAECBAUSA0YLEAoMCgUEAQIEARIDRhEgCgwKBQQBAgQDEgNGIyUKNgoEBAECBRIDSQIsGikgQWxsIHRvcC1sZXZlbCBkZWZpbml0aW9ucyBpbiB0aGlzIGZpbGUuCgoMCgUEAQIFBBIDSQIKCgwKBQQBAgUGEgNJCxoKDAoFBAECBQESA0kbJwoMCgUEAQIFAxIDSSorCgsKBAQBAgYSA0oCLQoMCgUEAQIGBBIDSgIKCgwKBQQBAgYGEgNKCx4KDAoFBAECBgESA0ofKAoMCgUEAQIGAxIDSissCgsKBAQBAgcSA0sCLgoMCgUEAQIHBBIDSwIKCgwKBQQBAgcGEgNLCyEKDAoFBAECBwESA0siKQoMCgUEAQIHAxIDSywtCgsKBAQBAggSA0wCLgoMCgUEAQIIBBIDTAIKCgwKBQQBAggGEgNMCx8KDAoFBAECCAESA0wgKQoMCgUEAQIIAxIDTCwtCgsKBAQBAgkSA04CIwoMCgUEAQIJBBIDTgIKCgwKBQQBAgkGEgNOCxYKDAoFBAECCQESA04XHgoMCgUEAQIJAxIDTiEiCvQBCgQEAQIKEgNUAi8a5gEgVGhpcyBmaWVsZCBjb250YWlucyBvcHRpb25hbCBpbmZvcm1hdGlvbiBhYm91dCB0aGUgb3JpZ2luYWwgc291cmNlIGNvZGUuCiBZb3UgbWF5IHNhZmVseSByZW1vdmUgdGhpcyBlbnRpcmUgZmllbGQgd2l0aG91dCBoYXJtaW5nIHJ1bnRpbWUKIGZ1bmN0aW9uYWxpdHkgb2YgdGhlIGRlc2NyaXB0b3JzIC0tIHRoZSBpbmZvcm1hdGlvbiBpcyBuZWVkZWQgb25seSBieQogZGV2ZWxvcG1lbnQgdG9vbHMuCgoMCgUEAQIKBBIDVAIKCgwKBQQBAgoGEgNUCxkKDAoFBAECCgESA1QaKgoMCgUEAQIKAxIDVC0uCl0KBAQBAgsSA1gCHhpQIFRoZSBzeW50YXggb2YgdGhlIHByb3RvIGZpbGUuCiBUaGUgc3VwcG9ydGVkIHZhbHVlcyBhcmUgInByb3RvMiIgYW5kICJwcm90bzMiLgoKDAoFBAECCwQSA1gCCgoMCgUEAQILBRIDWAsRCgwKBQQBAgsBEgNYEhgKDAoFBAECCwMSA1gbHQonCgIEAhIEXAB8ARobIERlc2NyaWJlcyBhIG1lc3NhZ2UgdHlwZS4KCgoKAwQCARIDXAgXCgsKBAQCAgASA10CGwoMCgUEAgIABBIDXQIKCgwKBQQCAgAFEgNdCxEKDAoFBAICAAESA10SFgoMCgUEAgIAAxIDXRkaCgsKBAQCAgESA18CKgoMCgUEAgIBBBIDXwIKCgwKBQQCAgEGEgNfCx8KDAoFBAICAQESA18gJQoMCgUEAgIBAxIDXygpCgsKBAQCAgISA2ACLgoMCgUEAgICBBIDYAIKCgwKBQQCAgIGEgNgCx8KDAoFBAICAgESA2AgKQoMCgUEAgICAxIDYCwtCgsKBAQCAgMSA2ICKwoMCgUEAgIDBBIDYgIKCgwKBQQCAgMGEgNiCxoKDAoFBAICAwESA2IbJgoMCgUEAgIDAxIDYikqCgsKBAQCAgQSA2MCLQoMCgUEAgIEBBIDYwIKCgwKBQQCAgQGEgNjCx4KDAoFBAICBAESA2MfKAoMCgUEAgIEAxIDYyssCgwKBAQCAwASBGUCagMKDAoFBAIDAAESA2UKGAoNCgYEAgMAAgASA2YEHQoOCgcEAgMAAgAEEgNmBAwKDgoHBAIDAAIABRIDZg0SCg4KBwQCAwACAAESA2YTGAoOCgcEAgMAAgADEgNmGxwKDQoGBAIDAAIBEgNnBBsKDgoHBAIDAAIBBBIDZwQMCg4KBwQCAwACAQUSA2cNEgoOCgcEAgMAAgEBEgNnExYKDgoHBAIDAAIBAxIDZxkaCg0KBgQCAwACAhIDaQQvCg4KBwQCAwACAgQSA2kEDAoOCgcEAgMAAgIGEgNpDSIKDgoHBAIDAAICARIDaSMqCg4KBwQCAwACAgMSA2ktLgoLCgQEAgIFEgNrAi4KDAoFBAICBQQSA2sCCgoMCgUEAgIFBhIDawsZCgwKBQQCAgUBEgNrGikKDAoFBAICBQMSA2ssLQoLCgQEAgIGEgNtAi8KDAoFBAICBgQSA20CCgoMCgUEAgIGBhIDbQsfCgwKBQQCAgYBEgNtICoKDAoFBAICBgMSA20tLgoLCgQEAgIHEgNvAiYKDAoFBAICBwQSA28CCgoMCgUEAgIHBhIDbwsZCgwKBQQCAgcBEgNvGiEKDAoFBAICBwMSA28kJQqqAQoEBAIDARIEdAJ3AxqbASBSYW5nZSBvZiByZXNlcnZlZCB0YWcgbnVtYmVycy4gUmVzZXJ2ZWQgdGFnIG51bWJlcnMgbWF5IG5vdCBiZSB1c2VkIGJ5CiBmaWVsZHMgb3IgZXh0ZW5zaW9uIHJhbmdlcyBpbiB0aGUgc2FtZSBtZXNzYWdlLiBSZXNlcnZlZCByYW5nZXMgbWF5CiBub3Qgb3ZlcmxhcC4KCgwKBQQCAwEBEgN0ChcKGwoGBAIDAQIAEgN1BB0iDCBJbmNsdXNpdmUuCgoOCgcEAgMBAgAEEgN1BAwKDgoHBAIDAQIABRIDdQ0SCg4KBwQCAwECAAESA3UTGAoOCgcEAgMBAgADEgN1GxwKGwoGBAIDAQIBEgN2BBsiDCBFeGNsdXNpdmUuCgoOCgcEAgMBAgEEEgN2BAwKDgoHBAIDAQIBBRIDdg0SCg4KBwQCAwECAQESA3YTFgoOCgcEAgMBAgEDEgN2GRoKCwoEBAICCBIDeAIsCgwKBQQCAggEEgN4AgoKDAoFBAICCAYSA3gLGAoMCgUEAgIIARIDeBknCgwKBQQCAggDEgN4KisKggEKBAQCAgkSA3sCJRp1IFJlc2VydmVkIGZpZWxkIG5hbWVzLCB3aGljaCBtYXkgbm90IGJlIHVzZWQgYnkgZmllbGRzIGluIHRoZSBzYW1lIG1lc3NhZ2UuCiBBIGdpdmVuIG5hbWUgbWF5IG9ubHkgYmUgcmVzZXJ2ZWQgb25jZS4KCgwKBQQCAgkEEgN7AgoKDAoFBAICCQUSA3sLEQoMCgUEAgIJARIDexIfCgwKBQQCAgkDEgN7IiQKCwoCBAMSBX4AhAEBCgoKAwQDARIDfggdCk8KBAQDAgASBIABAjoaQSBUaGUgcGFyc2VyIHN0b3JlcyBvcHRpb25zIGl0IGRvZXNuJ3QgcmVjb2duaXplIGhlcmUuIFNlZSBhYm92ZS4KCg0KBQQDAgAEEgSAAQIKCg0KBQQDAgAGEgSAAQseCg0KBQQDAgABEgSAAR8zCg0KBQQDAgADEgSAATY5CloKAwQDBRIEgwECGRpNIENsaWVudHMgY2FuIGRlZmluZSBjdXN0b20gb3B0aW9ucyBpbiBleHRlbnNpb25zIG9mIHRoaXMgbWVzc2FnZS4gU2VlIGFib3ZlLgoKDAoEBAMFABIEgwENGAoNCgUEAwUAARIEgwENEQoNCgUEAwUAAhIEgwEVGAozCgIEBBIGhwEA1QEBGiUgRGVzY3JpYmVzIGEgZmllbGQgd2l0aGluIGEgbWVzc2FnZS4KCgsKAwQEARIEhwEIHAoOCgQEBAQAEgaIAQKnAQMKDQoFBAQEAAESBIgBBwsKUwoGBAQEAAIAEgSLAQQcGkMgMCBpcyByZXNlcnZlZCBmb3IgZXJyb3JzLgogT3JkZXIgaXMgd2VpcmQgZm9yIGhpc3RvcmljYWwgcmVhc29ucy4KCg8KBwQEBAACAAESBIsBBA8KDwoHBAQEAAIAAhIEiwEaGwoOCgYEBAQAAgESBIwBBBwKDwoHBAQEAAIBARIEjAEEDgoPCgcEBAQAAgECEgSMARobCncKBgQEBAACAhIEjwEEHBpnIE5vdCBaaWdaYWcgZW5jb2RlZC4gIE5lZ2F0aXZlIG51bWJlcnMgdGFrZSAxMCBieXRlcy4gIFVzZSBUWVBFX1NJTlQ2NCBpZgogbmVnYXRpdmUgdmFsdWVzIGFyZSBsaWtlbHkuCgoPCgcEBAQAAgIBEgSPAQQOCg8KBwQEBAACAgISBI8BGhsKDgoGBAQEAAIDEgSQAQQcCg8KBwQEBAACAwESBJABBA8KDwoHBAQEAAIDAhIEkAEaGwp3CgYEBAQAAgQSBJMBBBwaZyBOb3QgWmlnWmFnIGVuY29kZWQuICBOZWdhdGl2ZSBudW1iZXJzIHRha2UgMTAgYnl0ZXMuICBVc2UgVFlQRV9TSU5UMzIgaWYKIG5lZ2F0aXZlIHZhbHVlcyBhcmUgbGlrZWx5LgoKDwoHBAQEAAIEARIEkwEEDgoPCgcEBAQAAgQCEgSTARobCg4KBgQEBAACBRIElAEEHAoPCgcEBAQAAgUBEgSUAQQQCg8KBwQEBAACBQISBJQBGhsKDgoGBAQEAAIGEgSVAQQcCg8KBwQEBAACBgESBJUBBBAKDwoHBAQEAAIGAhIElQEaGwoOCgYEBAQAAgcSBJYBBBwKDwoHBAQEAAIHARIElgEEDQoPCgcEBAQAAgcCEgSWARobCg4KBgQEBAACCBIElwEEHAoPCgcEBAQAAggBEgSXAQQPCg8KBwQEBAACCAISBJcBGhsK4gEKBgQEBAACCRIEnAEEHRrRASBUYWctZGVsaW1pdGVkIGFnZ3JlZ2F0ZS4KIEdyb3VwIHR5cGUgaXMgZGVwcmVjYXRlZCBhbmQgbm90IHN1cHBvcnRlZCBpbiBwcm90bzMuIEhvd2V2ZXIsIFByb3RvMwogaW1wbGVtZW50YXRpb25zIHNob3VsZCBzdGlsbCBiZSBhYmxlIHRvIHBhcnNlIHRoZSBncm91cCB3aXJlIGZvcm1hdCBhbmQKIHRyZWF0IGdyb3VwIGZpZWxkcyBhcyB1bmtub3duIGZpZWxkcy4KCg8KBwQEBAACCQESBJwBBA4KDwoHBAQEAAIJAhIEnAEaHAotCgYEBAQAAgoSBJ0BBB0iHSBMZW5ndGgtZGVsaW1pdGVkIGFnZ3JlZ2F0ZS4KCg8KBwQEBAACCgESBJ0BBBAKDwoHBAQEAAIKAhIEnQEaHAojCgYEBAQAAgsSBKABBB0aEyBOZXcgaW4gdmVyc2lvbiAyLgoKDwoHBAQEAAILARIEoAEEDgoPCgcEBAQAAgsCEgSgARocCg4KBgQEBAACDBIEoQEEHQoPCgcEBAQAAgwBEgShAQQPCg8KBwQEBAACDAISBKEBGhwKDgoGBAQEAAINEgSiAQQdCg8KBwQEBAACDQESBKIBBA0KDwoHBAQEAAINAhIEogEaHAoOCgYEBAQAAg4SBKMBBB0KDwoHBAQEAAIOARIEowEEEQoPCgcEBAQAAg4CEgSjARocCg4KBgQEBAACDxIEpAEEHQoPCgcEBAQAAg8BEgSkAQQRCg8KBwQEBAACDwISBKQBGhwKJwoGBAQEAAIQEgSlAQQdIhcgVXNlcyBaaWdaYWcgZW5jb2RpbmcuCgoPCgcEBAQAAhABEgSlAQQPCg8KBwQEBAACEAISBKUBGhwKJwoGBAQEAAIREgSmAQQdIhcgVXNlcyBaaWdaYWcgZW5jb2RpbmcuCgoPCgcEBAQAAhEBEgSmAQQPCg8KBwQEBAACEQISBKYBGhwKDgoEBAQEARIGqQECrgEDCg0KBQQEBAEBEgSpAQcMCioKBgQEBAECABIEqwEEHBoaIDAgaXMgcmVzZXJ2ZWQgZm9yIGVycm9ycwoKDwoHBAQEAQIAARIEqwEEEgoPCgcEBAQBAgACEgSrARobCg4KBgQEBAECARIErAEEHAoPCgcEBAQBAgEBEgSsAQQSCg8KBwQEBAECAQISBKwBGhsKDgoGBAQEAQICEgStAQQcCg8KBwQEBAECAgESBK0BBBIKDwoHBAQEAQICAhIErQEaGwoMCgQEBAIAEgSwAQIbCg0KBQQEAgAEEgSwAQIKCg0KBQQEAgAFEgSwAQsRCg0KBQQEAgABEgSwARIWCg0KBQQEAgADEgSwARkaCgwKBAQEAgESBLEBAhwKDQoFBAQCAQQSBLEBAgoKDQoFBAQCAQUSBLEBCxAKDQoFBAQCAQESBLEBERcKDQoFBAQCAQMSBLEBGhsKDAoEBAQCAhIEsgECGwoNCgUEBAICBBIEsgECCgoNCgUEBAICBhIEsgELEAoNCgUEBAICARIEsgERFgoNCgUEBAICAxIEsgEZGgqcAQoEBAQCAxIEtgECGRqNASBJZiB0eXBlX25hbWUgaXMgc2V0LCB0aGlzIG5lZWQgbm90IGJlIHNldC4gIElmIGJvdGggdGhpcyBhbmQgdHlwZV9uYW1lCiBhcmUgc2V0LCB0aGlzIG11c3QgYmUgb25lIG9mIFRZUEVfRU5VTSwgVFlQRV9NRVNTQUdFIG9yIFRZUEVfR1JPVVAuCgoNCgUEBAIDBBIEtgECCgoNCgUEBAIDBhIEtgELDwoNCgUEBAIDARIEtgEQFAoNCgUEBAIDAxIEtgEXGAq3AgoEBAQCBBIEvQECIBqoAiBGb3IgbWVzc2FnZSBhbmQgZW51bSB0eXBlcywgdGhpcyBpcyB0aGUgbmFtZSBvZiB0aGUgdHlwZS4gIElmIHRoZSBuYW1lCiBzdGFydHMgd2l0aCBhICcuJywgaXQgaXMgZnVsbHktcXVhbGlmaWVkLiAgT3RoZXJ3aXNlLCBDKystbGlrZSBzY29waW5nCiBydWxlcyBhcmUgdXNlZCB0byBmaW5kIHRoZSB0eXBlIChpLmUuIGZpcnN0IHRoZSBuZXN0ZWQgdHlwZXMgd2l0aGluIHRoaXMKIG1lc3NhZ2UgYXJlIHNlYXJjaGVkLCB0aGVuIHdpdGhpbiB0aGUgcGFyZW50LCBvbiB1cCB0byB0aGUgcm9vdAogbmFtZXNwYWNlKS4KCg0KBQQEAgQEEgS9AQIKCg0KBQQEAgQFEgS9AQsRCg0KBQQEAgQBEgS9ARIbCg0KBQQEAgQDEgS9AR4fCn4KBAQEAgUSBMEBAh8acCBGb3IgZXh0ZW5zaW9ucywgdGhpcyBpcyB0aGUgbmFtZSBvZiB0aGUgdHlwZSBiZWluZyBleHRlbmRlZC4gIEl0IGlzCiByZXNvbHZlZCBpbiB0aGUgc2FtZSBtYW5uZXIgYXMgdHlwZV9uYW1lLgoKDQoFBAQCBQQSBMEBAgoKDQoFBAQCBQUSBMEBCxEKDQoFBAQCBQESBMEBEhoKDQoFBAQCBQMSBMEBHR4KsQIKBAQEAgYSBMgBAiQaogIgRm9yIG51bWVyaWMgdHlwZXMsIGNvbnRhaW5zIHRoZSBvcmlnaW5hbCB0ZXh0IHJlcHJlc2VudGF0aW9uIG9mIHRoZSB2YWx1ZS4KIEZvciBib29sZWFucywgInRydWUiIG9yICJmYWxzZSIuCiBGb3Igc3RyaW5ncywgY29udGFpbnMgdGhlIGRlZmF1bHQgdGV4dCBjb250ZW50cyAobm90IGVzY2FwZWQgaW4gYW55IHdheSkuCiBGb3IgYnl0ZXMsIGNvbnRhaW5zIHRoZSBDIGVzY2FwZWQgdmFsdWUuICBBbGwgYnl0ZXMgPj0gMTI4IGFyZSBlc2NhcGVkLgogVE9ETyhrZW50b24pOiAgQmFzZS02NCBlbmNvZGU/CgoNCgUEBAIGBBIEyAECCgoNCgUEBAIGBRIEyAELEQoNCgUEBAIGARIEyAESHwoNCgUEBAIGAxIEyAEiIwqEAQoEBAQCBxIEzAECIRp2IElmIHNldCwgZ2l2ZXMgdGhlIGluZGV4IG9mIGEgb25lb2YgaW4gdGhlIGNvbnRhaW5pbmcgdHlwZSdzIG9uZW9mX2RlY2wKIGxpc3QuICBUaGlzIGZpZWxkIGlzIGEgbWVtYmVyIG9mIHRoYXQgb25lb2YuCgoNCgUEBAIHBBIEzAECCgoNCgUEBAIHBRIEzAELEAoNCgUEBAIHARIEzAERHAoNCgUEBAIHAxIEzAEfIAr6AQoEBAQCCBIE0gECIRrrASBKU09OIG5hbWUgb2YgdGhpcyBmaWVsZC4gVGhlIHZhbHVlIGlzIHNldCBieSBwcm90b2NvbCBjb21waWxlci4gSWYgdGhlCiB1c2VyIGhhcyBzZXQgYSAianNvbl9uYW1lIiBvcHRpb24gb24gdGhpcyBmaWVsZCwgdGhhdCBvcHRpb24ncyB2YWx1ZQogd2lsbCBiZSB1c2VkLiBPdGhlcndpc2UsIGl0J3MgZGVkdWNlZCBmcm9tIHRoZSBmaWVsZCdzIG5hbWUgYnkgY29udmVydGluZwogaXQgdG8gY2FtZWxDYXNlLgoKDQoFBAQCCAQSBNIBAgoKDQoFBAQCCAUSBNIBCxEKDQoFBAQCCAESBNIBEhsKDQoFBAQCCAMSBNIBHiAKDAoEBAQCCRIE1AECJAoNCgUEBAIJBBIE1AECCgoNCgUEBAIJBhIE1AELFwoNCgUEBAIJARIE1AEYHwoNCgUEBAIJAxIE1AEiIwoiCgIEBRIG2AEA2wEBGhQgRGVzY3JpYmVzIGEgb25lb2YuCgoLCgMEBQESBNgBCBwKDAoEBAUCABIE2QECGwoNCgUEBQIABBIE2QECCgoNCgUEBQIABRIE2QELEQoNCgUEBQIAARIE2QESFgoNCgUEBQIAAxIE2QEZGgoMCgQEBQIBEgTaAQIkCg0KBQQFAgEEEgTaAQIKCg0KBQQFAgEGEgTaAQsXCg0KBQQFAgEBEgTaARgfCg0KBQQFAgEDEgTaASIjCicKAgQGEgbeAQD4AQEaGSBEZXNjcmliZXMgYW4gZW51bSB0eXBlLgoKCwoDBAYBEgTeAQgbCgwKBAQGAgASBN8BAhsKDQoFBAYCAAQSBN8BAgoKDQoFBAYCAAUSBN8BCxEKDQoFBAYCAAESBN8BEhYKDQoFBAYCAAMSBN8BGRoKDAoEBAYCARIE4QECLgoNCgUEBgIBBBIE4QECCgoNCgUEBgIBBhIE4QELIwoNCgUEBgIBARIE4QEkKQoNCgUEBgIBAxIE4QEsLQoMCgQEBgICEgTjAQIjCg0KBQQGAgIEEgTjAQIKCg0KBQQGAgIGEgTjAQsWCg0KBQQGAgIBEgTjARceCg0KBQQGAgIDEgTjASEiCq8CCgQEBgMAEgbrAQLuAQMangIgUmFuZ2Ugb2YgcmVzZXJ2ZWQgbnVtZXJpYyB2YWx1ZXMuIFJlc2VydmVkIHZhbHVlcyBtYXkgbm90IGJlIHVzZWQgYnkKIGVudHJpZXMgaW4gdGhlIHNhbWUgZW51bS4gUmVzZXJ2ZWQgcmFuZ2VzIG1heSBub3Qgb3ZlcmxhcC4KCiBOb3RlIHRoYXQgdGhpcyBpcyBkaXN0aW5jdCBmcm9tIERlc2NyaXB0b3JQcm90by5SZXNlcnZlZFJhbmdlIGluIHRoYXQgaXQKIGlzIGluY2x1c2l2ZSBzdWNoIHRoYXQgaXQgY2FuIGFwcHJvcHJpYXRlbHkgcmVwcmVzZW50IHRoZSBlbnRpcmUgaW50MzIKIGRvbWFpbi4KCg0KBQQGAwABEgTrAQobChwKBgQGAwACABIE7AEEHSIMIEluY2x1c2l2ZS4KCg8KBwQGAwACAAQSBOwBBAwKDwoHBAYDAAIABRIE7AENEgoPCgcEBgMAAgABEgTsARMYCg8KBwQGAwACAAMSBOwBGxwKHAoGBAYDAAIBEgTtAQQbIgwgSW5jbHVzaXZlLgoKDwoHBAYDAAIBBBIE7QEEDAoPCgcEBgMAAgEFEgTtAQ0SCg8KBwQGAwACAQESBO0BExYKDwoHBAYDAAIBAxIE7QEZGgqqAQoEBAYCAxIE8wECMBqbASBSYW5nZSBvZiByZXNlcnZlZCBudW1lcmljIHZhbHVlcy4gUmVzZXJ2ZWQgbnVtZXJpYyB2YWx1ZXMgbWF5IG5vdCBiZSB1c2VkCiBieSBlbnVtIHZhbHVlcyBpbiB0aGUgc2FtZSBlbnVtIGRlY2xhcmF0aW9uLiBSZXNlcnZlZCByYW5nZXMgbWF5IG5vdAogb3ZlcmxhcC4KCg0KBQQGAgMEEgTzAQIKCg0KBQQGAgMGEgTzAQscCg0KBQQGAgMBEgTzAR0rCg0KBQQGAgMDEgTzAS4vCmwKBAQGAgQSBPcBAiQaXiBSZXNlcnZlZCBlbnVtIHZhbHVlIG5hbWVzLCB3aGljaCBtYXkgbm90IGJlIHJldXNlZC4gQSBnaXZlbiBuYW1lIG1heSBvbmx5CiBiZSByZXNlcnZlZCBvbmNlLgoKDQoFBAYCBAQSBPcBAgoKDQoFBAYCBAUSBPcBCxEKDQoFBAYCBAESBPcBEh8KDQoFBAYCBAMSBPcBIiMKMQoCBAcSBvsBAIACARojIERlc2NyaWJlcyBhIHZhbHVlIHdpdGhpbiBhbiBlbnVtLgoKCwoDBAcBEgT7AQggCgwKBAQHAgASBPwBAhsKDQoFBAcCAAQSBPwBAgoKDQoFBAcCAAUSBPwBCxEKDQoFBAcCAAESBPwBEhYKDQoFBAcCAAMSBPwBGRoKDAoEBAcCARIE/QECHAoNCgUEBwIBBBIE/QECCgoNCgUEBwIBBRIE/QELEAoNCgUEBwIBARIE/QERFwoNCgUEBwIBAxIE/QEaGwoMCgQEBwICEgT/AQIoCg0KBQQHAgIEEgT/AQIKCg0KBQQHAgIGEgT/AQsbCg0KBQQHAgIBEgT/ARwjCg0KBQQHAgIDEgT/ASYnCiQKAgQIEgaDAgCIAgEaFiBEZXNjcmliZXMgYSBzZXJ2aWNlLgoKCwoDBAgBEgSDAggeCgwKBAQIAgASBIQCAhsKDQoFBAgCAAQSBIQCAgoKDQoFBAgCAAUSBIQCCxEKDQoFBAgCAAESBIQCEhYKDQoFBAgCAAMSBIQCGRoKDAoEBAgCARIEhQICLAoNCgUECAIBBBIEhQICCgoNCgUECAIBBhIEhQILIAoNCgUECAIBARIEhQIhJwoNCgUECAIBAxIEhQIqKwoMCgQECAICEgSHAgImCg0KBQQIAgIEEgSHAgIKCg0KBQQIAgIGEgSHAgsZCg0KBQQIAgIBEgSHAhohCg0KBQQIAgIDEgSHAiQlCjAKAgQJEgaLAgCZAgEaIiBEZXNjcmliZXMgYSBtZXRob2Qgb2YgYSBzZXJ2aWNlLgoKCwoDBAkBEgSLAggdCgwKBAQJAgASBIwCAhsKDQoFBAkCAAQSBIwCAgoKDQoFBAkCAAUSBIwCCxEKDQoFBAkCAAESBIwCEhYKDQoFBAkCAAMSBIwCGRoKlwEKBAQJAgESBJACAiEaiAEgSW5wdXQgYW5kIG91dHB1dCB0eXBlIG5hbWVzLiAgVGhlc2UgYXJlIHJlc29sdmVkIGluIHRoZSBzYW1lIHdheSBhcwogRmllbGREZXNjcmlwdG9yUHJvdG8udHlwZV9uYW1lLCBidXQgbXVzdCByZWZlciB0byBhIG1lc3NhZ2UgdHlwZS4KCg0KBQQJAgEEEgSQAgIKCg0KBQQJAgEFEgSQAgsRCg0KBQQJAgEBEgSQAhIcCg0KBQQJAgEDEgSQAh8gCgwKBAQJAgISBJECAiIKDQoFBAkCAgQSBJECAgoKDQoFBAkCAgUSBJECCxEKDQoFBAkCAgESBJECEh0KDQoFBAkCAgMSBJECICEKDAoEBAkCAxIEkwICJQoNCgUECQIDBBIEkwICCgoNCgUECQIDBhIEkwILGAoNCgUECQIDARIEkwIZIAoNCgUECQIDAxIEkwIjJApFCgQECQIEEgSWAgI1GjcgSWRlbnRpZmllcyBpZiBjbGllbnQgc3RyZWFtcyBtdWx0aXBsZSBjbGllbnQgbWVzc2FnZXMKCg0KBQQJAgQEEgSWAgIKCg0KBQQJAgQFEgSWAgsPCg0KBQQJAgQBEgSWAhAgCg0KBQQJAgQDEgSWAiMkCg0KBQQJAgQIEgSWAiU0Cg0KBQQJAgQHEgSWAi4zCkUKBAQJAgUSBJgCAjUaNyBJZGVudGlmaWVzIGlmIHNlcnZlciBzdHJlYW1zIG11bHRpcGxlIHNlcnZlciBtZXNzYWdlcwoKDQoFBAkCBQQSBJgCAgoKDQoFBAkCBQUSBJgCCw8KDQoFBAkCBQESBJgCECAKDQoFBAkCBQMSBJgCIyQKDQoFBAkCBQgSBJgCJTQKDQoFBAkCBQcSBJgCLjMKrw4KAgQKEga9AgCsAwEyTiA9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09CiBPcHRpb25zCjLQDSBFYWNoIG9mIHRoZSBkZWZpbml0aW9ucyBhYm92ZSBtYXkgaGF2ZSAib3B0aW9ucyIgYXR0YWNoZWQuICBUaGVzZSBhcmUKIGp1c3QgYW5ub3RhdGlvbnMgd2hpY2ggbWF5IGNhdXNlIGNvZGUgdG8gYmUgZ2VuZXJhdGVkIHNsaWdodGx5IGRpZmZlcmVudGx5CiBvciBtYXkgY29udGFpbiBoaW50cyBmb3IgY29kZSB0aGF0IG1hbmlwdWxhdGVzIHByb3RvY29sIG1lc3NhZ2VzLgoKIENsaWVudHMgbWF5IGRlZmluZSBjdXN0b20gb3B0aW9ucyBhcyBleHRlbnNpb25zIG9mIHRoZSAqT3B0aW9ucyBtZXNzYWdlcy4KIFRoZXNlIGV4dGVuc2lvbnMgbWF5IG5vdCB5ZXQgYmUga25vd24gYXQgcGFyc2luZyB0aW1lLCBzbyB0aGUgcGFyc2VyIGNhbm5vdAogc3RvcmUgdGhlIHZhbHVlcyBpbiB0aGVtLiAgSW5zdGVhZCBpdCBzdG9yZXMgdGhlbSBpbiBhIGZpZWxkIGluIHRoZSAqT3B0aW9ucwogbWVzc2FnZSBjYWxsZWQgdW5pbnRlcnByZXRlZF9vcHRpb24uIFRoaXMgZmllbGQgbXVzdCBoYXZlIHRoZSBzYW1lIG5hbWUKIGFjcm9zcyBhbGwgKk9wdGlvbnMgbWVzc2FnZXMuIFdlIHRoZW4gdXNlIHRoaXMgZmllbGQgdG8gcG9wdWxhdGUgdGhlCiBleHRlbnNpb25zIHdoZW4gd2UgYnVpbGQgYSBkZXNjcmlwdG9yLCBhdCB3aGljaCBwb2ludCBhbGwgcHJvdG9zIGhhdmUgYmVlbgogcGFyc2VkIGFuZCBzbyBhbGwgZXh0ZW5zaW9ucyBhcmUga25vd24uCgogRXh0ZW5zaW9uIG51bWJlcnMgZm9yIGN1c3RvbSBvcHRpb25zIG1heSBiZSBjaG9zZW4gYXMgZm9sbG93czoKICogRm9yIG9wdGlvbnMgd2hpY2ggd2lsbCBvbmx5IGJlIHVzZWQgd2l0aGluIGEgc2luZ2xlIGFwcGxpY2F0aW9uIG9yCiAgIG9yZ2FuaXphdGlvbiwgb3IgZm9yIGV4cGVyaW1lbnRhbCBvcHRpb25zLCB1c2UgZmllbGQgbnVtYmVycyA1MDAwMAogICB0aHJvdWdoIDk5OTk5LiAgSXQgaXMgdXAgdG8geW91IHRvIGVuc3VyZSB0aGF0IHlvdSBkbyBub3QgdXNlIHRoZQogICBzYW1lIG51bWJlciBmb3IgbXVsdGlwbGUgb3B0aW9ucy4KICogRm9yIG9wdGlvbnMgd2hpY2ggd2lsbCBiZSBwdWJsaXNoZWQgYW5kIHVzZWQgcHVibGljbHkgYnkgbXVsdGlwbGUKICAgaW5kZXBlbmRlbnQgZW50aXRpZXMsIGUtbWFpbCBwcm90b2J1Zi1nbG9iYWwtZXh0ZW5zaW9uLXJlZ2lzdHJ5QGdvb2dsZS5jb20KICAgdG8gcmVzZXJ2ZSBleHRlbnNpb24gbnVtYmVycy4gU2ltcGx5IHByb3ZpZGUgeW91ciBwcm9qZWN0IG5hbWUgKGUuZy4KICAgT2JqZWN0aXZlLUMgcGx1Z2luKSBhbmQgeW91ciBwcm9qZWN0IHdlYnNpdGUgKGlmIGF2YWlsYWJsZSkgLS0gdGhlcmUncyBubwogICBuZWVkIHRvIGV4cGxhaW4gaG93IHlvdSBpbnRlbmQgdG8gdXNlIHRoZW0uIFVzdWFsbHkgeW91IG9ubHkgbmVlZCBvbmUKICAgZXh0ZW5zaW9uIG51bWJlci4gWW91IGNhbiBkZWNsYXJlIG11bHRpcGxlIG9wdGlvbnMgd2l0aCBvbmx5IG9uZSBleHRlbnNpb24KICAgbnVtYmVyIGJ5IHB1dHRpbmcgdGhlbSBpbiBhIHN1Yi1tZXNzYWdlLiBTZWUgdGhlIEN1c3RvbSBPcHRpb25zIHNlY3Rpb24gb2YKICAgdGhlIGRvY3MgZm9yIGV4YW1wbGVzOgogICBodHRwczovL2RldmVsb3BlcnMuZ29vZ2xlLmNvbS9wcm90b2NvbC1idWZmZXJzL2RvY3MvcHJvdG8jb3B0aW9ucwogICBJZiB0aGlzIHR1cm5zIG91dCB0byBiZSBwb3B1bGFyLCBhIHdlYiBzZXJ2aWNlIHdpbGwgYmUgc2V0IHVwCiAgIHRvIGF1dG9tYXRpY2FsbHkgYXNzaWduIG9wdGlvbiBudW1iZXJzLgoKCwoDBAoBEgS9AggTCvQBCgQECgIAEgTDAgIjGuUBIFNldHMgdGhlIEphdmEgcGFja2FnZSB3aGVyZSBjbGFzc2VzIGdlbmVyYXRlZCBmcm9tIHRoaXMgLnByb3RvIHdpbGwgYmUKIHBsYWNlZC4gIEJ5IGRlZmF1bHQsIHRoZSBwcm90byBwYWNrYWdlIGlzIHVzZWQsIGJ1dCB0aGlzIGlzIG9mdGVuCiBpbmFwcHJvcHJpYXRlIGJlY2F1c2UgcHJvdG8gcGFja2FnZXMgZG8gbm90IG5vcm1hbGx5IHN0YXJ0IHdpdGggYmFja3dhcmRzCiBkb21haW4gbmFtZXMuCgoNCgUECgIABBIEwwICCgoNCgUECgIABRIEwwILEQoNCgUECgIAARIEwwISHgoNCgUECgIAAxIEwwIhIgq/AgoEBAoCARIEywICKxqwAiBJZiBzZXQsIGFsbCB0aGUgY2xhc3NlcyBmcm9tIHRoZSAucHJvdG8gZmlsZSBhcmUgd3JhcHBlZCBpbiBhIHNpbmdsZQogb3V0ZXIgY2xhc3Mgd2l0aCB0aGUgZ2l2ZW4gbmFtZS4gIFRoaXMgYXBwbGllcyB0byBib3RoIFByb3RvMQogKGVxdWl2YWxlbnQgdG8gdGhlIG9sZCAiLS1vbmVfamF2YV9maWxlIiBvcHRpb24pIGFuZCBQcm90bzIgKHdoZXJlCiBhIC5wcm90byBhbHdheXMgdHJhbnNsYXRlcyB0byBhIHNpbmdsZSBjbGFzcywgYnV0IHlvdSBtYXkgd2FudCB0bwogZXhwbGljaXRseSBjaG9vc2UgdGhlIGNsYXNzIG5hbWUpLgoKDQoFBAoCAQQSBMsCAgoKDQoFBAoCAQUSBMsCCxEKDQoFBAoCAQESBMsCEiYKDQoFBAoCAQMSBMsCKSoKowMKBAQKAgISBNMCAjkalAMgSWYgc2V0IHRydWUsIHRoZW4gdGhlIEphdmEgY29kZSBnZW5lcmF0b3Igd2lsbCBnZW5lcmF0ZSBhIHNlcGFyYXRlIC5qYXZhCiBmaWxlIGZvciBlYWNoIHRvcC1sZXZlbCBtZXNzYWdlLCBlbnVtLCBhbmQgc2VydmljZSBkZWZpbmVkIGluIHRoZSAucHJvdG8KIGZpbGUuICBUaHVzLCB0aGVzZSB0eXBlcyB3aWxsICpub3QqIGJlIG5lc3RlZCBpbnNpZGUgdGhlIG91dGVyIGNsYXNzCiBuYW1lZCBieSBqYXZhX291dGVyX2NsYXNzbmFtZS4gIEhvd2V2ZXIsIHRoZSBvdXRlciBjbGFzcyB3aWxsIHN0aWxsIGJlCiBnZW5lcmF0ZWQgdG8gY29udGFpbiB0aGUgZmlsZSdzIGdldERlc2NyaXB0b3IoKSBtZXRob2QgYXMgd2VsbCBhcyBhbnkKIHRvcC1sZXZlbCBleHRlbnNpb25zIGRlZmluZWQgaW4gdGhlIGZpbGUuCgoNCgUECgICBBIE0wICCgoNCgUECgICBRIE0wILDwoNCgUECgICARIE0wIQIwoNCgUECgICAxIE0wImKAoNCgUECgICCBIE0wIpOAoNCgUECgICBxIE0wIyNwopCgQECgIDEgTWAgJFGhsgVGhpcyBvcHRpb24gZG9lcyBub3RoaW5nLgoKDQoFBAoCAwQSBNYCAgoKDQoFBAoCAwUSBNYCCw8KDQoFBAoCAwESBNYCEC0KDQoFBAoCAwMSBNYCMDIKDQoFBAoCAwgSBNYCM0QKEAoIBAoCAwjnBwASBNYCNEMKEQoJBAoCAwjnBwACEgTWAjQ+ChIKCgQKAgMI5wcAAgASBNYCND4KEwoLBAoCAwjnBwACAAESBNYCND4KEQoJBAoCAwjnBwADEgTWAj9DCuYCCgQECgIEEgTeAgI8GtcCIElmIHNldCB0cnVlLCB0aGVuIHRoZSBKYXZhMiBjb2RlIGdlbmVyYXRvciB3aWxsIGdlbmVyYXRlIGNvZGUgdGhhdAogdGhyb3dzIGFuIGV4Y2VwdGlvbiB3aGVuZXZlciBhbiBhdHRlbXB0IGlzIG1hZGUgdG8gYXNzaWduIGEgbm9uLVVURi04CiBieXRlIHNlcXVlbmNlIHRvIGEgc3RyaW5nIGZpZWxkLgogTWVzc2FnZSByZWZsZWN0aW9uIHdpbGwgZG8gdGhlIHNhbWUuCiBIb3dldmVyLCBhbiBleHRlbnNpb24gZmllbGQgc3RpbGwgYWNjZXB0cyBub24tVVRGLTggYnl0ZSBzZXF1ZW5jZXMuCiBUaGlzIG9wdGlvbiBoYXMgbm8gZWZmZWN0IG9uIHdoZW4gdXNlZCB3aXRoIHRoZSBsaXRlIHJ1bnRpbWUuCgoNCgUECgIEBBIE3gICCgoNCgUECgIEBRIE3gILDwoNCgUECgIEARIE3gIQJgoNCgUECgIEAxIE3gIpKwoNCgUECgIECBIE3gIsOwoNCgUECgIEBxIE3gI1OgpMCgQECgQAEgbiAgLnAgMaPCBHZW5lcmF0ZWQgY2xhc3NlcyBjYW4gYmUgb3B0aW1pemVkIGZvciBzcGVlZCBvciBjb2RlIHNpemUuCgoNCgUECgQAARIE4gIHEwpECgYECgQAAgASBOMCBA4iNCBHZW5lcmF0ZSBjb21wbGV0ZSBjb2RlIGZvciBwYXJzaW5nLCBzZXJpYWxpemF0aW9uLAoKDwoHBAoEAAIAARIE4wIECQoPCgcECgQAAgACEgTjAgwNCkcKBgQKBAACARIE5QIEEhoGIGV0Yy4KIi8gVXNlIFJlZmxlY3Rpb25PcHMgdG8gaW1wbGVtZW50IHRoZXNlIG1ldGhvZHMuCgoPCgcECgQAAgEBEgTlAgQNCg8KBwQKBAACAQISBOUCEBEKRwoGBAoEAAICEgTmAgQVIjcgR2VuZXJhdGUgY29kZSB1c2luZyBNZXNzYWdlTGl0ZSBhbmQgdGhlIGxpdGUgcnVudGltZS4KCg8KBwQKBAACAgESBOYCBBAKDwoHBAoEAAICAhIE5gITFAoMCgQECgIFEgToAgI5Cg0KBQQKAgUEEgToAgIKCg0KBQQKAgUGEgToAgsXCg0KBQQKAgUBEgToAhgkCg0KBQQKAgUDEgToAicoCg0KBQQKAgUIEgToAik4Cg0KBQQKAgUHEgToAjI3CuICCgQECgIGEgTvAgIiGtMCIFNldHMgdGhlIEdvIHBhY2thZ2Ugd2hlcmUgc3RydWN0cyBnZW5lcmF0ZWQgZnJvbSB0aGlzIC5wcm90byB3aWxsIGJlCiBwbGFjZWQuIElmIG9taXR0ZWQsIHRoZSBHbyBwYWNrYWdlIHdpbGwgYmUgZGVyaXZlZCBmcm9tIHRoZSBmb2xsb3dpbmc6CiAgIC0gVGhlIGJhc2VuYW1lIG9mIHRoZSBwYWNrYWdlIGltcG9ydCBwYXRoLCBpZiBwcm92aWRlZC4KICAgLSBPdGhlcndpc2UsIHRoZSBwYWNrYWdlIHN0YXRlbWVudCBpbiB0aGUgLnByb3RvIGZpbGUsIGlmIHByZXNlbnQuCiAgIC0gT3RoZXJ3aXNlLCB0aGUgYmFzZW5hbWUgb2YgdGhlIC5wcm90byBmaWxlLCB3aXRob3V0IGV4dGVuc2lvbi4KCg0KBQQKAgYEEgTvAgIKCg0KBQQKAgYFEgTvAgsRCg0KBQQKAgYBEgTvAhIcCg0KBQQKAgYDEgTvAh8hCtQECgQECgIHEgT9AgI5GsUEIFNob3VsZCBnZW5lcmljIHNlcnZpY2VzIGJlIGdlbmVyYXRlZCBpbiBlYWNoIGxhbmd1YWdlPyAgIkdlbmVyaWMiIHNlcnZpY2VzCiBhcmUgbm90IHNwZWNpZmljIHRvIGFueSBwYXJ0aWN1bGFyIFJQQyBzeXN0ZW0uICBUaGV5IGFyZSBnZW5lcmF0ZWQgYnkgdGhlCiBtYWluIGNvZGUgZ2VuZXJhdG9ycyBpbiBlYWNoIGxhbmd1YWdlICh3aXRob3V0IGFkZGl0aW9uYWwgcGx1Z2lucykuCiBHZW5lcmljIHNlcnZpY2VzIHdlcmUgdGhlIG9ubHkga2luZCBvZiBzZXJ2aWNlIGdlbmVyYXRpb24gc3VwcG9ydGVkIGJ5CiBlYXJseSB2ZXJzaW9ucyBvZiBnb29nbGUucHJvdG9idWYuCgogR2VuZXJpYyBzZXJ2aWNlcyBhcmUgbm93IGNvbnNpZGVyZWQgZGVwcmVjYXRlZCBpbiBmYXZvciBvZiB1c2luZyBwbHVnaW5zCiB0aGF0IGdlbmVyYXRlIGNvZGUgc3BlY2lmaWMgdG8geW91ciBwYXJ0aWN1bGFyIFJQQyBzeXN0ZW0uICBUaGVyZWZvcmUsCiB0aGVzZSBkZWZhdWx0IHRvIGZhbHNlLiAgT2xkIGNvZGUgd2hpY2ggZGVwZW5kcyBvbiBnZW5lcmljIHNlcnZpY2VzIHNob3VsZAogZXhwbGljaXRseSBzZXQgdGhlbSB0byB0cnVlLgoKDQoFBAoCBwQSBP0CAgoKDQoFBAoCBwUSBP0CCw8KDQoFBAoCBwESBP0CECMKDQoFBAoCBwMSBP0CJigKDQoFBAoCBwgSBP0CKTgKDQoFBAoCBwcSBP0CMjcKDAoEBAoCCBIE/gICOwoNCgUECgIIBBIE/gICCgoNCgUECgIIBRIE/gILDwoNCgUECgIIARIE/gIQJQoNCgUECgIIAxIE/gIoKgoNCgUECgIICBIE/gIrOgoNCgUECgIIBxIE/gI0OQoMCgQECgIJEgT/AgI5Cg0KBQQKAgkEEgT/AgIKCg0KBQQKAgkFEgT/AgsPCg0KBQQKAgkBEgT/AhAjCg0KBQQKAgkDEgT/AiYoCg0KBQQKAgkIEgT/Aik4Cg0KBQQKAgkHEgT/AjI3CgwKBAQKAgoSBIADAjoKDQoFBAoCCgQSBIADAgoKDQoFBAoCCgUSBIADCw8KDQoFBAoCCgESBIADECQKDQoFBAoCCgMSBIADJykKDQoFBAoCCggSBIADKjkKDQoFBAoCCgcSBIADMzgK8wEKBAQKAgsSBIYDAjAa5AEgSXMgdGhpcyBmaWxlIGRlcHJlY2F0ZWQ/CiBEZXBlbmRpbmcgb24gdGhlIHRhcmdldCBwbGF0Zm9ybSwgdGhpcyBjYW4gZW1pdCBEZXByZWNhdGVkIGFubm90YXRpb25zCiBmb3IgZXZlcnl0aGluZyBpbiB0aGUgZmlsZSwgb3IgaXQgd2lsbCBiZSBjb21wbGV0ZWx5IGlnbm9yZWQ7IGluIHRoZSB2ZXJ5CiBsZWFzdCwgdGhpcyBpcyBhIGZvcm1hbGl6YXRpb24gZm9yIGRlcHJlY2F0aW5nIGZpbGVzLgoKDQoFBAoCCwQSBIYDAgoKDQoFBAoCCwUSBIYDCw8KDQoFBAoCCwESBIYDEBoKDQoFBAoCCwMSBIYDHR8KDQoFBAoCCwgSBIYDIC8KDQoFBAoCCwcSBIYDKS4KfwoEBAoCDBIEigMCNhpxIEVuYWJsZXMgdGhlIHVzZSBvZiBhcmVuYXMgZm9yIHRoZSBwcm90byBtZXNzYWdlcyBpbiB0aGlzIGZpbGUuIFRoaXMgYXBwbGllcwogb25seSB0byBnZW5lcmF0ZWQgY2xhc3NlcyBmb3IgQysrLgoKDQoFBAoCDAQSBIoDAgoKDQoFBAoCDAUSBIoDCw8KDQoFBAoCDAESBIoDECAKDQoFBAoCDAMSBIoDIyUKDQoFBAoCDAgSBIoDJjUKDQoFBAoCDAcSBIoDLzQKkgEKBAQKAg0SBI8DAikagwEgU2V0cyB0aGUgb2JqZWN0aXZlIGMgY2xhc3MgcHJlZml4IHdoaWNoIGlzIHByZXBlbmRlZCB0byBhbGwgb2JqZWN0aXZlIGMKIGdlbmVyYXRlZCBjbGFzc2VzIGZyb20gdGhpcyAucHJvdG8uIFRoZXJlIGlzIG5vIGRlZmF1bHQuCgoNCgUECgINBBIEjwMCCgoNCgUECgINBRIEjwMLEQoNCgUECgINARIEjwMSIwoNCgUECgINAxIEjwMmKApJCgQECgIOEgSSAwIoGjsgTmFtZXNwYWNlIGZvciBnZW5lcmF0ZWQgY2xhc3NlczsgZGVmYXVsdHMgdG8gdGhlIHBhY2thZ2UuCgoNCgUECgIOBBIEkgMCCgoNCgUECgIOBRIEkgMLEQoNCgUECgIOARIEkgMSIgoNCgUECgIOAxIEkgMlJwqRAgoEBAoCDxIEmAMCJBqCAiBCeSBkZWZhdWx0IFN3aWZ0IGdlbmVyYXRvcnMgd2lsbCB0YWtlIHRoZSBwcm90byBwYWNrYWdlIGFuZCBDYW1lbENhc2UgaXQKIHJlcGxhY2luZyAnLicgd2l0aCB1bmRlcnNjb3JlIGFuZCB1c2UgdGhhdCB0byBwcmVmaXggdGhlIHR5cGVzL3N5bWJvbHMKIGRlZmluZWQuIFdoZW4gdGhpcyBvcHRpb25zIGlzIHByb3ZpZGVkLCB0aGV5IHdpbGwgdXNlIHRoaXMgdmFsdWUgaW5zdGVhZAogdG8gcHJlZml4IHRoZSB0eXBlcy9zeW1ib2xzIGRlZmluZWQuCgoNCgUECgIPBBIEmAMCCgoNCgUECgIPBRIEmAMLEQoNCgUECgIPARIEmAMSHgoNCgUECgIPAxIEmAMhIwp+CgQECgIQEgScAwIoGnAgU2V0cyB0aGUgcGhwIGNsYXNzIHByZWZpeCB3aGljaCBpcyBwcmVwZW5kZWQgdG8gYWxsIHBocCBnZW5lcmF0ZWQgY2xhc3NlcwogZnJvbSB0aGlzIC5wcm90by4gRGVmYXVsdCBpcyBlbXB0eS4KCg0KBQQKAhAEEgScAwIKCg0KBQQKAhAFEgScAwsRCg0KBQQKAhABEgScAxIiCg0KBQQKAhADEgScAyUnCr4BCgQECgIREgShAwIlGq8BIFVzZSB0aGlzIG9wdGlvbiB0byBjaGFuZ2UgdGhlIG5hbWVzcGFjZSBvZiBwaHAgZ2VuZXJhdGVkIGNsYXNzZXMuIERlZmF1bHQKIGlzIGVtcHR5LiBXaGVuIHRoaXMgb3B0aW9uIGlzIGVtcHR5LCB0aGUgcGFja2FnZSBuYW1lIHdpbGwgYmUgdXNlZCBmb3IKIGRldGVybWluaW5nIHRoZSBuYW1lc3BhY2UuCgoNCgUECgIRBBIEoQMCCgoNCgUECgIRBRIEoQMLEQoNCgUECgIRARIEoQMSHwoNCgUECgIRAxIEoQMiJAp8CgQECgISEgSlAwI6Gm4gVGhlIHBhcnNlciBzdG9yZXMgb3B0aW9ucyBpdCBkb2Vzbid0IHJlY29nbml6ZSBoZXJlLgogU2VlIHRoZSBkb2N1bWVudGF0aW9uIGZvciB0aGUgIk9wdGlvbnMiIHNlY3Rpb24gYWJvdmUuCgoNCgUECgISBBIEpQMCCgoNCgUECgISBhIEpQMLHgoNCgUECgISARIEpQMfMwoNCgUECgISAxIEpQM2OQqHAQoDBAoFEgSpAwIZGnogQ2xpZW50cyBjYW4gZGVmaW5lIGN1c3RvbSBvcHRpb25zIGluIGV4dGVuc2lvbnMgb2YgdGhpcyBtZXNzYWdlLgogU2VlIHRoZSBkb2N1bWVudGF0aW9uIGZvciB0aGUgIk9wdGlvbnMiIHNlY3Rpb24gYWJvdmUuCgoMCgQECgUAEgSpAw0YCg0KBQQKBQABEgSpAw0RCg0KBQQKBQACEgSpAxUYCgsKAwQKCRIEqwMLDgoMCgQECgkAEgSrAwsNCg0KBQQKCQABEgSrAwsNCg0KBQQKCQACEgSrAwsNCgwKAgQLEgauAwDtAwEKCwoDBAsBEgSuAwgWCtgFCgQECwIAEgTBAwI8GskFIFNldCB0cnVlIHRvIHVzZSB0aGUgb2xkIHByb3RvMSBNZXNzYWdlU2V0IHdpcmUgZm9ybWF0IGZvciBleHRlbnNpb25zLgogVGhpcyBpcyBwcm92aWRlZCBmb3IgYmFja3dhcmRzLWNvbXBhdGliaWxpdHkgd2l0aCB0aGUgTWVzc2FnZVNldCB3aXJlCiBmb3JtYXQuICBZb3Ugc2hvdWxkIG5vdCB1c2UgdGhpcyBmb3IgYW55IG90aGVyIHJlYXNvbjogIEl0J3MgbGVzcwogZWZmaWNpZW50LCBoYXMgZmV3ZXIgZmVhdHVyZXMsIGFuZCBpcyBtb3JlIGNvbXBsaWNhdGVkLgoKIFRoZSBtZXNzYWdlIG11c3QgYmUgZGVmaW5lZCBleGFjdGx5IGFzIGZvbGxvd3M6CiAgIG1lc3NhZ2UgRm9vIHsKICAgICBvcHRpb24gbWVzc2FnZV9zZXRfd2lyZV9mb3JtYXQgPSB0cnVlOwogICAgIGV4dGVuc2lvbnMgNCB0byBtYXg7CiAgIH0KIE5vdGUgdGhhdCB0aGUgbWVzc2FnZSBjYW5ub3QgaGF2ZSBhbnkgZGVmaW5lZCBmaWVsZHM7IE1lc3NhZ2VTZXRzIG9ubHkKIGhhdmUgZXh0ZW5zaW9ucy4KCiBBbGwgZXh0ZW5zaW9ucyBvZiB5b3VyIHR5cGUgbXVzdCBiZSBzaW5ndWxhciBtZXNzYWdlczsgZS5nLiB0aGV5IGNhbm5vdAogYmUgaW50MzJzLCBlbnVtcywgb3IgcmVwZWF0ZWQgbWVzc2FnZXMuCgogQmVjYXVzZSB0aGlzIGlzIGFuIG9wdGlvbiwgdGhlIGFib3ZlIHR3byByZXN0cmljdGlvbnMgYXJlIG5vdCBlbmZvcmNlZCBieQogdGhlIHByb3RvY29sIGNvbXBpbGVyLgoKDQoFBAsCAAQSBMEDAgoKDQoFBAsCAAUSBMEDCw8KDQoFBAsCAAESBMEDECcKDQoFBAsCAAMSBMEDKisKDQoFBAsCAAgSBMEDLDsKDQoFBAsCAAcSBMEDNToK6wEKBAQLAgESBMYDAkQa3AEgRGlzYWJsZXMgdGhlIGdlbmVyYXRpb24gb2YgdGhlIHN0YW5kYXJkICJkZXNjcmlwdG9yKCkiIGFjY2Vzc29yLCB3aGljaCBjYW4KIGNvbmZsaWN0IHdpdGggYSBmaWVsZCBvZiB0aGUgc2FtZSBuYW1lLiAgVGhpcyBpcyBtZWFudCB0byBtYWtlIG1pZ3JhdGlvbgogZnJvbSBwcm90bzEgZWFzaWVyOyBuZXcgY29kZSBzaG91bGQgYXZvaWQgZmllbGRzIG5hbWVkICJkZXNjcmlwdG9yIi4KCg0KBQQLAgEEEgTGAwIKCg0KBQQLAgEFEgTGAwsPCg0KBQQLAgEBEgTGAxAvCg0KBQQLAgEDEgTGAzIzCg0KBQQLAgEIEgTGAzRDCg0KBQQLAgEHEgTGAz1CCu4BCgQECwICEgTMAwIvGt8BIElzIHRoaXMgbWVzc2FnZSBkZXByZWNhdGVkPwogRGVwZW5kaW5nIG9uIHRoZSB0YXJnZXQgcGxhdGZvcm0sIHRoaXMgY2FuIGVtaXQgRGVwcmVjYXRlZCBhbm5vdGF0aW9ucwogZm9yIHRoZSBtZXNzYWdlLCBvciBpdCB3aWxsIGJlIGNvbXBsZXRlbHkgaWdub3JlZDsgaW4gdGhlIHZlcnkgbGVhc3QsCiB0aGlzIGlzIGEgZm9ybWFsaXphdGlvbiBmb3IgZGVwcmVjYXRpbmcgbWVzc2FnZXMuCgoNCgUECwICBBIEzAMCCgoNCgUECwICBRIEzAMLDwoNCgUECwICARIEzAMQGgoNCgUECwICAxIEzAMdHgoNCgUECwICCBIEzAMfLgoNCgUECwICBxIEzAMoLQqeBgoEBAsCAxIE4wMCHhqPBiBXaGV0aGVyIHRoZSBtZXNzYWdlIGlzIGFuIGF1dG9tYXRpY2FsbHkgZ2VuZXJhdGVkIG1hcCBlbnRyeSB0eXBlIGZvciB0aGUKIG1hcHMgZmllbGQuCgogRm9yIG1hcHMgZmllbGRzOgogICAgIG1hcDxLZXlUeXBlLCBWYWx1ZVR5cGU+IG1hcF9maWVsZCA9IDE7CiBUaGUgcGFyc2VkIGRlc2NyaXB0b3IgbG9va3MgbGlrZToKICAgICBtZXNzYWdlIE1hcEZpZWxkRW50cnkgewogICAgICAgICBvcHRpb24gbWFwX2VudHJ5ID0gdHJ1ZTsKICAgICAgICAgb3B0aW9uYWwgS2V5VHlwZSBrZXkgPSAxOwogICAgICAgICBvcHRpb25hbCBWYWx1ZVR5cGUgdmFsdWUgPSAyOwogICAgIH0KICAgICByZXBlYXRlZCBNYXBGaWVsZEVudHJ5IG1hcF9maWVsZCA9IDE7CgogSW1wbGVtZW50YXRpb25zIG1heSBjaG9vc2Ugbm90IHRvIGdlbmVyYXRlIHRoZSBtYXBfZW50cnk9dHJ1ZSBtZXNzYWdlLCBidXQKIHVzZSBhIG5hdGl2ZSBtYXAgaW4gdGhlIHRhcmdldCBsYW5ndWFnZSB0byBob2xkIHRoZSBrZXlzIGFuZCB2YWx1ZXMuCiBUaGUgcmVmbGVjdGlvbiBBUElzIGluIHN1Y2ggaW1wbGVtZW50aW9ucyBzdGlsbCBuZWVkIHRvIHdvcmsgYXMKIGlmIHRoZSBmaWVsZCBpcyBhIHJlcGVhdGVkIG1lc3NhZ2UgZmllbGQuCgogTk9URTogRG8gbm90IHNldCB0aGUgb3B0aW9uIGluIC5wcm90byBmaWxlcy4gQWx3YXlzIHVzZSB0aGUgbWFwcyBzeW50YXgKIGluc3RlYWQuIFRoZSBvcHRpb24gc2hvdWxkIG9ubHkgYmUgaW1wbGljaXRseSBzZXQgYnkgdGhlIHByb3RvIGNvbXBpbGVyCiBwYXJzZXIuCgoNCgUECwIDBBIE4wMCCgoNCgUECwIDBRIE4wMLDwoNCgUECwIDARIE4wMQGQoNCgUECwIDAxIE4wMcHQokCgMECwkSBOUDCw0iFyBqYXZhbGl0ZV9zZXJpYWxpemFibGUKCgwKBAQLCQASBOUDCwwKDQoFBAsJAAESBOUDCwwKDQoFBAsJAAISBOUDCwwKHwoDBAsJEgTmAwsNIhIgamF2YW5hbm9fYXNfbGl0ZQoKDAoEBAsJARIE5gMLDAoNCgUECwkBARIE5gMLDAoNCgUECwkBAhIE5gMLDApPCgQECwIEEgTpAwI6GkEgVGhlIHBhcnNlciBzdG9yZXMgb3B0aW9ucyBpdCBkb2Vzbid0IHJlY29nbml6ZSBoZXJlLiBTZWUgYWJvdmUuCgoNCgUECwIEBBIE6QMCCgoNCgUECwIEBhIE6QMLHgoNCgUECwIEARIE6QMfMwoNCgUECwIEAxIE6QM2OQpaCgMECwUSBOwDAhkaTSBDbGllbnRzIGNhbiBkZWZpbmUgY3VzdG9tIG9wdGlvbnMgaW4gZXh0ZW5zaW9ucyBvZiB0aGlzIG1lc3NhZ2UuIFNlZSBhYm92ZS4KCgwKBAQLBQASBOwDDRgKDQoFBAsFAAESBOwDDREKDQoFBAsFAAISBOwDFRgKDAoCBAwSBu8DAMoEAQoLCgMEDAESBO8DCBQKowIKBAQMAgASBPQDAi4alAIgVGhlIGN0eXBlIG9wdGlvbiBpbnN0cnVjdHMgdGhlIEMrKyBjb2RlIGdlbmVyYXRvciB0byB1c2UgYSBkaWZmZXJlbnQKIHJlcHJlc2VudGF0aW9uIG9mIHRoZSBmaWVsZCB0aGFuIGl0IG5vcm1hbGx5IHdvdWxkLiAgU2VlIHRoZSBzcGVjaWZpYwogb3B0aW9ucyBiZWxvdy4gIFRoaXMgb3B0aW9uIGlzIG5vdCB5ZXQgaW1wbGVtZW50ZWQgaW4gdGhlIG9wZW4gc291cmNlCiByZWxlYXNlIC0tIHNvcnJ5LCB3ZSdsbCB0cnkgdG8gaW5jbHVkZSBpdCBpbiBhIGZ1dHVyZSB2ZXJzaW9uIQoKDQoFBAwCAAQSBPQDAgoKDQoFBAwCAAYSBPQDCxAKDQoFBAwCAAESBPQDERYKDQoFBAwCAAMSBPQDGRoKDQoFBAwCAAgSBPQDGy0KDQoFBAwCAAcSBPQDJiwKDgoEBAwEABIG9QMC/AMDCg0KBQQMBAABEgT1AwcMCh8KBgQMBAACABIE9wMEDxoPIERlZmF1bHQgbW9kZS4KCg8KBwQMBAACAAESBPcDBAoKDwoHBAwEAAIAAhIE9wMNDgoOCgYEDAQAAgESBPkDBA0KDwoHBAwEAAIBARIE+QMECAoPCgcEDAQAAgECEgT5AwsMCg4KBgQMBAACAhIE+wMEFQoPCgcEDAQAAgIBEgT7AwQQCg8KBwQMBAACAgISBPsDExQK2gIKBAQMAgESBIIEAhsaywIgVGhlIHBhY2tlZCBvcHRpb24gY2FuIGJlIGVuYWJsZWQgZm9yIHJlcGVhdGVkIHByaW1pdGl2ZSBmaWVsZHMgdG8gZW5hYmxlCiBhIG1vcmUgZWZmaWNpZW50IHJlcHJlc2VudGF0aW9uIG9uIHRoZSB3aXJlLiBSYXRoZXIgdGhhbiByZXBlYXRlZGx5CiB3cml0aW5nIHRoZSB0YWcgYW5kIHR5cGUgZm9yIGVhY2ggZWxlbWVudCwgdGhlIGVudGlyZSBhcnJheSBpcyBlbmNvZGVkIGFzCiBhIHNpbmdsZSBsZW5ndGgtZGVsaW1pdGVkIGJsb2IuIEluIHByb3RvMywgb25seSBleHBsaWNpdCBzZXR0aW5nIGl0IHRvCiBmYWxzZSB3aWxsIGF2b2lkIHVzaW5nIHBhY2tlZCBlbmNvZGluZy4KCg0KBQQMAgEEEgSCBAIKCg0KBQQMAgEFEgSCBAsPCg0KBQQMAgEBEgSCBBAWCg0KBQQMAgEDEgSCBBkaCpoFCgQEDAICEgSPBAIzGosFIFRoZSBqc3R5cGUgb3B0aW9uIGRldGVybWluZXMgdGhlIEphdmFTY3JpcHQgdHlwZSB1c2VkIGZvciB2YWx1ZXMgb2YgdGhlCiBmaWVsZC4gIFRoZSBvcHRpb24gaXMgcGVybWl0dGVkIG9ubHkgZm9yIDY0IGJpdCBpbnRlZ3JhbCBhbmQgZml4ZWQgdHlwZXMKIChpbnQ2NCwgdWludDY0LCBzaW50NjQsIGZpeGVkNjQsIHNmaXhlZDY0KS4gIEEgZmllbGQgd2l0aCBqc3R5cGUgSlNfU1RSSU5HCiBpcyByZXByZXNlbnRlZCBhcyBKYXZhU2NyaXB0IHN0cmluZywgd2hpY2ggYXZvaWRzIGxvc3Mgb2YgcHJlY2lzaW9uIHRoYXQKIGNhbiBoYXBwZW4gd2hlbiBhIGxhcmdlIHZhbHVlIGlzIGNvbnZlcnRlZCB0byBhIGZsb2F0aW5nIHBvaW50IEphdmFTY3JpcHQuCiBTcGVjaWZ5aW5nIEpTX05VTUJFUiBmb3IgdGhlIGpzdHlwZSBjYXVzZXMgdGhlIGdlbmVyYXRlZCBKYXZhU2NyaXB0IGNvZGUgdG8KIHVzZSB0aGUgSmF2YVNjcmlwdCAibnVtYmVyIiB0eXBlLiAgVGhlIGJlaGF2aW9yIG9mIHRoZSBkZWZhdWx0IG9wdGlvbgogSlNfTk9STUFMIGlzIGltcGxlbWVudGF0aW9uIGRlcGVuZGVudC4KCiBUaGlzIG9wdGlvbiBpcyBhbiBlbnVtIHRvIHBlcm1pdCBhZGRpdGlvbmFsIHR5cGVzIHRvIGJlIGFkZGVkLCBlLmcuCiBnb29nLm1hdGguSW50ZWdlci4KCg0KBQQMAgIEEgSPBAIKCg0KBQQMAgIGEgSPBAsRCg0KBQQMAgIBEgSPBBIYCg0KBQQMAgIDEgSPBBscCg0KBQQMAgIIEgSPBB0yCg0KBQQMAgIHEgSPBCgxCg4KBAQMBAESBpAEApkEAwoNCgUEDAQBARIEkAQHDQonCgYEDAQBAgASBJIEBBIaFyBVc2UgdGhlIGRlZmF1bHQgdHlwZS4KCg8KBwQMBAECAAESBJIEBA0KDwoHBAwEAQIAAhIEkgQQEQopCgYEDAQBAgESBJUEBBIaGSBVc2UgSmF2YVNjcmlwdCBzdHJpbmdzLgoKDwoHBAwEAQIBARIElQQEDQoPCgcEDAQBAgECEgSVBBARCikKBgQMBAECAhIEmAQEEhoZIFVzZSBKYXZhU2NyaXB0IG51bWJlcnMuCgoPCgcEDAQBAgIBEgSYBAQNCg8KBwQMBAECAgISBJgEEBEK7wwKBAQMAgMSBLcEAika4AwgU2hvdWxkIHRoaXMgZmllbGQgYmUgcGFyc2VkIGxhemlseT8gIExhenkgYXBwbGllcyBvbmx5IHRvIG1lc3NhZ2UtdHlwZQogZmllbGRzLiAgSXQgbWVhbnMgdGhhdCB3aGVuIHRoZSBvdXRlciBtZXNzYWdlIGlzIGluaXRpYWxseSBwYXJzZWQsIHRoZQogaW5uZXIgbWVzc2FnZSdzIGNvbnRlbnRzIHdpbGwgbm90IGJlIHBhcnNlZCBidXQgaW5zdGVhZCBzdG9yZWQgaW4gZW5jb2RlZAogZm9ybS4gIFRoZSBpbm5lciBtZXNzYWdlIHdpbGwgYWN0dWFsbHkgYmUgcGFyc2VkIHdoZW4gaXQgaXMgZmlyc3QgYWNjZXNzZWQuCgogVGhpcyBpcyBvbmx5IGEgaGludC4gIEltcGxlbWVudGF0aW9ucyBhcmUgZnJlZSB0byBjaG9vc2Ugd2hldGhlciB0byB1c2UKIGVhZ2VyIG9yIGxhenkgcGFyc2luZyByZWdhcmRsZXNzIG9mIHRoZSB2YWx1ZSBvZiB0aGlzIG9wdGlvbi4gIEhvd2V2ZXIsCiBzZXR0aW5nIHRoaXMgb3B0aW9uIHRydWUgc3VnZ2VzdHMgdGhhdCB0aGUgcHJvdG9jb2wgYXV0aG9yIGJlbGlldmVzIHRoYXQKIHVzaW5nIGxhenkgcGFyc2luZyBvbiB0aGlzIGZpZWxkIGlzIHdvcnRoIHRoZSBhZGRpdGlvbmFsIGJvb2trZWVwaW5nCiBvdmVyaGVhZCB0eXBpY2FsbHkgbmVlZGVkIHRvIGltcGxlbWVudCBpdC4KCiBUaGlzIG9wdGlvbiBkb2VzIG5vdCBhZmZlY3QgdGhlIHB1YmxpYyBpbnRlcmZhY2Ugb2YgYW55IGdlbmVyYXRlZCBjb2RlOwogYWxsIG1ldGhvZCBzaWduYXR1cmVzIHJlbWFpbiB0aGUgc2FtZS4gIEZ1cnRoZXJtb3JlLCB0aHJlYWQtc2FmZXR5IG9mIHRoZQogaW50ZXJmYWNlIGlzIG5vdCBhZmZlY3RlZCBieSB0aGlzIG9wdGlvbjsgY29uc3QgbWV0aG9kcyByZW1haW4gc2FmZSB0bwogY2FsbCBmcm9tIG11bHRpcGxlIHRocmVhZHMgY29uY3VycmVudGx5LCB3aGlsZSBub24tY29uc3QgbWV0aG9kcyBjb250aW51ZQogdG8gcmVxdWlyZSBleGNsdXNpdmUgYWNjZXNzLgoKCiBOb3RlIHRoYXQgaW1wbGVtZW50YXRpb25zIG1heSBjaG9vc2Ugbm90IHRvIGNoZWNrIHJlcXVpcmVkIGZpZWxkcyB3aXRoaW4KIGEgbGF6eSBzdWItbWVzc2FnZS4gIFRoYXQgaXMsIGNhbGxpbmcgSXNJbml0aWFsaXplZCgpIG9uIHRoZSBvdXRlciBtZXNzYWdlCiBtYXkgcmV0dXJuIHRydWUgZXZlbiBpZiB0aGUgaW5uZXIgbWVzc2FnZSBoYXMgbWlzc2luZyByZXF1aXJlZCBmaWVsZHMuCiBUaGlzIGlzIG5lY2Vzc2FyeSBiZWNhdXNlIG90aGVyd2lzZSB0aGUgaW5uZXIgbWVzc2FnZSB3b3VsZCBoYXZlIHRvIGJlCiBwYXJzZWQgaW4gb3JkZXIgdG8gcGVyZm9ybSB0aGUgY2hlY2ssIGRlZmVhdGluZyB0aGUgcHVycG9zZSBvZiBsYXp5CiBwYXJzaW5nLiAgQW4gaW1wbGVtZW50YXRpb24gd2hpY2ggY2hvb3NlcyBub3QgdG8gY2hlY2sgcmVxdWlyZWQgZmllbGRzCiBtdXN0IGJlIGNvbnNpc3RlbnQgYWJvdXQgaXQuICBUaGF0IGlzLCBmb3IgYW55IHBhcnRpY3VsYXIgc3ViLW1lc3NhZ2UsIHRoZQogaW1wbGVtZW50YXRpb24gbXVzdCBlaXRoZXIgKmFsd2F5cyogY2hlY2sgaXRzIHJlcXVpcmVkIGZpZWxkcywgb3IgKm5ldmVyKgogY2hlY2sgaXRzIHJlcXVpcmVkIGZpZWxkcywgcmVnYXJkbGVzcyBvZiB3aGV0aGVyIG9yIG5vdCB0aGUgbWVzc2FnZSBoYXMKIGJlZW4gcGFyc2VkLgoKDQoFBAwCAwQSBLcEAgoKDQoFBAwCAwUSBLcECw8KDQoFBAwCAwESBLcEEBQKDQoFBAwCAwMSBLcEFxgKDQoFBAwCAwgSBLcEGSgKDQoFBAwCAwcSBLcEIicK6AEKBAQMAgQSBL0EAi8a2QEgSXMgdGhpcyBmaWVsZCBkZXByZWNhdGVkPwogRGVwZW5kaW5nIG9uIHRoZSB0YXJnZXQgcGxhdGZvcm0sIHRoaXMgY2FuIGVtaXQgRGVwcmVjYXRlZCBhbm5vdGF0aW9ucwogZm9yIGFjY2Vzc29ycywgb3IgaXQgd2lsbCBiZSBjb21wbGV0ZWx5IGlnbm9yZWQ7IGluIHRoZSB2ZXJ5IGxlYXN0LCB0aGlzCiBpcyBhIGZvcm1hbGl6YXRpb24gZm9yIGRlcHJlY2F0aW5nIGZpZWxkcy4KCg0KBQQMAgQEEgS9BAIKCg0KBQQMAgQFEgS9BAsPCg0KBQQMAgQBEgS9BBAaCg0KBQQMAgQDEgS9BB0eCg0KBQQMAgQIEgS9BB8uCg0KBQQMAgQHEgS9BCgtCj8KBAQMAgUSBMAEAioaMSBGb3IgR29vZ2xlLWludGVybmFsIG1pZ3JhdGlvbiBvbmx5LiBEbyBub3QgdXNlLgoKDQoFBAwCBQQSBMAEAgoKDQoFBAwCBQUSBMAECw8KDQoFBAwCBQESBMAEEBQKDQoFBAwCBQMSBMAEFxkKDQoFBAwCBQgSBMAEGikKDQoFBAwCBQcSBMAEIygKTwoEBAwCBhIExAQCOhpBIFRoZSBwYXJzZXIgc3RvcmVzIG9wdGlvbnMgaXQgZG9lc24ndCByZWNvZ25pemUgaGVyZS4gU2VlIGFib3ZlLgoKDQoFBAwCBgQSBMQEAgoKDQoFBAwCBgYSBMQECx4KDQoFBAwCBgESBMQEHzMKDQoFBAwCBgMSBMQENjkKWgoDBAwFEgTHBAIZGk0gQ2xpZW50cyBjYW4gZGVmaW5lIGN1c3RvbSBvcHRpb25zIGluIGV4dGVuc2lvbnMgb2YgdGhpcyBtZXNzYWdlLiBTZWUgYWJvdmUuCgoMCgQEDAUAEgTHBA0YCg0KBQQMBQABEgTHBA0RCg0KBQQMBQACEgTHBBUYChwKAwQMCRIEyQQLDSIPIHJlbW92ZWQganR5cGUKCgwKBAQMCQASBMkECwwKDQoFBAwJAAESBMkECwwKDQoFBAwJAAISBMkECwwKDAoCBA0SBswEANIEAQoLCgMEDQESBMwECBQKTwoEBA0CABIEzgQCOhpBIFRoZSBwYXJzZXIgc3RvcmVzIG9wdGlvbnMgaXQgZG9lc24ndCByZWNvZ25pemUgaGVyZS4gU2VlIGFib3ZlLgoKDQoFBA0CAAQSBM4EAgoKDQoFBA0CAAYSBM4ECx4KDQoFBA0CAAESBM4EHzMKDQoFBA0CAAMSBM4ENjkKWgoDBA0FEgTRBAIZGk0gQ2xpZW50cyBjYW4gZGVmaW5lIGN1c3RvbSBvcHRpb25zIGluIGV4dGVuc2lvbnMgb2YgdGhpcyBtZXNzYWdlLiBTZWUgYWJvdmUuCgoMCgQEDQUAEgTRBA0YCg0KBQQNBQABEgTRBA0RCg0KBQQNBQACEgTRBBUYCgwKAgQOEgbUBADnBAEKCwoDBA4BEgTUBAgTCmAKBAQOAgASBNgEAiAaUiBTZXQgdGhpcyBvcHRpb24gdG8gdHJ1ZSB0byBhbGxvdyBtYXBwaW5nIGRpZmZlcmVudCB0YWcgbmFtZXMgdG8gdGhlIHNhbWUKIHZhbHVlLgoKDQoFBA4CAAQSBNgEAgoKDQoFBA4CAAUSBNgECw8KDQoFBA4CAAESBNgEEBsKDQoFBA4CAAMSBNgEHh8K5QEKBAQOAgESBN4EAi8a1gEgSXMgdGhpcyBlbnVtIGRlcHJlY2F0ZWQ/CiBEZXBlbmRpbmcgb24gdGhlIHRhcmdldCBwbGF0Zm9ybSwgdGhpcyBjYW4gZW1pdCBEZXByZWNhdGVkIGFubm90YXRpb25zCiBmb3IgdGhlIGVudW0sIG9yIGl0IHdpbGwgYmUgY29tcGxldGVseSBpZ25vcmVkOyBpbiB0aGUgdmVyeSBsZWFzdCwgdGhpcwogaXMgYSBmb3JtYWxpemF0aW9uIGZvciBkZXByZWNhdGluZyBlbnVtcy4KCg0KBQQOAgEEEgTeBAIKCg0KBQQOAgEFEgTeBAsPCg0KBQQOAgEBEgTeBBAaCg0KBQQOAgEDEgTeBB0eCg0KBQQOAgEIEgTeBB8uCg0KBQQOAgEHEgTeBCgtCh8KAwQOCRIE4AQLDSISIGphdmFuYW5vX2FzX2xpdGUKCgwKBAQOCQASBOAECwwKDQoFBA4JAAESBOAECwwKDQoFBA4JAAISBOAECwwKTwoEBA4CAhIE4wQCOhpBIFRoZSBwYXJzZXIgc3RvcmVzIG9wdGlvbnMgaXQgZG9lc24ndCByZWNvZ25pemUgaGVyZS4gU2VlIGFib3ZlLgoKDQoFBA4CAgQSBOMEAgoKDQoFBA4CAgYSBOMECx4KDQoFBA4CAgESBOMEHzMKDQoFBA4CAgMSBOMENjkKWgoDBA4FEgTmBAIZGk0gQ2xpZW50cyBjYW4gZGVmaW5lIGN1c3RvbSBvcHRpb25zIGluIGV4dGVuc2lvbnMgb2YgdGhpcyBtZXNzYWdlLiBTZWUgYWJvdmUuCgoMCgQEDgUAEgTmBA0YCg0KBQQOBQABEgTmBA0RCg0KBQQOBQACEgTmBBUYCgwKAgQPEgbpBAD1BAEKCwoDBA8BEgTpBAgYCvcBCgQEDwIAEgTuBAIvGugBIElzIHRoaXMgZW51bSB2YWx1ZSBkZXByZWNhdGVkPwogRGVwZW5kaW5nIG9uIHRoZSB0YXJnZXQgcGxhdGZvcm0sIHRoaXMgY2FuIGVtaXQgRGVwcmVjYXRlZCBhbm5vdGF0aW9ucwogZm9yIHRoZSBlbnVtIHZhbHVlLCBvciBpdCB3aWxsIGJlIGNvbXBsZXRlbHkgaWdub3JlZDsgaW4gdGhlIHZlcnkgbGVhc3QsCiB0aGlzIGlzIGEgZm9ybWFsaXphdGlvbiBmb3IgZGVwcmVjYXRpbmcgZW51bSB2YWx1ZXMuCgoNCgUEDwIABBIE7gQCCgoNCgUEDwIABRIE7gQLDwoNCgUEDwIAARIE7gQQGgoNCgUEDwIAAxIE7gQdHgoNCgUEDwIACBIE7gQfLgoNCgUEDwIABxIE7gQoLQpPCgQEDwIBEgTxBAI6GkEgVGhlIHBhcnNlciBzdG9yZXMgb3B0aW9ucyBpdCBkb2Vzbid0IHJlY29nbml6ZSBoZXJlLiBTZWUgYWJvdmUuCgoNCgUEDwIBBBIE8QQCCgoNCgUEDwIBBhIE8QQLHgoNCgUEDwIBARIE8QQfMwoNCgUEDwIBAxIE8QQ2OQpaCgMEDwUSBPQEAhkaTSBDbGllbnRzIGNhbiBkZWZpbmUgY3VzdG9tIG9wdGlvbnMgaW4gZXh0ZW5zaW9ucyBvZiB0aGlzIG1lc3NhZ2UuIFNlZSBhYm92ZS4KCgwKBAQPBQASBPQEDRgKDQoFBA8FAAESBPQEDREKDQoFBA8FAAISBPQEFRgKDAoCBBASBvcEAIkFAQoLCgMEEAESBPcECBYK2QMKBAQQAgASBIIFAjAa3wEgSXMgdGhpcyBzZXJ2aWNlIGRlcHJlY2F0ZWQ/CiBEZXBlbmRpbmcgb24gdGhlIHRhcmdldCBwbGF0Zm9ybSwgdGhpcyBjYW4gZW1pdCBEZXByZWNhdGVkIGFubm90YXRpb25zCiBmb3IgdGhlIHNlcnZpY2UsIG9yIGl0IHdpbGwgYmUgY29tcGxldGVseSBpZ25vcmVkOyBpbiB0aGUgdmVyeSBsZWFzdCwKIHRoaXMgaXMgYSBmb3JtYWxpemF0aW9uIGZvciBkZXByZWNhdGluZyBzZXJ2aWNlcy4KMugBIE5vdGU6ICBGaWVsZCBudW1iZXJzIDEgdGhyb3VnaCAzMiBhcmUgcmVzZXJ2ZWQgZm9yIEdvb2dsZSdzIGludGVybmFsIFJQQwogICBmcmFtZXdvcmsuICBXZSBhcG9sb2dpemUgZm9yIGhvYXJkaW5nIHRoZXNlIG51bWJlcnMgdG8gb3Vyc2VsdmVzLCBidXQKICAgd2Ugd2VyZSBhbHJlYWR5IHVzaW5nIHRoZW0gbG9uZyBiZWZvcmUgd2UgZGVjaWRlZCB0byByZWxlYXNlIFByb3RvY29sCiAgIEJ1ZmZlcnMuCgoNCgUEEAIABBIEggUCCgoNCgUEEAIABRIEggULDwoNCgUEEAIAARIEggUQGgoNCgUEEAIAAxIEggUdHwoNCgUEEAIACBIEggUgLwoNCgUEEAIABxIEggUpLgpPCgQEEAIBEgSFBQI6GkEgVGhlIHBhcnNlciBzdG9yZXMgb3B0aW9ucyBpdCBkb2Vzbid0IHJlY29nbml6ZSBoZXJlLiBTZWUgYWJvdmUuCgoNCgUEEAIBBBIEhQUCCgoNCgUEEAIBBhIEhQULHgoNCgUEEAIBARIEhQUfMwoNCgUEEAIBAxIEhQU2OQpaCgMEEAUSBIgFAhkaTSBDbGllbnRzIGNhbiBkZWZpbmUgY3VzdG9tIG9wdGlvbnMgaW4gZXh0ZW5zaW9ucyBvZiB0aGlzIG1lc3NhZ2UuIFNlZSBhYm92ZS4KCgwKBAQQBQASBIgFDRgKDQoFBBAFAAESBIgFDREKDQoFBBAFAAISBIgFFRgKDAoCBBESBosFAKgFAQoLCgMEEQESBIsFCBUK1gMKBAQRAgASBJYFAjAa3AEgSXMgdGhpcyBtZXRob2QgZGVwcmVjYXRlZD8KIERlcGVuZGluZyBvbiB0aGUgdGFyZ2V0IHBsYXRmb3JtLCB0aGlzIGNhbiBlbWl0IERlcHJlY2F0ZWQgYW5ub3RhdGlvbnMKIGZvciB0aGUgbWV0aG9kLCBvciBpdCB3aWxsIGJlIGNvbXBsZXRlbHkgaWdub3JlZDsgaW4gdGhlIHZlcnkgbGVhc3QsCiB0aGlzIGlzIGEgZm9ybWFsaXphdGlvbiBmb3IgZGVwcmVjYXRpbmcgbWV0aG9kcy4KMugBIE5vdGU6ICBGaWVsZCBudW1iZXJzIDEgdGhyb3VnaCAzMiBhcmUgcmVzZXJ2ZWQgZm9yIEdvb2dsZSdzIGludGVybmFsIFJQQwogICBmcmFtZXdvcmsuICBXZSBhcG9sb2dpemUgZm9yIGhvYXJkaW5nIHRoZXNlIG51bWJlcnMgdG8gb3Vyc2VsdmVzLCBidXQKICAgd2Ugd2VyZSBhbHJlYWR5IHVzaW5nIHRoZW0gbG9uZyBiZWZvcmUgd2UgZGVjaWRlZCB0byByZWxlYXNlIFByb3RvY29sCiAgIEJ1ZmZlcnMuCgoNCgUEEQIABBIElgUCCgoNCgUEEQIABRIElgULDwoNCgUEEQIAARIElgUQGgoNCgUEEQIAAxIElgUdHwoNCgUEEQIACBIElgUgLwoNCgUEEQIABxIElgUpLgrwAQoEBBEEABIGmwUCnwUDGt8BIElzIHRoaXMgbWV0aG9kIHNpZGUtZWZmZWN0LWZyZWUgKG9yIHNhZmUgaW4gSFRUUCBwYXJsYW5jZSksIG9yIGlkZW1wb3RlbnQsCiBvciBuZWl0aGVyPyBIVFRQIGJhc2VkIFJQQyBpbXBsZW1lbnRhdGlvbiBtYXkgY2hvb3NlIEdFVCB2ZXJiIGZvciBzYWZlCiBtZXRob2RzLCBhbmQgUFVUIHZlcmIgZm9yIGlkZW1wb3RlbnQgbWV0aG9kcyBpbnN0ZWFkIG9mIHRoZSBkZWZhdWx0IFBPU1QuCgoNCgUEEQQAARIEmwUHFwoOCgYEEQQAAgASBJwFBBwKDwoHBBEEAAIAARIEnAUEFwoPCgcEEQQAAgACEgScBRobCiQKBgQRBAACARIEnQUEHCIUIGltcGxpZXMgaWRlbXBvdGVudAoKDwoHBBEEAAIBARIEnQUEEwoPCgcEEQQAAgECEgSdBRobCjcKBgQRBAACAhIEngUEHCInIGlkZW1wb3RlbnQsIGJ1dCBtYXkgaGF2ZSBzaWRlIGVmZmVjdHMKCg8KBwQRBAACAgESBJ4FBA4KDwoHBBEEAAICAhIEngUaGwoOCgQEEQIBEgagBQKhBScKDQoFBBECAQQSBKAFAgoKDQoFBBECAQYSBKAFCxsKDQoFBBECAQESBKAFHC0KDQoFBBECAQMSBKEFBggKDQoFBBECAQgSBKEFCSYKDQoFBBECAQcSBKEFEiUKTwoEBBECAhIEpAUCOhpBIFRoZSBwYXJzZXIgc3RvcmVzIG9wdGlvbnMgaXQgZG9lc24ndCByZWNvZ25pemUgaGVyZS4gU2VlIGFib3ZlLgoKDQoFBBECAgQSBKQFAgoKDQoFBBECAgYSBKQFCx4KDQoFBBECAgESBKQFHzMKDQoFBBECAgMSBKQFNjkKWgoDBBEFEgSnBQIZGk0gQ2xpZW50cyBjYW4gZGVmaW5lIGN1c3RvbSBvcHRpb25zIGluIGV4dGVuc2lvbnMgb2YgdGhpcyBtZXNzYWdlLiBTZWUgYWJvdmUuCgoMCgQEEQUAEgSnBQ0YCg0KBQQRBQABEgSnBQ0RCg0KBQQRBQACEgSnBRUYCosDCgIEEhIGsQUAxQUBGvwCIEEgbWVzc2FnZSByZXByZXNlbnRpbmcgYSBvcHRpb24gdGhlIHBhcnNlciBkb2VzIG5vdCByZWNvZ25pemUuIFRoaXMgb25seQogYXBwZWFycyBpbiBvcHRpb25zIHByb3RvcyBjcmVhdGVkIGJ5IHRoZSBjb21waWxlcjo6UGFyc2VyIGNsYXNzLgogRGVzY3JpcHRvclBvb2wgcmVzb2x2ZXMgdGhlc2Ugd2hlbiBidWlsZGluZyBEZXNjcmlwdG9yIG9iamVjdHMuIFRoZXJlZm9yZSwKIG9wdGlvbnMgcHJvdG9zIGluIGRlc2NyaXB0b3Igb2JqZWN0cyAoZS5nLiByZXR1cm5lZCBieSBEZXNjcmlwdG9yOjpvcHRpb25zKCksCiBvciBwcm9kdWNlZCBieSBEZXNjcmlwdG9yOjpDb3B5VG8oKSkgd2lsbCBuZXZlciBoYXZlIFVuaW50ZXJwcmV0ZWRPcHRpb25zCiBpbiB0aGVtLgoKCwoDBBIBEgSxBQgbCssCCgQEEgMAEga3BQK6BQMaugIgVGhlIG5hbWUgb2YgdGhlIHVuaW50ZXJwcmV0ZWQgb3B0aW9uLiAgRWFjaCBzdHJpbmcgcmVwcmVzZW50cyBhIHNlZ21lbnQgaW4KIGEgZG90LXNlcGFyYXRlZCBuYW1lLiAgaXNfZXh0ZW5zaW9uIGlzIHRydWUgaWZmIGEgc2VnbWVudCByZXByZXNlbnRzIGFuCiBleHRlbnNpb24gKGRlbm90ZWQgd2l0aCBwYXJlbnRoZXNlcyBpbiBvcHRpb25zIHNwZWNzIGluIC5wcm90byBmaWxlcykuCiBFLmcuLHsgWyJmb28iLCBmYWxzZV0sIFsiYmFyLmJheiIsIHRydWVdLCBbInF1eCIsIGZhbHNlXSB9IHJlcHJlc2VudHMKICJmb28uKGJhci5iYXopLnF1eCIuCgoNCgUEEgMAARIEtwUKEgoOCgYEEgMAAgASBLgFBCIKDwoHBBIDAAIABBIEuAUEDAoPCgcEEgMAAgAFEgS4BQ0TCg8KBwQSAwACAAESBLgFFB0KDwoHBBIDAAIAAxIEuAUgIQoOCgYEEgMAAgESBLkFBCMKDwoHBBIDAAIBBBIEuQUEDAoPCgcEEgMAAgEFEgS5BQ0RCg8KBwQSAwACAQESBLkFEh4KDwoHBBIDAAIBAxIEuQUhIgoMCgQEEgIAEgS7BQIdCg0KBQQSAgAEEgS7BQIKCg0KBQQSAgAGEgS7BQsTCg0KBQQSAgABEgS7BRQYCg0KBQQSAgADEgS7BRscCpwBCgQEEgIBEgS/BQInGo0BIFRoZSB2YWx1ZSBvZiB0aGUgdW5pbnRlcnByZXRlZCBvcHRpb24sIGluIHdoYXRldmVyIHR5cGUgdGhlIHRva2VuaXplcgogaWRlbnRpZmllZCBpdCBhcyBkdXJpbmcgcGFyc2luZy4gRXhhY3RseSBvbmUgb2YgdGhlc2Ugc2hvdWxkIGJlIHNldC4KCg0KBQQSAgEEEgS/BQIKCg0KBQQSAgEFEgS/BQsRCg0KBQQSAgEBEgS/BRIiCg0KBQQSAgEDEgS/BSUmCgwKBAQSAgISBMAFAikKDQoFBBICAgQSBMAFAgoKDQoFBBICAgUSBMAFCxEKDQoFBBICAgESBMAFEiQKDQoFBBICAgMSBMAFJygKDAoEBBICAxIEwQUCKAoNCgUEEgIDBBIEwQUCCgoNCgUEEgIDBRIEwQULEAoNCgUEEgIDARIEwQURIwoNCgUEEgIDAxIEwQUmJwoMCgQEEgIEEgTCBQIjCg0KBQQSAgQEEgTCBQIKCg0KBQQSAgQFEgTCBQsRCg0KBQQSAgQBEgTCBRIeCg0KBQQSAgQDEgTCBSEiCgwKBAQSAgUSBMMFAiIKDQoFBBICBQQSBMMFAgoKDQoFBBICBQUSBMMFCxAKDQoFBBICBQESBMMFER0KDQoFBBICBQMSBMMFICEKDAoEBBICBhIExAUCJgoNCgUEEgIGBBIExAUCCgoNCgUEEgIGBRIExAULEQoNCgUEEgIGARIExAUSIQoNCgUEEgIGAxIExAUkJQraAQoCBBMSBswFAM0GARpqIEVuY2Fwc3VsYXRlcyBpbmZvcm1hdGlvbiBhYm91dCB0aGUgb3JpZ2luYWwgc291cmNlIGZpbGUgZnJvbSB3aGljaCBhCiBGaWxlRGVzY3JpcHRvclByb3RvIHdhcyBnZW5lcmF0ZWQuCjJgID09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KIE9wdGlvbmFsIHNvdXJjZSBjb2RlIGluZm8KCgsKAwQTARIEzAUIFgqCEQoEBBMCABIE+AUCIRrzECBBIExvY2F0aW9uIGlkZW50aWZpZXMgYSBwaWVjZSBvZiBzb3VyY2UgY29kZSBpbiBhIC5wcm90byBmaWxlIHdoaWNoCiBjb3JyZXNwb25kcyB0byBhIHBhcnRpY3VsYXIgZGVmaW5pdGlvbi4gIFRoaXMgaW5mb3JtYXRpb24gaXMgaW50ZW5kZWQKIHRvIGJlIHVzZWZ1bCB0byBJREVzLCBjb2RlIGluZGV4ZXJzLCBkb2N1bWVudGF0aW9uIGdlbmVyYXRvcnMsIGFuZCBzaW1pbGFyCiB0b29scy4KCiBGb3IgZXhhbXBsZSwgc2F5IHdlIGhhdmUgYSBmaWxlIGxpa2U6CiAgIG1lc3NhZ2UgRm9vIHsKICAgICBvcHRpb25hbCBzdHJpbmcgZm9vID0gMTsKICAgfQogTGV0J3MgbG9vayBhdCBqdXN0IHRoZSBmaWVsZCBkZWZpbml0aW9uOgogICBvcHRpb25hbCBzdHJpbmcgZm9vID0gMTsKICAgXiAgICAgICBeXiAgICAgXl4gIF4gIF5eXgogICBhICAgICAgIGJjICAgICBkZSAgZiAgZ2hpCiBXZSBoYXZlIHRoZSBmb2xsb3dpbmcgbG9jYXRpb25zOgogICBzcGFuICAgcGF0aCAgICAgICAgICAgICAgIHJlcHJlc2VudHMKICAgW2EsaSkgIFsgNCwgMCwgMiwgMCBdICAgICBUaGUgd2hvbGUgZmllbGQgZGVmaW5pdGlvbi4KICAgW2EsYikgIFsgNCwgMCwgMiwgMCwgNCBdICBUaGUgbGFiZWwgKG9wdGlvbmFsKS4KICAgW2MsZCkgIFsgNCwgMCwgMiwgMCwgNSBdICBUaGUgdHlwZSAoc3RyaW5nKS4KICAgW2UsZikgIFsgNCwgMCwgMiwgMCwgMSBdICBUaGUgbmFtZSAoZm9vKS4KICAgW2csaCkgIFsgNCwgMCwgMiwgMCwgMyBdICBUaGUgbnVtYmVyICgxKS4KCiBOb3RlczoKIC0gQSBsb2NhdGlvbiBtYXkgcmVmZXIgdG8gYSByZXBlYXRlZCBmaWVsZCBpdHNlbGYgKGkuZS4gbm90IHRvIGFueQogICBwYXJ0aWN1bGFyIGluZGV4IHdpdGhpbiBpdCkuICBUaGlzIGlzIHVzZWQgd2hlbmV2ZXIgYSBzZXQgb2YgZWxlbWVudHMgYXJlCiAgIGxvZ2ljYWxseSBlbmNsb3NlZCBpbiBhIHNpbmdsZSBjb2RlIHNlZ21lbnQuICBGb3IgZXhhbXBsZSwgYW4gZW50aXJlCiAgIGV4dGVuZCBibG9jayAocG9zc2libHkgY29udGFpbmluZyBtdWx0aXBsZSBleHRlbnNpb24gZGVmaW5pdGlvbnMpIHdpbGwKICAgaGF2ZSBhbiBvdXRlciBsb2NhdGlvbiB3aG9zZSBwYXRoIHJlZmVycyB0byB0aGUgImV4dGVuc2lvbnMiIHJlcGVhdGVkCiAgIGZpZWxkIHdpdGhvdXQgYW4gaW5kZXguCiAtIE11bHRpcGxlIGxvY2F0aW9ucyBtYXkgaGF2ZSB0aGUgc2FtZSBwYXRoLiAgVGhpcyBoYXBwZW5zIHdoZW4gYSBzaW5nbGUKICAgbG9naWNhbCBkZWNsYXJhdGlvbiBpcyBzcHJlYWQgb3V0IGFjcm9zcyBtdWx0aXBsZSBwbGFjZXMuICBUaGUgbW9zdAogICBvYnZpb3VzIGV4YW1wbGUgaXMgdGhlICJleHRlbmQiIGJsb2NrIGFnYWluIC0tIHRoZXJlIG1heSBiZSBtdWx0aXBsZQogICBleHRlbmQgYmxvY2tzIGluIHRoZSBzYW1lIHNjb3BlLCBlYWNoIG9mIHdoaWNoIHdpbGwgaGF2ZSB0aGUgc2FtZSBwYXRoLgogLSBBIGxvY2F0aW9uJ3Mgc3BhbiBpcyBub3QgYWx3YXlzIGEgc3Vic2V0IG9mIGl0cyBwYXJlbnQncyBzcGFuLiAgRm9yCiAgIGV4YW1wbGUsIHRoZSAiZXh0ZW5kZWUiIG9mIGFuIGV4dGVuc2lvbiBkZWNsYXJhdGlvbiBhcHBlYXJzIGF0IHRoZQogICBiZWdpbm5pbmcgb2YgdGhlICJleHRlbmQiIGJsb2NrIGFuZCBpcyBzaGFyZWQgYnkgYWxsIGV4dGVuc2lvbnMgd2l0aGluCiAgIHRoZSBibG9jay4KIC0gSnVzdCBiZWNhdXNlIGEgbG9jYXRpb24ncyBzcGFuIGlzIGEgc3Vic2V0IG9mIHNvbWUgb3RoZXIgbG9jYXRpb24ncyBzcGFuCiAgIGRvZXMgbm90IG1lYW4gdGhhdCBpdCBpcyBhIGRlc2NlbmRlbnQuICBGb3IgZXhhbXBsZSwgYSAiZ3JvdXAiIGRlZmluZXMKICAgYm90aCBhIHR5cGUgYW5kIGEgZmllbGQgaW4gYSBzaW5nbGUgZGVjbGFyYXRpb24uICBUaHVzLCB0aGUgbG9jYXRpb25zCiAgIGNvcnJlc3BvbmRpbmcgdG8gdGhlIHR5cGUgYW5kIGZpZWxkIGFuZCB0aGVpciBjb21wb25lbnRzIHdpbGwgb3ZlcmxhcC4KIC0gQ29kZSB3aGljaCB0cmllcyB0byBpbnRlcnByZXQgbG9jYXRpb25zIHNob3VsZCBwcm9iYWJseSBiZSBkZXNpZ25lZCB0bwogICBpZ25vcmUgdGhvc2UgdGhhdCBpdCBkb2Vzbid0IHVuZGVyc3RhbmQsIGFzIG1vcmUgdHlwZXMgb2YgbG9jYXRpb25zIGNvdWxkCiAgIGJlIHJlY29yZGVkIGluIHRoZSBmdXR1cmUuCgoNCgUEEwIABBIE+AUCCgoNCgUEEwIABhIE+AULEwoNCgUEEwIAARIE+AUUHAoNCgUEEwIAAxIE+AUfIAoOCgQEEwMAEgb5BQLMBgMKDQoFBBMDAAESBPkFChIKgwcKBgQTAwACABIEkQYEKhryBiBJZGVudGlmaWVzIHdoaWNoIHBhcnQgb2YgdGhlIEZpbGVEZXNjcmlwdG9yUHJvdG8gd2FzIGRlZmluZWQgYXQgdGhpcwogbG9jYXRpb24uCgogRWFjaCBlbGVtZW50IGlzIGEgZmllbGQgbnVtYmVyIG9yIGFuIGluZGV4LiAgVGhleSBmb3JtIGEgcGF0aCBmcm9tCiB0aGUgcm9vdCBGaWxlRGVzY3JpcHRvclByb3RvIHRvIHRoZSBwbGFjZSB3aGVyZSB0aGUgZGVmaW5pdGlvbi4gIEZvcgogZXhhbXBsZSwgdGhpcyBwYXRoOgogICBbIDQsIDMsIDIsIDcsIDEgXQogcmVmZXJzIHRvOgogICBmaWxlLm1lc3NhZ2VfdHlwZSgzKSAgLy8gNCwgMwogICAgICAgLmZpZWxkKDcpICAgICAgICAgLy8gMiwgNwogICAgICAgLm5hbWUoKSAgICAgICAgICAgLy8gMQogVGhpcyBpcyBiZWNhdXNlIEZpbGVEZXNjcmlwdG9yUHJvdG8ubWVzc2FnZV90eXBlIGhhcyBmaWVsZCBudW1iZXIgNDoKICAgcmVwZWF0ZWQgRGVzY3JpcHRvclByb3RvIG1lc3NhZ2VfdHlwZSA9IDQ7CiBhbmQgRGVzY3JpcHRvclByb3RvLmZpZWxkIGhhcyBmaWVsZCBudW1iZXIgMjoKICAgcmVwZWF0ZWQgRmllbGREZXNjcmlwdG9yUHJvdG8gZmllbGQgPSAyOwogYW5kIEZpZWxkRGVzY3JpcHRvclByb3RvLm5hbWUgaGFzIGZpZWxkIG51bWJlciAxOgogICBvcHRpb25hbCBzdHJpbmcgbmFtZSA9IDE7CgogVGh1cywgdGhlIGFib3ZlIHBhdGggZ2l2ZXMgdGhlIGxvY2F0aW9uIG9mIGEgZmllbGQgbmFtZS4gIElmIHdlIHJlbW92ZWQKIHRoZSBsYXN0IGVsZW1lbnQ6CiAgIFsgNCwgMywgMiwgNyBdCiB0aGlzIHBhdGggcmVmZXJzIHRvIHRoZSB3aG9sZSBmaWVsZCBkZWNsYXJhdGlvbiAoZnJvbSB0aGUgYmVnaW5uaW5nCiBvZiB0aGUgbGFiZWwgdG8gdGhlIHRlcm1pbmF0aW5nIHNlbWljb2xvbikuCgoPCgcEEwMAAgAEEgSRBgQMCg8KBwQTAwACAAUSBJEGDRIKDwoHBBMDAAIAARIEkQYTFwoPCgcEEwMAAgADEgSRBhobCg8KBwQTAwACAAgSBJEGHCkKEgoKBBMDAAIACOcHABIEkQYdKAoTCgsEEwMAAgAI5wcAAhIEkQYdIwoUCgwEEwMAAgAI5wcAAgASBJEGHSMKFQoNBBMDAAIACOcHAAIAARIEkQYdIwoTCgsEEwMAAgAI5wcAAxIEkQYkKArSAgoGBBMDAAIBEgSYBgQqGsECIEFsd2F5cyBoYXMgZXhhY3RseSB0aHJlZSBvciBmb3VyIGVsZW1lbnRzOiBzdGFydCBsaW5lLCBzdGFydCBjb2x1bW4sCiBlbmQgbGluZSAob3B0aW9uYWwsIG90aGVyd2lzZSBhc3N1bWVkIHNhbWUgYXMgc3RhcnQgbGluZSksIGVuZCBjb2x1bW4uCiBUaGVzZSBhcmUgcGFja2VkIGludG8gYSBzaW5nbGUgZmllbGQgZm9yIGVmZmljaWVuY3kuICBOb3RlIHRoYXQgbGluZQogYW5kIGNvbHVtbiBudW1iZXJzIGFyZSB6ZXJvLWJhc2VkIC0tIHR5cGljYWxseSB5b3Ugd2lsbCB3YW50IHRvIGFkZAogMSB0byBlYWNoIGJlZm9yZSBkaXNwbGF5aW5nIHRvIGEgdXNlci4KCg8KBwQTAwACAQQSBJgGBAwKDwoHBBMDAAIBBRIEmAYNEgoPCgcEEwMAAgEBEgSYBhMXCg8KBwQTAwACAQMSBJgGGhsKDwoHBBMDAAIBCBIEmAYcKQoSCgoEEwMAAgEI5wcAEgSYBh0oChMKCwQTAwACAQjnBwACEgSYBh0jChQKDAQTAwACAQjnBwACABIEmAYdIwoVCg0EEwMAAgEI5wcAAgABEgSYBh0jChMKCwQTAwACAQjnBwADEgSYBiQoCqUMCgYEEwMAAgISBMkGBCkalAwgSWYgdGhpcyBTb3VyY2VDb2RlSW5mbyByZXByZXNlbnRzIGEgY29tcGxldGUgZGVjbGFyYXRpb24sIHRoZXNlIGFyZSBhbnkKIGNvbW1lbnRzIGFwcGVhcmluZyBiZWZvcmUgYW5kIGFmdGVyIHRoZSBkZWNsYXJhdGlvbiB3aGljaCBhcHBlYXIgdG8gYmUKIGF0dGFjaGVkIHRvIHRoZSBkZWNsYXJhdGlvbi4KCiBBIHNlcmllcyBvZiBsaW5lIGNvbW1lbnRzIGFwcGVhcmluZyBvbiBjb25zZWN1dGl2ZSBsaW5lcywgd2l0aCBubyBvdGhlcgogdG9rZW5zIGFwcGVhcmluZyBvbiB0aG9zZSBsaW5lcywgd2lsbCBiZSB0cmVhdGVkIGFzIGEgc2luZ2xlIGNvbW1lbnQuCgogbGVhZGluZ19kZXRhY2hlZF9jb21tZW50cyB3aWxsIGtlZXAgcGFyYWdyYXBocyBvZiBjb21tZW50cyB0aGF0IGFwcGVhcgogYmVmb3JlIChidXQgbm90IGNvbm5lY3RlZCB0bykgdGhlIGN1cnJlbnQgZWxlbWVudC4gRWFjaCBwYXJhZ3JhcGgsCiBzZXBhcmF0ZWQgYnkgZW1wdHkgbGluZXMsIHdpbGwgYmUgb25lIGNvbW1lbnQgZWxlbWVudCBpbiB0aGUgcmVwZWF0ZWQKIGZpZWxkLgoKIE9ubHkgdGhlIGNvbW1lbnQgY29udGVudCBpcyBwcm92aWRlZDsgY29tbWVudCBtYXJrZXJzIChlLmcuIC8vKSBhcmUKIHN0cmlwcGVkIG91dC4gIEZvciBibG9jayBjb21tZW50cywgbGVhZGluZyB3aGl0ZXNwYWNlIGFuZCBhbiBhc3Rlcmlzawogd2lsbCBiZSBzdHJpcHBlZCBmcm9tIHRoZSBiZWdpbm5pbmcgb2YgZWFjaCBsaW5lIG90aGVyIHRoYW4gdGhlIGZpcnN0LgogTmV3bGluZXMgYXJlIGluY2x1ZGVkIGluIHRoZSBvdXRwdXQuCgogRXhhbXBsZXM6CgogICBvcHRpb25hbCBpbnQzMiBmb28gPSAxOyAgLy8gQ29tbWVudCBhdHRhY2hlZCB0byBmb28uCiAgIC8vIENvbW1lbnQgYXR0YWNoZWQgdG8gYmFyLgogICBvcHRpb25hbCBpbnQzMiBiYXIgPSAyOwoKICAgb3B0aW9uYWwgc3RyaW5nIGJheiA9IDM7CiAgIC8vIENvbW1lbnQgYXR0YWNoZWQgdG8gYmF6LgogICAvLyBBbm90aGVyIGxpbmUgYXR0YWNoZWQgdG8gYmF6LgoKICAgLy8gQ29tbWVudCBhdHRhY2hlZCB0byBxdXguCiAgIC8vCiAgIC8vIEFub3RoZXIgbGluZSBhdHRhY2hlZCB0byBxdXguCiAgIG9wdGlvbmFsIGRvdWJsZSBxdXggPSA0OwoKICAgLy8gRGV0YWNoZWQgY29tbWVudCBmb3IgY29yZ2UuIFRoaXMgaXMgbm90IGxlYWRpbmcgb3IgdHJhaWxpbmcgY29tbWVudHMKICAgLy8gdG8gcXV4IG9yIGNvcmdlIGJlY2F1c2UgdGhlcmUgYXJlIGJsYW5rIGxpbmVzIHNlcGFyYXRpbmcgaXQgZnJvbQogICAvLyBib3RoLgoKICAgLy8gRGV0YWNoZWQgY29tbWVudCBmb3IgY29yZ2UgcGFyYWdyYXBoIDIuCgogICBvcHRpb25hbCBzdHJpbmcgY29yZ2UgPSA1OwogICAvKiBCbG9jayBjb21tZW50IGF0dGFjaGVkCiAgICAqIHRvIGNvcmdlLiAgTGVhZGluZyBhc3Rlcmlza3MKICAgICogd2lsbCBiZSByZW1vdmVkLiAqLwogICAvKiBCbG9jayBjb21tZW50IGF0dGFjaGVkIHRvCiAgICAqIGdyYXVsdC4gKi8KICAgb3B0aW9uYWwgaW50MzIgZ3JhdWx0ID0gNjsKCiAgIC8vIGlnbm9yZWQgZGV0YWNoZWQgY29tbWVudHMuCgoPCgcEEwMAAgIEEgTJBgQMCg8KBwQTAwACAgUSBMkGDRMKDwoHBBMDAAICARIEyQYUJAoPCgcEEwMAAgIDEgTJBicoCg4KBgQTAwACAxIEygYEKgoPCgcEEwMAAgMEEgTKBgQMCg8KBwQTAwACAwUSBMoGDRMKDwoHBBMDAAIDARIEygYUJQoPCgcEEwMAAgMDEgTKBigpCg4KBgQTAwACBBIEywYEMgoPCgcEEwMAAgQEEgTLBgQMCg8KBwQTAwACBAUSBMsGDRMKDwoHBBMDAAIEARIEywYULQoPCgcEEwMAAgQDEgTLBjAxCu4BCgIEFBIG0gYA5wYBGt8BIERlc2NyaWJlcyB0aGUgcmVsYXRpb25zaGlwIGJldHdlZW4gZ2VuZXJhdGVkIGNvZGUgYW5kIGl0cyBvcmlnaW5hbCBzb3VyY2UKIGZpbGUuIEEgR2VuZXJhdGVkQ29kZUluZm8gbWVzc2FnZSBpcyBhc3NvY2lhdGVkIHdpdGggb25seSBvbmUgZ2VuZXJhdGVkCiBzb3VyY2UgZmlsZSwgYnV0IG1heSBjb250YWluIHJlZmVyZW5jZXMgdG8gZGlmZmVyZW50IHNvdXJjZSAucHJvdG8gZmlsZXMuCgoLCgMEFAESBNIGCBkKeAoEBBQCABIE1QYCJRpqIEFuIEFubm90YXRpb24gY29ubmVjdHMgc29tZSBzcGFuIG9mIHRleHQgaW4gZ2VuZXJhdGVkIGNvZGUgdG8gYW4gZWxlbWVudAogb2YgaXRzIGdlbmVyYXRpbmcgLnByb3RvIGZpbGUuCgoNCgUEFAIABBIE1QYCCgoNCgUEFAIABhIE1QYLFQoNCgUEFAIAARIE1QYWIAoNCgUEFAIAAxIE1QYjJAoOCgQEFAMAEgbWBgLmBgMKDQoFBBQDAAESBNYGChQKjwEKBgQUAwACABIE2QYEKhp/IElkZW50aWZpZXMgdGhlIGVsZW1lbnQgaW4gdGhlIG9yaWdpbmFsIHNvdXJjZSAucHJvdG8gZmlsZS4gVGhpcyBmaWVsZAogaXMgZm9ybWF0dGVkIHRoZSBzYW1lIGFzIFNvdXJjZUNvZGVJbmZvLkxvY2F0aW9uLnBhdGguCgoPCgcEFAMAAgAEEgTZBgQMCg8KBwQUAwACAAUSBNkGDRIKDwoHBBQDAAIAARIE2QYTFwoPCgcEFAMAAgADEgTZBhobCg8KBwQUAwACAAgSBNkGHCkKEgoKBBQDAAIACOcHABIE2QYdKAoTCgsEFAMAAgAI5wcAAhIE2QYdIwoUCgwEFAMAAgAI5wcAAgASBNkGHSMKFQoNBBQDAAIACOcHAAIAARIE2QYdIwoTCgsEFAMAAgAI5wcAAxIE2QYkKApPCgYEFAMAAgESBNwGBCQaPyBJZGVudGlmaWVzIHRoZSBmaWxlc3lzdGVtIHBhdGggdG8gdGhlIG9yaWdpbmFsIHNvdXJjZSAucHJvdG8uCgoPCgcEFAMAAgEEEgTcBgQMCg8KBwQUAwACAQUSBNwGDRMKDwoHBBQDAAIBARIE3AYUHwoPCgcEFAMAAgEDEgTcBiIjCncKBgQUAwACAhIE4AYEHRpnIElkZW50aWZpZXMgdGhlIHN0YXJ0aW5nIG9mZnNldCBpbiBieXRlcyBpbiB0aGUgZ2VuZXJhdGVkIGNvZGUKIHRoYXQgcmVsYXRlcyB0byB0aGUgaWRlbnRpZmllZCBvYmplY3QuCgoPCgcEFAMAAgIEEgTgBgQMCg8KBwQUAwACAgUSBOAGDRIKDwoHBBQDAAICARIE4AYTGAoPCgcEFAMAAgIDEgTgBhscCtsBCgYEFAMAAgMSBOUGBBsaygEgSWRlbnRpZmllcyB0aGUgZW5kaW5nIG9mZnNldCBpbiBieXRlcyBpbiB0aGUgZ2VuZXJhdGVkIGNvZGUgdGhhdAogcmVsYXRlcyB0byB0aGUgaWRlbnRpZmllZCBvZmZzZXQuIFRoZSBlbmQgb2Zmc2V0IHNob3VsZCBiZSBvbmUgcGFzdAogdGhlIGxhc3QgcmVsZXZhbnQgYnl0ZSAoc28gdGhlIGxlbmd0aCBvZiB0aGUgdGV4dCA9IGVuZCAtIGJlZ2luKS4KCg8KBwQUAwACAwQSBOUGBAwKDwoHBBQDAAIDBRIE5QYNEgoPCgcEFAMAAgMBEgTlBhMWCg8KBwQUAwACAwMSBOUGGRoKqV0KFGdvZ29wcm90by9nb2dvLnByb3RvEglnb2dvcHJvdG8aIGdvb2dsZS9wcm90b2J1Zi9kZXNjcmlwdG9yLnByb3RvOk4KE2dvcHJvdG9fZW51bV9wcmVmaXgSHC5nb29nbGUucHJvdG9idWYuRW51bU9wdGlvbnMYseQDIAEoCFIRZ29wcm90b0VudW1QcmVmaXg6UgoVZ29wcm90b19lbnVtX3N0cmluZ2VyEhwuZ29vZ2xlLnByb3RvYnVmLkVudW1PcHRpb25zGMXkAyABKAhSE2dvcHJvdG9FbnVtU3RyaW5nZXI6QwoNZW51bV9zdHJpbmdlchIcLmdvb2dsZS5wcm90b2J1Zi5FbnVtT3B0aW9ucxjG5AMgASgIUgxlbnVtU3RyaW5nZXI6RwoPZW51bV9jdXN0b21uYW1lEhwuZ29vZ2xlLnByb3RvYnVmLkVudW1PcHRpb25zGMfkAyABKAlSDmVudW1DdXN0b21uYW1lOjoKCGVudW1kZWNsEhwuZ29vZ2xlLnByb3RvYnVmLkVudW1PcHRpb25zGMjkAyABKAhSCGVudW1kZWNsOlYKFGVudW12YWx1ZV9jdXN0b21uYW1lEiEuZ29vZ2xlLnByb3RvYnVmLkVudW1WYWx1ZU9wdGlvbnMY0YMEIAEoCVITZW51bXZhbHVlQ3VzdG9tbmFtZTpOChNnb3Byb3RvX2dldHRlcnNfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGJnsAyABKAhSEWdvcHJvdG9HZXR0ZXJzQWxsOlUKF2dvcHJvdG9fZW51bV9wcmVmaXhfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGJrsAyABKAhSFGdvcHJvdG9FbnVtUHJlZml4QWxsOlAKFGdvcHJvdG9fc3RyaW5nZXJfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGJvsAyABKAhSEmdvcHJvdG9TdHJpbmdlckFsbDpKChF2ZXJib3NlX2VxdWFsX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxic7AMgASgIUg92ZXJib3NlRXF1YWxBbGw6OQoIZmFjZV9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYnewDIAEoCFIHZmFjZUFsbDpBCgxnb3N0cmluZ19hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYnuwDIAEoCFILZ29zdHJpbmdBbGw6QQoMcG9wdWxhdGVfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGJ/sAyABKAhSC3BvcHVsYXRlQWxsOkEKDHN0cmluZ2VyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxig7AMgASgIUgtzdHJpbmdlckFsbDo/Cgtvbmx5b25lX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxih7AMgASgIUgpvbmx5b25lQWxsOjsKCWVxdWFsX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxil7AMgASgIUghlcXVhbEFsbDpHCg9kZXNjcmlwdGlvbl9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYpuwDIAEoCFIOZGVzY3JpcHRpb25BbGw6PwoLdGVzdGdlbl9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYp+wDIAEoCFIKdGVzdGdlbkFsbDpBCgxiZW5jaGdlbl9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYqOwDIAEoCFILYmVuY2hnZW5BbGw6QwoNbWFyc2hhbGVyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxip7AMgASgIUgxtYXJzaGFsZXJBbGw6RwoPdW5tYXJzaGFsZXJfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGKrsAyABKAhSDnVubWFyc2hhbGVyQWxsOlAKFHN0YWJsZV9tYXJzaGFsZXJfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGKvsAyABKAhSEnN0YWJsZU1hcnNoYWxlckFsbDo7CglzaXplcl9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYrOwDIAEoCFIIc2l6ZXJBbGw6WQoZZ29wcm90b19lbnVtX3N0cmluZ2VyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxit7AMgASgIUhZnb3Byb3RvRW51bVN0cmluZ2VyQWxsOkoKEWVudW1fc3RyaW5nZXJfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGK7sAyABKAhSD2VudW1TdHJpbmdlckFsbDpQChR1bnNhZmVfbWFyc2hhbGVyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxiv7AMgASgIUhJ1bnNhZmVNYXJzaGFsZXJBbGw6VAoWdW5zYWZlX3VubWFyc2hhbGVyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxiw7AMgASgIUhR1bnNhZmVVbm1hcnNoYWxlckFsbDpbChpnb3Byb3RvX2V4dGVuc2lvbnNfbWFwX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxix7AMgASgIUhdnb3Byb3RvRXh0ZW5zaW9uc01hcEFsbDpYChhnb3Byb3RvX3VucmVjb2duaXplZF9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYsuwDIAEoCFIWZ29wcm90b1VucmVjb2duaXplZEFsbDpJChBnb2dvcHJvdG9faW1wb3J0EhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGLPsAyABKAhSD2dvZ29wcm90b0ltcG9ydDpFCg5wcm90b3NpemVyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxi07AMgASgIUg1wcm90b3NpemVyQWxsOj8KC2NvbXBhcmVfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGLXsAyABKAhSCmNvbXBhcmVBbGw6QQoMdHlwZWRlY2xfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGLbsAyABKAhSC3R5cGVkZWNsQWxsOkEKDGVudW1kZWNsX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxi37AMgASgIUgtlbnVtZGVjbEFsbDpRChRnb3Byb3RvX3JlZ2lzdHJhdGlvbhIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxi47AMgASgIUhNnb3Byb3RvUmVnaXN0cmF0aW9uOkcKD21lc3NhZ2VuYW1lX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxi57AMgASgIUg5tZXNzYWdlbmFtZUFsbDpKCg9nb3Byb3RvX2dldHRlcnMSHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYgfQDIAEoCFIOZ29wcm90b0dldHRlcnM6TAoQZ29wcm90b19zdHJpbmdlchIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiD9AMgASgIUg9nb3Byb3RvU3RyaW5nZXI6RgoNdmVyYm9zZV9lcXVhbBIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiE9AMgASgIUgx2ZXJib3NlRXF1YWw6NQoEZmFjZRIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiF9AMgASgIUgRmYWNlOj0KCGdvc3RyaW5nEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGIb0AyABKAhSCGdvc3RyaW5nOj0KCHBvcHVsYXRlEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGIf0AyABKAhSCHBvcHVsYXRlOj0KCHN0cmluZ2VyEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGMCLBCABKAhSCHN0cmluZ2VyOjsKB29ubHlvbmUSHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYifQDIAEoCFIHb25seW9uZTo3CgVlcXVhbBIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiN9AMgASgIUgVlcXVhbDpDCgtkZXNjcmlwdGlvbhIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiO9AMgASgIUgtkZXNjcmlwdGlvbjo7Cgd0ZXN0Z2VuEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGI/0AyABKAhSB3Rlc3RnZW46PQoIYmVuY2hnZW4SHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYkPQDIAEoCFIIYmVuY2hnZW46PwoJbWFyc2hhbGVyEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGJH0AyABKAhSCW1hcnNoYWxlcjpDCgt1bm1hcnNoYWxlchIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiS9AMgASgIUgt1bm1hcnNoYWxlcjpMChBzdGFibGVfbWFyc2hhbGVyEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGJP0AyABKAhSD3N0YWJsZU1hcnNoYWxlcjo3CgVzaXplchIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiU9AMgASgIUgVzaXplcjpMChB1bnNhZmVfbWFyc2hhbGVyEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGJf0AyABKAhSD3Vuc2FmZU1hcnNoYWxlcjpQChJ1bnNhZmVfdW5tYXJzaGFsZXISHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYmPQDIAEoCFIRdW5zYWZlVW5tYXJzaGFsZXI6VwoWZ29wcm90b19leHRlbnNpb25zX21hcBIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiZ9AMgASgIUhRnb3Byb3RvRXh0ZW5zaW9uc01hcDpUChRnb3Byb3RvX3VucmVjb2duaXplZBIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxia9AMgASgIUhNnb3Byb3RvVW5yZWNvZ25pemVkOkEKCnByb3Rvc2l6ZXISHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYnPQDIAEoCFIKcHJvdG9zaXplcjo7Cgdjb21wYXJlEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGJ30AyABKAhSB2NvbXBhcmU6PQoIdHlwZWRlY2wSHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYnvQDIAEoCFIIdHlwZWRlY2w6QwoLbWVzc2FnZW5hbWUSHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYofQDIAEoCFILbWVzc2FnZW5hbWU6OwoIbnVsbGFibGUSHS5nb29nbGUucHJvdG9idWYuRmllbGRPcHRpb25zGOn7AyABKAhSCG51bGxhYmxlOjUKBWVtYmVkEh0uZ29vZ2xlLnByb3RvYnVmLkZpZWxkT3B0aW9ucxjq+wMgASgIUgVlbWJlZDo/CgpjdXN0b210eXBlEh0uZ29vZ2xlLnByb3RvYnVmLkZpZWxkT3B0aW9ucxjr+wMgASgJUgpjdXN0b210eXBlOj8KCmN1c3RvbW5hbWUSHS5nb29nbGUucHJvdG9idWYuRmllbGRPcHRpb25zGOz7AyABKAlSCmN1c3RvbW5hbWU6OQoHanNvbnRhZxIdLmdvb2dsZS5wcm90b2J1Zi5GaWVsZE9wdGlvbnMY7fsDIAEoCVIHanNvbnRhZzo7Cghtb3JldGFncxIdLmdvb2dsZS5wcm90b2J1Zi5GaWVsZE9wdGlvbnMY7vsDIAEoCVIIbW9yZXRhZ3M6OwoIY2FzdHR5cGUSHS5nb29nbGUucHJvdG9idWYuRmllbGRPcHRpb25zGO/7AyABKAlSCGNhc3R0eXBlOjkKB2Nhc3RrZXkSHS5nb29nbGUucHJvdG9idWYuRmllbGRPcHRpb25zGPD7AyABKAlSB2Nhc3RrZXk6PQoJY2FzdHZhbHVlEh0uZ29vZ2xlLnByb3RvYnVmLkZpZWxkT3B0aW9ucxjx+wMgASgJUgljYXN0dmFsdWU6OQoHc3RkdGltZRIdLmdvb2dsZS5wcm90b2J1Zi5GaWVsZE9wdGlvbnMY8vsDIAEoCFIHc3RkdGltZTpBCgtzdGRkdXJhdGlvbhIdLmdvb2dsZS5wcm90b2J1Zi5GaWVsZE9wdGlvbnMY8/sDIAEoCFILc3RkZHVyYXRpb25CRQoTY29tLmdvb2dsZS5wcm90b2J1ZkIKR29Hb1Byb3Rvc1oiZ2l0aHViLmNvbS9nb2dvL3Byb3RvYnVmL2dvZ29wcm90b0qaNQoHEgUcAIcBAQr8CgoBDBIDHAASMvEKIFByb3RvY29sIEJ1ZmZlcnMgZm9yIEdvIHdpdGggR2FkZ2V0cwoKIENvcHlyaWdodCAoYykgMjAxMywgVGhlIEdvR28gQXV0aG9ycy4gQWxsIHJpZ2h0cyByZXNlcnZlZC4KIGh0dHA6Ly9naXRodWIuY29tL2dvZ28vcHJvdG9idWYKCiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKIG1vZGlmaWNhdGlvbiwgYXJlIHBlcm1pdHRlZCBwcm92aWRlZCB0aGF0IHRoZSBmb2xsb3dpbmcgY29uZGl0aW9ucyBhcmUKIG1ldDoKCiAgICAgKiBSZWRpc3RyaWJ1dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodAogbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyLgogICAgICogUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3JtIG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZQogY29weXJpZ2h0IG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lcgogaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogZGlzdHJpYnV0aW9uLgoKIFRISVMgU09GVFdBUkUgSVMgUFJPVklERUQgQlkgVEhFIENPUFlSSUdIVCBIT0xERVJTIEFORCBDT05UUklCVVRPUlMKICJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCiBMSU1JVEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQgRklUTkVTUyBGT1IKIEEgUEFSVElDVUxBUiBQVVJQT1NFIEFSRSBESVNDTEFJTUVELiBJTiBOTyBFVkVOVCBTSEFMTCBUSEUgQ09QWVJJR0hUCiBPV05FUiBPUiBDT05UUklCVVRPUlMgQkUgTElBQkxFIEZPUiBBTlkgRElSRUNULCBJTkRJUkVDVCwgSU5DSURFTlRBTCwKIFNQRUNJQUwsIEVYRU1QTEFSWSwgT1IgQ09OU0VRVUVOVElBTCBEQU1BR0VTIChJTkNMVURJTkcsIEJVVCBOT1QKIExJTUlURUQgVE8sIFBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLAogREFUQSwgT1IgUFJPRklUUzsgT1IgQlVTSU5FU1MgSU5URVJSVVBUSU9OKSBIT1dFVkVSIENBVVNFRCBBTkQgT04gQU5ZCiBUSEVPUlkgT0YgTElBQklMSVRZLCBXSEVUSEVSIElOIENPTlRSQUNULCBTVFJJQ1QgTElBQklMSVRZLCBPUiBUT1JUCiAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UKIE9GIFRISVMgU09GVFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUgUE9TU0lCSUxJVFkgT0YgU1VDSCBEQU1BR0UuCgoICgECEgMdCBEKCQoCAwASAx8HKQoICgEIEgMhACwKCwoECOcHABIDIQAsCgwKBQjnBwACEgMhBxMKDQoGCOcHAAIAEgMhBxMKDgoHCOcHAAIAARIDIQcTCgwKBQjnBwAHEgMhFisKCAoBCBIDIgArCgsKBAjnBwESAyIAKwoMCgUI5wcBAhIDIgcbCg0KBgjnBwECABIDIgcbCg4KBwjnBwECAAESAyIHGwoMCgUI5wcBBxIDIh4qCggKAQgSAyMAOQoLCgQI5wcCEgMjADkKDAoFCOcHAgISAyMHEQoNCgYI5wcCAgASAyMHEQoOCgcI5wcCAgABEgMjBxEKDAoFCOcHAgcSAyMUOAoJCgEHEgQlACsBCgkKAgcAEgMmCDIKCgoDBwACEgMlByIKCgoDBwAEEgMmCBAKCgoDBwAFEgMmERUKCgoDBwABEgMmFikKCgoDBwADEgMmLDEKCQoCBwESAycINAoKCgMHAQISAyUHIgoKCgMHAQQSAycIEAoKCgMHAQUSAycRFQoKCgMHAQESAycWKwoKCgMHAQMSAycuMwoJCgIHAhIDKAgsCgoKAwcCAhIDJQciCgoKAwcCBBIDKAgQCgoKAwcCBRIDKBEVCgoKAwcCARIDKBYjCgoKAwcCAxIDKCYrCgkKAgcDEgMpCDAKCgoDBwMCEgMlByIKCgoDBwMEEgMpCBAKCgoDBwMFEgMpERcKCgoDBwMBEgMpGCcKCgoDBwMDEgMpKi8KCQoCBwQSAyoIJwoKCgMHBAISAyUHIgoKCgMHBAQSAyoIEAoKCgMHBAUSAyoRFQoKCgMHBAESAyoWHgoKCgMHBAMSAyohJgoJCgEHEgQtAC8BCgkKAgcFEgMuCDUKCgoDBwUCEgMtBycKCgoDBwUEEgMuCBAKCgoDBwUFEgMuERcKCgoDBwUBEgMuGCwKCgoDBwUDEgMuLzQKCQoBBxIEMQBWAQoJCgIHBhIDMggyCgoKAwcGAhIDMQciCgoKAwcGBBIDMggQCgoKAwcGBRIDMhEVCgoKAwcGARIDMhYpCgoKAwcGAxIDMiwxCgkKAgcHEgMzCDYKCgoDBwcCEgMxByIKCgoDBwcEEgMzCBAKCgoDBwcFEgMzERUKCgoDBwcBEgMzFi0KCgoDBwcDEgMzMDUKCQoCBwgSAzQIMwoKCgMHCAISAzEHIgoKCgMHCAQSAzQIEAoKCgMHCAUSAzQRFQoKCgMHCAESAzQWKgoKCgMHCAMSAzQtMgoJCgIHCRIDNQgwCgoKAwcJAhIDMQciCgoKAwcJBBIDNQgQCgoKAwcJBRIDNREVCgoKAwcJARIDNRYnCgoKAwcJAxIDNSovCgkKAgcKEgM2CCcKCgoDBwoCEgMxByIKCgoDBwoEEgM2CBAKCgoDBwoFEgM2ERUKCgoDBwoBEgM2Fh4KCgoDBwoDEgM2ISYKCQoCBwsSAzcIKwoKCgMHCwISAzEHIgoKCgMHCwQSAzcIEAoKCgMHCwUSAzcRFQoKCgMHCwESAzcWIgoKCgMHCwMSAzclKgoJCgIHDBIDOAgrCgoKAwcMAhIDMQciCgoKAwcMBBIDOAgQCgoKAwcMBRIDOBEVCgoKAwcMARIDOBYiCgoKAwcMAxIDOCUqCgkKAgcNEgM5CCsKCgoDBw0CEgMxByIKCgoDBw0EEgM5CBAKCgoDBw0FEgM5ERUKCgoDBw0BEgM5FiIKCgoDBw0DEgM5JSoKCQoCBw4SAzoIKgoKCgMHDgISAzEHIgoKCgMHDgQSAzoIEAoKCgMHDgUSAzoRFQoKCgMHDgESAzoWIQoKCgMHDgMSAzokKQoJCgIHDxIDPAgoCgoKAwcPAhIDMQciCgoKAwcPBBIDPAgQCgoKAwcPBRIDPBEVCgoKAwcPARIDPBYfCgoKAwcPAxIDPCInCgkKAgcQEgM9CC4KCgoDBxACEgMxByIKCgoDBxAEEgM9CBAKCgoDBxAFEgM9ERUKCgoDBxABEgM9FiUKCgoDBxADEgM9KC0KCQoCBxESAz4IKgoKCgMHEQISAzEHIgoKCgMHEQQSAz4IEAoKCgMHEQUSAz4RFQoKCgMHEQESAz4WIQoKCgMHEQMSAz4kKQoJCgIHEhIDPwgrCgoKAwcSAhIDMQciCgoKAwcSBBIDPwgQCgoKAwcSBRIDPxEVCgoKAwcSARIDPxYiCgoKAwcSAxIDPyUqCgkKAgcTEgNACCwKCgoDBxMCEgMxByIKCgoDBxMEEgNACBAKCgoDBxMFEgNAERUKCgoDBxMBEgNAFiMKCgoDBxMDEgNAJisKCQoCBxQSA0EILgoKCgMHFAISAzEHIgoKCgMHFAQSA0EIEAoKCgMHFAUSA0ERFQoKCgMHFAESA0EWJQoKCgMHFAMSA0EoLQoJCgIHFRIDQggzCgoKAwcVAhIDMQciCgoKAwcVBBIDQggQCgoKAwcVBRIDQhEVCgoKAwcVARIDQhYqCgoKAwcVAxIDQi0yCgkKAgcWEgNECCgKCgoDBxYCEgMxByIKCgoDBxYEEgNECBAKCgoDBxYFEgNEERUKCgoDBxYBEgNEFh8KCgoDBxYDEgNEIicKCQoCBxcSA0YIOAoKCgMHFwISAzEHIgoKCgMHFwQSA0YIEAoKCgMHFwUSA0YRFQoKCgMHFwESA0YWLwoKCgMHFwMSA0YyNwoJCgIHGBIDRwgwCgoKAwcYAhIDMQciCgoKAwcYBBIDRwgQCgoKAwcYBRIDRxEVCgoKAwcYARIDRxYnCgoKAwcYAxIDRyovCgkKAgcZEgNJCDMKCgoDBxkCEgMxByIKCgoDBxkEEgNJCBAKCgoDBxkFEgNJERUKCgoDBxkBEgNJFioKCgoDBxkDEgNJLTIKCQoCBxoSA0oINQoKCgMHGgISAzEHIgoKCgMHGgQSA0oIEAoKCgMHGgUSA0oRFQoKCgMHGgESA0oWLAoKCgMHGgMSA0ovNAoJCgIHGxIDTAg5CgoKAwcbAhIDMQciCgoKAwcbBBIDTAgQCgoKAwcbBRIDTBEVCgoKAwcbARIDTBYwCgoKAwcbAxIDTDM4CgkKAgccEgNNCDcKCgoDBxwCEgMxByIKCgoDBxwEEgNNCBAKCgoDBxwFEgNNERUKCgoDBxwBEgNNFi4KCgoDBxwDEgNNMTYKCQoCBx0SA04ILwoKCgMHHQISAzEHIgoKCgMHHQQSA04IEAoKCgMHHQUSA04RFQoKCgMHHQESA04WJgoKCgMHHQMSA04pLgoJCgIHHhIDTwgtCgoKAwceAhIDMQciCgoKAwceBBIDTwgQCgoKAwceBRIDTxEVCgoKAwceARIDTxYkCgoKAwceAxIDTycsCgkKAgcfEgNQCCoKCgoDBx8CEgMxByIKCgoDBx8EEgNQCBAKCgoDBx8FEgNQERUKCgoDBx8BEgNQFiEKCgoDBx8DEgNQJCkKCQoCByASA1EEJwoKCgMHIAISAzEHIgoKCgMHIAQSA1EEDAoKCgMHIAUSA1ENEQoKCgMHIAESA1ESHgoKCgMHIAMSA1EhJgoJCgIHIRIDUgQnCgoKAwchAhIDMQciCgoKAwchBBIDUgQMCgoKAwchBRIDUg0RCgoKAwchARIDUhIeCgoKAwchAxIDUiEmCgkKAgciEgNUCDMKCgoDByICEgMxByIKCgoDByIEEgNUCBAKCgoDByIFEgNUERUKCgoDByIBEgNUFioKCgoDByIDEgNULTIKCQoCByMSA1UILgoKCgMHIwISAzEHIgoKCgMHIwQSA1UIEAoKCgMHIwUSA1URFQoKCgMHIwESA1UWJQoKCgMHIwMSA1UoLQoJCgEHEgRYAHgBCgkKAgckEgNZCC4KCgoDByQCEgNYByUKCgoDByQEEgNZCBAKCgoDByQFEgNZERUKCgoDByQBEgNZFiUKCgoDByQDEgNZKC0KCQoCByUSA1oILwoKCgMHJQISA1gHJQoKCgMHJQQSA1oIEAoKCgMHJQUSA1oRFQoKCgMHJQESA1oWJgoKCgMHJQMSA1opLgoJCgIHJhIDWwgsCgoKAwcmAhIDWAclCgoKAwcmBBIDWwgQCgoKAwcmBRIDWxEVCgoKAwcmARIDWxYjCgoKAwcmAxIDWyYrCgkKAgcnEgNcCCMKCgoDBycCEgNYByUKCgoDBycEEgNcCBAKCgoDBycFEgNcERUKCgoDBycBEgNcFhoKCgoDBycDEgNcHSIKCQoCBygSA10IJwoKCgMHKAISA1gHJQoKCgMHKAQSA10IEAoKCgMHKAUSA10RFQoKCgMHKAESA10WHgoKCgMHKAMSA10hJgoJCgIHKRIDXggnCgoKAwcpAhIDWAclCgoKAwcpBBIDXggQCgoKAwcpBRIDXhEVCgoKAwcpARIDXhYeCgoKAwcpAxIDXiEmCgkKAgcqEgNfCCcKCgoDByoCEgNYByUKCgoDByoEEgNfCBAKCgoDByoFEgNfERUKCgoDByoBEgNfFh4KCgoDByoDEgNfISYKCQoCBysSA2AIJgoKCgMHKwISA1gHJQoKCgMHKwQSA2AIEAoKCgMHKwUSA2ARFQoKCgMHKwESA2AWHQoKCgMHKwMSA2AgJQoJCgIHLBIDYggkCgoKAwcsAhIDWAclCgoKAwcsBBIDYggQCgoKAwcsBRIDYhEVCgoKAwcsARIDYhYbCgoKAwcsAxIDYh4jCgkKAgctEgNjCCoKCgoDBy0CEgNYByUKCgoDBy0EEgNjCBAKCgoDBy0FEgNjERUKCgoDBy0BEgNjFiEKCgoDBy0DEgNjJCkKCQoCBy4SA2QIJgoKCgMHLgISA1gHJQoKCgMHLgQSA2QIEAoKCgMHLgUSA2QRFQoKCgMHLgESA2QWHQoKCgMHLgMSA2QgJQoJCgIHLxIDZQgnCgoKAwcvAhIDWAclCgoKAwcvBBIDZQgQCgoKAwcvBRIDZREVCgoKAwcvARIDZRYeCgoKAwcvAxIDZSEmCgkKAgcwEgNmCCgKCgoDBzACEgNYByUKCgoDBzAEEgNmCBAKCgoDBzAFEgNmERUKCgoDBzABEgNmFh8KCgoDBzADEgNmIicKCQoCBzESA2cIKgoKCgMHMQISA1gHJQoKCgMHMQQSA2cIEAoKCgMHMQUSA2cRFQoKCgMHMQESA2cWIQoKCgMHMQMSA2ckKQoJCgIHMhIDaAgvCgoKAwcyAhIDWAclCgoKAwcyBBIDaAgQCgoKAwcyBRIDaBEVCgoKAwcyARIDaBYmCgoKAwcyAxIDaCkuCgkKAgczEgNqCCQKCgoDBzMCEgNYByUKCgoDBzMEEgNqCBAKCgoDBzMFEgNqERUKCgoDBzMBEgNqFhsKCgoDBzMDEgNqHiMKCQoCBzQSA2wILwoKCgMHNAISA1gHJQoKCgMHNAQSA2wIEAoKCgMHNAUSA2wRFQoKCgMHNAESA2wWJgoKCgMHNAMSA2wpLgoJCgIHNRIDbQgxCgoKAwc1AhIDWAclCgoKAwc1BBIDbQgQCgoKAwc1BRIDbREVCgoKAwc1ARIDbRYoCgoKAwc1AxIDbSswCgkKAgc2EgNvCDUKCgoDBzYCEgNYByUKCgoDBzYEEgNvCBAKCgoDBzYFEgNvERUKCgoDBzYBEgNvFiwKCgoDBzYDEgNvLzQKCQoCBzcSA3AIMwoKCgMHNwISA1gHJQoKCgMHNwQSA3AIEAoKCgMHNwUSA3ARFQoKCgMHNwESA3AWKgoKCgMHNwMSA3AtMgoJCgIHOBIDcggpCgoKAwc4AhIDWAclCgoKAwc4BBIDcggQCgoKAwc4BRIDchEVCgoKAwc4ARIDchYgCgoKAwc4AxIDciMoCgkKAgc5EgNzCCYKCgoDBzkCEgNYByUKCgoDBzkEEgNzCBAKCgoDBzkFEgNzERUKCgoDBzkBEgNzFh0KCgoDBzkDEgNzICUKCQoCBzoSA3UIJwoKCgMHOgISA1gHJQoKCgMHOgQSA3UIEAoKCgMHOgUSA3URFQoKCgMHOgESA3UWHgoKCgMHOgMSA3UhJgoJCgIHOxIDdwgqCgoKAwc7AhIDWAclCgoKAwc7BBIDdwgQCgoKAwc7BRIDdxEVCgoKAwc7ARIDdxYhCgoKAwc7AxIDdyQpCgoKAQcSBXoAhwEBCgkKAgc8EgN7CCcKCgoDBzwCEgN6ByMKCgoDBzwEEgN7CBAKCgoDBzwFEgN7ERUKCgoDBzwBEgN7Fh4KCgoDBzwDEgN7ISYKCQoCBz0SA3wIJAoKCgMHPQISA3oHIwoKCgMHPQQSA3wIEAoKCgMHPQUSA3wRFQoKCgMHPQESA3wWGwoKCgMHPQMSA3weIwoJCgIHPhIDfQgrCgoKAwc+AhIDegcjCgoKAwc+BBIDfQgQCgoKAwc+BRIDfREXCgoKAwc+ARIDfRgiCgoKAwc+AxIDfSUqCgkKAgc/EgN+CCsKCgoDBz8CEgN6ByMKCgoDBz8EEgN+CBAKCgoDBz8FEgN+ERcKCgoDBz8BEgN+GCIKCgoDBz8DEgN+JSoKCQoCB0ASA38IKAoKCgMHQAISA3oHIwoKCgMHQAQSA38IEAoKCgMHQAUSA38RFwoKCgMHQAESA38YHwoKCgMHQAMSA38iJwoKCgIHQRIEgAEIKQoKCgMHQQISA3oHIwoLCgMHQQQSBIABCBAKCwoDB0EFEgSAAREXCgsKAwdBARIEgAEYIAoLCgMHQQMSBIABIygKCgoCB0ISBIEBCCkKCgoDB0ICEgN6ByMKCwoDB0IEEgSBAQgQCgsKAwdCBRIEgQERFwoLCgMHQgESBIEBGCAKCwoDB0IDEgSBASMoCgoKAgdDEgSCAQgoCgoKAwdDAhIDegcjCgsKAwdDBBIEggEIEAoLCgMHQwUSBIIBERcKCwoDB0MBEgSCARgfCgsKAwdDAxIEggEiJwoKCgIHRBIEgwEIKgoKCgMHRAISA3oHIwoLCgMHRAQSBIMBCBAKCwoDB0QFEgSDAREXCgsKAwdEARIEgwEYIQoLCgMHRAMSBIMBJCkKCgoCB0USBIUBCCYKCgoDB0UCEgN6ByMKCwoDB0UEEgSFAQgQCgsKAwdFBRIEhQERFQoLCgMHRQESBIUBFh0KCwoDB0UDEgSFASAlCgoKAgdGEgSGAQgqCgoKAwdGAhIDegcjCgsKAwdGBBIEhgEIEAoLCgMHRgUSBIYBERUKCwoDB0YBEgSGARYhCgsKAwdGAxIEhgEkKQqaKQoeZ29vZ2xlL3Byb3RvYnVmL2R1cmF0aW9uLnByb3RvEg9nb29nbGUucHJvdG9idWYiOgoIRHVyYXRpb24SGAoHc2Vjb25kcxgBIAEoA1IHc2Vjb25kcxIUCgVuYW5vcxgCIAEoBVIFbmFub3NCfAoTY29tLmdvb2dsZS5wcm90b2J1ZkINRHVyYXRpb25Qcm90b1ABWipnaXRodWIuY29tL2dvbGFuZy9wcm90b2J1Zi9wdHlwZXMvZHVyYXRpb274AQGiAgNHUEKqAh5Hb29nbGUuUHJvdG9idWYuV2VsbEtub3duVHlwZXNKpCcKBhIEHgB0AQrMDAoBDBIDHgASMsEMIFByb3RvY29sIEJ1ZmZlcnMgLSBHb29nbGUncyBkYXRhIGludGVyY2hhbmdlIGZvcm1hdAogQ29weXJpZ2h0IDIwMDggR29vZ2xlIEluYy4gIEFsbCByaWdodHMgcmVzZXJ2ZWQuCiBodHRwczovL2RldmVsb3BlcnMuZ29vZ2xlLmNvbS9wcm90b2NvbC1idWZmZXJzLwoKIFJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAogbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zIGFyZQogbWV0OgoKICAgICAqIFJlZGlzdHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFpbiB0aGUgYWJvdmUgY29weXJpZ2h0CiBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgICAgKiBSZWRpc3RyaWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlCiBjb3B5cmlnaHQgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyCiBpbiB0aGUgZG9jdW1lbnRhdGlvbiBhbmQvb3Igb3RoZXIgbWF0ZXJpYWxzIHByb3ZpZGVkIHdpdGggdGhlCiBkaXN0cmlidXRpb24uCiAgICAgKiBOZWl0aGVyIHRoZSBuYW1lIG9mIEdvb2dsZSBJbmMuIG5vciB0aGUgbmFtZXMgb2YgaXRzCiBjb250cmlidXRvcnMgbWF5IGJlIHVzZWQgdG8gZW5kb3JzZSBvciBwcm9tb3RlIHByb2R1Y3RzIGRlcml2ZWQgZnJvbQogdGhpcyBzb2Z0d2FyZSB3aXRob3V0IHNwZWNpZmljIHByaW9yIHdyaXR0ZW4gcGVybWlzc2lvbi4KCiBUSElTIFNPRlRXQVJFIElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09OVFJJQlVUT1JTCiAiQVMgSVMiIEFORCBBTlkgRVhQUkVTUyBPUiBJTVBMSUVEIFdBUlJBTlRJRVMsIElOQ0xVRElORywgQlVUIE5PVAogTElNSVRFRCBUTywgVEhFIElNUExJRUQgV0FSUkFOVElFUyBPRiBNRVJDSEFOVEFCSUxJVFkgQU5EIEZJVE5FU1MgRk9SCiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBUkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgVEhFIENPUFlSSUdIVAogT1dORVIgT1IgQ09OVFJJQlVUT1JTIEJFIExJQUJMRSBGT1IgQU5ZIERJUkVDVCwgSU5ESVJFQ1QsIElOQ0lERU5UQUwsCiBTUEVDSUFMLCBFWEVNUExBUlksIE9SIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5HLCBCVVQgTk9UCiBMSU1JVEVEIFRPLCBQUk9DVVJFTUVOVCBPRiBTVUJTVElUVVRFIEdPT0RTIE9SIFNFUlZJQ0VTOyBMT1NTIE9GIFVTRSwKIERBVEEsIE9SIFBST0ZJVFM7IE9SIEJVU0lORVNTIElOVEVSUlVQVElPTikgSE9XRVZFUiBDQVVTRUQgQU5EIE9OIEFOWQogVEhFT1JZIE9GIExJQUJJTElUWSwgV0hFVEhFUiBJTiBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1IgVE9SVAogKElOQ0xVRElORyBORUdMSUdFTkNFIE9SIE9USEVSV0lTRSkgQVJJU0lORyBJTiBBTlkgV0FZIE9VVCBPRiBUSEUgVVNFCiBPRiBUSElTIFNPRlRXQVJFLCBFVkVOIElGIEFEVklTRUQgT0YgVEhFIFBPU1NJQklMSVRZIE9GIFNVQ0ggREFNQUdFLgoKCAoBAhIDIAgXCggKAQgSAyIAOwoLCgQI5wcAEgMiADsKDAoFCOcHAAISAyIHFwoNCgYI5wcAAgASAyIHFwoOCgcI5wcAAgABEgMiBxcKDAoFCOcHAAcSAyIaOgoICgEIEgMjAB8KCwoECOcHARIDIwAfCgwKBQjnBwECEgMjBxcKDQoGCOcHAQIAEgMjBxcKDgoHCOcHAQIAARIDIwcXCgwKBQjnBwEDEgMjGh4KCAoBCBIDJABBCgsKBAjnBwISAyQAQQoMCgUI5wcCAhIDJAcRCg0KBgjnBwICABIDJAcRCg4KBwjnBwICAAESAyQHEQoMCgUI5wcCBxIDJBRACggKAQgSAyUALAoLCgQI5wcDEgMlACwKDAoFCOcHAwISAyUHEwoNCgYI5wcDAgASAyUHEwoOCgcI5wcDAgABEgMlBxMKDAoFCOcHAwcSAyUWKwoICgEIEgMmAC4KCwoECOcHBBIDJgAuCgwKBQjnBwQCEgMmBxsKDQoGCOcHBAIAEgMmBxsKDgoHCOcHBAIAARIDJgcbCgwKBQjnBwQHEgMmHi0KCAoBCBIDJwAiCgsKBAjnBwUSAycAIgoMCgUI5wcFAhIDJwcaCg0KBgjnBwUCABIDJwcaCg4KBwjnBwUCAAESAycHGgoMCgUI5wcFAxIDJx0hCggKAQgSAygAIQoLCgQI5wcGEgMoACEKDAoFCOcHBgISAygHGAoNCgYI5wcGAgASAygHGAoOCgcI5wcGAgABEgMoBxgKDAoFCOcHBgcSAygbIAqfEAoCBAASBGYAdAEakhAgQSBEdXJhdGlvbiByZXByZXNlbnRzIGEgc2lnbmVkLCBmaXhlZC1sZW5ndGggc3BhbiBvZiB0aW1lIHJlcHJlc2VudGVkCiBhcyBhIGNvdW50IG9mIHNlY29uZHMgYW5kIGZyYWN0aW9ucyBvZiBzZWNvbmRzIGF0IG5hbm9zZWNvbmQKIHJlc29sdXRpb24uIEl0IGlzIGluZGVwZW5kZW50IG9mIGFueSBjYWxlbmRhciBhbmQgY29uY2VwdHMgbGlrZSAiZGF5Igogb3IgIm1vbnRoIi4gSXQgaXMgcmVsYXRlZCB0byBUaW1lc3RhbXAgaW4gdGhhdCB0aGUgZGlmZmVyZW5jZSBiZXR3ZWVuCiB0d28gVGltZXN0YW1wIHZhbHVlcyBpcyBhIER1cmF0aW9uIGFuZCBpdCBjYW4gYmUgYWRkZWQgb3Igc3VidHJhY3RlZAogZnJvbSBhIFRpbWVzdGFtcC4gUmFuZ2UgaXMgYXBwcm94aW1hdGVseSArLTEwLDAwMCB5ZWFycy4KCiAjIEV4YW1wbGVzCgogRXhhbXBsZSAxOiBDb21wdXRlIER1cmF0aW9uIGZyb20gdHdvIFRpbWVzdGFtcHMgaW4gcHNldWRvIGNvZGUuCgogICAgIFRpbWVzdGFtcCBzdGFydCA9IC4uLjsKICAgICBUaW1lc3RhbXAgZW5kID0gLi4uOwogICAgIER1cmF0aW9uIGR1cmF0aW9uID0gLi4uOwoKICAgICBkdXJhdGlvbi5zZWNvbmRzID0gZW5kLnNlY29uZHMgLSBzdGFydC5zZWNvbmRzOwogICAgIGR1cmF0aW9uLm5hbm9zID0gZW5kLm5hbm9zIC0gc3RhcnQubmFub3M7CgogICAgIGlmIChkdXJhdGlvbi5zZWNvbmRzIDwgMCAmJiBkdXJhdGlvbi5uYW5vcyA+IDApIHsKICAgICAgIGR1cmF0aW9uLnNlY29uZHMgKz0gMTsKICAgICAgIGR1cmF0aW9uLm5hbm9zIC09IDEwMDAwMDAwMDA7CiAgICAgfSBlbHNlIGlmIChkdXJhdGlvbnMuc2Vjb25kcyA+IDAgJiYgZHVyYXRpb24ubmFub3MgPCAwKSB7CiAgICAgICBkdXJhdGlvbi5zZWNvbmRzIC09IDE7CiAgICAgICBkdXJhdGlvbi5uYW5vcyArPSAxMDAwMDAwMDAwOwogICAgIH0KCiBFeGFtcGxlIDI6IENvbXB1dGUgVGltZXN0YW1wIGZyb20gVGltZXN0YW1wICsgRHVyYXRpb24gaW4gcHNldWRvIGNvZGUuCgogICAgIFRpbWVzdGFtcCBzdGFydCA9IC4uLjsKICAgICBEdXJhdGlvbiBkdXJhdGlvbiA9IC4uLjsKICAgICBUaW1lc3RhbXAgZW5kID0gLi4uOwoKICAgICBlbmQuc2Vjb25kcyA9IHN0YXJ0LnNlY29uZHMgKyBkdXJhdGlvbi5zZWNvbmRzOwogICAgIGVuZC5uYW5vcyA9IHN0YXJ0Lm5hbm9zICsgZHVyYXRpb24ubmFub3M7CgogICAgIGlmIChlbmQubmFub3MgPCAwKSB7CiAgICAgICBlbmQuc2Vjb25kcyAtPSAxOwogICAgICAgZW5kLm5hbm9zICs9IDEwMDAwMDAwMDA7CiAgICAgfSBlbHNlIGlmIChlbmQubmFub3MgPj0gMTAwMDAwMDAwMCkgewogICAgICAgZW5kLnNlY29uZHMgKz0gMTsKICAgICAgIGVuZC5uYW5vcyAtPSAxMDAwMDAwMDAwOwogICAgIH0KCiBFeGFtcGxlIDM6IENvbXB1dGUgRHVyYXRpb24gZnJvbSBkYXRldGltZS50aW1lZGVsdGEgaW4gUHl0aG9uLgoKICAgICB0ZCA9IGRhdGV0aW1lLnRpbWVkZWx0YShkYXlzPTMsIG1pbnV0ZXM9MTApCiAgICAgZHVyYXRpb24gPSBEdXJhdGlvbigpCiAgICAgZHVyYXRpb24uRnJvbVRpbWVkZWx0YSh0ZCkKCiAjIEpTT04gTWFwcGluZwoKIEluIEpTT04gZm9ybWF0LCB0aGUgRHVyYXRpb24gdHlwZSBpcyBlbmNvZGVkIGFzIGEgc3RyaW5nIHJhdGhlciB0aGFuIGFuCiBvYmplY3QsIHdoZXJlIHRoZSBzdHJpbmcgZW5kcyBpbiB0aGUgc3VmZml4ICJzIiAoaW5kaWNhdGluZyBzZWNvbmRzKSBhbmQKIGlzIHByZWNlZGVkIGJ5IHRoZSBudW1iZXIgb2Ygc2Vjb25kcywgd2l0aCBuYW5vc2Vjb25kcyBleHByZXNzZWQgYXMKIGZyYWN0aW9uYWwgc2Vjb25kcy4gRm9yIGV4YW1wbGUsIDMgc2Vjb25kcyB3aXRoIDAgbmFub3NlY29uZHMgc2hvdWxkIGJlCiBlbmNvZGVkIGluIEpTT04gZm9ybWF0IGFzICIzcyIsIHdoaWxlIDMgc2Vjb25kcyBhbmQgMSBuYW5vc2Vjb25kIHNob3VsZAogYmUgZXhwcmVzc2VkIGluIEpTT04gZm9ybWF0IGFzICIzLjAwMDAwMDAwMXMiLCBhbmQgMyBzZWNvbmRzIGFuZCAxCiBtaWNyb3NlY29uZCBzaG91bGQgYmUgZXhwcmVzc2VkIGluIEpTT04gZm9ybWF0IGFzICIzLjAwMDAwMXMiLgoKCgoKCgMEAAESA2YIEArcAQoEBAACABIDawIUGs4BIFNpZ25lZCBzZWNvbmRzIG9mIHRoZSBzcGFuIG9mIHRpbWUuIE11c3QgYmUgZnJvbSAtMzE1LDU3NiwwMDAsMDAwCiB0byArMzE1LDU3NiwwMDAsMDAwIGluY2x1c2l2ZS4gTm90ZTogdGhlc2UgYm91bmRzIGFyZSBjb21wdXRlZCBmcm9tOgogNjAgc2VjL21pbiAqIDYwIG1pbi9ociAqIDI0IGhyL2RheSAqIDM2NS4yNSBkYXlzL3llYXIgKiAxMDAwMCB5ZWFycwoKDQoFBAACAAQSBGsCZhIKDAoFBAACAAUSA2sCBwoMCgUEAAIAARIDawgPCgwKBQQAAgADEgNrEhMKgwMKBAQAAgESA3MCEhr1AiBTaWduZWQgZnJhY3Rpb25zIG9mIGEgc2Vjb25kIGF0IG5hbm9zZWNvbmQgcmVzb2x1dGlvbiBvZiB0aGUgc3Bhbgogb2YgdGltZS4gRHVyYXRpb25zIGxlc3MgdGhhbiBvbmUgc2Vjb25kIGFyZSByZXByZXNlbnRlZCB3aXRoIGEgMAogYHNlY29uZHNgIGZpZWxkIGFuZCBhIHBvc2l0aXZlIG9yIG5lZ2F0aXZlIGBuYW5vc2AgZmllbGQuIEZvciBkdXJhdGlvbnMKIG9mIG9uZSBzZWNvbmQgb3IgbW9yZSwgYSBub24temVybyB2YWx1ZSBmb3IgdGhlIGBuYW5vc2AgZmllbGQgbXVzdCBiZQogb2YgdGhlIHNhbWUgc2lnbiBhcyB0aGUgYHNlY29uZHNgIGZpZWxkLiBNdXN0IGJlIGZyb20gLTk5OSw5OTksOTk5CiB0byArOTk5LDk5OSw5OTkgaW5jbHVzaXZlLgoKDQoFBAACAQQSBHMCaxQKDAoFBAACAQUSA3MCBwoMCgUEAAIBARIDcwgNCgwKBQQAAgEDEgNzEBFiBnByb3RvMwqDNgorbWl4ZXIvYWRhcHRlci93YXZlZnJvbnQvY29uZmlnL2NvbmZpZy5wcm90bxIQd2F2ZWZyb250LmNvbmZpZxoUZ29nb3Byb3RvL2dvZ28ucHJvdG8aHmdvb2dsZS9wcm90b2J1Zi9kdXJhdGlvbi5wcm90byLmCAoGUGFyYW1zEkIKBmRpcmVjdBgBIAEoCzIoLndhdmVmcm9udC5jb25maWcuUGFyYW1zLldhdmVmcm9udERpcmVjdEgAUgZkaXJlY3QSPwoFcHJveHkYAiABKAsyJy53YXZlZnJvbnQuY29uZmlnLlBhcmFtcy5XYXZlZnJvbnRQcm94eUgAUgVwcm94eRJKCg5mbHVzaF9pbnRlcnZhbBgDIAEoCzIZLmdvb2dsZS5wcm90b2J1Zi5EdXJhdGlvbkIIyN4fAJjfHwFSDWZsdXNoSW50ZXJ2YWwSFgoGc291cmNlGAQgASgJUgZzb3VyY2USFgoGcHJlZml4GAUgASgJUgZwcmVmaXgSPQoHbWV0cmljcxgGIAMoCzIjLndhdmVmcm9udC5jb25maWcuUGFyYW1zLk1ldHJpY0luZm9SB21ldHJpY3MSMQoEbG9ncxgHIAEoCzIdLndhdmVmcm9udC5jb25maWcuUGFyYW1zLkxvZ3NSBGxvZ3MaPwoPV2F2ZWZyb250RGlyZWN0EhYKBnNlcnZlchgBIAEoCVIGc2VydmVyEhQKBXRva2VuGAIgASgJUgV0b2tlbhoqCg5XYXZlZnJvbnRQcm94eRIYCgdhZGRyZXNzGAEgASgJUgdhZGRyZXNzGs4ECgpNZXRyaWNJbmZvEhIKBG5hbWUYASABKAlSBG5hbWUSIwoNaW5zdGFuY2VfbmFtZRgEIAEoCVIMaW5zdGFuY2VOYW1lEjwKBHR5cGUYAiABKA4yKC53YXZlZnJvbnQuY29uZmlnLlBhcmFtcy5NZXRyaWNJbmZvLlR5cGVSBHR5cGUSQgoGc2FtcGxlGAMgASgLMioud2F2ZWZyb250LmNvbmZpZy5QYXJhbXMuTWV0cmljSW5mby5TYW1wbGVSBnNhbXBsZRq1AgoGU2FtcGxlElIKCWV4cF9kZWNheRgBIAEoCzIzLndhdmVmcm9udC5jb25maWcuUGFyYW1zLk1ldHJpY0luZm8uU2FtcGxlLkV4cERlY2F5SABSCGV4cERlY2F5Ek4KB3VuaWZvcm0YAiABKAsyMi53YXZlZnJvbnQuY29uZmlnLlBhcmFtcy5NZXRyaWNJbmZvLlNhbXBsZS5Vbmlmb3JtSABSB3VuaWZvcm0aRwoIRXhwRGVjYXkSJQoOcmVzZXJ2b2lyX3NpemUYASABKAVSDXJlc2Vydm9pclNpemUSFAoFYWxwaGEYAiABKAFSBWFscGhhGjAKB1VuaWZvcm0SJQoOcmVzZXJ2b2lyX3NpemUYASABKAVSDXJlc2Vydm9pclNpemVCDAoKZGVmaW5pdGlvbiJNCgRUeXBlEgsKB1VOS05PV04QABIJCgVHQVVHRRABEgsKB0NPVU5URVIQAhIRCg1ERUxUQV9DT1VOVEVSEAMSDQoJSElTVE9HUkFNEAQaHAoETG9ncxIUCgVsZXZlbBgBIAEoCVIFbGV2ZWxCDQoLY3JlZGVudGlhbHNCCFoGY29uZmlnSpAsCgcSBQ8AkAEBCuIECgEMEgMPABIy1wQgQ29weXJpZ2h0IDIwMTggVk13YXJlLCBJbmMuCiBTUERYLUxpY2Vuc2UtSWRlbnRpZmllcjogQXBhY2hlLTIuMAoKIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogeW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZSB3aXRoIHRoZSBMaWNlbnNlLgogWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0CgogICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCgogVW5sZXNzIHJlcXVpcmVkIGJ5IGFwcGxpY2FibGUgbGF3IG9yIGFncmVlZCB0byBpbiB3cml0aW5nLCBzb2Z0d2FyZQogZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKIFdJVEhPVVQgV0FSUkFOVElFUyBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBlaXRoZXIgZXhwcmVzcyBvciBpbXBsaWVkLgogU2VlIHRoZSBMaWNlbnNlIGZvciB0aGUgc3BlY2lmaWMgbGFuZ3VhZ2UgZ292ZXJuaW5nIHBlcm1pc3Npb25zIGFuZAogbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuCgrrBgoBAhIDIggYGvgBIFRoZSBgd2F2ZWZyb250YCBhZGFwdGVyIGNvbGxlY3RzIG1ldHJpY3MgYW5kIG1ha2VzIHRoZW0gYXZhaWxhYmxlIHRvCiBbV2F2ZWZyb250IGJ5IFZNd2FyZV0oaHR0cHM6Ly93d3cud2F2ZWZyb250LmNvbS8pLgoKIFRoaXMgYWRhcHRlciBzdXBwb3J0cyB0aGUgW21ldHJpYyB0ZW1wbGF0ZV0oaHR0cHM6Ly9pc3Rpby5pby9kb2NzL3JlZmVyZW5jZS9jb25maWcvcG9saWN5LWFuZC10ZWxlbWV0cnkvdGVtcGxhdGVzL21ldHJpYy8pLgoy5QQgJHRpdGxlOiBXYXZlZnJvbnQgYnkgVk13YXJlCiAkZGVzY3JpcHRpb246IEFkYXB0ZXIgdG8gZGVsaXZlciBtZXRyaWNzIHRvIFdhdmVmcm9udCBieSBWTXdhcmUuCiAkbG9jYXRpb246IGh0dHBzOi8vaXN0aW8uaW8vZG9jcy9yZWZlcmVuY2UvY29uZmlnL3BvbGljeS1hbmQtdGVsZW1ldHJ5L2FkYXB0ZXJzL3dhdmVmcm9udC5odG1sCiAkcHJvdmlkZXI6IFZNd2FyZSwgSW5jLgogJGNvbnRhY3RfZW1haWw6IHZlbmlsbkB2bXdhcmUuY29tCiAkc3VwcG9ydF9saW5rOgogJHNvdXJjZV9saW5rOiBodHRwczovL2dpdGh1Yi5jb20vdm13YXJlL3dhdmVmcm9udC1hZGFwdGVyLWZvci1pc3RpbwogJGxhdGVzdF9yZWxlYXNlX2xpbms6IGh0dHBzOi8vZ2l0aHViLmNvbS92bXdhcmUvd2F2ZWZyb250LWFkYXB0ZXItZm9yLWlzdGlvL3JlbGVhc2VzL3RhZy8wLjEuMQogJGhlbG1fY2hhcnRfbGluazoKICRpc3Rpb192ZXJzaW9uczogIjEuMC4zLCAxLjAuNCIKICRzdXBwb3J0ZWRfdGVtcGxhdGVzOiBtZXRyaWMKICRsb2dvX2xpbms6IGh0dHBzOi8vZ2l0aHViLmNvbS92bXdhcmUvd2F2ZWZyb250LWFkYXB0ZXItZm9yLWlzdGlvL3Jhdy9tYXN0ZXIvZG9jcy9pbWFnZXMvbG9nby5wbmcKCgkKAgMAEgMkBx0KCQoCAwESAyUHJwoICgEIEgMnABsKCwoECOcHABIDJwAbCgwKBQjnBwACEgMnBxEKDQoGCOcHAAIAEgMnBxEKDgoHCOcHAAIAARIDJwcRCgwKBQjnBwAHEgMnEhoKQAoCBAASBSoAkAEBGjMgQ29uZmlndXJhdGlvbiBmb3JtYXQgZm9yIHRoZSBgd2F2ZWZyb250YCBhZGFwdGVyLgoKCgoDBAABEgMqCA4KSgoEBAAIABIELQIzAxo8IE9uZSBvZiB0aGUgV2F2ZWZyb250IHNlcnZpY2UgY3JlZGVudGlhbHMgbXVzdCBiZSBzdXBwbGllZC4KCgwKBQQACAABEgMtCBMKNAoEBAACABIDLwQfGicgVGhlIGNyZWRlbnRpYWxzIGZvciBkaXJlY3QgaW5nZXN0aW9uLgoKDAoFBAACAAYSAy8EEwoMCgUEAAIAARIDLxQaCgwKBQQAAgADEgMvHR4KQwoEBAACARIDMgQdGjYgVGhlIGNyZWRlbnRpYWxzIGZvciBpbmdlc3Rpb24gdmlhIGEgV2F2ZWZyb250IFByb3h5LgoKDAoFBAACAQYSAzIEEgoMCgUEAAIBARIDMhMYCgwKBQQAAgEDEgMyGxwKNwoEBAADABIENgI8AxopIERlc2NyaWJlcyBXYXZlZnJvbnQgU2VydmVyIGNyZWRlbnRpYWxzLgoKDAoFBAADAAESAzYKGQpNCgYEAAMAAgASAzgEFho+IFRoZSBXYXZlZnJvbnQgc2VydmVyIFVSTC4gRXg6IGh0dHBzOi8vbXlkb21haW4ud2F2ZWZyb250LmNvbQoKDwoHBAADAAIABBIEOAQ2GwoOCgcEAAMAAgAFEgM4BAoKDgoHBAADAAIAARIDOAsRCg4KBwQAAwACAAMSAzgUFQopCgYEAAMAAgESAzsEFRoaIFRoZSBXYXZlZnJvbnQgQVBJIHRva2VuLgoKDwoHBAADAAIBBBIEOwQ4FgoOCgcEAAMAAgEFEgM7BAoKDgoHBAADAAIBARIDOwsQCg4KBwQAAwACAQMSAzsTFAo2CgQEAAMBEgQ/AkIDGiggRGVzY3JpYmVzIFdhdmVmcm9udCBQcm94eSBjcmVkZW50aWFscy4KCgwKBQQAAwEBEgM/ChgKRQoGBAADAQIAEgNBBBcaNiBUaGUgd2F2ZWZyb250IHByb3h5IGFkZHJlc3MuIEV4OiAxOTIuMTY4Ljk5LjEwMDoyODc4CgoPCgcEAAMBAgAEEgRBBD8aCg4KBwQAAwECAAUSA0EECgoOCgcEAAMBAgABEgNBCxIKDgoHBAADAQIAAxIDQRUWCioKBAQAAgISA0UCbRodIFRoZSBtZXRyaWNzIGZsdXNoIGludGVydmFsLgoKDQoFBAACAgQSBEUCQgMKDAoFBAACAgYSA0UCGgoMCgUEAAICARIDRRspCgwKBQQAAgIDEgNFLC0KDAoFBAACAggSA0UubAoPCggEAAICCOcHABIDRS9LChAKCQQAAgII5wcAAhIDRS9DChEKCgQAAgII5wcAAgASA0UvQwoSCgsEAAICCOcHAAIAARIDRTBCChAKCQQAAgII5wcAAxIDRUZLCg8KCAQAAgII5wcBEgNFTWsKEAoJBAACAgjnBwECEgNFTWQKEQoKBAACAgjnBwECABIDRU1kChIKCwQAAgII5wcBAgABEgNFTmMKEAoJBAACAgjnBwEDEgNFZ2sKRgoEBAACAxIDSAIUGjkgVGhlIHNvdXJjZSB0YWcgZm9yIGFsbCBtZXRyaWNzIGhhbmRsZWQgYnkgdGhpcyBhZGFwdGVyLgoKDQoFBAACAwQSBEgCRW0KDAoFBAACAwUSA0gCCAoMCgUEAAIDARIDSAkPCgwKBQQAAgMDEgNIEhMKSAoEBAACBBIDSwIUGjsgVGhlIHByZWZpeCB0byBwcmVwZW5kIGFsbCBtZXRyaWNzIGhhbmRsZWQgYnkgdGhlIGFkYXB0ZXIuCgoNCgUEAAIEBBIESwJIFAoMCgUEAAIEBRIDSwIICgwKBQQAAgQBEgNLCQ8KDAoFBAACBAMSA0sSEwo6CgQEAAIFEgNOAiIaLSBUaGUgc2V0IG9mIG1ldHJpY3MgdG8gcHVibGlzaCB0byBXYXZlZnJvbnQuCgoMCgUEAAIFBBIDTgIKCgwKBQQAAgUGEgNOCxUKDAoFBAACBQESA04WHQoMCgUEAAIFAxIDTiAhCksKBAQAAwISBVEChgEDGjwgRGVzY3JpYmVzIGhvdyBhIG1ldHJpYyBzaG91bGQgYmUgcmVwcmVzZW50ZWQgb24gV2F2ZWZyb250LgoKDAoFBAADAgESA1EKFAosCgYEAAMCAgASA1MEFBodIFRoZSBtZXRyaWMgbmFtZS4gKE9wdGlvbmFsKQoKDwoHBAADAgIABBIEUwRRFgoOCgcEAAMCAgAFEgNTBAoKDgoHBAADAgIAARIDUwsPCg4KBwQAAwICAAMSA1MSEwpACgYEAAMCAgESA1YEHRoxIFRoZSBmdWxseSBxdWFsaWZpZWQgSXN0aW8gbWV0cmljIGluc3RhbmNlIG5hbWUuCgoPCgcEAAMCAgEEEgRWBFMUCg4KBwQAAwICAQUSA1YECgoOCgcEAAMCAgEBEgNWCxgKDgoHBAADAgIBAxIDVhscCiEKBgQAAwICAhIDWQQSGhIgVGhlIG1ldHJpYyB0eXBlLgoKDwoHBAADAgICBBIEWQRWHQoOCgcEAAMCAgIGEgNZBAgKDgoHBAADAgICARIDWQkNCg4KBwQAAwICAgMSA1kQEQppCgYEAAMCBAASBFwEZwUaWSBEZXNjcmliZXMgbWV0cmljIHR5cGVzIGFzIGluIFtXYXZlZnJvbnRdKGh0dHBzOi8vZG9jcy53YXZlZnJvbnQuY29tL21ldHJpY190eXBlcy5odG1sKS4KCg4KBwQAAwIEAAESA1wJDQo1CggEAAMCBAACABIDXgYSGiQgUmVzZXJ2ZWQgZm9yIHVua25vd24gbWV0cmljIHR5cGVzLgoKEAoJBAADAgQAAgABEgNeBg0KEAoJBAADAgQAAgACEgNeEBEKMgoIBAADAgQAAgESA2AGEBohIFJlcHJlc2VudHMgYSBnYXVnZSBtZXRyaWMgdHlwZS4KChAKCQQAAwIEAAIBARIDYAYLChAKCQQAAwIEAAIBAhIDYA4PCjQKCAQAAwIEAAICEgNiBhIaIyBSZXByZXNlbnRzIGEgY291bnRlciBtZXRyaWMgdHlwZS4KChAKCQQAAwIEAAICARIDYgYNChAKCQQAAwIEAAICAhIDYhARCjoKCAQAAwIEAAIDEgNkBhgaKSBSZXByZXNlbnRzIGEgZGVsdGEgY291bnRlciBtZXRyaWMgdHlwZS4KChAKCQQAAwIEAAIDARIDZAYTChAKCQQAAwIEAAIDAhIDZBYXCjYKCAQAAwIEAAIEEgNmBhQaJSBSZXByZXNlbnRzIGEgaGlzdG9ncmFtIG1ldHJpYyB0eXBlLgoKEAoJBAADAgQAAgQBEgNmBg8KEAoJBAADAgQAAgQCEgNmEhMKVwoGBAADAgIDEgNqBBYaSCBGb3IgbWV0cmljcyB3aXRoIHR5cGUgSElTVE9HUkFNLCB0aGlzIGRlc2NyaWJlcyB0aGUgc2FtcGxlIGRlZmluaXRpb24uCgoPCgcEAAMCAgMEEgRqBGcFCg4KBwQAAwICAwYSA2oECgoOCgcEAAMCAgMBEgNqCxEKDgoHBAADAgIDAxIDahQVCnYKBgQAAwIDABIFbQSFAQUaZSBEZXNjcmliZXMgYSBzYW1wbGUgYXMgaW4gdGhlIFtyY3Jvd2xleS9nby1tZXRyaWNzXShodHRwczovL2dpdGh1Yi5jb20vcmNyb3dsZXkvZ28tbWV0cmljcykgbGlicmFyeS4KCg4KBwQAAwIDAAESA20MEgpCCggEAAMCAwAIABIEbwZ1BxowIE9uZSBvZiB0aGUgc2FtcGxlIGRlZmluaXRpb24gbXVzdCBiZSBzdXBwbGllZC4KChAKCQQAAwIDAAgAARIDbwwWCkIKCAQAAwIDAAIAEgNxCB8aMSBEZWZpbml0aW9uIG9mIGFuIGV4cG9uZW50aWFsbHkgZGVjYXlpbmcgc2FtcGxlLgoKEAoJBAADAgMAAgAGEgNxCBAKEAoJBAADAgMAAgABEgNxERoKEAoJBAADAgMAAgADEgNxHR4KMgoIBAADAgMAAgESA3QIHBohIERlZmluaXRpb24gb2YgYSB1bmlmb3JtIHNhbXBsZS4KChAKCQQAAwIDAAIBBhIDdAgPChAKCQQAAwIDAAIBARIDdBAXChAKCQQAAwIDAAIBAxIDdBobCj8KCAQAAwIDAAMAEgR4Bn4HGi0gRGVzY3JpYmVzIGFuIGV4cG9uZW50aWFsbHkgZGVjYXlpbmcgc2FtcGxlLgoKEAoJBAADAgMAAwABEgN4DhYKKAoKBAADAgMAAwACABIDegghGhUgVGhlIHJlc2Vydm9pciBzaXplLgoKEwoLBAADAgMAAwACAAQSBHoIeBgKEgoLBAADAgMAAwACAAUSA3oIDQoSCgsEAAMCAwADAAIAARIDeg4cChIKCwQAAwIDAAMAAgADEgN6HyAKHwoKBAADAgMAAwACARIDfQgZGgwgVGhlIGFscGhhLgoKEwoLBAADAgMAAwACAQQSBH0IeiEKEgoLBAADAgMAAwACAQUSA30IDgoSCgsEAAMCAwADAAIBARIDfQ8UChIKCwQAAwIDAAMAAgEDEgN9FxgKMQoIBAADAgMAAwESBoEBBoQBBxodIERlc2NyaWJlcyBhIHVuaWZvcm0gc2FtcGxlLgoKEQoJBAADAgMAAwEBEgSBAQ4VCikKCgQAAwIDAAMBAgASBIMBCCEaFSBUaGUgcmVzZXJ2b2lyIHNpemUuCgoVCgsEAAMCAwADAQIABBIGgwEIgQEXChMKCwQAAwIDAAMBAgAFEgSDAQgNChMKCwQAAwIDAAMBAgABEgSDAQ4cChMKCwQAAwIDAAMBAgADEgSDAR8gCjYKBAQAAwMSBokBAowBAxomIERlc2NyaWJlcyB0aGUgbG9nZ2luZyBjb25maWd1cmF0aW9uLgoKDQoFBAADAwESBIkBCg4KVAoGBAADAwIAEgSLAQQVGkQgVGhlIGxvZyBsZXZlbCAob25lIG9mIGVycm9yLCB3YXJuLCBpbmZvLCBkZWJ1Zywgb3Igbm9uZSkuIEV4OiBpbmZvCgoRCgcEAAMDAgAEEgaLAQSJARAKDwoHBAADAwIABRIEiwEECgoPCgcEAAMDAgABEgSLAQsQCg8KBwQAAwMCAAMSBIsBExQKJgoEBAACBhIEjwECEBoYIFRoZSBsb2cgY29uZmlndXJhdGlvbi4KCg8KBQQAAgYEEgaPAQKMAQMKDQoFBAACBgYSBI8BAgYKDQoFBAACBgESBI8BBwsKDQoFBAACBgMSBI8BDg9iBnByb3RvMw== -{{- end }} diff --git a/bitnami/wavefront-adapter-for-istio/templates/istio/attribute-manifests.yaml b/bitnami/wavefront-adapter-for-istio/templates/istio/attribute-manifests.yaml deleted file mode 100644 index 20dfe50..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/istio/attribute-manifests.yaml +++ /dev/null @@ -1,187 +0,0 @@ -{{- if .Values.istio.create }} -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: attributemanifest -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - # We cannot set a different name: https://istio.io/latest/zh/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/ - name: istio-proxy - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - attributes: - origin.ip: - valueType: IP_ADDRESS - origin.uid: - valueType: STRING - origin.user: - valueType: STRING - request.headers: - valueType: STRING_MAP - request.total_size: - valueType: INT64 - request.id: - valueType: STRING - request.host: - valueType: STRING - request.method: - valueType: STRING - request.path: - valueType: STRING - request.reason: - valueType: STRING - request.referer: - valueType: STRING - request.scheme: - valueType: STRING - request.size: - valueType: INT64 - request.time: - valueType: TIMESTAMP - request.useragent: - valueType: STRING - response.code: - valueType: INT64 - response.duration: - valueType: DURATION - response.headers: - valueType: STRING_MAP - response.total_size: - valueType: INT64 - response.size: - valueType: INT64 - response.time: - valueType: TIMESTAMP - source.uid: - valueType: STRING - source.user: # DEPRECATED - valueType: STRING - source.principal: - valueType: STRING - destination.principal: - valueType: STRING - destination.uid: - valueType: STRING - connection.event: - valueType: STRING - connection.id: - valueType: STRING - connection.received.bytes: - valueType: INT64 - connection.received.bytes_total: - valueType: INT64 - connection.sent.bytes: - valueType: INT64 - connection.sent.bytes_total: - valueType: INT64 - connection.duration: - valueType: DURATION - connection.mtls: - valueType: BOOL - connection.requested_server_name: - valueType: STRING - context.protocol: - valueType: STRING - context.timestamp: - valueType: TIMESTAMP - context.time: - valueType: TIMESTAMP - context.reporter.kind: - valueType: STRING - context.reporter.uid: - valueType: STRING - api.service: - valueType: STRING - api.version: - valueType: STRING - api.operation: - valueType: STRING - api.protocol: - valueType: STRING - request.auth.principal: - valueType: STRING - request.auth.audiences: - valueType: STRING - request.auth.claims: - valueType: STRING_MAP - request.auth.raw_claims: - valueType: STRING - request.auth.presenter: - valueType: STRING - request.api_key: - valueType: STRING ---- -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: attributemanifest -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - # We cannot set a different name: https://istio.io/latest/zh/docs/reference/config/policy-and-telemetry/istio.policy.v1beta1/ - name: kubernetes - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - attributes: - source.ip: - valueType: IP_ADDRESS - source.labels: - valueType: STRING_MAP - source.name: - valueType: STRING - source.namespace: - valueType: STRING - source.owner: - valueType: STRING - source.service: # DEPRECATED - valueType: STRING - source.serviceAccount: - valueType: STRING - source.services: - valueType: STRING - source.workload.uid: - valueType: STRING - source.workload.name: - valueType: STRING - source.workload.namespace: - valueType: STRING - destination.ip: - valueType: IP_ADDRESS - destination.labels: - valueType: STRING_MAP - destination.metadata: - valueType: STRING_MAP - destination.name: - valueType: STRING - destination.namespace: - valueType: STRING - destination.owner: - valueType: STRING - destination.service: # DEPRECATED - valueType: STRING - destination.service.uid: - valueType: STRING - destination.service.name: - valueType: STRING - destination.service.namespace: - valueType: STRING - destination.service.host: - valueType: STRING - destination.serviceAccount: - valueType: STRING - destination.workload.uid: - valueType: STRING - destination.workload.name: - valueType: STRING - destination.workload.namespace: - valueType: STRING -{{- end }} diff --git a/bitnami/wavefront-adapter-for-istio/templates/istio/handler.yaml b/bitnami/wavefront-adapter-for-istio/templates/istio/handler.yaml deleted file mode 100644 index 9e81730..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/istio/handler.yaml +++ /dev/null @@ -1,93 +0,0 @@ -{{- if .Values.istio.create }} -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: handler -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-wavefront-handler - namespace: {{ .Values.istio.namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - adapter: {{ include "common.names.fullname" . }}-wavefront - connection: - address: {{ printf "%s.%s.svc.%s:%d" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain (int .Values.service.port) }} - params: - {{- if .Values.wavefront.proxy.enabled }} - proxy: - address: {{ printf "%s.%s.svc.%s:%d" (include "wfafi.proxy.fullname" .) .Release.Namespace .Values.clusterDomain (int .Values.wavefront.proxy.port) }} - {{- else if .Values.externalProxy.host }} - proxy: - address: {{ printf "%s:%s" .Values.externalProxy.host (int .Values.externalProxy.port) }} - {{- else }} - direct: - server: {{ .Values.wavefront.wavefront.url }} - token: {{ .Values.wavefront.wavefront.token }} - {{- end }} - flushInterval: {{ .Values.metrics.flushInterval }} - source: {{ .Values.metrics.source }} - prefix: {{ .Values.metrics.prefix }} - metrics: - {{- if eq .Values.metrics.http true }} - - name: requestsize - instanceName: {{ include "common.names.fullname" . }}-requestsize.instance.{{ .Release.Namespace }} - type: HISTOGRAM - sample: - expDecay: - reservoirSize: 1024 - alpha: 0.015 - - name: requestcount - instanceName: {{ include "common.names.fullname" . }}-requestcount.instance.{{ .Release.Namespace }} - type: DELTA_COUNTER - - name: requestduration - instanceName: {{ include "common.names.fullname" . }}-requestduration.instance.{{ .Release.Namespace }} - type: HISTOGRAM - sample: - expDecay: - reservoirSize: 1024 - alpha: 0.015 - - name: responsesize - instanceName: {{ include "common.names.fullname" . }}-responsesize.instance.{{ .Release.Namespace }} - type: HISTOGRAM - sample: - expDecay: - reservoirSize: 1024 - alpha: 0.015 - {{- end }} - {{- if eq .Values.metrics.tcp true }} - - name: tcpsentbytes - instanceName: {{ include "common.names.fullname" . }}-tcpsentbytes.instance.{{ .Release.Namespace }} - type: HISTOGRAM - sample: - expDecay: - reservoirSize: 1024 - alpha: 0.015 - - name: tcpreceivedbytes - instanceName: {{ include "common.names.fullname" . }}-tcpreceivedbytes.instance.{{ .Release.Namespace }} - type: HISTOGRAM - sample: - expDecay: - reservoirSize: 1024 - alpha: 0.015 - - name: tcpconnectionsopened - instanceName: {{ include "common.names.fullname" . }}-tcpconnectionsopened.instance.{{ .Release.Namespace }} - type: HISTOGRAM - sample: - expDecay: - reservoirSize: 1024 - alpha: 0.015 - - name: tcpconnectionsclosed - instanceName: {{ include "common.names.fullname" . }}-tcpconnectionsclosed.instance.{{ .Release.Namespace }} - type: HISTOGRAM - sample: - expDecay: - reservoirSize: 1024 - alpha: 0.015 - {{- end }} - logs: - level: {{ .Values.adapterLogLevel }} -{{- end }} diff --git a/bitnami/wavefront-adapter-for-istio/templates/istio/instance-http.yaml b/bitnami/wavefront-adapter-for-istio/templates/istio/instance-http.yaml deleted file mode 100644 index 4c5a664..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/istio/instance-http.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{- if and .Values.istio.create .Values.metrics.http }} -# requestsize instance for template metric -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: instance -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-requestsize - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - template: {{ include "common.names.fullname" . }}-metric - params: - value: request.total_size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "client", "server") - source_service: source.workload.name | "unknown" - source_service_namespace: source.workload.namespace | "unknown" - source_version: source.labels["version"] | "unknown" - destination_service: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - destination_version: destination.labels["version"] | "unknown" - response_code: response.code | 200 - monitored_resource_type: '"UNSPECIFIED"' ---- -# requestcount instance for template metric -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: instance -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-requestcount - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - template: {{ include "common.names.fullname" . }}-metric - params: - value: 1 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "client", "server") - source_service: source.workload.name | "unknown" - source_service_namespace: source.workload.namespace | "unknown" - source_version: source.labels["version"] | "unknown" - destination_service: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - destination_version: destination.labels["version"] | "unknown" - response_code: response.code | 200 - monitored_resource_type: '"UNSPECIFIED"' ---- -# requestduration instance for template metric -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: instance -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-requestduration - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - template: {{ include "common.names.fullname" . }}-metric - params: - value: response.duration | "0ms" - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "client", "server") - source_service: source.workload.name | "unknown" - source_service_namespace: source.workload.namespace | "unknown" - source_version: source.labels["version"] | "unknown" - destination_service: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - destination_version: destination.labels["version"] | "unknown" - response_code: response.code | 200 - monitored_resource_type: '"UNSPECIFIED"' ---- -# responsesize instance for template metric -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: instance -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-responsesize - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - template: {{ include "common.names.fullname" . }}-metric - params: - value: response.total_size | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "client", "server") - source_service: source.workload.name | "unknown" - source_service_namespace: source.workload.namespace | "unknown" - source_version: source.labels["version"] | "unknown" - destination_service: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - destination_version: destination.labels["version"] | "unknown" - response_code: response.code | 200 - monitored_resource_type: '"UNSPECIFIED"' -{{- end }} diff --git a/bitnami/wavefront-adapter-for-istio/templates/istio/instance-tcp.yaml b/bitnami/wavefront-adapter-for-istio/templates/istio/instance-tcp.yaml deleted file mode 100644 index 275cdad..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/istio/instance-tcp.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{- if and .Values.istio.create .Values.metrics.tcp }} -# tcpsentbytes instance for template metric -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: instance -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-tcpsentbytes - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - template: {{ include "common.names.fullname" . }}-metric - params: - value: connection.sent.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "client", "server") - source_service: source.workload.name | "unknown" - source_service_namespace: source.workload.namespace | "unknown" - source_version: source.labels["version"] | "unknown" - destination_service: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - destination_version: destination.labels["version"] | "unknown" - response_code: response.code | 200 - monitored_resource_type: '"UNSPECIFIED"' ---- -# tcpreceivedbytes instance for template metric -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: instance -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-tcpreceivedbytes - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - template: {{ include "common.names.fullname" . }}-metric - params: - value: connection.received.bytes | 0 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "client", "server") - source_service: source.workload.name | "unknown" - source_service_namespace: source.workload.namespace | "unknown" - source_version: source.labels["version"] | "unknown" - destination_service: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - destination_version: destination.labels["version"] | "unknown" - response_code: response.code | 200 - monitored_resource_type: '"UNSPECIFIED"' ---- -# tcpconnectionsopened instance for template metric -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: instance -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-tcpconnectionsopened - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - template: {{ include "common.names.fullname" . }}-metric - params: - value: 1 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "client", "server") - source_service: source.workload.name | "unknown" - source_service_namespace: source.workload.namespace | "unknown" - source_version: source.labels["version"] | "unknown" - destination_service: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - destination_version: destination.labels["version"] | "unknown" - response_code: response.code | 200 - monitored_resource_type: '"UNSPECIFIED"' ---- -# tcpconnectionsclosed instance for template metric -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: instance -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-tcpconnectionsclosed - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - template: {{ include "common.names.fullname" . }}-metric - params: - value: 1 - dimensions: - reporter: conditional((context.reporter.kind | "inbound") == "outbound", "client", "server") - source_service: source.workload.name | "unknown" - source_service_namespace: source.workload.namespace | "unknown" - source_version: source.labels["version"] | "unknown" - destination_service: destination.service.name | "unknown" - destination_service_namespace: destination.service.namespace | "unknown" - destination_version: destination.labels["version"] | "unknown" - response_code: response.code | 200 - monitored_resource_type: '"UNSPECIFIED"' -{{- end }} diff --git a/bitnami/wavefront-adapter-for-istio/templates/istio/metric-template.yaml b/bitnami/wavefront-adapter-for-istio/templates/istio/metric-template.yaml deleted file mode 100644 index ed9d82a..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/istio/metric-template.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.istio.create }} -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: template -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-metric - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - # This configuration is auto-generated by executing the command below (from upstream) - # mixgen template -d $GOPATH/src/istio.io/istio/mixer/template/metric/template_handler_service.descriptor_set -o $GOPATH/src/istio.io/istio/mixer/template/metric/template.yaml -n metric - descriptor: "CsD3AgogZ29vZ2xlL3Byb3RvYnVmL2Rlc2NyaXB0b3IucHJvdG8SD2dvb2dsZS5wcm90b2J1ZiJNChFGaWxlRGVzY3JpcHRvclNldBI4CgRmaWxlGAEgAygLMiQuZ29vZ2xlLnByb3RvYnVmLkZpbGVEZXNjcmlwdG9yUHJvdG9SBGZpbGUi5AQKE0ZpbGVEZXNjcmlwdG9yUHJvdG8SEgoEbmFtZRgBIAEoCVIEbmFtZRIYCgdwYWNrYWdlGAIgASgJUgdwYWNrYWdlEh4KCmRlcGVuZGVuY3kYAyADKAlSCmRlcGVuZGVuY3kSKwoRcHVibGljX2RlcGVuZGVuY3kYCiADKAVSEHB1YmxpY0RlcGVuZGVuY3kSJwoPd2Vha19kZXBlbmRlbmN5GAsgAygFUg53ZWFrRGVwZW5kZW5jeRJDCgxtZXNzYWdlX3R5cGUYBCADKAsyIC5nb29nbGUucHJvdG9idWYuRGVzY3JpcHRvclByb3RvUgttZXNzYWdlVHlwZRJBCgllbnVtX3R5cGUYBSADKAsyJC5nb29nbGUucHJvdG9idWYuRW51bURlc2NyaXB0b3JQcm90b1IIZW51bVR5cGUSQQoHc2VydmljZRgGIAMoCzInLmdvb2dsZS5wcm90b2J1Zi5TZXJ2aWNlRGVzY3JpcHRvclByb3RvUgdzZXJ2aWNlEkMKCWV4dGVuc2lvbhgHIAMoCzIlLmdvb2dsZS5wcm90b2J1Zi5GaWVsZERlc2NyaXB0b3JQcm90b1IJZXh0ZW5zaW9uEjYKB29wdGlvbnMYCCABKAsyHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnNSB29wdGlvbnMSSQoQc291cmNlX2NvZGVfaW5mbxgJIAEoCzIfLmdvb2dsZS5wcm90b2J1Zi5Tb3VyY2VDb2RlSW5mb1IOc291cmNlQ29kZUluZm8SFgoGc3ludGF4GAwgASgJUgZzeW50YXgiuQYKD0Rlc2NyaXB0b3JQcm90bxISCgRuYW1lGAEgASgJUgRuYW1lEjsKBWZpZWxkGAIgAygLMiUuZ29vZ2xlLnByb3RvYnVmLkZpZWxkRGVzY3JpcHRvclByb3RvUgVmaWVsZBJDCglleHRlbnNpb24YBiADKAsyJS5nb29nbGUucHJvdG9idWYuRmllbGREZXNjcmlwdG9yUHJvdG9SCWV4dGVuc2lvbhJBCgtuZXN0ZWRfdHlwZRgDIAMoCzIgLmdvb2dsZS5wcm90b2J1Zi5EZXNjcmlwdG9yUHJvdG9SCm5lc3RlZFR5cGUSQQoJZW51bV90eXBlGAQgAygLMiQuZ29vZ2xlLnByb3RvYnVmLkVudW1EZXNjcmlwdG9yUHJvdG9SCGVudW1UeXBlElgKD2V4dGVuc2lvbl9yYW5nZRgFIAMoCzIvLmdvb2dsZS5wcm90b2J1Zi5EZXNjcmlwdG9yUHJvdG8uRXh0ZW5zaW9uUmFuZ2VSDmV4dGVuc2lvblJhbmdlEkQKCm9uZW9mX2RlY2wYCCADKAsyJS5nb29nbGUucHJvdG9idWYuT25lb2ZEZXNjcmlwdG9yUHJvdG9SCW9uZW9mRGVjbBI5CgdvcHRpb25zGAcgASgLMh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zUgdvcHRpb25zElUKDnJlc2VydmVkX3JhbmdlGAkgAygLMi4uZ29vZ2xlLnByb3RvYnVmLkRlc2NyaXB0b3JQcm90by5SZXNlcnZlZFJhbmdlUg1yZXNlcnZlZFJhbmdlEiMKDXJlc2VydmVkX25hbWUYCiADKAlSDHJlc2VydmVkTmFtZRp6Cg5FeHRlbnNpb25SYW5nZRIUCgVzdGFydBgBIAEoBVIFc3RhcnQSEAoDZW5kGAIgASgFUgNlbmQSQAoHb3B0aW9ucxgDIAEoCzImLmdvb2dsZS5wcm90b2J1Zi5FeHRlbnNpb25SYW5nZU9wdGlvbnNSB29wdGlvbnMaNwoNUmVzZXJ2ZWRSYW5nZRIUCgVzdGFydBgBIAEoBVIFc3RhcnQSEAoDZW5kGAIgASgFUgNlbmQifAoVRXh0ZW5zaW9uUmFuZ2VPcHRpb25zElgKFHVuaW50ZXJwcmV0ZWRfb3B0aW9uGOcHIAMoCzIkLmdvb2dsZS5wcm90b2J1Zi5VbmludGVycHJldGVkT3B0aW9uUhN1bmludGVycHJldGVkT3B0aW9uKgkI6AcQgICAgAIimAYKFEZpZWxkRGVzY3JpcHRvclByb3RvEhIKBG5hbWUYASABKAlSBG5hbWUSFgoGbnVtYmVyGAMgASgFUgZudW1iZXISQQoFbGFiZWwYBCABKA4yKy5nb29nbGUucHJvdG9idWYuRmllbGREZXNjcmlwdG9yUHJvdG8uTGFiZWxSBWxhYmVsEj4KBHR5cGUYBSABKA4yKi5nb29nbGUucHJvdG9idWYuRmllbGREZXNjcmlwdG9yUHJvdG8uVHlwZVIEdHlwZRIbCgl0eXBlX25hbWUYBiABKAlSCHR5cGVOYW1lEhoKCGV4dGVuZGVlGAIgASgJUghleHRlbmRlZRIjCg1kZWZhdWx0X3ZhbHVlGAcgASgJUgxkZWZhdWx0VmFsdWUSHwoLb25lb2ZfaW5kZXgYCSABKAVSCm9uZW9mSW5kZXgSGwoJanNvbl9uYW1lGAogASgJUghqc29uTmFtZRI3CgdvcHRpb25zGAggASgLMh0uZ29vZ2xlLnByb3RvYnVmLkZpZWxkT3B0aW9uc1IHb3B0aW9ucyK2AgoEVHlwZRIPCgtUWVBFX0RPVUJMRRABEg4KClRZUEVfRkxPQVQQAhIOCgpUWVBFX0lOVDY0EAMSDwoLVFlQRV9VSU5UNjQQBBIOCgpUWVBFX0lOVDMyEAUSEAoMVFlQRV9GSVhFRDY0EAYSEAoMVFlQRV9GSVhFRDMyEAcSDQoJVFlQRV9CT09MEAgSDwoLVFlQRV9TVFJJTkcQCRIOCgpUWVBFX0dST1VQEAoSEAoMVFlQRV9NRVNTQUdFEAsSDgoKVFlQRV9CWVRFUxAMEg8KC1RZUEVfVUlOVDMyEA0SDQoJVFlQRV9FTlVNEA4SEQoNVFlQRV9TRklYRUQzMhAPEhEKDVRZUEVfU0ZJWEVENjQQEBIPCgtUWVBFX1NJTlQzMhAREg8KC1RZUEVfU0lOVDY0EBIiQwoFTGFiZWwSEgoOTEFCRUxfT1BUSU9OQUwQARISCg5MQUJFTF9SRVFVSVJFRBACEhIKDkxBQkVMX1JFUEVBVEVEEAMiYwoUT25lb2ZEZXNjcmlwdG9yUHJvdG8SEgoEbmFtZRgBIAEoCVIEbmFtZRI3CgdvcHRpb25zGAIgASgLMh0uZ29vZ2xlLnByb3RvYnVmLk9uZW9mT3B0aW9uc1IHb3B0aW9ucyLjAgoTRW51bURlc2NyaXB0b3JQcm90bxISCgRuYW1lGAEgASgJUgRuYW1lEj8KBXZhbHVlGAIgAygLMikuZ29vZ2xlLnByb3RvYnVmLkVudW1WYWx1ZURlc2NyaXB0b3JQcm90b1IFdmFsdWUSNgoHb3B0aW9ucxgDIAEoCzIcLmdvb2dsZS5wcm90b2J1Zi5FbnVtT3B0aW9uc1IHb3B0aW9ucxJdCg5yZXNlcnZlZF9yYW5nZRgEIAMoCzI2Lmdvb2dsZS5wcm90b2J1Zi5FbnVtRGVzY3JpcHRvclByb3RvLkVudW1SZXNlcnZlZFJhbmdlUg1yZXNlcnZlZFJhbmdlEiMKDXJlc2VydmVkX25hbWUYBSADKAlSDHJlc2VydmVkTmFtZRo7ChFFbnVtUmVzZXJ2ZWRSYW5nZRIUCgVzdGFydBgBIAEoBVIFc3RhcnQSEAoDZW5kGAIgASgFUgNlbmQigwEKGEVudW1WYWx1ZURlc2NyaXB0b3JQcm90bxISCgRuYW1lGAEgASgJUgRuYW1lEhYKBm51bWJlchgCIAEoBVIGbnVtYmVyEjsKB29wdGlvbnMYAyABKAsyIS5nb29nbGUucHJvdG9idWYuRW51bVZhbHVlT3B0aW9uc1IHb3B0aW9ucyKnAQoWU2VydmljZURlc2NyaXB0b3JQcm90bxISCgRuYW1lGAEgASgJUgRuYW1lEj4KBm1ldGhvZBgCIAMoCzImLmdvb2dsZS5wcm90b2J1Zi5NZXRob2REZXNjcmlwdG9yUHJvdG9SBm1ldGhvZBI5CgdvcHRpb25zGAMgASgLMh8uZ29vZ2xlLnByb3RvYnVmLlNlcnZpY2VPcHRpb25zUgdvcHRpb25zIokCChVNZXRob2REZXNjcmlwdG9yUHJvdG8SEgoEbmFtZRgBIAEoCVIEbmFtZRIdCgppbnB1dF90eXBlGAIgASgJUglpbnB1dFR5cGUSHwoLb3V0cHV0X3R5cGUYAyABKAlSCm91dHB1dFR5cGUSOAoHb3B0aW9ucxgEIAEoCzIeLmdvb2dsZS5wcm90b2J1Zi5NZXRob2RPcHRpb25zUgdvcHRpb25zEjAKEGNsaWVudF9zdHJlYW1pbmcYBSABKAg6BWZhbHNlUg9jbGllbnRTdHJlYW1pbmcSMAoQc2VydmVyX3N0cmVhbWluZxgGIAEoCDoFZmFsc2VSD3NlcnZlclN0cmVhbWluZyKzCAoLRmlsZU9wdGlvbnMSIQoMamF2YV9wYWNrYWdlGAEgASgJUgtqYXZhUGFja2FnZRIwChRqYXZhX291dGVyX2NsYXNzbmFtZRgIIAEoCVISamF2YU91dGVyQ2xhc3NuYW1lEjUKE2phdmFfbXVsdGlwbGVfZmlsZXMYCiABKAg6BWZhbHNlUhFqYXZhTXVsdGlwbGVGaWxlcxJECh1qYXZhX2dlbmVyYXRlX2VxdWFsc19hbmRfaGFzaBgUIAEoCEICGAFSGWphdmFHZW5lcmF0ZUVxdWFsc0FuZEhhc2gSOgoWamF2YV9zdHJpbmdfY2hlY2tfdXRmOBgbIAEoCDoFZmFsc2VSE2phdmFTdHJpbmdDaGVja1V0ZjgSUwoMb3B0aW1pemVfZm9yGAkgASgOMikuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zLk9wdGltaXplTW9kZToFU1BFRURSC29wdGltaXplRm9yEh0KCmdvX3BhY2thZ2UYCyABKAlSCWdvUGFja2FnZRI1ChNjY19nZW5lcmljX3NlcnZpY2VzGBAgASgIOgVmYWxzZVIRY2NHZW5lcmljU2VydmljZXMSOQoVamF2YV9nZW5lcmljX3NlcnZpY2VzGBEgASgIOgVmYWxzZVITamF2YUdlbmVyaWNTZXJ2aWNlcxI1ChNweV9nZW5lcmljX3NlcnZpY2VzGBIgASgIOgVmYWxzZVIRcHlHZW5lcmljU2VydmljZXMSNwoUcGhwX2dlbmVyaWNfc2VydmljZXMYKiABKAg6BWZhbHNlUhJwaHBHZW5lcmljU2VydmljZXMSJQoKZGVwcmVjYXRlZBgXIAEoCDoFZmFsc2VSCmRlcHJlY2F0ZWQSLwoQY2NfZW5hYmxlX2FyZW5hcxgfIAEoCDoFZmFsc2VSDmNjRW5hYmxlQXJlbmFzEioKEW9iamNfY2xhc3NfcHJlZml4GCQgASgJUg9vYmpjQ2xhc3NQcmVmaXgSKQoQY3NoYXJwX25hbWVzcGFjZRglIAEoCVIPY3NoYXJwTmFtZXNwYWNlEiEKDHN3aWZ0X3ByZWZpeBgnIAEoCVILc3dpZnRQcmVmaXgSKAoQcGhwX2NsYXNzX3ByZWZpeBgoIAEoCVIOcGhwQ2xhc3NQcmVmaXgSIwoNcGhwX25hbWVzcGFjZRgpIAEoCVIMcGhwTmFtZXNwYWNlElgKFHVuaW50ZXJwcmV0ZWRfb3B0aW9uGOcHIAMoCzIkLmdvb2dsZS5wcm90b2J1Zi5VbmludGVycHJldGVkT3B0aW9uUhN1bmludGVycHJldGVkT3B0aW9uIjoKDE9wdGltaXplTW9kZRIJCgVTUEVFRBABEg0KCUNPREVfU0laRRACEhAKDExJVEVfUlVOVElNRRADKgkI6AcQgICAgAIixQIKDk1lc3NhZ2VPcHRpb25zEjwKF21lc3NhZ2Vfc2V0X3dpcmVfZm9ybWF0GAEgASgIOgVmYWxzZVIUbWVzc2FnZVNldFdpcmVGb3JtYXQSTAofbm9fc3RhbmRhcmRfZGVzY3JpcHRvcl9hY2Nlc3NvchgCIAEoCDoFZmFsc2VSHG5vU3RhbmRhcmREZXNjcmlwdG9yQWNjZXNzb3ISJQoKZGVwcmVjYXRlZBgDIAEoCDoFZmFsc2VSCmRlcHJlY2F0ZWQSGwoJbWFwX2VudHJ5GAcgASgIUghtYXBFbnRyeRJYChR1bmludGVycHJldGVkX29wdGlvbhjnByADKAsyJC5nb29nbGUucHJvdG9idWYuVW5pbnRlcnByZXRlZE9wdGlvblITdW5pbnRlcnByZXRlZE9wdGlvbioJCOgHEICAgIACItwDCgxGaWVsZE9wdGlvbnMSQQoFY3R5cGUYASABKA4yIy5nb29nbGUucHJvdG9idWYuRmllbGRPcHRpb25zLkNUeXBlOgZTVFJJTkdSBWN0eXBlEhYKBnBhY2tlZBgCIAEoCFIGcGFja2VkEkcKBmpzdHlwZRgGIAEoDjIkLmdvb2dsZS5wcm90b2J1Zi5GaWVsZE9wdGlvbnMuSlNUeXBlOglKU19OT1JNQUxSBmpzdHlwZRIZCgRsYXp5GAUgASgIOgVmYWxzZVIEbGF6eRIlCgpkZXByZWNhdGVkGAMgASgIOgVmYWxzZVIKZGVwcmVjYXRlZBIZCgR3ZWFrGAogASgIOgVmYWxzZVIEd2VhaxJYChR1bmludGVycHJldGVkX29wdGlvbhjnByADKAsyJC5nb29nbGUucHJvdG9idWYuVW5pbnRlcnByZXRlZE9wdGlvblITdW5pbnRlcnByZXRlZE9wdGlvbiIvCgVDVHlwZRIKCgZTVFJJTkcQABIICgRDT1JEEAESEAoMU1RSSU5HX1BJRUNFEAIiNQoGSlNUeXBlEg0KCUpTX05PUk1BTBAAEg0KCUpTX1NUUklORxABEg0KCUpTX05VTUJFUhACKgkI6AcQgICAgAIicwoMT25lb2ZPcHRpb25zElgKFHVuaW50ZXJwcmV0ZWRfb3B0aW9uGOcHIAMoCzIkLmdvb2dsZS5wcm90b2J1Zi5VbmludGVycHJldGVkT3B0aW9uUhN1bmludGVycHJldGVkT3B0aW9uKgkI6AcQgICAgAIiugEKC0VudW1PcHRpb25zEh8KC2FsbG93X2FsaWFzGAIgASgIUgphbGxvd0FsaWFzEiUKCmRlcHJlY2F0ZWQYAyABKAg6BWZhbHNlUgpkZXByZWNhdGVkElgKFHVuaW50ZXJwcmV0ZWRfb3B0aW9uGOcHIAMoCzIkLmdvb2dsZS5wcm90b2J1Zi5VbmludGVycHJldGVkT3B0aW9uUhN1bmludGVycHJldGVkT3B0aW9uKgkI6AcQgICAgAIingEKEEVudW1WYWx1ZU9wdGlvbnMSJQoKZGVwcmVjYXRlZBgBIAEoCDoFZmFsc2VSCmRlcHJlY2F0ZWQSWAoUdW5pbnRlcnByZXRlZF9vcHRpb24Y5wcgAygLMiQuZ29vZ2xlLnByb3RvYnVmLlVuaW50ZXJwcmV0ZWRPcHRpb25SE3VuaW50ZXJwcmV0ZWRPcHRpb24qCQjoBxCAgICAAiKcAQoOU2VydmljZU9wdGlvbnMSJQoKZGVwcmVjYXRlZBghIAEoCDoFZmFsc2VSCmRlcHJlY2F0ZWQSWAoUdW5pbnRlcnByZXRlZF9vcHRpb24Y5wcgAygLMiQuZ29vZ2xlLnByb3RvYnVmLlVuaW50ZXJwcmV0ZWRPcHRpb25SE3VuaW50ZXJwcmV0ZWRPcHRpb24qCQjoBxCAgICAAiLgAgoNTWV0aG9kT3B0aW9ucxIlCgpkZXByZWNhdGVkGCEgASgIOgVmYWxzZVIKZGVwcmVjYXRlZBJxChFpZGVtcG90ZW5jeV9sZXZlbBgiIAEoDjIvLmdvb2dsZS5wcm90b2J1Zi5NZXRob2RPcHRpb25zLklkZW1wb3RlbmN5TGV2ZWw6E0lERU1QT1RFTkNZX1VOS05PV05SEGlkZW1wb3RlbmN5TGV2ZWwSWAoUdW5pbnRlcnByZXRlZF9vcHRpb24Y5wcgAygLMiQuZ29vZ2xlLnByb3RvYnVmLlVuaW50ZXJwcmV0ZWRPcHRpb25SE3VuaW50ZXJwcmV0ZWRPcHRpb24iUAoQSWRlbXBvdGVuY3lMZXZlbBIXChNJREVNUE9URU5DWV9VTktOT1dOEAASEwoPTk9fU0lERV9FRkZFQ1RTEAESDgoKSURFTVBPVEVOVBACKgkI6AcQgICAgAIimgMKE1VuaW50ZXJwcmV0ZWRPcHRpb24SQQoEbmFtZRgCIAMoCzItLmdvb2dsZS5wcm90b2J1Zi5VbmludGVycHJldGVkT3B0aW9uLk5hbWVQYXJ0UgRuYW1lEikKEGlkZW50aWZpZXJfdmFsdWUYAyABKAlSD2lkZW50aWZpZXJWYWx1ZRIsChJwb3NpdGl2ZV9pbnRfdmFsdWUYBCABKARSEHBvc2l0aXZlSW50VmFsdWUSLAoSbmVnYXRpdmVfaW50X3ZhbHVlGAUgASgDUhBuZWdhdGl2ZUludFZhbHVlEiEKDGRvdWJsZV92YWx1ZRgGIAEoAVILZG91YmxlVmFsdWUSIQoMc3RyaW5nX3ZhbHVlGAcgASgMUgtzdHJpbmdWYWx1ZRInCg9hZ2dyZWdhdGVfdmFsdWUYCCABKAlSDmFnZ3JlZ2F0ZVZhbHVlGkoKCE5hbWVQYXJ0EhsKCW5hbWVfcGFydBgBIAIoCVIIbmFtZVBhcnQSIQoMaXNfZXh0ZW5zaW9uGAIgAigIUgtpc0V4dGVuc2lvbiKnAgoOU291cmNlQ29kZUluZm8SRAoIbG9jYXRpb24YASADKAsyKC5nb29nbGUucHJvdG9idWYuU291cmNlQ29kZUluZm8uTG9jYXRpb25SCGxvY2F0aW9uGs4BCghMb2NhdGlvbhIWCgRwYXRoGAEgAygFQgIQAVIEcGF0aBIWCgRzcGFuGAIgAygFQgIQAVIEc3BhbhIpChBsZWFkaW5nX2NvbW1lbnRzGAMgASgJUg9sZWFkaW5nQ29tbWVudHMSKwoRdHJhaWxpbmdfY29tbWVudHMYBCABKAlSEHRyYWlsaW5nQ29tbWVudHMSOgoZbGVhZGluZ19kZXRhY2hlZF9jb21tZW50cxgGIAMoCVIXbGVhZGluZ0RldGFjaGVkQ29tbWVudHMi0QEKEUdlbmVyYXRlZENvZGVJbmZvEk0KCmFubm90YXRpb24YASADKAsyLS5nb29nbGUucHJvdG9idWYuR2VuZXJhdGVkQ29kZUluZm8uQW5ub3RhdGlvblIKYW5ub3RhdGlvbhptCgpBbm5vdGF0aW9uEhYKBHBhdGgYASADKAVCAhABUgRwYXRoEh8KC3NvdXJjZV9maWxlGAIgASgJUgpzb3VyY2VGaWxlEhQKBWJlZ2luGAMgASgFUgViZWdpbhIQCgNlbmQYBCABKAVSA2VuZEJbChNjb20uZ29vZ2xlLnByb3RvYnVmQhBEZXNjcmlwdG9yUHJvdG9zSAFaCmRlc2NyaXB0b3L4AQGiAgNHUEKqAhpHb29nbGUuUHJvdG9idWYuUmVmbGVjdGlvbkrNvQIKBxIFJwDlBgEKqg8KAQwSAycAEjLBDCBQcm90b2NvbCBCdWZmZXJzIC0gR29vZ2xlJ3MgZGF0YSBpbnRlcmNoYW5nZSBmb3JtYXQKIENvcHlyaWdodCAyMDA4IEdvb2dsZSBJbmMuICBBbGwgcmlnaHRzIHJlc2VydmVkLgogaHR0cHM6Ly9kZXZlbG9wZXJzLmdvb2dsZS5jb20vcHJvdG9jb2wtYnVmZmVycy8KCiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKIG1vZGlmaWNhdGlvbiwgYXJlIHBlcm1pdHRlZCBwcm92aWRlZCB0aGF0IHRoZSBmb2xsb3dpbmcgY29uZGl0aW9ucyBhcmUKIG1ldDoKCiAgICAgKiBSZWRpc3RyaWJ1dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodAogbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyLgogICAgICogUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3JtIG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZQogY29weXJpZ2h0IG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lcgogaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogZGlzdHJpYnV0aW9uLgogICAgICogTmVpdGhlciB0aGUgbmFtZSBvZiBHb29nbGUgSW5jLiBub3IgdGhlIG5hbWVzIG9mIGl0cwogY29udHJpYnV0b3JzIG1heSBiZSB1c2VkIHRvIGVuZG9yc2Ugb3IgcHJvbW90ZSBwcm9kdWN0cyBkZXJpdmVkIGZyb20KIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgogVEhJUyBTT0ZUV0FSRSBJUyBQUk9WSURFRCBCWSBUSEUgQ09QWVJJR0hUIEhPTERFUlMgQU5EIENPTlRSSUJVVE9SUwogIkFTIElTIiBBTkQgQU5ZIEVYUFJFU1MgT1IgSU1QTElFRCBXQVJSQU5USUVTLCBJTkNMVURJTkcsIEJVVCBOT1QKIExJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgogQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBDT1BZUklHSFQKIE9XTkVSIE9SIENPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLAogU1BFQ0lBTCwgRVhFTVBMQVJZLCBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xVRElORywgQlVUIE5PVAogTElNSVRFRCBUTywgUFJPQ1VSRU1FTlQgT0YgU1VCU1RJVFVURSBHT09EUyBPUiBTRVJWSUNFUzsgTE9TUyBPRiBVU0UsCiBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkKIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09OVFJBQ1QsIFNUUklDVCBMSUFCSUxJVFksIE9SIFRPUlQKIChJTkNMVURJTkcgTkVHTElHRU5DRSBPUiBPVEhFUldJU0UpIEFSSVNJTkcgSU4gQU5ZIFdBWSBPVVQgT0YgVEhFIFVTRQogT0YgVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4KMtsCIEF1dGhvcjoga2VudG9uQGdvb2dsZS5jb20gKEtlbnRvbiBWYXJkYSkKICBCYXNlZCBvbiBvcmlnaW5hbCBQcm90b2NvbCBCdWZmZXJzIGRlc2lnbiBieQogIFNhbmpheSBHaGVtYXdhdCwgSmVmZiBEZWFuLCBhbmQgb3RoZXJzLgoKIFRoZSBtZXNzYWdlcyBpbiB0aGlzIGZpbGUgZGVzY3JpYmUgdGhlIGRlZmluaXRpb25zIGZvdW5kIGluIC5wcm90byBmaWxlcy4KIEEgdmFsaWQgLnByb3RvIGZpbGUgY2FuIGJlIHRyYW5zbGF0ZWQgZGlyZWN0bHkgdG8gYSBGaWxlRGVzY3JpcHRvclByb3RvCiB3aXRob3V0IGFueSBvdGhlciBpbmZvcm1hdGlvbiAoZS5nLiB3aXRob3V0IHJlYWRpbmcgaXRzIGltcG9ydHMpLgoKCAoBAhIDKQgXCggKAQgSAyoAIQoLCgQI5wcAEgMqACEKDAoFCOcHAAISAyoHEQoNCgYI5wcAAgASAyoHEQoOCgcI5wcAAgABEgMqBxEKDAoFCOcHAAcSAyoUIAoICgEIEgMrACwKCwoECOcHARIDKwAsCgwKBQjnBwECEgMrBxMKDQoGCOcHAQIAEgMrBxMKDgoHCOcHAQIAARIDKwcTCgwKBQjnBwEHEgMrFisKCAoBCBIDLAAxCgsKBAjnBwISAywAMQoMCgUI5wcCAhIDLAcbCg0KBgjnBwICABIDLAcbCg4KBwjnBwICAAESAywHGwoMCgUI5wcCBxIDLB4wCggKAQgSAy0ANwoLCgQI5wcDEgMtADcKDAoFCOcHAwISAy0HFwoNCgYI5wcDAgASAy0HFwoOCgcI5wcDAgABEgMtBxcKDAoFCOcHAwcSAy0aNgoICgEIEgMuACEKCwoECOcHBBIDLgAhCgwKBQjnBwQCEgMuBxgKDQoGCOcHBAIAEgMuBxgKDgoHCOcHBAIAARIDLgcYCgwKBQjnBwQHEgMuGyAKCAoBCBIDLwAfCgsKBAjnBwUSAy8AHwoMCgUI5wcFAhIDLwcXCg0KBgjnBwUCABIDLwcXCg4KBwjnBwUCAAESAy8HFwoMCgUI5wcFAxIDLxoeCggKAQgSAzMAHAqBAQoECOcHBhIDMwAcGnQgZGVzY3JpcHRvci5wcm90byBtdXN0IGJlIG9wdGltaXplZCBmb3Igc3BlZWQgYmVjYXVzZSByZWZsZWN0aW9uLWJhc2VkCiBhbGdvcml0aG1zIGRvbid0IHdvcmsgZHVyaW5nIGJvb3RzdHJhcHBpbmcuCgoMCgUI5wcGAhIDMwcTCg0KBgjnBwYCABIDMwcTCg4KBwjnBwYCAAESAzMHEwoMCgUI5wcGAxIDMxYbCmoKAgQAEgQ3ADkBGl4gVGhlIHByb3RvY29sIGNvbXBpbGVyIGNhbiBvdXRwdXQgYSBGaWxlRGVzY3JpcHRvclNldCBjb250YWluaW5nIHRoZSAucHJvdG8KIGZpbGVzIGl0IHBhcnNlcy4KCgoKAwQAARIDNwgZCgsKBAQAAgASAzgCKAoMCgUEAAIABBIDOAIKCgwKBQQAAgAGEgM4Cx4KDAoFBAACAAESAzgfIwoMCgUEAAIAAxIDOCYnCi8KAgQBEgQ8AFkBGiMgRGVzY3JpYmVzIGEgY29tcGxldGUgLnByb3RvIGZpbGUuCgoKCgMEAQESAzwIGwo5CgQEAQIAEgM9AhsiLCBmaWxlIG5hbWUsIHJlbGF0aXZlIHRvIHJvb3Qgb2Ygc291cmNlIHRyZWUKCgwKBQQBAgAEEgM9AgoKDAoFBAECAAUSAz0LEQoMCgUEAQIAARIDPRIWCgwKBQQBAgADEgM9GRoKKgoEBAECARIDPgIeIh0gZS5nLiAiZm9vIiwgImZvby5iYXIiLCBldGMuCgoMCgUEAQIBBBIDPgIKCgwKBQQBAgEFEgM+CxEKDAoFBAECAQESAz4SGQoMCgUEAQIBAxIDPhwdCjQKBAQBAgISA0ECIRonIE5hbWVzIG9mIGZpbGVzIGltcG9ydGVkIGJ5IHRoaXMgZmlsZS4KCgwKBQQBAgIEEgNBAgoKDAoFBAECAgUSA0ELEQoMCgUEAQICARIDQRIcCgwKBQQBAgIDEgNBHyAKUQoEBAECAxIDQwIoGkQgSW5kZXhlcyBvZiB0aGUgcHVibGljIGltcG9ydGVkIGZpbGVzIGluIHRoZSBkZXBlbmRlbmN5IGxpc3QgYWJvdmUuCgoMCgUEAQIDBBIDQwIKCgwKBQQBAgMFEgNDCxAKDAoFBAECAwESA0MRIgoMCgUEAQIDAxIDQyUnCnoKBAQBAgQSA0YCJhptIEluZGV4ZXMgb2YgdGhlIHdlYWsgaW1wb3J0ZWQgZmlsZXMgaW4gdGhlIGRlcGVuZGVuY3kgbGlzdC4KIEZvciBHb29nbGUtaW50ZXJuYWwgbWlncmF0aW9uIG9ubHkuIERvIG5vdCB1c2UuCgoMCgUEAQIEBBIDRgIKCgwKBQQBAgQFEgNGCxAKDAoFBAECBAESA0YRIAoMCgUEAQIEAxIDRiMlCjYKBAQBAgUSA0kCLBopIEFsbCB0b3AtbGV2ZWwgZGVmaW5pdGlvbnMgaW4gdGhpcyBmaWxlLgoKDAoFBAECBQQSA0kCCgoMCgUEAQIFBhIDSQsaCgwKBQQBAgUBEgNJGycKDAoFBAECBQMSA0kqKwoLCgQEAQIGEgNKAi0KDAoFBAECBgQSA0oCCgoMCgUEAQIGBhIDSgseCgwKBQQBAgYBEgNKHygKDAoFBAECBgMSA0orLAoLCgQEAQIHEgNLAi4KDAoFBAECBwQSA0sCCgoMCgUEAQIHBhIDSwshCgwKBQQBAgcBEgNLIikKDAoFBAECBwMSA0ssLQoLCgQEAQIIEgNMAi4KDAoFBAECCAQSA0wCCgoMCgUEAQIIBhIDTAsfCgwKBQQBAggBEgNMICkKDAoFBAECCAMSA0wsLQoLCgQEAQIJEgNOAiMKDAoFBAECCQQSA04CCgoMCgUEAQIJBhIDTgsWCgwKBQQBAgkBEgNOFx4KDAoFBAECCQMSA04hIgr0AQoEBAECChIDVAIvGuYBIFRoaXMgZmllbGQgY29udGFpbnMgb3B0aW9uYWwgaW5mb3JtYXRpb24gYWJvdXQgdGhlIG9yaWdpbmFsIHNvdXJjZSBjb2RlLgogWW91IG1heSBzYWZlbHkgcmVtb3ZlIHRoaXMgZW50aXJlIGZpZWxkIHdpdGhvdXQgaGFybWluZyBydW50aW1lCiBmdW5jdGlvbmFsaXR5IG9mIHRoZSBkZXNjcmlwdG9ycyAtLSB0aGUgaW5mb3JtYXRpb24gaXMgbmVlZGVkIG9ubHkgYnkKIGRldmVsb3BtZW50IHRvb2xzLgoKDAoFBAECCgQSA1QCCgoMCgUEAQIKBhIDVAsZCgwKBQQBAgoBEgNUGioKDAoFBAECCgMSA1QtLgpdCgQEAQILEgNYAh4aUCBUaGUgc3ludGF4IG9mIHRoZSBwcm90byBmaWxlLgogVGhlIHN1cHBvcnRlZCB2YWx1ZXMgYXJlICJwcm90bzIiIGFuZCAicHJvdG8zIi4KCgwKBQQBAgsEEgNYAgoKDAoFBAECCwUSA1gLEQoMCgUEAQILARIDWBIYCgwKBQQBAgsDEgNYGx0KJwoCBAISBFwAfAEaGyBEZXNjcmliZXMgYSBtZXNzYWdlIHR5cGUuCgoKCgMEAgESA1wIFwoLCgQEAgIAEgNdAhsKDAoFBAICAAQSA10CCgoMCgUEAgIABRIDXQsRCgwKBQQCAgABEgNdEhYKDAoFBAICAAMSA10ZGgoLCgQEAgIBEgNfAioKDAoFBAICAQQSA18CCgoMCgUEAgIBBhIDXwsfCgwKBQQCAgEBEgNfICUKDAoFBAICAQMSA18oKQoLCgQEAgICEgNgAi4KDAoFBAICAgQSA2ACCgoMCgUEAgICBhIDYAsfCgwKBQQCAgIBEgNgICkKDAoFBAICAgMSA2AsLQoLCgQEAgIDEgNiAisKDAoFBAICAwQSA2ICCgoMCgUEAgIDBhIDYgsaCgwKBQQCAgMBEgNiGyYKDAoFBAICAwMSA2IpKgoLCgQEAgIEEgNjAi0KDAoFBAICBAQSA2MCCgoMCgUEAgIEBhIDYwseCgwKBQQCAgQBEgNjHygKDAoFBAICBAMSA2MrLAoMCgQEAgMAEgRlAmoDCgwKBQQCAwABEgNlChgKDQoGBAIDAAIAEgNmBB0KDgoHBAIDAAIABBIDZgQMCg4KBwQCAwACAAUSA2YNEgoOCgcEAgMAAgABEgNmExgKDgoHBAIDAAIAAxIDZhscCg0KBgQCAwACARIDZwQbCg4KBwQCAwACAQQSA2cEDAoOCgcEAgMAAgEFEgNnDRIKDgoHBAIDAAIBARIDZxMWCg4KBwQCAwACAQMSA2cZGgoNCgYEAgMAAgISA2kELwoOCgcEAgMAAgIEEgNpBAwKDgoHBAIDAAICBhIDaQ0iCg4KBwQCAwACAgESA2kjKgoOCgcEAgMAAgIDEgNpLS4KCwoEBAICBRIDawIuCgwKBQQCAgUEEgNrAgoKDAoFBAICBQYSA2sLGQoMCgUEAgIFARIDaxopCgwKBQQCAgUDEgNrLC0KCwoEBAICBhIDbQIvCgwKBQQCAgYEEgNtAgoKDAoFBAICBgYSA20LHwoMCgUEAgIGARIDbSAqCgwKBQQCAgYDEgNtLS4KCwoEBAICBxIDbwImCgwKBQQCAgcEEgNvAgoKDAoFBAICBwYSA28LGQoMCgUEAgIHARIDbxohCgwKBQQCAgcDEgNvJCUKqgEKBAQCAwESBHQCdwMamwEgUmFuZ2Ugb2YgcmVzZXJ2ZWQgdGFnIG51bWJlcnMuIFJlc2VydmVkIHRhZyBudW1iZXJzIG1heSBub3QgYmUgdXNlZCBieQogZmllbGRzIG9yIGV4dGVuc2lvbiByYW5nZXMgaW4gdGhlIHNhbWUgbWVzc2FnZS4gUmVzZXJ2ZWQgcmFuZ2VzIG1heQogbm90IG92ZXJsYXAuCgoMCgUEAgMBARIDdAoXChsKBgQCAwECABIDdQQdIgwgSW5jbHVzaXZlLgoKDgoHBAIDAQIABBIDdQQMCg4KBwQCAwECAAUSA3UNEgoOCgcEAgMBAgABEgN1ExgKDgoHBAIDAQIAAxIDdRscChsKBgQCAwECARIDdgQbIgwgRXhjbHVzaXZlLgoKDgoHBAIDAQIBBBIDdgQMCg4KBwQCAwECAQUSA3YNEgoOCgcEAgMBAgEBEgN2ExYKDgoHBAIDAQIBAxIDdhkaCgsKBAQCAggSA3gCLAoMCgUEAgIIBBIDeAIKCgwKBQQCAggGEgN4CxgKDAoFBAICCAESA3gZJwoMCgUEAgIIAxIDeCorCoIBCgQEAgIJEgN7AiUadSBSZXNlcnZlZCBmaWVsZCBuYW1lcywgd2hpY2ggbWF5IG5vdCBiZSB1c2VkIGJ5IGZpZWxkcyBpbiB0aGUgc2FtZSBtZXNzYWdlLgogQSBnaXZlbiBuYW1lIG1heSBvbmx5IGJlIHJlc2VydmVkIG9uY2UuCgoMCgUEAgIJBBIDewIKCgwKBQQCAgkFEgN7CxEKDAoFBAICCQESA3sSHwoMCgUEAgIJAxIDeyIkCgsKAgQDEgV+AIQBAQoKCgMEAwESA34IHQpPCgQEAwIAEgSAAQI6GkEgVGhlIHBhcnNlciBzdG9yZXMgb3B0aW9ucyBpdCBkb2Vzbid0IHJlY29nbml6ZSBoZXJlLiBTZWUgYWJvdmUuCgoNCgUEAwIABBIEgAECCgoNCgUEAwIABhIEgAELHgoNCgUEAwIAARIEgAEfMwoNCgUEAwIAAxIEgAE2OQpaCgMEAwUSBIMBAhkaTSBDbGllbnRzIGNhbiBkZWZpbmUgY3VzdG9tIG9wdGlvbnMgaW4gZXh0ZW5zaW9ucyBvZiB0aGlzIG1lc3NhZ2UuIFNlZSBhYm92ZS4KCgwKBAQDBQASBIMBDRgKDQoFBAMFAAESBIMBDREKDQoFBAMFAAISBIMBFRgKMwoCBAQSBocBANUBARolIERlc2NyaWJlcyBhIGZpZWxkIHdpdGhpbiBhIG1lc3NhZ2UuCgoLCgMEBAESBIcBCBwKDgoEBAQEABIGiAECpwEDCg0KBQQEBAABEgSIAQcLClMKBgQEBAACABIEiwEEHBpDIDAgaXMgcmVzZXJ2ZWQgZm9yIGVycm9ycy4KIE9yZGVyIGlzIHdlaXJkIGZvciBoaXN0b3JpY2FsIHJlYXNvbnMuCgoPCgcEBAQAAgABEgSLAQQPCg8KBwQEBAACAAISBIsBGhsKDgoGBAQEAAIBEgSMAQQcCg8KBwQEBAACAQESBIwBBA4KDwoHBAQEAAIBAhIEjAEaGwp3CgYEBAQAAgISBI8BBBwaZyBOb3QgWmlnWmFnIGVuY29kZWQuICBOZWdhdGl2ZSBudW1iZXJzIHRha2UgMTAgYnl0ZXMuICBVc2UgVFlQRV9TSU5UNjQgaWYKIG5lZ2F0aXZlIHZhbHVlcyBhcmUgbGlrZWx5LgoKDwoHBAQEAAICARIEjwEEDgoPCgcEBAQAAgICEgSPARobCg4KBgQEBAACAxIEkAEEHAoPCgcEBAQAAgMBEgSQAQQPCg8KBwQEBAACAwISBJABGhsKdwoGBAQEAAIEEgSTAQQcGmcgTm90IFppZ1phZyBlbmNvZGVkLiAgTmVnYXRpdmUgbnVtYmVycyB0YWtlIDEwIGJ5dGVzLiAgVXNlIFRZUEVfU0lOVDMyIGlmCiBuZWdhdGl2ZSB2YWx1ZXMgYXJlIGxpa2VseS4KCg8KBwQEBAACBAESBJMBBA4KDwoHBAQEAAIEAhIEkwEaGwoOCgYEBAQAAgUSBJQBBBwKDwoHBAQEAAIFARIElAEEEAoPCgcEBAQAAgUCEgSUARobCg4KBgQEBAACBhIElQEEHAoPCgcEBAQAAgYBEgSVAQQQCg8KBwQEBAACBgISBJUBGhsKDgoGBAQEAAIHEgSWAQQcCg8KBwQEBAACBwESBJYBBA0KDwoHBAQEAAIHAhIElgEaGwoOCgYEBAQAAggSBJcBBBwKDwoHBAQEAAIIARIElwEEDwoPCgcEBAQAAggCEgSXARobCuIBCgYEBAQAAgkSBJwBBB0a0QEgVGFnLWRlbGltaXRlZCBhZ2dyZWdhdGUuCiBHcm91cCB0eXBlIGlzIGRlcHJlY2F0ZWQgYW5kIG5vdCBzdXBwb3J0ZWQgaW4gcHJvdG8zLiBIb3dldmVyLCBQcm90bzMKIGltcGxlbWVudGF0aW9ucyBzaG91bGQgc3RpbGwgYmUgYWJsZSB0byBwYXJzZSB0aGUgZ3JvdXAgd2lyZSBmb3JtYXQgYW5kCiB0cmVhdCBncm91cCBmaWVsZHMgYXMgdW5rbm93biBmaWVsZHMuCgoPCgcEBAQAAgkBEgScAQQOCg8KBwQEBAACCQISBJwBGhwKLQoGBAQEAAIKEgSdAQQdIh0gTGVuZ3RoLWRlbGltaXRlZCBhZ2dyZWdhdGUuCgoPCgcEBAQAAgoBEgSdAQQQCg8KBwQEBAACCgISBJ0BGhwKIwoGBAQEAAILEgSgAQQdGhMgTmV3IGluIHZlcnNpb24gMi4KCg8KBwQEBAACCwESBKABBA4KDwoHBAQEAAILAhIEoAEaHAoOCgYEBAQAAgwSBKEBBB0KDwoHBAQEAAIMARIEoQEEDwoPCgcEBAQAAgwCEgShARocCg4KBgQEBAACDRIEogEEHQoPCgcEBAQAAg0BEgSiAQQNCg8KBwQEBAACDQISBKIBGhwKDgoGBAQEAAIOEgSjAQQdCg8KBwQEBAACDgESBKMBBBEKDwoHBAQEAAIOAhIEowEaHAoOCgYEBAQAAg8SBKQBBB0KDwoHBAQEAAIPARIEpAEEEQoPCgcEBAQAAg8CEgSkARocCicKBgQEBAACEBIEpQEEHSIXIFVzZXMgWmlnWmFnIGVuY29kaW5nLgoKDwoHBAQEAAIQARIEpQEEDwoPCgcEBAQAAhACEgSlARocCicKBgQEBAACERIEpgEEHSIXIFVzZXMgWmlnWmFnIGVuY29kaW5nLgoKDwoHBAQEAAIRARIEpgEEDwoPCgcEBAQAAhECEgSmARocCg4KBAQEBAESBqkBAq4BAwoNCgUEBAQBARIEqQEHDAoqCgYEBAQBAgASBKsBBBwaGiAwIGlzIHJlc2VydmVkIGZvciBlcnJvcnMKCg8KBwQEBAECAAESBKsBBBIKDwoHBAQEAQIAAhIEqwEaGwoOCgYEBAQBAgESBKwBBBwKDwoHBAQEAQIBARIErAEEEgoPCgcEBAQBAgECEgSsARobCg4KBgQEBAECAhIErQEEHAoPCgcEBAQBAgIBEgStAQQSCg8KBwQEBAECAgISBK0BGhsKDAoEBAQCABIEsAECGwoNCgUEBAIABBIEsAECCgoNCgUEBAIABRIEsAELEQoNCgUEBAIAARIEsAESFgoNCgUEBAIAAxIEsAEZGgoMCgQEBAIBEgSxAQIcCg0KBQQEAgEEEgSxAQIKCg0KBQQEAgEFEgSxAQsQCg0KBQQEAgEBEgSxAREXCg0KBQQEAgEDEgSxARobCgwKBAQEAgISBLIBAhsKDQoFBAQCAgQSBLIBAgoKDQoFBAQCAgYSBLIBCxAKDQoFBAQCAgESBLIBERYKDQoFBAQCAgMSBLIBGRoKnAEKBAQEAgMSBLYBAhkajQEgSWYgdHlwZV9uYW1lIGlzIHNldCwgdGhpcyBuZWVkIG5vdCBiZSBzZXQuICBJZiBib3RoIHRoaXMgYW5kIHR5cGVfbmFtZQogYXJlIHNldCwgdGhpcyBtdXN0IGJlIG9uZSBvZiBUWVBFX0VOVU0sIFRZUEVfTUVTU0FHRSBvciBUWVBFX0dST1VQLgoKDQoFBAQCAwQSBLYBAgoKDQoFBAQCAwYSBLYBCw8KDQoFBAQCAwESBLYBEBQKDQoFBAQCAwMSBLYBFxgKtwIKBAQEAgQSBL0BAiAaqAIgRm9yIG1lc3NhZ2UgYW5kIGVudW0gdHlwZXMsIHRoaXMgaXMgdGhlIG5hbWUgb2YgdGhlIHR5cGUuICBJZiB0aGUgbmFtZQogc3RhcnRzIHdpdGggYSAnLicsIGl0IGlzIGZ1bGx5LXF1YWxpZmllZC4gIE90aGVyd2lzZSwgQysrLWxpa2Ugc2NvcGluZwogcnVsZXMgYXJlIHVzZWQgdG8gZmluZCB0aGUgdHlwZSAoaS5lLiBmaXJzdCB0aGUgbmVzdGVkIHR5cGVzIHdpdGhpbiB0aGlzCiBtZXNzYWdlIGFyZSBzZWFyY2hlZCwgdGhlbiB3aXRoaW4gdGhlIHBhcmVudCwgb24gdXAgdG8gdGhlIHJvb3QKIG5hbWVzcGFjZSkuCgoNCgUEBAIEBBIEvQECCgoNCgUEBAIEBRIEvQELEQoNCgUEBAIEARIEvQESGwoNCgUEBAIEAxIEvQEeHwp+CgQEBAIFEgTBAQIfGnAgRm9yIGV4dGVuc2lvbnMsIHRoaXMgaXMgdGhlIG5hbWUgb2YgdGhlIHR5cGUgYmVpbmcgZXh0ZW5kZWQuICBJdCBpcwogcmVzb2x2ZWQgaW4gdGhlIHNhbWUgbWFubmVyIGFzIHR5cGVfbmFtZS4KCg0KBQQEAgUEEgTBAQIKCg0KBQQEAgUFEgTBAQsRCg0KBQQEAgUBEgTBARIaCg0KBQQEAgUDEgTBAR0eCrECCgQEBAIGEgTIAQIkGqICIEZvciBudW1lcmljIHR5cGVzLCBjb250YWlucyB0aGUgb3JpZ2luYWwgdGV4dCByZXByZXNlbnRhdGlvbiBvZiB0aGUgdmFsdWUuCiBGb3IgYm9vbGVhbnMsICJ0cnVlIiBvciAiZmFsc2UiLgogRm9yIHN0cmluZ3MsIGNvbnRhaW5zIHRoZSBkZWZhdWx0IHRleHQgY29udGVudHMgKG5vdCBlc2NhcGVkIGluIGFueSB3YXkpLgogRm9yIGJ5dGVzLCBjb250YWlucyB0aGUgQyBlc2NhcGVkIHZhbHVlLiAgQWxsIGJ5dGVzID49IDEyOCBhcmUgZXNjYXBlZC4KIFRPRE8oa2VudG9uKTogIEJhc2UtNjQgZW5jb2RlPwoKDQoFBAQCBgQSBMgBAgoKDQoFBAQCBgUSBMgBCxEKDQoFBAQCBgESBMgBEh8KDQoFBAQCBgMSBMgBIiMKhAEKBAQEAgcSBMwBAiEadiBJZiBzZXQsIGdpdmVzIHRoZSBpbmRleCBvZiBhIG9uZW9mIGluIHRoZSBjb250YWluaW5nIHR5cGUncyBvbmVvZl9kZWNsCiBsaXN0LiAgVGhpcyBmaWVsZCBpcyBhIG1lbWJlciBvZiB0aGF0IG9uZW9mLgoKDQoFBAQCBwQSBMwBAgoKDQoFBAQCBwUSBMwBCxAKDQoFBAQCBwESBMwBERwKDQoFBAQCBwMSBMwBHyAK+gEKBAQEAggSBNIBAiEa6wEgSlNPTiBuYW1lIG9mIHRoaXMgZmllbGQuIFRoZSB2YWx1ZSBpcyBzZXQgYnkgcHJvdG9jb2wgY29tcGlsZXIuIElmIHRoZQogdXNlciBoYXMgc2V0IGEgImpzb25fbmFtZSIgb3B0aW9uIG9uIHRoaXMgZmllbGQsIHRoYXQgb3B0aW9uJ3MgdmFsdWUKIHdpbGwgYmUgdXNlZC4gT3RoZXJ3aXNlLCBpdCdzIGRlZHVjZWQgZnJvbSB0aGUgZmllbGQncyBuYW1lIGJ5IGNvbnZlcnRpbmcKIGl0IHRvIGNhbWVsQ2FzZS4KCg0KBQQEAggEEgTSAQIKCg0KBQQEAggFEgTSAQsRCg0KBQQEAggBEgTSARIbCg0KBQQEAggDEgTSAR4gCgwKBAQEAgkSBNQBAiQKDQoFBAQCCQQSBNQBAgoKDQoFBAQCCQYSBNQBCxcKDQoFBAQCCQESBNQBGB8KDQoFBAQCCQMSBNQBIiMKIgoCBAUSBtgBANsBARoUIERlc2NyaWJlcyBhIG9uZW9mLgoKCwoDBAUBEgTYAQgcCgwKBAQFAgASBNkBAhsKDQoFBAUCAAQSBNkBAgoKDQoFBAUCAAUSBNkBCxEKDQoFBAUCAAESBNkBEhYKDQoFBAUCAAMSBNkBGRoKDAoEBAUCARIE2gECJAoNCgUEBQIBBBIE2gECCgoNCgUEBQIBBhIE2gELFwoNCgUEBQIBARIE2gEYHwoNCgUEBQIBAxIE2gEiIwonCgIEBhIG3gEA+AEBGhkgRGVzY3JpYmVzIGFuIGVudW0gdHlwZS4KCgsKAwQGARIE3gEIGwoMCgQEBgIAEgTfAQIbCg0KBQQGAgAEEgTfAQIKCg0KBQQGAgAFEgTfAQsRCg0KBQQGAgABEgTfARIWCg0KBQQGAgADEgTfARkaCgwKBAQGAgESBOEBAi4KDQoFBAYCAQQSBOEBAgoKDQoFBAYCAQYSBOEBCyMKDQoFBAYCAQESBOEBJCkKDQoFBAYCAQMSBOEBLC0KDAoEBAYCAhIE4wECIwoNCgUEBgICBBIE4wECCgoNCgUEBgICBhIE4wELFgoNCgUEBgICARIE4wEXHgoNCgUEBgICAxIE4wEhIgqvAgoEBAYDABIG6wEC7gEDGp4CIFJhbmdlIG9mIHJlc2VydmVkIG51bWVyaWMgdmFsdWVzLiBSZXNlcnZlZCB2YWx1ZXMgbWF5IG5vdCBiZSB1c2VkIGJ5CiBlbnRyaWVzIGluIHRoZSBzYW1lIGVudW0uIFJlc2VydmVkIHJhbmdlcyBtYXkgbm90IG92ZXJsYXAuCgogTm90ZSB0aGF0IHRoaXMgaXMgZGlzdGluY3QgZnJvbSBEZXNjcmlwdG9yUHJvdG8uUmVzZXJ2ZWRSYW5nZSBpbiB0aGF0IGl0CiBpcyBpbmNsdXNpdmUgc3VjaCB0aGF0IGl0IGNhbiBhcHByb3ByaWF0ZWx5IHJlcHJlc2VudCB0aGUgZW50aXJlIGludDMyCiBkb21haW4uCgoNCgUEBgMAARIE6wEKGwocCgYEBgMAAgASBOwBBB0iDCBJbmNsdXNpdmUuCgoPCgcEBgMAAgAEEgTsAQQMCg8KBwQGAwACAAUSBOwBDRIKDwoHBAYDAAIAARIE7AETGAoPCgcEBgMAAgADEgTsARscChwKBgQGAwACARIE7QEEGyIMIEluY2x1c2l2ZS4KCg8KBwQGAwACAQQSBO0BBAwKDwoHBAYDAAIBBRIE7QENEgoPCgcEBgMAAgEBEgTtARMWCg8KBwQGAwACAQMSBO0BGRoKqgEKBAQGAgMSBPMBAjAamwEgUmFuZ2Ugb2YgcmVzZXJ2ZWQgbnVtZXJpYyB2YWx1ZXMuIFJlc2VydmVkIG51bWVyaWMgdmFsdWVzIG1heSBub3QgYmUgdXNlZAogYnkgZW51bSB2YWx1ZXMgaW4gdGhlIHNhbWUgZW51bSBkZWNsYXJhdGlvbi4gUmVzZXJ2ZWQgcmFuZ2VzIG1heSBub3QKIG92ZXJsYXAuCgoNCgUEBgIDBBIE8wECCgoNCgUEBgIDBhIE8wELHAoNCgUEBgIDARIE8wEdKwoNCgUEBgIDAxIE8wEuLwpsCgQEBgIEEgT3AQIkGl4gUmVzZXJ2ZWQgZW51bSB2YWx1ZSBuYW1lcywgd2hpY2ggbWF5IG5vdCBiZSByZXVzZWQuIEEgZ2l2ZW4gbmFtZSBtYXkgb25seQogYmUgcmVzZXJ2ZWQgb25jZS4KCg0KBQQGAgQEEgT3AQIKCg0KBQQGAgQFEgT3AQsRCg0KBQQGAgQBEgT3ARIfCg0KBQQGAgQDEgT3ASIjCjEKAgQHEgb7AQCAAgEaIyBEZXNjcmliZXMgYSB2YWx1ZSB3aXRoaW4gYW4gZW51bS4KCgsKAwQHARIE+wEIIAoMCgQEBwIAEgT8AQIbCg0KBQQHAgAEEgT8AQIKCg0KBQQHAgAFEgT8AQsRCg0KBQQHAgABEgT8ARIWCg0KBQQHAgADEgT8ARkaCgwKBAQHAgESBP0BAhwKDQoFBAcCAQQSBP0BAgoKDQoFBAcCAQUSBP0BCxAKDQoFBAcCAQESBP0BERcKDQoFBAcCAQMSBP0BGhsKDAoEBAcCAhIE/wECKAoNCgUEBwICBBIE/wECCgoNCgUEBwICBhIE/wELGwoNCgUEBwICARIE/wEcIwoNCgUEBwICAxIE/wEmJwokCgIECBIGgwIAiAIBGhYgRGVzY3JpYmVzIGEgc2VydmljZS4KCgsKAwQIARIEgwIIHgoMCgQECAIAEgSEAgIbCg0KBQQIAgAEEgSEAgIKCg0KBQQIAgAFEgSEAgsRCg0KBQQIAgABEgSEAhIWCg0KBQQIAgADEgSEAhkaCgwKBAQIAgESBIUCAiwKDQoFBAgCAQQSBIUCAgoKDQoFBAgCAQYSBIUCCyAKDQoFBAgCAQESBIUCIScKDQoFBAgCAQMSBIUCKisKDAoEBAgCAhIEhwICJgoNCgUECAICBBIEhwICCgoNCgUECAICBhIEhwILGQoNCgUECAICARIEhwIaIQoNCgUECAICAxIEhwIkJQowCgIECRIGiwIAmQIBGiIgRGVzY3JpYmVzIGEgbWV0aG9kIG9mIGEgc2VydmljZS4KCgsKAwQJARIEiwIIHQoMCgQECQIAEgSMAgIbCg0KBQQJAgAEEgSMAgIKCg0KBQQJAgAFEgSMAgsRCg0KBQQJAgABEgSMAhIWCg0KBQQJAgADEgSMAhkaCpcBCgQECQIBEgSQAgIhGogBIElucHV0IGFuZCBvdXRwdXQgdHlwZSBuYW1lcy4gIFRoZXNlIGFyZSByZXNvbHZlZCBpbiB0aGUgc2FtZSB3YXkgYXMKIEZpZWxkRGVzY3JpcHRvclByb3RvLnR5cGVfbmFtZSwgYnV0IG11c3QgcmVmZXIgdG8gYSBtZXNzYWdlIHR5cGUuCgoNCgUECQIBBBIEkAICCgoNCgUECQIBBRIEkAILEQoNCgUECQIBARIEkAISHAoNCgUECQIBAxIEkAIfIAoMCgQECQICEgSRAgIiCg0KBQQJAgIEEgSRAgIKCg0KBQQJAgIFEgSRAgsRCg0KBQQJAgIBEgSRAhIdCg0KBQQJAgIDEgSRAiAhCgwKBAQJAgMSBJMCAiUKDQoFBAkCAwQSBJMCAgoKDQoFBAkCAwYSBJMCCxgKDQoFBAkCAwESBJMCGSAKDQoFBAkCAwMSBJMCIyQKRQoEBAkCBBIElgICNRo3IElkZW50aWZpZXMgaWYgY2xpZW50IHN0cmVhbXMgbXVsdGlwbGUgY2xpZW50IG1lc3NhZ2VzCgoNCgUECQIEBBIElgICCgoNCgUECQIEBRIElgILDwoNCgUECQIEARIElgIQIAoNCgUECQIEAxIElgIjJAoNCgUECQIECBIElgIlNAoNCgUECQIEBxIElgIuMwpFCgQECQIFEgSYAgI1GjcgSWRlbnRpZmllcyBpZiBzZXJ2ZXIgc3RyZWFtcyBtdWx0aXBsZSBzZXJ2ZXIgbWVzc2FnZXMKCg0KBQQJAgUEEgSYAgIKCg0KBQQJAgUFEgSYAgsPCg0KBQQJAgUBEgSYAhAgCg0KBQQJAgUDEgSYAiMkCg0KBQQJAgUIEgSYAiU0Cg0KBQQJAgUHEgSYAi4zCq8OCgIEChIGvQIAqgMBMk4gPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQogT3B0aW9ucwoy0A0gRWFjaCBvZiB0aGUgZGVmaW5pdGlvbnMgYWJvdmUgbWF5IGhhdmUgIm9wdGlvbnMiIGF0dGFjaGVkLiAgVGhlc2UgYXJlCiBqdXN0IGFubm90YXRpb25zIHdoaWNoIG1heSBjYXVzZSBjb2RlIHRvIGJlIGdlbmVyYXRlZCBzbGlnaHRseSBkaWZmZXJlbnRseQogb3IgbWF5IGNvbnRhaW4gaGludHMgZm9yIGNvZGUgdGhhdCBtYW5pcHVsYXRlcyBwcm90b2NvbCBtZXNzYWdlcy4KCiBDbGllbnRzIG1heSBkZWZpbmUgY3VzdG9tIG9wdGlvbnMgYXMgZXh0ZW5zaW9ucyBvZiB0aGUgKk9wdGlvbnMgbWVzc2FnZXMuCiBUaGVzZSBleHRlbnNpb25zIG1heSBub3QgeWV0IGJlIGtub3duIGF0IHBhcnNpbmcgdGltZSwgc28gdGhlIHBhcnNlciBjYW5ub3QKIHN0b3JlIHRoZSB2YWx1ZXMgaW4gdGhlbS4gIEluc3RlYWQgaXQgc3RvcmVzIHRoZW0gaW4gYSBmaWVsZCBpbiB0aGUgKk9wdGlvbnMKIG1lc3NhZ2UgY2FsbGVkIHVuaW50ZXJwcmV0ZWRfb3B0aW9uLiBUaGlzIGZpZWxkIG11c3QgaGF2ZSB0aGUgc2FtZSBuYW1lCiBhY3Jvc3MgYWxsICpPcHRpb25zIG1lc3NhZ2VzLiBXZSB0aGVuIHVzZSB0aGlzIGZpZWxkIHRvIHBvcHVsYXRlIHRoZQogZXh0ZW5zaW9ucyB3aGVuIHdlIGJ1aWxkIGEgZGVzY3JpcHRvciwgYXQgd2hpY2ggcG9pbnQgYWxsIHByb3RvcyBoYXZlIGJlZW4KIHBhcnNlZCBhbmQgc28gYWxsIGV4dGVuc2lvbnMgYXJlIGtub3duLgoKIEV4dGVuc2lvbiBudW1iZXJzIGZvciBjdXN0b20gb3B0aW9ucyBtYXkgYmUgY2hvc2VuIGFzIGZvbGxvd3M6CiAqIEZvciBvcHRpb25zIHdoaWNoIHdpbGwgb25seSBiZSB1c2VkIHdpdGhpbiBhIHNpbmdsZSBhcHBsaWNhdGlvbiBvcgogICBvcmdhbml6YXRpb24sIG9yIGZvciBleHBlcmltZW50YWwgb3B0aW9ucywgdXNlIGZpZWxkIG51bWJlcnMgNTAwMDAKICAgdGhyb3VnaCA5OTk5OS4gIEl0IGlzIHVwIHRvIHlvdSB0byBlbnN1cmUgdGhhdCB5b3UgZG8gbm90IHVzZSB0aGUKICAgc2FtZSBudW1iZXIgZm9yIG11bHRpcGxlIG9wdGlvbnMuCiAqIEZvciBvcHRpb25zIHdoaWNoIHdpbGwgYmUgcHVibGlzaGVkIGFuZCB1c2VkIHB1YmxpY2x5IGJ5IG11bHRpcGxlCiAgIGluZGVwZW5kZW50IGVudGl0aWVzLCBlLW1haWwgcHJvdG9idWYtZ2xvYmFsLWV4dGVuc2lvbi1yZWdpc3RyeUBnb29nbGUuY29tCiAgIHRvIHJlc2VydmUgZXh0ZW5zaW9uIG51bWJlcnMuIFNpbXBseSBwcm92aWRlIHlvdXIgcHJvamVjdCBuYW1lIChlLmcuCiAgIE9iamVjdGl2ZS1DIHBsdWdpbikgYW5kIHlvdXIgcHJvamVjdCB3ZWJzaXRlIChpZiBhdmFpbGFibGUpIC0tIHRoZXJlJ3Mgbm8KICAgbmVlZCB0byBleHBsYWluIGhvdyB5b3UgaW50ZW5kIHRvIHVzZSB0aGVtLiBVc3VhbGx5IHlvdSBvbmx5IG5lZWQgb25lCiAgIGV4dGVuc2lvbiBudW1iZXIuIFlvdSBjYW4gZGVjbGFyZSBtdWx0aXBsZSBvcHRpb25zIHdpdGggb25seSBvbmUgZXh0ZW5zaW9uCiAgIG51bWJlciBieSBwdXR0aW5nIHRoZW0gaW4gYSBzdWItbWVzc2FnZS4gU2VlIHRoZSBDdXN0b20gT3B0aW9ucyBzZWN0aW9uIG9mCiAgIHRoZSBkb2NzIGZvciBleGFtcGxlczoKICAgaHR0cHM6Ly9kZXZlbG9wZXJzLmdvb2dsZS5jb20vcHJvdG9jb2wtYnVmZmVycy9kb2NzL3Byb3RvI29wdGlvbnMKICAgSWYgdGhpcyB0dXJucyBvdXQgdG8gYmUgcG9wdWxhciwgYSB3ZWIgc2VydmljZSB3aWxsIGJlIHNldCB1cAogICB0byBhdXRvbWF0aWNhbGx5IGFzc2lnbiBvcHRpb24gbnVtYmVycy4KCgsKAwQKARIEvQIIEwr0AQoEBAoCABIEwwICIxrlASBTZXRzIHRoZSBKYXZhIHBhY2thZ2Ugd2hlcmUgY2xhc3NlcyBnZW5lcmF0ZWQgZnJvbSB0aGlzIC5wcm90byB3aWxsIGJlCiBwbGFjZWQuICBCeSBkZWZhdWx0LCB0aGUgcHJvdG8gcGFja2FnZSBpcyB1c2VkLCBidXQgdGhpcyBpcyBvZnRlbgogaW5hcHByb3ByaWF0ZSBiZWNhdXNlIHByb3RvIHBhY2thZ2VzIGRvIG5vdCBub3JtYWxseSBzdGFydCB3aXRoIGJhY2t3YXJkcwogZG9tYWluIG5hbWVzLgoKDQoFBAoCAAQSBMMCAgoKDQoFBAoCAAUSBMMCCxEKDQoFBAoCAAESBMMCEh4KDQoFBAoCAAMSBMMCISIKvwIKBAQKAgESBMsCAisasAIgSWYgc2V0LCBhbGwgdGhlIGNsYXNzZXMgZnJvbSB0aGUgLnByb3RvIGZpbGUgYXJlIHdyYXBwZWQgaW4gYSBzaW5nbGUKIG91dGVyIGNsYXNzIHdpdGggdGhlIGdpdmVuIG5hbWUuICBUaGlzIGFwcGxpZXMgdG8gYm90aCBQcm90bzEKIChlcXVpdmFsZW50IHRvIHRoZSBvbGQgIi0tb25lX2phdmFfZmlsZSIgb3B0aW9uKSBhbmQgUHJvdG8yICh3aGVyZQogYSAucHJvdG8gYWx3YXlzIHRyYW5zbGF0ZXMgdG8gYSBzaW5nbGUgY2xhc3MsIGJ1dCB5b3UgbWF5IHdhbnQgdG8KIGV4cGxpY2l0bHkgY2hvb3NlIHRoZSBjbGFzcyBuYW1lKS4KCg0KBQQKAgEEEgTLAgIKCg0KBQQKAgEFEgTLAgsRCg0KBQQKAgEBEgTLAhImCg0KBQQKAgEDEgTLAikqCqMDCgQECgICEgTTAgI5GpQDIElmIHNldCB0cnVlLCB0aGVuIHRoZSBKYXZhIGNvZGUgZ2VuZXJhdG9yIHdpbGwgZ2VuZXJhdGUgYSBzZXBhcmF0ZSAuamF2YQogZmlsZSBmb3IgZWFjaCB0b3AtbGV2ZWwgbWVzc2FnZSwgZW51bSwgYW5kIHNlcnZpY2UgZGVmaW5lZCBpbiB0aGUgLnByb3RvCiBmaWxlLiAgVGh1cywgdGhlc2UgdHlwZXMgd2lsbCAqbm90KiBiZSBuZXN0ZWQgaW5zaWRlIHRoZSBvdXRlciBjbGFzcwogbmFtZWQgYnkgamF2YV9vdXRlcl9jbGFzc25hbWUuICBIb3dldmVyLCB0aGUgb3V0ZXIgY2xhc3Mgd2lsbCBzdGlsbCBiZQogZ2VuZXJhdGVkIHRvIGNvbnRhaW4gdGhlIGZpbGUncyBnZXREZXNjcmlwdG9yKCkgbWV0aG9kIGFzIHdlbGwgYXMgYW55CiB0b3AtbGV2ZWwgZXh0ZW5zaW9ucyBkZWZpbmVkIGluIHRoZSBmaWxlLgoKDQoFBAoCAgQSBNMCAgoKDQoFBAoCAgUSBNMCCw8KDQoFBAoCAgESBNMCECMKDQoFBAoCAgMSBNMCJigKDQoFBAoCAggSBNMCKTgKDQoFBAoCAgcSBNMCMjcKKQoEBAoCAxIE1gICRRobIFRoaXMgb3B0aW9uIGRvZXMgbm90aGluZy4KCg0KBQQKAgMEEgTWAgIKCg0KBQQKAgMFEgTWAgsPCg0KBQQKAgMBEgTWAhAtCg0KBQQKAgMDEgTWAjAyCg0KBQQKAgMIEgTWAjNEChAKCAQKAgMI5wcAEgTWAjRDChEKCQQKAgMI5wcAAhIE1gI0PgoSCgoECgIDCOcHAAIAEgTWAjQ+ChMKCwQKAgMI5wcAAgABEgTWAjQ+ChEKCQQKAgMI5wcAAxIE1gI/QwrmAgoEBAoCBBIE3gICPBrXAiBJZiBzZXQgdHJ1ZSwgdGhlbiB0aGUgSmF2YTIgY29kZSBnZW5lcmF0b3Igd2lsbCBnZW5lcmF0ZSBjb2RlIHRoYXQKIHRocm93cyBhbiBleGNlcHRpb24gd2hlbmV2ZXIgYW4gYXR0ZW1wdCBpcyBtYWRlIHRvIGFzc2lnbiBhIG5vbi1VVEYtOAogYnl0ZSBzZXF1ZW5jZSB0byBhIHN0cmluZyBmaWVsZC4KIE1lc3NhZ2UgcmVmbGVjdGlvbiB3aWxsIGRvIHRoZSBzYW1lLgogSG93ZXZlciwgYW4gZXh0ZW5zaW9uIGZpZWxkIHN0aWxsIGFjY2VwdHMgbm9uLVVURi04IGJ5dGUgc2VxdWVuY2VzLgogVGhpcyBvcHRpb24gaGFzIG5vIGVmZmVjdCBvbiB3aGVuIHVzZWQgd2l0aCB0aGUgbGl0ZSBydW50aW1lLgoKDQoFBAoCBAQSBN4CAgoKDQoFBAoCBAUSBN4CCw8KDQoFBAoCBAESBN4CECYKDQoFBAoCBAMSBN4CKSsKDQoFBAoCBAgSBN4CLDsKDQoFBAoCBAcSBN4CNToKTAoEBAoEABIG4gIC5wIDGjwgR2VuZXJhdGVkIGNsYXNzZXMgY2FuIGJlIG9wdGltaXplZCBmb3Igc3BlZWQgb3IgY29kZSBzaXplLgoKDQoFBAoEAAESBOICBxMKRAoGBAoEAAIAEgTjAgQOIjQgR2VuZXJhdGUgY29tcGxldGUgY29kZSBmb3IgcGFyc2luZywgc2VyaWFsaXphdGlvbiwKCg8KBwQKBAACAAESBOMCBAkKDwoHBAoEAAIAAhIE4wIMDQpHCgYECgQAAgESBOUCBBIaBiBldGMuCiIvIFVzZSBSZWZsZWN0aW9uT3BzIHRvIGltcGxlbWVudCB0aGVzZSBtZXRob2RzLgoKDwoHBAoEAAIBARIE5QIEDQoPCgcECgQAAgECEgTlAhARCkcKBgQKBAACAhIE5gIEFSI3IEdlbmVyYXRlIGNvZGUgdXNpbmcgTWVzc2FnZUxpdGUgYW5kIHRoZSBsaXRlIHJ1bnRpbWUuCgoPCgcECgQAAgIBEgTmAgQQCg8KBwQKBAACAgISBOYCExQKDAoEBAoCBRIE6AICOQoNCgUECgIFBBIE6AICCgoNCgUECgIFBhIE6AILFwoNCgUECgIFARIE6AIYJAoNCgUECgIFAxIE6AInKAoNCgUECgIFCBIE6AIpOAoNCgUECgIFBxIE6AIyNwriAgoEBAoCBhIE7wICIhrTAiBTZXRzIHRoZSBHbyBwYWNrYWdlIHdoZXJlIHN0cnVjdHMgZ2VuZXJhdGVkIGZyb20gdGhpcyAucHJvdG8gd2lsbCBiZQogcGxhY2VkLiBJZiBvbWl0dGVkLCB0aGUgR28gcGFja2FnZSB3aWxsIGJlIGRlcml2ZWQgZnJvbSB0aGUgZm9sbG93aW5nOgogICAtIFRoZSBiYXNlbmFtZSBvZiB0aGUgcGFja2FnZSBpbXBvcnQgcGF0aCwgaWYgcHJvdmlkZWQuCiAgIC0gT3RoZXJ3aXNlLCB0aGUgcGFja2FnZSBzdGF0ZW1lbnQgaW4gdGhlIC5wcm90byBmaWxlLCBpZiBwcmVzZW50LgogICAtIE90aGVyd2lzZSwgdGhlIGJhc2VuYW1lIG9mIHRoZSAucHJvdG8gZmlsZSwgd2l0aG91dCBleHRlbnNpb24uCgoNCgUECgIGBBIE7wICCgoNCgUECgIGBRIE7wILEQoNCgUECgIGARIE7wISHAoNCgUECgIGAxIE7wIfIQrUBAoEBAoCBxIE/QICORrFBCBTaG91bGQgZ2VuZXJpYyBzZXJ2aWNlcyBiZSBnZW5lcmF0ZWQgaW4gZWFjaCBsYW5ndWFnZT8gICJHZW5lcmljIiBzZXJ2aWNlcwogYXJlIG5vdCBzcGVjaWZpYyB0byBhbnkgcGFydGljdWxhciBSUEMgc3lzdGVtLiAgVGhleSBhcmUgZ2VuZXJhdGVkIGJ5IHRoZQogbWFpbiBjb2RlIGdlbmVyYXRvcnMgaW4gZWFjaCBsYW5ndWFnZSAod2l0aG91dCBhZGRpdGlvbmFsIHBsdWdpbnMpLgogR2VuZXJpYyBzZXJ2aWNlcyB3ZXJlIHRoZSBvbmx5IGtpbmQgb2Ygc2VydmljZSBnZW5lcmF0aW9uIHN1cHBvcnRlZCBieQogZWFybHkgdmVyc2lvbnMgb2YgZ29vZ2xlLnByb3RvYnVmLgoKIEdlbmVyaWMgc2VydmljZXMgYXJlIG5vdyBjb25zaWRlcmVkIGRlcHJlY2F0ZWQgaW4gZmF2b3Igb2YgdXNpbmcgcGx1Z2lucwogdGhhdCBnZW5lcmF0ZSBjb2RlIHNwZWNpZmljIHRvIHlvdXIgcGFydGljdWxhciBSUEMgc3lzdGVtLiAgVGhlcmVmb3JlLAogdGhlc2UgZGVmYXVsdCB0byBmYWxzZS4gIE9sZCBjb2RlIHdoaWNoIGRlcGVuZHMgb24gZ2VuZXJpYyBzZXJ2aWNlcyBzaG91bGQKIGV4cGxpY2l0bHkgc2V0IHRoZW0gdG8gdHJ1ZS4KCg0KBQQKAgcEEgT9AgIKCg0KBQQKAgcFEgT9AgsPCg0KBQQKAgcBEgT9AhAjCg0KBQQKAgcDEgT9AiYoCg0KBQQKAgcIEgT9Aik4Cg0KBQQKAgcHEgT9AjI3CgwKBAQKAggSBP4CAjsKDQoFBAoCCAQSBP4CAgoKDQoFBAoCCAUSBP4CCw8KDQoFBAoCCAESBP4CECUKDQoFBAoCCAMSBP4CKCoKDQoFBAoCCAgSBP4CKzoKDQoFBAoCCAcSBP4CNDkKDAoEBAoCCRIE/wICOQoNCgUECgIJBBIE/wICCgoNCgUECgIJBRIE/wILDwoNCgUECgIJARIE/wIQIwoNCgUECgIJAxIE/wImKAoNCgUECgIJCBIE/wIpOAoNCgUECgIJBxIE/wIyNwoMCgQECgIKEgSAAwI6Cg0KBQQKAgoEEgSAAwIKCg0KBQQKAgoFEgSAAwsPCg0KBQQKAgoBEgSAAxAkCg0KBQQKAgoDEgSAAycpCg0KBQQKAgoIEgSAAyo5Cg0KBQQKAgoHEgSAAzM4CvMBCgQECgILEgSGAwIwGuQBIElzIHRoaXMgZmlsZSBkZXByZWNhdGVkPwogRGVwZW5kaW5nIG9uIHRoZSB0YXJnZXQgcGxhdGZvcm0sIHRoaXMgY2FuIGVtaXQgRGVwcmVjYXRlZCBhbm5vdGF0aW9ucwogZm9yIGV2ZXJ5dGhpbmcgaW4gdGhlIGZpbGUsIG9yIGl0IHdpbGwgYmUgY29tcGxldGVseSBpZ25vcmVkOyBpbiB0aGUgdmVyeQogbGVhc3QsIHRoaXMgaXMgYSBmb3JtYWxpemF0aW9uIGZvciBkZXByZWNhdGluZyBmaWxlcy4KCg0KBQQKAgsEEgSGAwIKCg0KBQQKAgsFEgSGAwsPCg0KBQQKAgsBEgSGAxAaCg0KBQQKAgsDEgSGAx0fCg0KBQQKAgsIEgSGAyAvCg0KBQQKAgsHEgSGAykuCn8KBAQKAgwSBIoDAjYacSBFbmFibGVzIHRoZSB1c2Ugb2YgYXJlbmFzIGZvciB0aGUgcHJvdG8gbWVzc2FnZXMgaW4gdGhpcyBmaWxlLiBUaGlzIGFwcGxpZXMKIG9ubHkgdG8gZ2VuZXJhdGVkIGNsYXNzZXMgZm9yIEMrKy4KCg0KBQQKAgwEEgSKAwIKCg0KBQQKAgwFEgSKAwsPCg0KBQQKAgwBEgSKAxAgCg0KBQQKAgwDEgSKAyMlCg0KBQQKAgwIEgSKAyY1Cg0KBQQKAgwHEgSKAy80CpIBCgQECgINEgSPAwIpGoMBIFNldHMgdGhlIG9iamVjdGl2ZSBjIGNsYXNzIHByZWZpeCB3aGljaCBpcyBwcmVwZW5kZWQgdG8gYWxsIG9iamVjdGl2ZSBjCiBnZW5lcmF0ZWQgY2xhc3NlcyBmcm9tIHRoaXMgLnByb3RvLiBUaGVyZSBpcyBubyBkZWZhdWx0LgoKDQoFBAoCDQQSBI8DAgoKDQoFBAoCDQUSBI8DCxEKDQoFBAoCDQESBI8DEiMKDQoFBAoCDQMSBI8DJigKSQoEBAoCDhIEkgMCKBo7IE5hbWVzcGFjZSBmb3IgZ2VuZXJhdGVkIGNsYXNzZXM7IGRlZmF1bHRzIHRvIHRoZSBwYWNrYWdlLgoKDQoFBAoCDgQSBJIDAgoKDQoFBAoCDgUSBJIDCxEKDQoFBAoCDgESBJIDEiIKDQoFBAoCDgMSBJIDJScKkQIKBAQKAg8SBJgDAiQaggIgQnkgZGVmYXVsdCBTd2lmdCBnZW5lcmF0b3JzIHdpbGwgdGFrZSB0aGUgcHJvdG8gcGFja2FnZSBhbmQgQ2FtZWxDYXNlIGl0CiByZXBsYWNpbmcgJy4nIHdpdGggdW5kZXJzY29yZSBhbmQgdXNlIHRoYXQgdG8gcHJlZml4IHRoZSB0eXBlcy9zeW1ib2xzCiBkZWZpbmVkLiBXaGVuIHRoaXMgb3B0aW9ucyBpcyBwcm92aWRlZCwgdGhleSB3aWxsIHVzZSB0aGlzIHZhbHVlIGluc3RlYWQKIHRvIHByZWZpeCB0aGUgdHlwZXMvc3ltYm9scyBkZWZpbmVkLgoKDQoFBAoCDwQSBJgDAgoKDQoFBAoCDwUSBJgDCxEKDQoFBAoCDwESBJgDEh4KDQoFBAoCDwMSBJgDISMKfgoEBAoCEBIEnAMCKBpwIFNldHMgdGhlIHBocCBjbGFzcyBwcmVmaXggd2hpY2ggaXMgcHJlcGVuZGVkIHRvIGFsbCBwaHAgZ2VuZXJhdGVkIGNsYXNzZXMKIGZyb20gdGhpcyAucHJvdG8uIERlZmF1bHQgaXMgZW1wdHkuCgoNCgUECgIQBBIEnAMCCgoNCgUECgIQBRIEnAMLEQoNCgUECgIQARIEnAMSIgoNCgUECgIQAxIEnAMlJwq+AQoEBAoCERIEoQMCJRqvASBVc2UgdGhpcyBvcHRpb24gdG8gY2hhbmdlIHRoZSBuYW1lc3BhY2Ugb2YgcGhwIGdlbmVyYXRlZCBjbGFzc2VzLiBEZWZhdWx0CiBpcyBlbXB0eS4gV2hlbiB0aGlzIG9wdGlvbiBpcyBlbXB0eSwgdGhlIHBhY2thZ2UgbmFtZSB3aWxsIGJlIHVzZWQgZm9yCiBkZXRlcm1pbmluZyB0aGUgbmFtZXNwYWNlLgoKDQoFBAoCEQQSBKEDAgoKDQoFBAoCEQUSBKEDCxEKDQoFBAoCEQESBKEDEh8KDQoFBAoCEQMSBKEDIiQKTwoEBAoCEhIEpAMCOhpBIFRoZSBwYXJzZXIgc3RvcmVzIG9wdGlvbnMgaXQgZG9lc24ndCByZWNvZ25pemUgaGVyZS4gU2VlIGFib3ZlLgoKDQoFBAoCEgQSBKQDAgoKDQoFBAoCEgYSBKQDCx4KDQoFBAoCEgESBKQDHzMKDQoFBAoCEgMSBKQDNjkKWgoDBAoFEgSnAwIZGk0gQ2xpZW50cyBjYW4gZGVmaW5lIGN1c3RvbSBvcHRpb25zIGluIGV4dGVuc2lvbnMgb2YgdGhpcyBtZXNzYWdlLiBTZWUgYWJvdmUuCgoMCgQECgUAEgSnAw0YCg0KBQQKBQABEgSnAw0RCg0KBQQKBQACEgSnAxUYCgwKAgQLEgasAwDrAwEKCwoDBAsBEgSsAwgWCtgFCgQECwIAEgS/AwI8GskFIFNldCB0cnVlIHRvIHVzZSB0aGUgb2xkIHByb3RvMSBNZXNzYWdlU2V0IHdpcmUgZm9ybWF0IGZvciBleHRlbnNpb25zLgogVGhpcyBpcyBwcm92aWRlZCBmb3IgYmFja3dhcmRzLWNvbXBhdGliaWxpdHkgd2l0aCB0aGUgTWVzc2FnZVNldCB3aXJlCiBmb3JtYXQuICBZb3Ugc2hvdWxkIG5vdCB1c2UgdGhpcyBmb3IgYW55IG90aGVyIHJlYXNvbjogIEl0J3MgbGVzcwogZWZmaWNpZW50LCBoYXMgZmV3ZXIgZmVhdHVyZXMsIGFuZCBpcyBtb3JlIGNvbXBsaWNhdGVkLgoKIFRoZSBtZXNzYWdlIG11c3QgYmUgZGVmaW5lZCBleGFjdGx5IGFzIGZvbGxvd3M6CiAgIG1lc3NhZ2UgRm9vIHsKICAgICBvcHRpb24gbWVzc2FnZV9zZXRfd2lyZV9mb3JtYXQgPSB0cnVlOwogICAgIGV4dGVuc2lvbnMgNCB0byBtYXg7CiAgIH0KIE5vdGUgdGhhdCB0aGUgbWVzc2FnZSBjYW5ub3QgaGF2ZSBhbnkgZGVmaW5lZCBmaWVsZHM7IE1lc3NhZ2VTZXRzIG9ubHkKIGhhdmUgZXh0ZW5zaW9ucy4KCiBBbGwgZXh0ZW5zaW9ucyBvZiB5b3VyIHR5cGUgbXVzdCBiZSBzaW5ndWxhciBtZXNzYWdlczsgZS5nLiB0aGV5IGNhbm5vdAogYmUgaW50MzJzLCBlbnVtcywgb3IgcmVwZWF0ZWQgbWVzc2FnZXMuCgogQmVjYXVzZSB0aGlzIGlzIGFuIG9wdGlvbiwgdGhlIGFib3ZlIHR3byByZXN0cmljdGlvbnMgYXJlIG5vdCBlbmZvcmNlZCBieQogdGhlIHByb3RvY29sIGNvbXBpbGVyLgoKDQoFBAsCAAQSBL8DAgoKDQoFBAsCAAUSBL8DCw8KDQoFBAsCAAESBL8DECcKDQoFBAsCAAMSBL8DKisKDQoFBAsCAAgSBL8DLDsKDQoFBAsCAAcSBL8DNToK6wEKBAQLAgESBMQDAkQa3AEgRGlzYWJsZXMgdGhlIGdlbmVyYXRpb24gb2YgdGhlIHN0YW5kYXJkICJkZXNjcmlwdG9yKCkiIGFjY2Vzc29yLCB3aGljaCBjYW4KIGNvbmZsaWN0IHdpdGggYSBmaWVsZCBvZiB0aGUgc2FtZSBuYW1lLiAgVGhpcyBpcyBtZWFudCB0byBtYWtlIG1pZ3JhdGlvbgogZnJvbSBwcm90bzEgZWFzaWVyOyBuZXcgY29kZSBzaG91bGQgYXZvaWQgZmllbGRzIG5hbWVkICJkZXNjcmlwdG9yIi4KCg0KBQQLAgEEEgTEAwIKCg0KBQQLAgEFEgTEAwsPCg0KBQQLAgEBEgTEAxAvCg0KBQQLAgEDEgTEAzIzCg0KBQQLAgEIEgTEAzRDCg0KBQQLAgEHEgTEAz1CCu4BCgQECwICEgTKAwIvGt8BIElzIHRoaXMgbWVzc2FnZSBkZXByZWNhdGVkPwogRGVwZW5kaW5nIG9uIHRoZSB0YXJnZXQgcGxhdGZvcm0sIHRoaXMgY2FuIGVtaXQgRGVwcmVjYXRlZCBhbm5vdGF0aW9ucwogZm9yIHRoZSBtZXNzYWdlLCBvciBpdCB3aWxsIGJlIGNvbXBsZXRlbHkgaWdub3JlZDsgaW4gdGhlIHZlcnkgbGVhc3QsCiB0aGlzIGlzIGEgZm9ybWFsaXphdGlvbiBmb3IgZGVwcmVjYXRpbmcgbWVzc2FnZXMuCgoNCgUECwICBBIEygMCCgoNCgUECwICBRIEygMLDwoNCgUECwICARIEygMQGgoNCgUECwICAxIEygMdHgoNCgUECwICCBIEygMfLgoNCgUECwICBxIEygMoLQqeBgoEBAsCAxIE4QMCHhqPBiBXaGV0aGVyIHRoZSBtZXNzYWdlIGlzIGFuIGF1dG9tYXRpY2FsbHkgZ2VuZXJhdGVkIG1hcCBlbnRyeSB0eXBlIGZvciB0aGUKIG1hcHMgZmllbGQuCgogRm9yIG1hcHMgZmllbGRzOgogICAgIG1hcDxLZXlUeXBlLCBWYWx1ZVR5cGU+IG1hcF9maWVsZCA9IDE7CiBUaGUgcGFyc2VkIGRlc2NyaXB0b3IgbG9va3MgbGlrZToKICAgICBtZXNzYWdlIE1hcEZpZWxkRW50cnkgewogICAgICAgICBvcHRpb24gbWFwX2VudHJ5ID0gdHJ1ZTsKICAgICAgICAgb3B0aW9uYWwgS2V5VHlwZSBrZXkgPSAxOwogICAgICAgICBvcHRpb25hbCBWYWx1ZVR5cGUgdmFsdWUgPSAyOwogICAgIH0KICAgICByZXBlYXRlZCBNYXBGaWVsZEVudHJ5IG1hcF9maWVsZCA9IDE7CgogSW1wbGVtZW50YXRpb25zIG1heSBjaG9vc2Ugbm90IHRvIGdlbmVyYXRlIHRoZSBtYXBfZW50cnk9dHJ1ZSBtZXNzYWdlLCBidXQKIHVzZSBhIG5hdGl2ZSBtYXAgaW4gdGhlIHRhcmdldCBsYW5ndWFnZSB0byBob2xkIHRoZSBrZXlzIGFuZCB2YWx1ZXMuCiBUaGUgcmVmbGVjdGlvbiBBUElzIGluIHN1Y2ggaW1wbGVtZW50aW9ucyBzdGlsbCBuZWVkIHRvIHdvcmsgYXMKIGlmIHRoZSBmaWVsZCBpcyBhIHJlcGVhdGVkIG1lc3NhZ2UgZmllbGQuCgogTk9URTogRG8gbm90IHNldCB0aGUgb3B0aW9uIGluIC5wcm90byBmaWxlcy4gQWx3YXlzIHVzZSB0aGUgbWFwcyBzeW50YXgKIGluc3RlYWQuIFRoZSBvcHRpb24gc2hvdWxkIG9ubHkgYmUgaW1wbGljaXRseSBzZXQgYnkgdGhlIHByb3RvIGNvbXBpbGVyCiBwYXJzZXIuCgoNCgUECwIDBBIE4QMCCgoNCgUECwIDBRIE4QMLDwoNCgUECwIDARIE4QMQGQoNCgUECwIDAxIE4QMcHQqYAQoEBAsCBBIE5wMCOhpBIFRoZSBwYXJzZXIgc3RvcmVzIG9wdGlvbnMgaXQgZG9lc24ndCByZWNvZ25pemUgaGVyZS4gU2VlIGFib3ZlLgoyR3Jlc2VydmVkIDg7ICAvLyBqYXZhbGl0ZV9zZXJpYWxpemFibGUKcmVzZXJ2ZWQgOTsgIC8vIGphdmFuYW5vX2FzX2xpdGUKCg0KBQQLAgQEEgTnAwIKCg0KBQQLAgQGEgTnAwseCg0KBQQLAgQBEgTnAx8zCg0KBQQLAgQDEgTnAzY5CloKAwQLBRIE6gMCGRpNIENsaWVudHMgY2FuIGRlZmluZSBjdXN0b20gb3B0aW9ucyBpbiBleHRlbnNpb25zIG9mIHRoaXMgbWVzc2FnZS4gU2VlIGFib3ZlLgoKDAoEBAsFABIE6gMNGAoNCgUECwUAARIE6gMNEQoNCgUECwUAAhIE6gMVGAoMCgIEDBIG7QMAyAQBCgsKAwQMARIE7QMIFAqjAgoEBAwCABIE8gMCLhqUAiBUaGUgY3R5cGUgb3B0aW9uIGluc3RydWN0cyB0aGUgQysrIGNvZGUgZ2VuZXJhdG9yIHRvIHVzZSBhIGRpZmZlcmVudAogcmVwcmVzZW50YXRpb24gb2YgdGhlIGZpZWxkIHRoYW4gaXQgbm9ybWFsbHkgd291bGQuICBTZWUgdGhlIHNwZWNpZmljCiBvcHRpb25zIGJlbG93LiAgVGhpcyBvcHRpb24gaXMgbm90IHlldCBpbXBsZW1lbnRlZCBpbiB0aGUgb3BlbiBzb3VyY2UKIHJlbGVhc2UgLS0gc29ycnksIHdlJ2xsIHRyeSB0byBpbmNsdWRlIGl0IGluIGEgZnV0dXJlIHZlcnNpb24hCgoNCgUEDAIABBIE8gMCCgoNCgUEDAIABhIE8gMLEAoNCgUEDAIAARIE8gMRFgoNCgUEDAIAAxIE8gMZGgoNCgUEDAIACBIE8gMbLQoNCgUEDAIABxIE8gMmLAoOCgQEDAQAEgbzAwL6AwMKDQoFBAwEAAESBPMDBwwKHwoGBAwEAAIAEgT1AwQPGg8gRGVmYXVsdCBtb2RlLgoKDwoHBAwEAAIAARIE9QMECgoPCgcEDAQAAgACEgT1Aw0OCg4KBgQMBAACARIE9wMEDQoPCgcEDAQAAgEBEgT3AwQICg8KBwQMBAACAQISBPcDCwwKDgoGBAwEAAICEgT5AwQVCg8KBwQMBAACAgESBPkDBBAKDwoHBAwEAAICAhIE+QMTFAraAgoEBAwCARIEgAQCGxrLAiBUaGUgcGFja2VkIG9wdGlvbiBjYW4gYmUgZW5hYmxlZCBmb3IgcmVwZWF0ZWQgcHJpbWl0aXZlIGZpZWxkcyB0byBlbmFibGUKIGEgbW9yZSBlZmZpY2llbnQgcmVwcmVzZW50YXRpb24gb24gdGhlIHdpcmUuIFJhdGhlciB0aGFuIHJlcGVhdGVkbHkKIHdyaXRpbmcgdGhlIHRhZyBhbmQgdHlwZSBmb3IgZWFjaCBlbGVtZW50LCB0aGUgZW50aXJlIGFycmF5IGlzIGVuY29kZWQgYXMKIGEgc2luZ2xlIGxlbmd0aC1kZWxpbWl0ZWQgYmxvYi4gSW4gcHJvdG8zLCBvbmx5IGV4cGxpY2l0IHNldHRpbmcgaXQgdG8KIGZhbHNlIHdpbGwgYXZvaWQgdXNpbmcgcGFja2VkIGVuY29kaW5nLgoKDQoFBAwCAQQSBIAEAgoKDQoFBAwCAQUSBIAECw8KDQoFBAwCAQESBIAEEBYKDQoFBAwCAQMSBIAEGRoKmgUKBAQMAgISBI0EAjMaiwUgVGhlIGpzdHlwZSBvcHRpb24gZGV0ZXJtaW5lcyB0aGUgSmF2YVNjcmlwdCB0eXBlIHVzZWQgZm9yIHZhbHVlcyBvZiB0aGUKIGZpZWxkLiAgVGhlIG9wdGlvbiBpcyBwZXJtaXR0ZWQgb25seSBmb3IgNjQgYml0IGludGVncmFsIGFuZCBmaXhlZCB0eXBlcwogKGludDY0LCB1aW50NjQsIHNpbnQ2NCwgZml4ZWQ2NCwgc2ZpeGVkNjQpLiAgQSBmaWVsZCB3aXRoIGpzdHlwZSBKU19TVFJJTkcKIGlzIHJlcHJlc2VudGVkIGFzIEphdmFTY3JpcHQgc3RyaW5nLCB3aGljaCBhdm9pZHMgbG9zcyBvZiBwcmVjaXNpb24gdGhhdAogY2FuIGhhcHBlbiB3aGVuIGEgbGFyZ2UgdmFsdWUgaXMgY29udmVydGVkIHRvIGEgZmxvYXRpbmcgcG9pbnQgSmF2YVNjcmlwdC4KIFNwZWNpZnlpbmcgSlNfTlVNQkVSIGZvciB0aGUganN0eXBlIGNhdXNlcyB0aGUgZ2VuZXJhdGVkIEphdmFTY3JpcHQgY29kZSB0bwogdXNlIHRoZSBKYXZhU2NyaXB0ICJudW1iZXIiIHR5cGUuICBUaGUgYmVoYXZpb3Igb2YgdGhlIGRlZmF1bHQgb3B0aW9uCiBKU19OT1JNQUwgaXMgaW1wbGVtZW50YXRpb24gZGVwZW5kZW50LgoKIFRoaXMgb3B0aW9uIGlzIGFuIGVudW0gdG8gcGVybWl0IGFkZGl0aW9uYWwgdHlwZXMgdG8gYmUgYWRkZWQsIGUuZy4KIGdvb2cubWF0aC5JbnRlZ2VyLgoKDQoFBAwCAgQSBI0EAgoKDQoFBAwCAgYSBI0ECxEKDQoFBAwCAgESBI0EEhgKDQoFBAwCAgMSBI0EGxwKDQoFBAwCAggSBI0EHTIKDQoFBAwCAgcSBI0EKDEKDgoEBAwEARIGjgQClwQDCg0KBQQMBAEBEgSOBAcNCicKBgQMBAECABIEkAQEEhoXIFVzZSB0aGUgZGVmYXVsdCB0eXBlLgoKDwoHBAwEAQIAARIEkAQEDQoPCgcEDAQBAgACEgSQBBARCikKBgQMBAECARIEkwQEEhoZIFVzZSBKYXZhU2NyaXB0IHN0cmluZ3MuCgoPCgcEDAQBAgEBEgSTBAQNCg8KBwQMBAECAQISBJMEEBEKKQoGBAwEAQICEgSWBAQSGhkgVXNlIEphdmFTY3JpcHQgbnVtYmVycy4KCg8KBwQMBAECAgESBJYEBA0KDwoHBAwEAQICAhIElgQQEQrvDAoEBAwCAxIEtQQCKRrgDCBTaG91bGQgdGhpcyBmaWVsZCBiZSBwYXJzZWQgbGF6aWx5PyAgTGF6eSBhcHBsaWVzIG9ubHkgdG8gbWVzc2FnZS10eXBlCiBmaWVsZHMuICBJdCBtZWFucyB0aGF0IHdoZW4gdGhlIG91dGVyIG1lc3NhZ2UgaXMgaW5pdGlhbGx5IHBhcnNlZCwgdGhlCiBpbm5lciBtZXNzYWdlJ3MgY29udGVudHMgd2lsbCBub3QgYmUgcGFyc2VkIGJ1dCBpbnN0ZWFkIHN0b3JlZCBpbiBlbmNvZGVkCiBmb3JtLiAgVGhlIGlubmVyIG1lc3NhZ2Ugd2lsbCBhY3R1YWxseSBiZSBwYXJzZWQgd2hlbiBpdCBpcyBmaXJzdCBhY2Nlc3NlZC4KCiBUaGlzIGlzIG9ubHkgYSBoaW50LiAgSW1wbGVtZW50YXRpb25zIGFyZSBmcmVlIHRvIGNob29zZSB3aGV0aGVyIHRvIHVzZQogZWFnZXIgb3IgbGF6eSBwYXJzaW5nIHJlZ2FyZGxlc3Mgb2YgdGhlIHZhbHVlIG9mIHRoaXMgb3B0aW9uLiAgSG93ZXZlciwKIHNldHRpbmcgdGhpcyBvcHRpb24gdHJ1ZSBzdWdnZXN0cyB0aGF0IHRoZSBwcm90b2NvbCBhdXRob3IgYmVsaWV2ZXMgdGhhdAogdXNpbmcgbGF6eSBwYXJzaW5nIG9uIHRoaXMgZmllbGQgaXMgd29ydGggdGhlIGFkZGl0aW9uYWwgYm9va2tlZXBpbmcKIG92ZXJoZWFkIHR5cGljYWxseSBuZWVkZWQgdG8gaW1wbGVtZW50IGl0LgoKIFRoaXMgb3B0aW9uIGRvZXMgbm90IGFmZmVjdCB0aGUgcHVibGljIGludGVyZmFjZSBvZiBhbnkgZ2VuZXJhdGVkIGNvZGU7CiBhbGwgbWV0aG9kIHNpZ25hdHVyZXMgcmVtYWluIHRoZSBzYW1lLiAgRnVydGhlcm1vcmUsIHRocmVhZC1zYWZldHkgb2YgdGhlCiBpbnRlcmZhY2UgaXMgbm90IGFmZmVjdGVkIGJ5IHRoaXMgb3B0aW9uOyBjb25zdCBtZXRob2RzIHJlbWFpbiBzYWZlIHRvCiBjYWxsIGZyb20gbXVsdGlwbGUgdGhyZWFkcyBjb25jdXJyZW50bHksIHdoaWxlIG5vbi1jb25zdCBtZXRob2RzIGNvbnRpbnVlCiB0byByZXF1aXJlIGV4Y2x1c2l2ZSBhY2Nlc3MuCgoKIE5vdGUgdGhhdCBpbXBsZW1lbnRhdGlvbnMgbWF5IGNob29zZSBub3QgdG8gY2hlY2sgcmVxdWlyZWQgZmllbGRzIHdpdGhpbgogYSBsYXp5IHN1Yi1tZXNzYWdlLiAgVGhhdCBpcywgY2FsbGluZyBJc0luaXRpYWxpemVkKCkgb24gdGhlIG91dGVyIG1lc3NhZ2UKIG1heSByZXR1cm4gdHJ1ZSBldmVuIGlmIHRoZSBpbm5lciBtZXNzYWdlIGhhcyBtaXNzaW5nIHJlcXVpcmVkIGZpZWxkcy4KIFRoaXMgaXMgbmVjZXNzYXJ5IGJlY2F1c2Ugb3RoZXJ3aXNlIHRoZSBpbm5lciBtZXNzYWdlIHdvdWxkIGhhdmUgdG8gYmUKIHBhcnNlZCBpbiBvcmRlciB0byBwZXJmb3JtIHRoZSBjaGVjaywgZGVmZWF0aW5nIHRoZSBwdXJwb3NlIG9mIGxhenkKIHBhcnNpbmcuICBBbiBpbXBsZW1lbnRhdGlvbiB3aGljaCBjaG9vc2VzIG5vdCB0byBjaGVjayByZXF1aXJlZCBmaWVsZHMKIG11c3QgYmUgY29uc2lzdGVudCBhYm91dCBpdC4gIFRoYXQgaXMsIGZvciBhbnkgcGFydGljdWxhciBzdWItbWVzc2FnZSwgdGhlCiBpbXBsZW1lbnRhdGlvbiBtdXN0IGVpdGhlciAqYWx3YXlzKiBjaGVjayBpdHMgcmVxdWlyZWQgZmllbGRzLCBvciAqbmV2ZXIqCiBjaGVjayBpdHMgcmVxdWlyZWQgZmllbGRzLCByZWdhcmRsZXNzIG9mIHdoZXRoZXIgb3Igbm90IHRoZSBtZXNzYWdlIGhhcwogYmVlbiBwYXJzZWQuCgoNCgUEDAIDBBIEtQQCCgoNCgUEDAIDBRIEtQQLDwoNCgUEDAIDARIEtQQQFAoNCgUEDAIDAxIEtQQXGAoNCgUEDAIDCBIEtQQZKAoNCgUEDAIDBxIEtQQiJwroAQoEBAwCBBIEuwQCLxrZASBJcyB0aGlzIGZpZWxkIGRlcHJlY2F0ZWQ/CiBEZXBlbmRpbmcgb24gdGhlIHRhcmdldCBwbGF0Zm9ybSwgdGhpcyBjYW4gZW1pdCBEZXByZWNhdGVkIGFubm90YXRpb25zCiBmb3IgYWNjZXNzb3JzLCBvciBpdCB3aWxsIGJlIGNvbXBsZXRlbHkgaWdub3JlZDsgaW4gdGhlIHZlcnkgbGVhc3QsIHRoaXMKIGlzIGEgZm9ybWFsaXphdGlvbiBmb3IgZGVwcmVjYXRpbmcgZmllbGRzLgoKDQoFBAwCBAQSBLsEAgoKDQoFBAwCBAUSBLsECw8KDQoFBAwCBAESBLsEEBoKDQoFBAwCBAMSBLsEHR4KDQoFBAwCBAgSBLsEHy4KDQoFBAwCBAcSBLsEKC0KPwoEBAwCBRIEvgQCKhoxIEZvciBHb29nbGUtaW50ZXJuYWwgbWlncmF0aW9uIG9ubHkuIERvIG5vdCB1c2UuCgoNCgUEDAIFBBIEvgQCCgoNCgUEDAIFBRIEvgQLDwoNCgUEDAIFARIEvgQQFAoNCgUEDAIFAxIEvgQXGQoNCgUEDAIFCBIEvgQaKQoNCgUEDAIFBxIEvgQjKApPCgQEDAIGEgTCBAI6GkEgVGhlIHBhcnNlciBzdG9yZXMgb3B0aW9ucyBpdCBkb2Vzbid0IHJlY29nbml6ZSBoZXJlLiBTZWUgYWJvdmUuCgoNCgUEDAIGBBIEwgQCCgoNCgUEDAIGBhIEwgQLHgoNCgUEDAIGARIEwgQfMwoNCgUEDAIGAxIEwgQ2OQpaCgMEDAUSBMUEAhkaTSBDbGllbnRzIGNhbiBkZWZpbmUgY3VzdG9tIG9wdGlvbnMgaW4gZXh0ZW5zaW9ucyBvZiB0aGlzIG1lc3NhZ2UuIFNlZSBhYm92ZS4KCgwKBAQMBQASBMUEDRgKDQoFBAwFAAESBMUEDREKDQoFBAwFAAISBMUEFRgKDAoCBA0SBsoEANAEAQoLCgMEDQESBMoECBQKTwoEBA0CABIEzAQCOhpBIFRoZSBwYXJzZXIgc3RvcmVzIG9wdGlvbnMgaXQgZG9lc24ndCByZWNvZ25pemUgaGVyZS4gU2VlIGFib3ZlLgoKDQoFBA0CAAQSBMwEAgoKDQoFBA0CAAYSBMwECx4KDQoFBA0CAAESBMwEHzMKDQoFBA0CAAMSBMwENjkKWgoDBA0FEgTPBAIZGk0gQ2xpZW50cyBjYW4gZGVmaW5lIGN1c3RvbSBvcHRpb25zIGluIGV4dGVuc2lvbnMgb2YgdGhpcyBtZXNzYWdlLiBTZWUgYWJvdmUuCgoMCgQEDQUAEgTPBA0YCg0KBQQNBQABEgTPBA0RCg0KBQQNBQACEgTPBBUYCgwKAgQOEgbSBADlBAEKCwoDBA4BEgTSBAgTCmAKBAQOAgASBNYEAiAaUiBTZXQgdGhpcyBvcHRpb24gdG8gdHJ1ZSB0byBhbGxvdyBtYXBwaW5nIGRpZmZlcmVudCB0YWcgbmFtZXMgdG8gdGhlIHNhbWUKIHZhbHVlLgoKDQoFBA4CAAQSBNYEAgoKDQoFBA4CAAUSBNYECw8KDQoFBA4CAAESBNYEEBsKDQoFBA4CAAMSBNYEHh8K5QEKBAQOAgESBNwEAi8a1gEgSXMgdGhpcyBlbnVtIGRlcHJlY2F0ZWQ/CiBEZXBlbmRpbmcgb24gdGhlIHRhcmdldCBwbGF0Zm9ybSwgdGhpcyBjYW4gZW1pdCBEZXByZWNhdGVkIGFubm90YXRpb25zCiBmb3IgdGhlIGVudW0sIG9yIGl0IHdpbGwgYmUgY29tcGxldGVseSBpZ25vcmVkOyBpbiB0aGUgdmVyeSBsZWFzdCwgdGhpcwogaXMgYSBmb3JtYWxpemF0aW9uIGZvciBkZXByZWNhdGluZyBlbnVtcy4KCg0KBQQOAgEEEgTcBAIKCg0KBQQOAgEFEgTcBAsPCg0KBQQOAgEBEgTcBBAaCg0KBQQOAgEDEgTcBB0eCg0KBQQOAgEIEgTcBB8uCg0KBQQOAgEHEgTcBCgtCnIKBAQOAgISBOEEAjoaQSBUaGUgcGFyc2VyIHN0b3JlcyBvcHRpb25zIGl0IGRvZXNuJ3QgcmVjb2duaXplIGhlcmUuIFNlZSBhYm92ZS4KMiFyZXNlcnZlZCA1OyAgLy8gamF2YW5hbm9fYXNfbGl0ZQoKDQoFBA4CAgQSBOEEAgoKDQoFBA4CAgYSBOEECx4KDQoFBA4CAgESBOEEHzMKDQoFBA4CAgMSBOEENjkKWgoDBA4FEgTkBAIZGk0gQ2xpZW50cyBjYW4gZGVmaW5lIGN1c3RvbSBvcHRpb25zIGluIGV4dGVuc2lvbnMgb2YgdGhpcyBtZXNzYWdlLiBTZWUgYWJvdmUuCgoMCgQEDgUAEgTkBA0YCg0KBQQOBQABEgTkBA0RCg0KBQQOBQACEgTkBBUYCgwKAgQPEgbnBADzBAEKCwoDBA8BEgTnBAgYCvcBCgQEDwIAEgTsBAIvGugBIElzIHRoaXMgZW51bSB2YWx1ZSBkZXByZWNhdGVkPwogRGVwZW5kaW5nIG9uIHRoZSB0YXJnZXQgcGxhdGZvcm0sIHRoaXMgY2FuIGVtaXQgRGVwcmVjYXRlZCBhbm5vdGF0aW9ucwogZm9yIHRoZSBlbnVtIHZhbHVlLCBvciBpdCB3aWxsIGJlIGNvbXBsZXRlbHkgaWdub3JlZDsgaW4gdGhlIHZlcnkgbGVhc3QsCiB0aGlzIGlzIGEgZm9ybWFsaXphdGlvbiBmb3IgZGVwcmVjYXRpbmcgZW51bSB2YWx1ZXMuCgoNCgUEDwIABBIE7AQCCgoNCgUEDwIABRIE7AQLDwoNCgUEDwIAARIE7AQQGgoNCgUEDwIAAxIE7AQdHgoNCgUEDwIACBIE7AQfLgoNCgUEDwIABxIE7AQoLQpPCgQEDwIBEgTvBAI6GkEgVGhlIHBhcnNlciBzdG9yZXMgb3B0aW9ucyBpdCBkb2Vzbid0IHJlY29nbml6ZSBoZXJlLiBTZWUgYWJvdmUuCgoNCgUEDwIBBBIE7wQCCgoNCgUEDwIBBhIE7wQLHgoNCgUEDwIBARIE7wQfMwoNCgUEDwIBAxIE7wQ2OQpaCgMEDwUSBPIEAhkaTSBDbGllbnRzIGNhbiBkZWZpbmUgY3VzdG9tIG9wdGlvbnMgaW4gZXh0ZW5zaW9ucyBvZiB0aGlzIG1lc3NhZ2UuIFNlZSBhYm92ZS4KCgwKBAQPBQASBPIEDRgKDQoFBA8FAAESBPIEDREKDQoFBA8FAAISBPIEFRgKDAoCBBASBvUEAIcFAQoLCgMEEAESBPUECBYK2QMKBAQQAgASBIAFAjAa3wEgSXMgdGhpcyBzZXJ2aWNlIGRlcHJlY2F0ZWQ/CiBEZXBlbmRpbmcgb24gdGhlIHRhcmdldCBwbGF0Zm9ybSwgdGhpcyBjYW4gZW1pdCBEZXByZWNhdGVkIGFubm90YXRpb25zCiBmb3IgdGhlIHNlcnZpY2UsIG9yIGl0IHdpbGwgYmUgY29tcGxldGVseSBpZ25vcmVkOyBpbiB0aGUgdmVyeSBsZWFzdCwKIHRoaXMgaXMgYSBmb3JtYWxpemF0aW9uIGZvciBkZXByZWNhdGluZyBzZXJ2aWNlcy4KMugBIE5vdGU6ICBGaWVsZCBudW1iZXJzIDEgdGhyb3VnaCAzMiBhcmUgcmVzZXJ2ZWQgZm9yIEdvb2dsZSdzIGludGVybmFsIFJQQwogICBmcmFtZXdvcmsuICBXZSBhcG9sb2dpemUgZm9yIGhvYXJkaW5nIHRoZXNlIG51bWJlcnMgdG8gb3Vyc2VsdmVzLCBidXQKICAgd2Ugd2VyZSBhbHJlYWR5IHVzaW5nIHRoZW0gbG9uZyBiZWZvcmUgd2UgZGVjaWRlZCB0byByZWxlYXNlIFByb3RvY29sCiAgIEJ1ZmZlcnMuCgoNCgUEEAIABBIEgAUCCgoNCgUEEAIABRIEgAULDwoNCgUEEAIAARIEgAUQGgoNCgUEEAIAAxIEgAUdHwoNCgUEEAIACBIEgAUgLwoNCgUEEAIABxIEgAUpLgpPCgQEEAIBEgSDBQI6GkEgVGhlIHBhcnNlciBzdG9yZXMgb3B0aW9ucyBpdCBkb2Vzbid0IHJlY29nbml6ZSBoZXJlLiBTZWUgYWJvdmUuCgoNCgUEEAIBBBIEgwUCCgoNCgUEEAIBBhIEgwULHgoNCgUEEAIBARIEgwUfMwoNCgUEEAIBAxIEgwU2OQpaCgMEEAUSBIYFAhkaTSBDbGllbnRzIGNhbiBkZWZpbmUgY3VzdG9tIG9wdGlvbnMgaW4gZXh0ZW5zaW9ucyBvZiB0aGlzIG1lc3NhZ2UuIFNlZSBhYm92ZS4KCgwKBAQQBQASBIYFDRgKDQoFBBAFAAESBIYFDREKDQoFBBAFAAISBIYFFRgKDAoCBBESBokFAKYFAQoLCgMEEQESBIkFCBUK1gMKBAQRAgASBJQFAjAa3AEgSXMgdGhpcyBtZXRob2QgZGVwcmVjYXRlZD8KIERlcGVuZGluZyBvbiB0aGUgdGFyZ2V0IHBsYXRmb3JtLCB0aGlzIGNhbiBlbWl0IERlcHJlY2F0ZWQgYW5ub3RhdGlvbnMKIGZvciB0aGUgbWV0aG9kLCBvciBpdCB3aWxsIGJlIGNvbXBsZXRlbHkgaWdub3JlZDsgaW4gdGhlIHZlcnkgbGVhc3QsCiB0aGlzIGlzIGEgZm9ybWFsaXphdGlvbiBmb3IgZGVwcmVjYXRpbmcgbWV0aG9kcy4KMugBIE5vdGU6ICBGaWVsZCBudW1iZXJzIDEgdGhyb3VnaCAzMiBhcmUgcmVzZXJ2ZWQgZm9yIEdvb2dsZSdzIGludGVybmFsIFJQQwogICBmcmFtZXdvcmsuICBXZSBhcG9sb2dpemUgZm9yIGhvYXJkaW5nIHRoZXNlIG51bWJlcnMgdG8gb3Vyc2VsdmVzLCBidXQKICAgd2Ugd2VyZSBhbHJlYWR5IHVzaW5nIHRoZW0gbG9uZyBiZWZvcmUgd2UgZGVjaWRlZCB0byByZWxlYXNlIFByb3RvY29sCiAgIEJ1ZmZlcnMuCgoNCgUEEQIABBIElAUCCgoNCgUEEQIABRIElAULDwoNCgUEEQIAARIElAUQGgoNCgUEEQIAAxIElAUdHwoNCgUEEQIACBIElAUgLwoNCgUEEQIABxIElAUpLgrwAQoEBBEEABIGmQUCnQUDGt8BIElzIHRoaXMgbWV0aG9kIHNpZGUtZWZmZWN0LWZyZWUgKG9yIHNhZmUgaW4gSFRUUCBwYXJsYW5jZSksIG9yIGlkZW1wb3RlbnQsCiBvciBuZWl0aGVyPyBIVFRQIGJhc2VkIFJQQyBpbXBsZW1lbnRhdGlvbiBtYXkgY2hvb3NlIEdFVCB2ZXJiIGZvciBzYWZlCiBtZXRob2RzLCBhbmQgUFVUIHZlcmIgZm9yIGlkZW1wb3RlbnQgbWV0aG9kcyBpbnN0ZWFkIG9mIHRoZSBkZWZhdWx0IFBPU1QuCgoNCgUEEQQAARIEmQUHFwoOCgYEEQQAAgASBJoFBBwKDwoHBBEEAAIAARIEmgUEFwoPCgcEEQQAAgACEgSaBRobCiQKBgQRBAACARIEmwUEHCIUIGltcGxpZXMgaWRlbXBvdGVudAoKDwoHBBEEAAIBARIEmwUEEwoPCgcEEQQAAgECEgSbBRobCjcKBgQRBAACAhIEnAUEHCInIGlkZW1wb3RlbnQsIGJ1dCBtYXkgaGF2ZSBzaWRlIGVmZmVjdHMKCg8KBwQRBAACAgESBJwFBA4KDwoHBBEEAAICAhIEnAUaGwoOCgQEEQIBEgaeBQKfBScKDQoFBBECAQQSBJ4FAgoKDQoFBBECAQYSBJ4FCxsKDQoFBBECAQESBJ4FHC0KDQoFBBECAQMSBJ8FBggKDQoFBBECAQgSBJ8FCSYKDQoFBBECAQcSBJ8FEiUKTwoEBBECAhIEogUCOhpBIFRoZSBwYXJzZXIgc3RvcmVzIG9wdGlvbnMgaXQgZG9lc24ndCByZWNvZ25pemUgaGVyZS4gU2VlIGFib3ZlLgoKDQoFBBECAgQSBKIFAgoKDQoFBBECAgYSBKIFCx4KDQoFBBECAgESBKIFHzMKDQoFBBECAgMSBKIFNjkKWgoDBBEFEgSlBQIZGk0gQ2xpZW50cyBjYW4gZGVmaW5lIGN1c3RvbSBvcHRpb25zIGluIGV4dGVuc2lvbnMgb2YgdGhpcyBtZXNzYWdlLiBTZWUgYWJvdmUuCgoMCgQEEQUAEgSlBQ0YCg0KBQQRBQABEgSlBQ0RCg0KBQQRBQACEgSlBRUYCosDCgIEEhIGrwUAwwUBGvwCIEEgbWVzc2FnZSByZXByZXNlbnRpbmcgYSBvcHRpb24gdGhlIHBhcnNlciBkb2VzIG5vdCByZWNvZ25pemUuIFRoaXMgb25seQogYXBwZWFycyBpbiBvcHRpb25zIHByb3RvcyBjcmVhdGVkIGJ5IHRoZSBjb21waWxlcjo6UGFyc2VyIGNsYXNzLgogRGVzY3JpcHRvclBvb2wgcmVzb2x2ZXMgdGhlc2Ugd2hlbiBidWlsZGluZyBEZXNjcmlwdG9yIG9iamVjdHMuIFRoZXJlZm9yZSwKIG9wdGlvbnMgcHJvdG9zIGluIGRlc2NyaXB0b3Igb2JqZWN0cyAoZS5nLiByZXR1cm5lZCBieSBEZXNjcmlwdG9yOjpvcHRpb25zKCksCiBvciBwcm9kdWNlZCBieSBEZXNjcmlwdG9yOjpDb3B5VG8oKSkgd2lsbCBuZXZlciBoYXZlIFVuaW50ZXJwcmV0ZWRPcHRpb25zCiBpbiB0aGVtLgoKCwoDBBIBEgSvBQgbCssCCgQEEgMAEga1BQK4BQMaugIgVGhlIG5hbWUgb2YgdGhlIHVuaW50ZXJwcmV0ZWQgb3B0aW9uLiAgRWFjaCBzdHJpbmcgcmVwcmVzZW50cyBhIHNlZ21lbnQgaW4KIGEgZG90LXNlcGFyYXRlZCBuYW1lLiAgaXNfZXh0ZW5zaW9uIGlzIHRydWUgaWZmIGEgc2VnbWVudCByZXByZXNlbnRzIGFuCiBleHRlbnNpb24gKGRlbm90ZWQgd2l0aCBwYXJlbnRoZXNlcyBpbiBvcHRpb25zIHNwZWNzIGluIC5wcm90byBmaWxlcykuCiBFLmcuLHsgWyJmb28iLCBmYWxzZV0sIFsiYmFyLmJheiIsIHRydWVdLCBbInF1eCIsIGZhbHNlXSB9IHJlcHJlc2VudHMKICJmb28uKGJhci5iYXopLnF1eCIuCgoNCgUEEgMAARIEtQUKEgoOCgYEEgMAAgASBLYFBCIKDwoHBBIDAAIABBIEtgUEDAoPCgcEEgMAAgAFEgS2BQ0TCg8KBwQSAwACAAESBLYFFB0KDwoHBBIDAAIAAxIEtgUgIQoOCgYEEgMAAgESBLcFBCMKDwoHBBIDAAIBBBIEtwUEDAoPCgcEEgMAAgEFEgS3BQ0RCg8KBwQSAwACAQESBLcFEh4KDwoHBBIDAAIBAxIEtwUhIgoMCgQEEgIAEgS5BQIdCg0KBQQSAgAEEgS5BQIKCg0KBQQSAgAGEgS5BQsTCg0KBQQSAgABEgS5BRQYCg0KBQQSAgADEgS5BRscCpwBCgQEEgIBEgS9BQInGo0BIFRoZSB2YWx1ZSBvZiB0aGUgdW5pbnRlcnByZXRlZCBvcHRpb24sIGluIHdoYXRldmVyIHR5cGUgdGhlIHRva2VuaXplcgogaWRlbnRpZmllZCBpdCBhcyBkdXJpbmcgcGFyc2luZy4gRXhhY3RseSBvbmUgb2YgdGhlc2Ugc2hvdWxkIGJlIHNldC4KCg0KBQQSAgEEEgS9BQIKCg0KBQQSAgEFEgS9BQsRCg0KBQQSAgEBEgS9BRIiCg0KBQQSAgEDEgS9BSUmCgwKBAQSAgISBL4FAikKDQoFBBICAgQSBL4FAgoKDQoFBBICAgUSBL4FCxEKDQoFBBICAgESBL4FEiQKDQoFBBICAgMSBL4FJygKDAoEBBICAxIEvwUCKAoNCgUEEgIDBBIEvwUCCgoNCgUEEgIDBRIEvwULEAoNCgUEEgIDARIEvwURIwoNCgUEEgIDAxIEvwUmJwoMCgQEEgIEEgTABQIjCg0KBQQSAgQEEgTABQIKCg0KBQQSAgQFEgTABQsRCg0KBQQSAgQBEgTABRIeCg0KBQQSAgQDEgTABSEiCgwKBAQSAgUSBMEFAiIKDQoFBBICBQQSBMEFAgoKDQoFBBICBQUSBMEFCxAKDQoFBBICBQESBMEFER0KDQoFBBICBQMSBMEFICEKDAoEBBICBhIEwgUCJgoNCgUEEgIGBBIEwgUCCgoNCgUEEgIGBRIEwgULEQoNCgUEEgIGARIEwgUSIQoNCgUEEgIGAxIEwgUkJQraAQoCBBMSBsoFAMsGARpqIEVuY2Fwc3VsYXRlcyBpbmZvcm1hdGlvbiBhYm91dCB0aGUgb3JpZ2luYWwgc291cmNlIGZpbGUgZnJvbSB3aGljaCBhCiBGaWxlRGVzY3JpcHRvclByb3RvIHdhcyBnZW5lcmF0ZWQuCjJgID09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KIE9wdGlvbmFsIHNvdXJjZSBjb2RlIGluZm8KCgsKAwQTARIEygUIFgqCEQoEBBMCABIE9gUCIRrzECBBIExvY2F0aW9uIGlkZW50aWZpZXMgYSBwaWVjZSBvZiBzb3VyY2UgY29kZSBpbiBhIC5wcm90byBmaWxlIHdoaWNoCiBjb3JyZXNwb25kcyB0byBhIHBhcnRpY3VsYXIgZGVmaW5pdGlvbi4gIFRoaXMgaW5mb3JtYXRpb24gaXMgaW50ZW5kZWQKIHRvIGJlIHVzZWZ1bCB0byBJREVzLCBjb2RlIGluZGV4ZXJzLCBkb2N1bWVudGF0aW9uIGdlbmVyYXRvcnMsIGFuZCBzaW1pbGFyCiB0b29scy4KCiBGb3IgZXhhbXBsZSwgc2F5IHdlIGhhdmUgYSBmaWxlIGxpa2U6CiAgIG1lc3NhZ2UgRm9vIHsKICAgICBvcHRpb25hbCBzdHJpbmcgZm9vID0gMTsKICAgfQogTGV0J3MgbG9vayBhdCBqdXN0IHRoZSBmaWVsZCBkZWZpbml0aW9uOgogICBvcHRpb25hbCBzdHJpbmcgZm9vID0gMTsKICAgXiAgICAgICBeXiAgICAgXl4gIF4gIF5eXgogICBhICAgICAgIGJjICAgICBkZSAgZiAgZ2hpCiBXZSBoYXZlIHRoZSBmb2xsb3dpbmcgbG9jYXRpb25zOgogICBzcGFuICAgcGF0aCAgICAgICAgICAgICAgIHJlcHJlc2VudHMKICAgW2EsaSkgIFsgNCwgMCwgMiwgMCBdICAgICBUaGUgd2hvbGUgZmllbGQgZGVmaW5pdGlvbi4KICAgW2EsYikgIFsgNCwgMCwgMiwgMCwgNCBdICBUaGUgbGFiZWwgKG9wdGlvbmFsKS4KICAgW2MsZCkgIFsgNCwgMCwgMiwgMCwgNSBdICBUaGUgdHlwZSAoc3RyaW5nKS4KICAgW2UsZikgIFsgNCwgMCwgMiwgMCwgMSBdICBUaGUgbmFtZSAoZm9vKS4KICAgW2csaCkgIFsgNCwgMCwgMiwgMCwgMyBdICBUaGUgbnVtYmVyICgxKS4KCiBOb3RlczoKIC0gQSBsb2NhdGlvbiBtYXkgcmVmZXIgdG8gYSByZXBlYXRlZCBmaWVsZCBpdHNlbGYgKGkuZS4gbm90IHRvIGFueQogICBwYXJ0aWN1bGFyIGluZGV4IHdpdGhpbiBpdCkuICBUaGlzIGlzIHVzZWQgd2hlbmV2ZXIgYSBzZXQgb2YgZWxlbWVudHMgYXJlCiAgIGxvZ2ljYWxseSBlbmNsb3NlZCBpbiBhIHNpbmdsZSBjb2RlIHNlZ21lbnQuICBGb3IgZXhhbXBsZSwgYW4gZW50aXJlCiAgIGV4dGVuZCBibG9jayAocG9zc2libHkgY29udGFpbmluZyBtdWx0aXBsZSBleHRlbnNpb24gZGVmaW5pdGlvbnMpIHdpbGwKICAgaGF2ZSBhbiBvdXRlciBsb2NhdGlvbiB3aG9zZSBwYXRoIHJlZmVycyB0byB0aGUgImV4dGVuc2lvbnMiIHJlcGVhdGVkCiAgIGZpZWxkIHdpdGhvdXQgYW4gaW5kZXguCiAtIE11bHRpcGxlIGxvY2F0aW9ucyBtYXkgaGF2ZSB0aGUgc2FtZSBwYXRoLiAgVGhpcyBoYXBwZW5zIHdoZW4gYSBzaW5nbGUKICAgbG9naWNhbCBkZWNsYXJhdGlvbiBpcyBzcHJlYWQgb3V0IGFjcm9zcyBtdWx0aXBsZSBwbGFjZXMuICBUaGUgbW9zdAogICBvYnZpb3VzIGV4YW1wbGUgaXMgdGhlICJleHRlbmQiIGJsb2NrIGFnYWluIC0tIHRoZXJlIG1heSBiZSBtdWx0aXBsZQogICBleHRlbmQgYmxvY2tzIGluIHRoZSBzYW1lIHNjb3BlLCBlYWNoIG9mIHdoaWNoIHdpbGwgaGF2ZSB0aGUgc2FtZSBwYXRoLgogLSBBIGxvY2F0aW9uJ3Mgc3BhbiBpcyBub3QgYWx3YXlzIGEgc3Vic2V0IG9mIGl0cyBwYXJlbnQncyBzcGFuLiAgRm9yCiAgIGV4YW1wbGUsIHRoZSAiZXh0ZW5kZWUiIG9mIGFuIGV4dGVuc2lvbiBkZWNsYXJhdGlvbiBhcHBlYXJzIGF0IHRoZQogICBiZWdpbm5pbmcgb2YgdGhlICJleHRlbmQiIGJsb2NrIGFuZCBpcyBzaGFyZWQgYnkgYWxsIGV4dGVuc2lvbnMgd2l0aGluCiAgIHRoZSBibG9jay4KIC0gSnVzdCBiZWNhdXNlIGEgbG9jYXRpb24ncyBzcGFuIGlzIGEgc3Vic2V0IG9mIHNvbWUgb3RoZXIgbG9jYXRpb24ncyBzcGFuCiAgIGRvZXMgbm90IG1lYW4gdGhhdCBpdCBpcyBhIGRlc2NlbmRlbnQuICBGb3IgZXhhbXBsZSwgYSAiZ3JvdXAiIGRlZmluZXMKICAgYm90aCBhIHR5cGUgYW5kIGEgZmllbGQgaW4gYSBzaW5nbGUgZGVjbGFyYXRpb24uICBUaHVzLCB0aGUgbG9jYXRpb25zCiAgIGNvcnJlc3BvbmRpbmcgdG8gdGhlIHR5cGUgYW5kIGZpZWxkIGFuZCB0aGVpciBjb21wb25lbnRzIHdpbGwgb3ZlcmxhcC4KIC0gQ29kZSB3aGljaCB0cmllcyB0byBpbnRlcnByZXQgbG9jYXRpb25zIHNob3VsZCBwcm9iYWJseSBiZSBkZXNpZ25lZCB0bwogICBpZ25vcmUgdGhvc2UgdGhhdCBpdCBkb2Vzbid0IHVuZGVyc3RhbmQsIGFzIG1vcmUgdHlwZXMgb2YgbG9jYXRpb25zIGNvdWxkCiAgIGJlIHJlY29yZGVkIGluIHRoZSBmdXR1cmUuCgoNCgUEEwIABBIE9gUCCgoNCgUEEwIABhIE9gULEwoNCgUEEwIAARIE9gUUHAoNCgUEEwIAAxIE9gUfIAoOCgQEEwMAEgb3BQLKBgMKDQoFBBMDAAESBPcFChIKgwcKBgQTAwACABIEjwYEKhryBiBJZGVudGlmaWVzIHdoaWNoIHBhcnQgb2YgdGhlIEZpbGVEZXNjcmlwdG9yUHJvdG8gd2FzIGRlZmluZWQgYXQgdGhpcwogbG9jYXRpb24uCgogRWFjaCBlbGVtZW50IGlzIGEgZmllbGQgbnVtYmVyIG9yIGFuIGluZGV4LiAgVGhleSBmb3JtIGEgcGF0aCBmcm9tCiB0aGUgcm9vdCBGaWxlRGVzY3JpcHRvclByb3RvIHRvIHRoZSBwbGFjZSB3aGVyZSB0aGUgZGVmaW5pdGlvbi4gIEZvcgogZXhhbXBsZSwgdGhpcyBwYXRoOgogICBbIDQsIDMsIDIsIDcsIDEgXQogcmVmZXJzIHRvOgogICBmaWxlLm1lc3NhZ2VfdHlwZSgzKSAgLy8gNCwgMwogICAgICAgLmZpZWxkKDcpICAgICAgICAgLy8gMiwgNwogICAgICAgLm5hbWUoKSAgICAgICAgICAgLy8gMQogVGhpcyBpcyBiZWNhdXNlIEZpbGVEZXNjcmlwdG9yUHJvdG8ubWVzc2FnZV90eXBlIGhhcyBmaWVsZCBudW1iZXIgNDoKICAgcmVwZWF0ZWQgRGVzY3JpcHRvclByb3RvIG1lc3NhZ2VfdHlwZSA9IDQ7CiBhbmQgRGVzY3JpcHRvclByb3RvLmZpZWxkIGhhcyBmaWVsZCBudW1iZXIgMjoKICAgcmVwZWF0ZWQgRmllbGREZXNjcmlwdG9yUHJvdG8gZmllbGQgPSAyOwogYW5kIEZpZWxkRGVzY3JpcHRvclByb3RvLm5hbWUgaGFzIGZpZWxkIG51bWJlciAxOgogICBvcHRpb25hbCBzdHJpbmcgbmFtZSA9IDE7CgogVGh1cywgdGhlIGFib3ZlIHBhdGggZ2l2ZXMgdGhlIGxvY2F0aW9uIG9mIGEgZmllbGQgbmFtZS4gIElmIHdlIHJlbW92ZWQKIHRoZSBsYXN0IGVsZW1lbnQ6CiAgIFsgNCwgMywgMiwgNyBdCiB0aGlzIHBhdGggcmVmZXJzIHRvIHRoZSB3aG9sZSBmaWVsZCBkZWNsYXJhdGlvbiAoZnJvbSB0aGUgYmVnaW5uaW5nCiBvZiB0aGUgbGFiZWwgdG8gdGhlIHRlcm1pbmF0aW5nIHNlbWljb2xvbikuCgoPCgcEEwMAAgAEEgSPBgQMCg8KBwQTAwACAAUSBI8GDRIKDwoHBBMDAAIAARIEjwYTFwoPCgcEEwMAAgADEgSPBhobCg8KBwQTAwACAAgSBI8GHCkKEgoKBBMDAAIACOcHABIEjwYdKAoTCgsEEwMAAgAI5wcAAhIEjwYdIwoUCgwEEwMAAgAI5wcAAgASBI8GHSMKFQoNBBMDAAIACOcHAAIAARIEjwYdIwoTCgsEEwMAAgAI5wcAAxIEjwYkKArSAgoGBBMDAAIBEgSWBgQqGsECIEFsd2F5cyBoYXMgZXhhY3RseSB0aHJlZSBvciBmb3VyIGVsZW1lbnRzOiBzdGFydCBsaW5lLCBzdGFydCBjb2x1bW4sCiBlbmQgbGluZSAob3B0aW9uYWwsIG90aGVyd2lzZSBhc3N1bWVkIHNhbWUgYXMgc3RhcnQgbGluZSksIGVuZCBjb2x1bW4uCiBUaGVzZSBhcmUgcGFja2VkIGludG8gYSBzaW5nbGUgZmllbGQgZm9yIGVmZmljaWVuY3kuICBOb3RlIHRoYXQgbGluZQogYW5kIGNvbHVtbiBudW1iZXJzIGFyZSB6ZXJvLWJhc2VkIC0tIHR5cGljYWxseSB5b3Ugd2lsbCB3YW50IHRvIGFkZAogMSB0byBlYWNoIGJlZm9yZSBkaXNwbGF5aW5nIHRvIGEgdXNlci4KCg8KBwQTAwACAQQSBJYGBAwKDwoHBBMDAAIBBRIElgYNEgoPCgcEEwMAAgEBEgSWBhMXCg8KBwQTAwACAQMSBJYGGhsKDwoHBBMDAAIBCBIElgYcKQoSCgoEEwMAAgEI5wcAEgSWBh0oChMKCwQTAwACAQjnBwACEgSWBh0jChQKDAQTAwACAQjnBwACABIElgYdIwoVCg0EEwMAAgEI5wcAAgABEgSWBh0jChMKCwQTAwACAQjnBwADEgSWBiQoCqUMCgYEEwMAAgISBMcGBCkalAwgSWYgdGhpcyBTb3VyY2VDb2RlSW5mbyByZXByZXNlbnRzIGEgY29tcGxldGUgZGVjbGFyYXRpb24sIHRoZXNlIGFyZSBhbnkKIGNvbW1lbnRzIGFwcGVhcmluZyBiZWZvcmUgYW5kIGFmdGVyIHRoZSBkZWNsYXJhdGlvbiB3aGljaCBhcHBlYXIgdG8gYmUKIGF0dGFjaGVkIHRvIHRoZSBkZWNsYXJhdGlvbi4KCiBBIHNlcmllcyBvZiBsaW5lIGNvbW1lbnRzIGFwcGVhcmluZyBvbiBjb25zZWN1dGl2ZSBsaW5lcywgd2l0aCBubyBvdGhlcgogdG9rZW5zIGFwcGVhcmluZyBvbiB0aG9zZSBsaW5lcywgd2lsbCBiZSB0cmVhdGVkIGFzIGEgc2luZ2xlIGNvbW1lbnQuCgogbGVhZGluZ19kZXRhY2hlZF9jb21tZW50cyB3aWxsIGtlZXAgcGFyYWdyYXBocyBvZiBjb21tZW50cyB0aGF0IGFwcGVhcgogYmVmb3JlIChidXQgbm90IGNvbm5lY3RlZCB0bykgdGhlIGN1cnJlbnQgZWxlbWVudC4gRWFjaCBwYXJhZ3JhcGgsCiBzZXBhcmF0ZWQgYnkgZW1wdHkgbGluZXMsIHdpbGwgYmUgb25lIGNvbW1lbnQgZWxlbWVudCBpbiB0aGUgcmVwZWF0ZWQKIGZpZWxkLgoKIE9ubHkgdGhlIGNvbW1lbnQgY29udGVudCBpcyBwcm92aWRlZDsgY29tbWVudCBtYXJrZXJzIChlLmcuIC8vKSBhcmUKIHN0cmlwcGVkIG91dC4gIEZvciBibG9jayBjb21tZW50cywgbGVhZGluZyB3aGl0ZXNwYWNlIGFuZCBhbiBhc3Rlcmlzawogd2lsbCBiZSBzdHJpcHBlZCBmcm9tIHRoZSBiZWdpbm5pbmcgb2YgZWFjaCBsaW5lIG90aGVyIHRoYW4gdGhlIGZpcnN0LgogTmV3bGluZXMgYXJlIGluY2x1ZGVkIGluIHRoZSBvdXRwdXQuCgogRXhhbXBsZXM6CgogICBvcHRpb25hbCBpbnQzMiBmb28gPSAxOyAgLy8gQ29tbWVudCBhdHRhY2hlZCB0byBmb28uCiAgIC8vIENvbW1lbnQgYXR0YWNoZWQgdG8gYmFyLgogICBvcHRpb25hbCBpbnQzMiBiYXIgPSAyOwoKICAgb3B0aW9uYWwgc3RyaW5nIGJheiA9IDM7CiAgIC8vIENvbW1lbnQgYXR0YWNoZWQgdG8gYmF6LgogICAvLyBBbm90aGVyIGxpbmUgYXR0YWNoZWQgdG8gYmF6LgoKICAgLy8gQ29tbWVudCBhdHRhY2hlZCB0byBxdXguCiAgIC8vCiAgIC8vIEFub3RoZXIgbGluZSBhdHRhY2hlZCB0byBxdXguCiAgIG9wdGlvbmFsIGRvdWJsZSBxdXggPSA0OwoKICAgLy8gRGV0YWNoZWQgY29tbWVudCBmb3IgY29yZ2UuIFRoaXMgaXMgbm90IGxlYWRpbmcgb3IgdHJhaWxpbmcgY29tbWVudHMKICAgLy8gdG8gcXV4IG9yIGNvcmdlIGJlY2F1c2UgdGhlcmUgYXJlIGJsYW5rIGxpbmVzIHNlcGFyYXRpbmcgaXQgZnJvbQogICAvLyBib3RoLgoKICAgLy8gRGV0YWNoZWQgY29tbWVudCBmb3IgY29yZ2UgcGFyYWdyYXBoIDIuCgogICBvcHRpb25hbCBzdHJpbmcgY29yZ2UgPSA1OwogICAvKiBCbG9jayBjb21tZW50IGF0dGFjaGVkCiAgICAqIHRvIGNvcmdlLiAgTGVhZGluZyBhc3Rlcmlza3MKICAgICogd2lsbCBiZSByZW1vdmVkLiAqLwogICAvKiBCbG9jayBjb21tZW50IGF0dGFjaGVkIHRvCiAgICAqIGdyYXVsdC4gKi8KICAgb3B0aW9uYWwgaW50MzIgZ3JhdWx0ID0gNjsKCiAgIC8vIGlnbm9yZWQgZGV0YWNoZWQgY29tbWVudHMuCgoPCgcEEwMAAgIEEgTHBgQMCg8KBwQTAwACAgUSBMcGDRMKDwoHBBMDAAICARIExwYUJAoPCgcEEwMAAgIDEgTHBicoCg4KBgQTAwACAxIEyAYEKgoPCgcEEwMAAgMEEgTIBgQMCg8KBwQTAwACAwUSBMgGDRMKDwoHBBMDAAIDARIEyAYUJQoPCgcEEwMAAgMDEgTIBigpCg4KBgQTAwACBBIEyQYEMgoPCgcEEwMAAgQEEgTJBgQMCg8KBwQTAwACBAUSBMkGDRMKDwoHBBMDAAIEARIEyQYULQoPCgcEEwMAAgQDEgTJBjAxCu4BCgIEFBIG0AYA5QYBGt8BIERlc2NyaWJlcyB0aGUgcmVsYXRpb25zaGlwIGJldHdlZW4gZ2VuZXJhdGVkIGNvZGUgYW5kIGl0cyBvcmlnaW5hbCBzb3VyY2UKIGZpbGUuIEEgR2VuZXJhdGVkQ29kZUluZm8gbWVzc2FnZSBpcyBhc3NvY2lhdGVkIHdpdGggb25seSBvbmUgZ2VuZXJhdGVkCiBzb3VyY2UgZmlsZSwgYnV0IG1heSBjb250YWluIHJlZmVyZW5jZXMgdG8gZGlmZmVyZW50IHNvdXJjZSAucHJvdG8gZmlsZXMuCgoLCgMEFAESBNAGCBkKeAoEBBQCABIE0wYCJRpqIEFuIEFubm90YXRpb24gY29ubmVjdHMgc29tZSBzcGFuIG9mIHRleHQgaW4gZ2VuZXJhdGVkIGNvZGUgdG8gYW4gZWxlbWVudAogb2YgaXRzIGdlbmVyYXRpbmcgLnByb3RvIGZpbGUuCgoNCgUEFAIABBIE0wYCCgoNCgUEFAIABhIE0wYLFQoNCgUEFAIAARIE0wYWIAoNCgUEFAIAAxIE0wYjJAoOCgQEFAMAEgbUBgLkBgMKDQoFBBQDAAESBNQGChQKjwEKBgQUAwACABIE1wYEKhp/IElkZW50aWZpZXMgdGhlIGVsZW1lbnQgaW4gdGhlIG9yaWdpbmFsIHNvdXJjZSAucHJvdG8gZmlsZS4gVGhpcyBmaWVsZAogaXMgZm9ybWF0dGVkIHRoZSBzYW1lIGFzIFNvdXJjZUNvZGVJbmZvLkxvY2F0aW9uLnBhdGguCgoPCgcEFAMAAgAEEgTXBgQMCg8KBwQUAwACAAUSBNcGDRIKDwoHBBQDAAIAARIE1wYTFwoPCgcEFAMAAgADEgTXBhobCg8KBwQUAwACAAgSBNcGHCkKEgoKBBQDAAIACOcHABIE1wYdKAoTCgsEFAMAAgAI5wcAAhIE1wYdIwoUCgwEFAMAAgAI5wcAAgASBNcGHSMKFQoNBBQDAAIACOcHAAIAARIE1wYdIwoTCgsEFAMAAgAI5wcAAxIE1wYkKApPCgYEFAMAAgESBNoGBCQaPyBJZGVudGlmaWVzIHRoZSBmaWxlc3lzdGVtIHBhdGggdG8gdGhlIG9yaWdpbmFsIHNvdXJjZSAucHJvdG8uCgoPCgcEFAMAAgEEEgTaBgQMCg8KBwQUAwACAQUSBNoGDRMKDwoHBBQDAAIBARIE2gYUHwoPCgcEFAMAAgEDEgTaBiIjCncKBgQUAwACAhIE3gYEHRpnIElkZW50aWZpZXMgdGhlIHN0YXJ0aW5nIG9mZnNldCBpbiBieXRlcyBpbiB0aGUgZ2VuZXJhdGVkIGNvZGUKIHRoYXQgcmVsYXRlcyB0byB0aGUgaWRlbnRpZmllZCBvYmplY3QuCgoPCgcEFAMAAgIEEgTeBgQMCg8KBwQUAwACAgUSBN4GDRIKDwoHBBQDAAICARIE3gYTGAoPCgcEFAMAAgIDEgTeBhscCtsBCgYEFAMAAgMSBOMGBBsaygEgSWRlbnRpZmllcyB0aGUgZW5kaW5nIG9mZnNldCBpbiBieXRlcyBpbiB0aGUgZ2VuZXJhdGVkIGNvZGUgdGhhdAogcmVsYXRlcyB0byB0aGUgaWRlbnRpZmllZCBvZmZzZXQuIFRoZSBlbmQgb2Zmc2V0IHNob3VsZCBiZSBvbmUgcGFzdAogdGhlIGxhc3QgcmVsZXZhbnQgYnl0ZSAoc28gdGhlIGxlbmd0aCBvZiB0aGUgdGV4dCA9IGVuZCAtIGJlZ2luKS4KCg8KBwQUAwACAwQSBOMGBAwKDwoHBBQDAAIDBRIE4wYNEgoPCgcEFAMAAgMBEgTjBhMWCg8KBwQUAwACAwMSBOMGGRoK/loKFGdvZ29wcm90by9nb2dvLnByb3RvEglnb2dvcHJvdG8aIGdvb2dsZS9wcm90b2J1Zi9kZXNjcmlwdG9yLnByb3RvOk4KE2dvcHJvdG9fZW51bV9wcmVmaXgSHC5nb29nbGUucHJvdG9idWYuRW51bU9wdGlvbnMYseQDIAEoCFIRZ29wcm90b0VudW1QcmVmaXg6UgoVZ29wcm90b19lbnVtX3N0cmluZ2VyEhwuZ29vZ2xlLnByb3RvYnVmLkVudW1PcHRpb25zGMXkAyABKAhSE2dvcHJvdG9FbnVtU3RyaW5nZXI6QwoNZW51bV9zdHJpbmdlchIcLmdvb2dsZS5wcm90b2J1Zi5FbnVtT3B0aW9ucxjG5AMgASgIUgxlbnVtU3RyaW5nZXI6RwoPZW51bV9jdXN0b21uYW1lEhwuZ29vZ2xlLnByb3RvYnVmLkVudW1PcHRpb25zGMfkAyABKAlSDmVudW1DdXN0b21uYW1lOjoKCGVudW1kZWNsEhwuZ29vZ2xlLnByb3RvYnVmLkVudW1PcHRpb25zGMjkAyABKAhSCGVudW1kZWNsOlYKFGVudW12YWx1ZV9jdXN0b21uYW1lEiEuZ29vZ2xlLnByb3RvYnVmLkVudW1WYWx1ZU9wdGlvbnMY0YMEIAEoCVITZW51bXZhbHVlQ3VzdG9tbmFtZTpOChNnb3Byb3RvX2dldHRlcnNfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGJnsAyABKAhSEWdvcHJvdG9HZXR0ZXJzQWxsOlUKF2dvcHJvdG9fZW51bV9wcmVmaXhfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGJrsAyABKAhSFGdvcHJvdG9FbnVtUHJlZml4QWxsOlAKFGdvcHJvdG9fc3RyaW5nZXJfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGJvsAyABKAhSEmdvcHJvdG9TdHJpbmdlckFsbDpKChF2ZXJib3NlX2VxdWFsX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxic7AMgASgIUg92ZXJib3NlRXF1YWxBbGw6OQoIZmFjZV9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYnewDIAEoCFIHZmFjZUFsbDpBCgxnb3N0cmluZ19hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYnuwDIAEoCFILZ29zdHJpbmdBbGw6QQoMcG9wdWxhdGVfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGJ/sAyABKAhSC3BvcHVsYXRlQWxsOkEKDHN0cmluZ2VyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxig7AMgASgIUgtzdHJpbmdlckFsbDo/Cgtvbmx5b25lX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxih7AMgASgIUgpvbmx5b25lQWxsOjsKCWVxdWFsX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxil7AMgASgIUghlcXVhbEFsbDpHCg9kZXNjcmlwdGlvbl9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYpuwDIAEoCFIOZGVzY3JpcHRpb25BbGw6PwoLdGVzdGdlbl9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYp+wDIAEoCFIKdGVzdGdlbkFsbDpBCgxiZW5jaGdlbl9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYqOwDIAEoCFILYmVuY2hnZW5BbGw6QwoNbWFyc2hhbGVyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxip7AMgASgIUgxtYXJzaGFsZXJBbGw6RwoPdW5tYXJzaGFsZXJfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGKrsAyABKAhSDnVubWFyc2hhbGVyQWxsOlAKFHN0YWJsZV9tYXJzaGFsZXJfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGKvsAyABKAhSEnN0YWJsZU1hcnNoYWxlckFsbDo7CglzaXplcl9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYrOwDIAEoCFIIc2l6ZXJBbGw6WQoZZ29wcm90b19lbnVtX3N0cmluZ2VyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxit7AMgASgIUhZnb3Byb3RvRW51bVN0cmluZ2VyQWxsOkoKEWVudW1fc3RyaW5nZXJfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGK7sAyABKAhSD2VudW1TdHJpbmdlckFsbDpQChR1bnNhZmVfbWFyc2hhbGVyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxiv7AMgASgIUhJ1bnNhZmVNYXJzaGFsZXJBbGw6VAoWdW5zYWZlX3VubWFyc2hhbGVyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxiw7AMgASgIUhR1bnNhZmVVbm1hcnNoYWxlckFsbDpbChpnb3Byb3RvX2V4dGVuc2lvbnNfbWFwX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxix7AMgASgIUhdnb3Byb3RvRXh0ZW5zaW9uc01hcEFsbDpYChhnb3Byb3RvX3VucmVjb2duaXplZF9hbGwSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYsuwDIAEoCFIWZ29wcm90b1VucmVjb2duaXplZEFsbDpJChBnb2dvcHJvdG9faW1wb3J0EhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGLPsAyABKAhSD2dvZ29wcm90b0ltcG9ydDpFCg5wcm90b3NpemVyX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxi07AMgASgIUg1wcm90b3NpemVyQWxsOj8KC2NvbXBhcmVfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGLXsAyABKAhSCmNvbXBhcmVBbGw6QQoMdHlwZWRlY2xfYWxsEhwuZ29vZ2xlLnByb3RvYnVmLkZpbGVPcHRpb25zGLbsAyABKAhSC3R5cGVkZWNsQWxsOkEKDGVudW1kZWNsX2FsbBIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxi37AMgASgIUgtlbnVtZGVjbEFsbDpRChRnb3Byb3RvX3JlZ2lzdHJhdGlvbhIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxi47AMgASgIUhNnb3Byb3RvUmVnaXN0cmF0aW9uOkoKD2dvcHJvdG9fZ2V0dGVycxIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiB9AMgASgIUg5nb3Byb3RvR2V0dGVyczpMChBnb3Byb3RvX3N0cmluZ2VyEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGIP0AyABKAhSD2dvcHJvdG9TdHJpbmdlcjpGCg12ZXJib3NlX2VxdWFsEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGIT0AyABKAhSDHZlcmJvc2VFcXVhbDo1CgRmYWNlEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGIX0AyABKAhSBGZhY2U6PQoIZ29zdHJpbmcSHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYhvQDIAEoCFIIZ29zdHJpbmc6PQoIcG9wdWxhdGUSHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYh/QDIAEoCFIIcG9wdWxhdGU6PQoIc3RyaW5nZXISHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYwIsEIAEoCFIIc3RyaW5nZXI6OwoHb25seW9uZRIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiJ9AMgASgIUgdvbmx5b25lOjcKBWVxdWFsEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGI30AyABKAhSBWVxdWFsOkMKC2Rlc2NyaXB0aW9uEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGI70AyABKAhSC2Rlc2NyaXB0aW9uOjsKB3Rlc3RnZW4SHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYj/QDIAEoCFIHdGVzdGdlbjo9CghiZW5jaGdlbhIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiQ9AMgASgIUghiZW5jaGdlbjo/CgltYXJzaGFsZXISHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYkfQDIAEoCFIJbWFyc2hhbGVyOkMKC3VubWFyc2hhbGVyEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGJL0AyABKAhSC3VubWFyc2hhbGVyOkwKEHN0YWJsZV9tYXJzaGFsZXISHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYk/QDIAEoCFIPc3RhYmxlTWFyc2hhbGVyOjcKBXNpemVyEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGJT0AyABKAhSBXNpemVyOkwKEHVuc2FmZV9tYXJzaGFsZXISHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYl/QDIAEoCFIPdW5zYWZlTWFyc2hhbGVyOlAKEnVuc2FmZV91bm1hcnNoYWxlchIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxiY9AMgASgIUhF1bnNhZmVVbm1hcnNoYWxlcjpXChZnb3Byb3RvX2V4dGVuc2lvbnNfbWFwEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGJn0AyABKAhSFGdvcHJvdG9FeHRlbnNpb25zTWFwOlQKFGdvcHJvdG9fdW5yZWNvZ25pemVkEh8uZ29vZ2xlLnByb3RvYnVmLk1lc3NhZ2VPcHRpb25zGJr0AyABKAhSE2dvcHJvdG9VbnJlY29nbml6ZWQ6QQoKcHJvdG9zaXplchIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxic9AMgASgIUgpwcm90b3NpemVyOjsKB2NvbXBhcmUSHy5nb29nbGUucHJvdG9idWYuTWVzc2FnZU9wdGlvbnMYnfQDIAEoCFIHY29tcGFyZTo9Cgh0eXBlZGVjbBIfLmdvb2dsZS5wcm90b2J1Zi5NZXNzYWdlT3B0aW9ucxie9AMgASgIUgh0eXBlZGVjbDo7CghudWxsYWJsZRIdLmdvb2dsZS5wcm90b2J1Zi5GaWVsZE9wdGlvbnMY6fsDIAEoCFIIbnVsbGFibGU6NQoFZW1iZWQSHS5nb29nbGUucHJvdG9idWYuRmllbGRPcHRpb25zGOr7AyABKAhSBWVtYmVkOj8KCmN1c3RvbXR5cGUSHS5nb29nbGUucHJvdG9idWYuRmllbGRPcHRpb25zGOv7AyABKAlSCmN1c3RvbXR5cGU6PwoKY3VzdG9tbmFtZRIdLmdvb2dsZS5wcm90b2J1Zi5GaWVsZE9wdGlvbnMY7PsDIAEoCVIKY3VzdG9tbmFtZTo5Cgdqc29udGFnEh0uZ29vZ2xlLnByb3RvYnVmLkZpZWxkT3B0aW9ucxjt+wMgASgJUgdqc29udGFnOjsKCG1vcmV0YWdzEh0uZ29vZ2xlLnByb3RvYnVmLkZpZWxkT3B0aW9ucxju+wMgASgJUghtb3JldGFnczo7CghjYXN0dHlwZRIdLmdvb2dsZS5wcm90b2J1Zi5GaWVsZE9wdGlvbnMY7/sDIAEoCVIIY2FzdHR5cGU6OQoHY2FzdGtleRIdLmdvb2dsZS5wcm90b2J1Zi5GaWVsZE9wdGlvbnMY8PsDIAEoCVIHY2FzdGtleTo9CgljYXN0dmFsdWUSHS5nb29nbGUucHJvdG9idWYuRmllbGRPcHRpb25zGPH7AyABKAlSCWNhc3R2YWx1ZTo5CgdzdGR0aW1lEh0uZ29vZ2xlLnByb3RvYnVmLkZpZWxkT3B0aW9ucxjy+wMgASgIUgdzdGR0aW1lOkEKC3N0ZGR1cmF0aW9uEh0uZ29vZ2xlLnByb3RvYnVmLkZpZWxkT3B0aW9ucxjz+wMgASgIUgtzdGRkdXJhdGlvbkJFChNjb20uZ29vZ2xlLnByb3RvYnVmQgpHb0dvUHJvdG9zWiJnaXRodWIuY29tL2dvZ28vcHJvdG9idWYvZ29nb3Byb3RvSv0zCgcSBRwAhAEBCvwKCgEMEgMcABIy8QogUHJvdG9jb2wgQnVmZmVycyBmb3IgR28gd2l0aCBHYWRnZXRzCgogQ29weXJpZ2h0IChjKSAyMDEzLCBUaGUgR29HbyBBdXRob3JzLiBBbGwgcmlnaHRzIHJlc2VydmVkLgogaHR0cDovL2dpdGh1Yi5jb20vZ29nby9wcm90b2J1ZgoKIFJlZGlzdHJpYnV0aW9uIGFuZCB1c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAogbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zIGFyZQogbWV0OgoKICAgICAqIFJlZGlzdHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFpbiB0aGUgYWJvdmUgY29weXJpZ2h0CiBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIuCiAgICAgKiBSZWRpc3RyaWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCByZXByb2R1Y2UgdGhlIGFib3ZlCiBjb3B5cmlnaHQgbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyCiBpbiB0aGUgZG9jdW1lbnRhdGlvbiBhbmQvb3Igb3RoZXIgbWF0ZXJpYWxzIHByb3ZpZGVkIHdpdGggdGhlCiBkaXN0cmlidXRpb24uCgogVEhJUyBTT0ZUV0FSRSBJUyBQUk9WSURFRCBCWSBUSEUgQ09QWVJJR0hUIEhPTERFUlMgQU5EIENPTlRSSUJVVE9SUwogIkFTIElTIiBBTkQgQU5ZIEVYUFJFU1MgT1IgSU1QTElFRCBXQVJSQU5USUVTLCBJTkNMVURJTkcsIEJVVCBOT1QKIExJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgogQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBDT1BZUklHSFQKIE9XTkVSIE9SIENPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLAogU1BFQ0lBTCwgRVhFTVBMQVJZLCBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xVRElORywgQlVUIE5PVAogTElNSVRFRCBUTywgUFJPQ1VSRU1FTlQgT0YgU1VCU1RJVFVURSBHT09EUyBPUiBTRVJWSUNFUzsgTE9TUyBPRiBVU0UsCiBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkKIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09OVFJBQ1QsIFNUUklDVCBMSUFCSUxJVFksIE9SIFRPUlQKIChJTkNMVURJTkcgTkVHTElHRU5DRSBPUiBPVEhFUldJU0UpIEFSSVNJTkcgSU4gQU5ZIFdBWSBPVVQgT0YgVEhFIFVTRQogT0YgVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4KCggKAQISAx0IEQoJCgIDABIDHwcpCggKAQgSAyEALAoLCgQI5wcAEgMhACwKDAoFCOcHAAISAyEHEwoNCgYI5wcAAgASAyEHEwoOCgcI5wcAAgABEgMhBxMKDAoFCOcHAAcSAyEWKwoICgEIEgMiACsKCwoECOcHARIDIgArCgwKBQjnBwECEgMiBxsKDQoGCOcHAQIAEgMiBxsKDgoHCOcHAQIAARIDIgcbCgwKBQjnBwEHEgMiHioKCAoBCBIDIwA5CgsKBAjnBwISAyMAOQoMCgUI5wcCAhIDIwcRCg0KBgjnBwICABIDIwcRCg4KBwjnBwICAAESAyMHEQoMCgUI5wcCBxIDIxQ4CgkKAQcSBCUAKwEKCQoCBwASAyYIMgoKCgMHAAISAyUHIgoKCgMHAAQSAyYIEAoKCgMHAAUSAyYRFQoKCgMHAAESAyYWKQoKCgMHAAMSAyYsMQoJCgIHARIDJwg0CgoKAwcBAhIDJQciCgoKAwcBBBIDJwgQCgoKAwcBBRIDJxEVCgoKAwcBARIDJxYrCgoKAwcBAxIDJy4zCgkKAgcCEgMoCCwKCgoDBwICEgMlByIKCgoDBwIEEgMoCBAKCgoDBwIFEgMoERUKCgoDBwIBEgMoFiMKCgoDBwIDEgMoJisKCQoCBwMSAykIMAoKCgMHAwISAyUHIgoKCgMHAwQSAykIEAoKCgMHAwUSAykRFwoKCgMHAwESAykYJwoKCgMHAwMSAykqLwoJCgIHBBIDKggnCgoKAwcEAhIDJQciCgoKAwcEBBIDKggQCgoKAwcEBRIDKhEVCgoKAwcEARIDKhYeCgoKAwcEAxIDKiEmCgkKAQcSBC0ALwEKCQoCBwUSAy4INQoKCgMHBQISAy0HJwoKCgMHBQQSAy4IEAoKCgMHBQUSAy4RFwoKCgMHBQESAy4YLAoKCgMHBQMSAy4vNAoJCgEHEgQxAFUBCgkKAgcGEgMyCDIKCgoDBwYCEgMxByIKCgoDBwYEEgMyCBAKCgoDBwYFEgMyERUKCgoDBwYBEgMyFikKCgoDBwYDEgMyLDEKCQoCBwcSAzMINgoKCgMHBwISAzEHIgoKCgMHBwQSAzMIEAoKCgMHBwUSAzMRFQoKCgMHBwESAzMWLQoKCgMHBwMSAzMwNQoJCgIHCBIDNAgzCgoKAwcIAhIDMQciCgoKAwcIBBIDNAgQCgoKAwcIBRIDNBEVCgoKAwcIARIDNBYqCgoKAwcIAxIDNC0yCgkKAgcJEgM1CDAKCgoDBwkCEgMxByIKCgoDBwkEEgM1CBAKCgoDBwkFEgM1ERUKCgoDBwkBEgM1FicKCgoDBwkDEgM1Ki8KCQoCBwoSAzYIJwoKCgMHCgISAzEHIgoKCgMHCgQSAzYIEAoKCgMHCgUSAzYRFQoKCgMHCgESAzYWHgoKCgMHCgMSAzYhJgoJCgIHCxIDNwgrCgoKAwcLAhIDMQciCgoKAwcLBBIDNwgQCgoKAwcLBRIDNxEVCgoKAwcLARIDNxYiCgoKAwcLAxIDNyUqCgkKAgcMEgM4CCsKCgoDBwwCEgMxByIKCgoDBwwEEgM4CBAKCgoDBwwFEgM4ERUKCgoDBwwBEgM4FiIKCgoDBwwDEgM4JSoKCQoCBw0SAzkIKwoKCgMHDQISAzEHIgoKCgMHDQQSAzkIEAoKCgMHDQUSAzkRFQoKCgMHDQESAzkWIgoKCgMHDQMSAzklKgoJCgIHDhIDOggqCgoKAwcOAhIDMQciCgoKAwcOBBIDOggQCgoKAwcOBRIDOhEVCgoKAwcOARIDOhYhCgoKAwcOAxIDOiQpCgkKAgcPEgM8CCgKCgoDBw8CEgMxByIKCgoDBw8EEgM8CBAKCgoDBw8FEgM8ERUKCgoDBw8BEgM8Fh8KCgoDBw8DEgM8IicKCQoCBxASAz0ILgoKCgMHEAISAzEHIgoKCgMHEAQSAz0IEAoKCgMHEAUSAz0RFQoKCgMHEAESAz0WJQoKCgMHEAMSAz0oLQoJCgIHERIDPggqCgoKAwcRAhIDMQciCgoKAwcRBBIDPggQCgoKAwcRBRIDPhEVCgoKAwcRARIDPhYhCgoKAwcRAxIDPiQpCgkKAgcSEgM/CCsKCgoDBxICEgMxByIKCgoDBxIEEgM/CBAKCgoDBxIFEgM/ERUKCgoDBxIBEgM/FiIKCgoDBxIDEgM/JSoKCQoCBxMSA0AILAoKCgMHEwISAzEHIgoKCgMHEwQSA0AIEAoKCgMHEwUSA0ARFQoKCgMHEwESA0AWIwoKCgMHEwMSA0AmKwoJCgIHFBIDQQguCgoKAwcUAhIDMQciCgoKAwcUBBIDQQgQCgoKAwcUBRIDQREVCgoKAwcUARIDQRYlCgoKAwcUAxIDQSgtCgkKAgcVEgNCCDMKCgoDBxUCEgMxByIKCgoDBxUEEgNCCBAKCgoDBxUFEgNCERUKCgoDBxUBEgNCFioKCgoDBxUDEgNCLTIKCQoCBxYSA0QIKAoKCgMHFgISAzEHIgoKCgMHFgQSA0QIEAoKCgMHFgUSA0QRFQoKCgMHFgESA0QWHwoKCgMHFgMSA0QiJwoJCgIHFxIDRgg4CgoKAwcXAhIDMQciCgoKAwcXBBIDRggQCgoKAwcXBRIDRhEVCgoKAwcXARIDRhYvCgoKAwcXAxIDRjI3CgkKAgcYEgNHCDAKCgoDBxgCEgMxByIKCgoDBxgEEgNHCBAKCgoDBxgFEgNHERUKCgoDBxgBEgNHFicKCgoDBxgDEgNHKi8KCQoCBxkSA0kIMwoKCgMHGQISAzEHIgoKCgMHGQQSA0kIEAoKCgMHGQUSA0kRFQoKCgMHGQESA0kWKgoKCgMHGQMSA0ktMgoJCgIHGhIDSgg1CgoKAwcaAhIDMQciCgoKAwcaBBIDSggQCgoKAwcaBRIDShEVCgoKAwcaARIDShYsCgoKAwcaAxIDSi80CgkKAgcbEgNMCDkKCgoDBxsCEgMxByIKCgoDBxsEEgNMCBAKCgoDBxsFEgNMERUKCgoDBxsBEgNMFjAKCgoDBxsDEgNMMzgKCQoCBxwSA00INwoKCgMHHAISAzEHIgoKCgMHHAQSA00IEAoKCgMHHAUSA00RFQoKCgMHHAESA00WLgoKCgMHHAMSA00xNgoJCgIHHRIDTggvCgoKAwcdAhIDMQciCgoKAwcdBBIDTggQCgoKAwcdBRIDThEVCgoKAwcdARIDThYmCgoKAwcdAxIDTikuCgkKAgceEgNPCC0KCgoDBx4CEgMxByIKCgoDBx4EEgNPCBAKCgoDBx4FEgNPERUKCgoDBx4BEgNPFiQKCgoDBx4DEgNPJywKCQoCBx8SA1AIKgoKCgMHHwISAzEHIgoKCgMHHwQSA1AIEAoKCgMHHwUSA1ARFQoKCgMHHwESA1AWIQoKCgMHHwMSA1AkKQoJCgIHIBIDUQQnCgoKAwcgAhIDMQciCgoKAwcgBBIDUQQMCgoKAwcgBRIDUQ0RCgoKAwcgARIDURIeCgoKAwcgAxIDUSEmCgkKAgchEgNSBCcKCgoDByECEgMxByIKCgoDByEEEgNSBAwKCgoDByEFEgNSDREKCgoDByEBEgNSEh4KCgoDByEDEgNSISYKCQoCByISA1QIMwoKCgMHIgISAzEHIgoKCgMHIgQSA1QIEAoKCgMHIgUSA1QRFQoKCgMHIgESA1QWKgoKCgMHIgMSA1QtMgoJCgEHEgRXAHUBCgkKAgcjEgNYCC4KCgoDByMCEgNXByUKCgoDByMEEgNYCBAKCgoDByMFEgNYERUKCgoDByMBEgNYFiUKCgoDByMDEgNYKC0KCQoCByQSA1kILwoKCgMHJAISA1cHJQoKCgMHJAQSA1kIEAoKCgMHJAUSA1kRFQoKCgMHJAESA1kWJgoKCgMHJAMSA1kpLgoJCgIHJRIDWggsCgoKAwclAhIDVwclCgoKAwclBBIDWggQCgoKAwclBRIDWhEVCgoKAwclARIDWhYjCgoKAwclAxIDWiYrCgkKAgcmEgNbCCMKCgoDByYCEgNXByUKCgoDByYEEgNbCBAKCgoDByYFEgNbERUKCgoDByYBEgNbFhoKCgoDByYDEgNbHSIKCQoCBycSA1wIJwoKCgMHJwISA1cHJQoKCgMHJwQSA1wIEAoKCgMHJwUSA1wRFQoKCgMHJwESA1wWHgoKCgMHJwMSA1whJgoJCgIHKBIDXQgnCgoKAwcoAhIDVwclCgoKAwcoBBIDXQgQCgoKAwcoBRIDXREVCgoKAwcoARIDXRYeCgoKAwcoAxIDXSEmCgkKAgcpEgNeCCcKCgoDBykCEgNXByUKCgoDBykEEgNeCBAKCgoDBykFEgNeERUKCgoDBykBEgNeFh4KCgoDBykDEgNeISYKCQoCByoSA18IJgoKCgMHKgISA1cHJQoKCgMHKgQSA18IEAoKCgMHKgUSA18RFQoKCgMHKgESA18WHQoKCgMHKgMSA18gJQoJCgIHKxIDYQgkCgoKAwcrAhIDVwclCgoKAwcrBBIDYQgQCgoKAwcrBRIDYREVCgoKAwcrARIDYRYbCgoKAwcrAxIDYR4jCgkKAgcsEgNiCCoKCgoDBywCEgNXByUKCgoDBywEEgNiCBAKCgoDBywFEgNiERUKCgoDBywBEgNiFiEKCgoDBywDEgNiJCkKCQoCBy0SA2MIJgoKCgMHLQISA1cHJQoKCgMHLQQSA2MIEAoKCgMHLQUSA2MRFQoKCgMHLQESA2MWHQoKCgMHLQMSA2MgJQoJCgIHLhIDZAgnCgoKAwcuAhIDVwclCgoKAwcuBBIDZAgQCgoKAwcuBRIDZBEVCgoKAwcuARIDZBYeCgoKAwcuAxIDZCEmCgkKAgcvEgNlCCgKCgoDBy8CEgNXByUKCgoDBy8EEgNlCBAKCgoDBy8FEgNlERUKCgoDBy8BEgNlFh8KCgoDBy8DEgNlIicKCQoCBzASA2YIKgoKCgMHMAISA1cHJQoKCgMHMAQSA2YIEAoKCgMHMAUSA2YRFQoKCgMHMAESA2YWIQoKCgMHMAMSA2YkKQoJCgIHMRIDZwgvCgoKAwcxAhIDVwclCgoKAwcxBBIDZwgQCgoKAwcxBRIDZxEVCgoKAwcxARIDZxYmCgoKAwcxAxIDZykuCgkKAgcyEgNpCCQKCgoDBzICEgNXByUKCgoDBzIEEgNpCBAKCgoDBzIFEgNpERUKCgoDBzIBEgNpFhsKCgoDBzIDEgNpHiMKCQoCBzMSA2sILwoKCgMHMwISA1cHJQoKCgMHMwQSA2sIEAoKCgMHMwUSA2sRFQoKCgMHMwESA2sWJgoKCgMHMwMSA2spLgoJCgIHNBIDbAgxCgoKAwc0AhIDVwclCgoKAwc0BBIDbAgQCgoKAwc0BRIDbBEVCgoKAwc0ARIDbBYoCgoKAwc0AxIDbCswCgkKAgc1EgNuCDUKCgoDBzUCEgNXByUKCgoDBzUEEgNuCBAKCgoDBzUFEgNuERUKCgoDBzUBEgNuFiwKCgoDBzUDEgNuLzQKCQoCBzYSA28IMwoKCgMHNgISA1cHJQoKCgMHNgQSA28IEAoKCgMHNgUSA28RFQoKCgMHNgESA28WKgoKCgMHNgMSA28tMgoJCgIHNxIDcQgpCgoKAwc3AhIDVwclCgoKAwc3BBIDcQgQCgoKAwc3BRIDcREVCgoKAwc3ARIDcRYgCgoKAwc3AxIDcSMoCgkKAgc4EgNyCCYKCgoDBzgCEgNXByUKCgoDBzgEEgNyCBAKCgoDBzgFEgNyERUKCgoDBzgBEgNyFh0KCgoDBzgDEgNyICUKCQoCBzkSA3QIJwoKCgMHOQISA1cHJQoKCgMHOQQSA3QIEAoKCgMHOQUSA3QRFQoKCgMHOQESA3QWHgoKCgMHOQMSA3QhJgoKCgEHEgV3AIQBAQoJCgIHOhIDeAgnCgoKAwc6AhIDdwcjCgoKAwc6BBIDeAgQCgoKAwc6BRIDeBEVCgoKAwc6ARIDeBYeCgoKAwc6AxIDeCEmCgkKAgc7EgN5CCQKCgoDBzsCEgN3ByMKCgoDBzsEEgN5CBAKCgoDBzsFEgN5ERUKCgoDBzsBEgN5FhsKCgoDBzsDEgN5HiMKCQoCBzwSA3oIKwoKCgMHPAISA3cHIwoKCgMHPAQSA3oIEAoKCgMHPAUSA3oRFwoKCgMHPAESA3oYIgoKCgMHPAMSA3olKgoJCgIHPRIDewgrCgoKAwc9AhIDdwcjCgoKAwc9BBIDewgQCgoKAwc9BRIDexEXCgoKAwc9ARIDexgiCgoKAwc9AxIDeyUqCgkKAgc+EgN8CCgKCgoDBz4CEgN3ByMKCgoDBz4EEgN8CBAKCgoDBz4FEgN8ERcKCgoDBz4BEgN8GB8KCgoDBz4DEgN8IicKCQoCBz8SA30IKQoKCgMHPwISA3cHIwoKCgMHPwQSA30IEAoKCgMHPwUSA30RFwoKCgMHPwESA30YIAoKCgMHPwMSA30jKAoJCgIHQBIDfggpCgoKAwdAAhIDdwcjCgoKAwdABBIDfggQCgoKAwdABRIDfhEXCgoKAwdAARIDfhggCgoKAwdAAxIDfiMoCgkKAgdBEgN/CCgKCgoDB0ECEgN3ByMKCgoDB0EEEgN/CBAKCgoDB0EFEgN/ERcKCgoDB0EBEgN/GB8KCgoDB0EDEgN/IicKCgoCB0ISBIABCCoKCgoDB0ICEgN3ByMKCwoDB0IEEgSAAQgQCgsKAwdCBRIEgAERFwoLCgMHQgESBIABGCEKCwoDB0IDEgSAASQpCgoKAgdDEgSCAQgmCgoKAwdDAhIDdwcjCgsKAwdDBBIEggEIEAoLCgMHQwUSBIIBERUKCwoDB0MBEgSCARYdCgsKAwdDAxIEggEgJQoKCgIHRBIEgwEIKgoKCgMHRAISA3cHIwoLCgMHRAQSBIMBCBAKCwoDB0QFEgSDAREVCgsKAwdEARIEgwEWIQoLCgMHRAMSBIMBJCkKixUKLG1peGVyL2FkYXB0ZXIvbW9kZWwvdjFiZXRhMS9leHRlbnNpb25zLnByb3RvEiFpc3Rpby5taXhlci5hZGFwdGVyLm1vZGVsLnYxYmV0YTEaIGdvb2dsZS9wcm90b2J1Zi9kZXNjcmlwdG9yLnByb3RvKpABCg9UZW1wbGF0ZVZhcmlldHkSGgoWVEVNUExBVEVfVkFSSUVUWV9DSEVDSxAAEhsKF1RFTVBMQVRFX1ZBUklFVFlfUkVQT1JUEAESGgoWVEVNUExBVEVfVkFSSUVUWV9RVU9UQRACEigKJFRFTVBMQVRFX1ZBUklFVFlfQVRUUklCVVRFX0dFTkVSQVRPUhADOn4KEHRlbXBsYXRlX3ZhcmlldHkSHC5nb29nbGUucHJvdG9idWYuRmlsZU9wdGlvbnMYr8q8IiABKA4yMi5pc3Rpby5taXhlci5hZGFwdGVyLm1vZGVsLnYxYmV0YTEuVGVtcGxhdGVWYXJpZXR5Ug90ZW1wbGF0ZVZhcmlldHk6RAoNdGVtcGxhdGVfbmFtZRIcLmdvb2dsZS5wcm90b2J1Zi5GaWxlT3B0aW9ucxjQy7wiIAEoCVIMdGVtcGxhdGVOYW1lQipaKGlzdGlvLmlvL2FwaS9taXhlci9hZGFwdGVyL21vZGVsL3YxYmV0YTFKiBEKBhIEDgAvAQq/BAoBDBIDDgASMrQEIENvcHlyaWdodCAyMDE4IElzdGlvIEF1dGhvcnMKCiBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKIHlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2Ugd2l0aCB0aGUgTGljZW5zZS4KIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjAKCiBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IgYWdyZWVkIHRvIGluIHdyaXRpbmcsIHNvZnR3YXJlCiBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVpdGhlciBleHByZXNzIG9yIGltcGxpZWQuCiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kCiBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4KCggKAQISAxAIKQoICgEIEgMSAD0KCwoECOcHABIDEgA9CgwKBQjnBwACEgMSBxEKDQoGCOcHAAIAEgMSBxEKDgoHCOcHAAIAARIDEgcRCgwKBQjnBwAHEgMSEjwKCQoCAwASAxQHKQp5CgIFABIEGAAlARptIFRoZSBhdmFpbGFibGUgdmFyaWV0aWVzIG9mIHRlbXBsYXRlcywgY29udHJvbGxpbmcgdGhlIHNlbWFudGljcyBvZiB3aGF0IGFuIGFkYXB0ZXIgZG9lcyB3aXRoIGVhY2ggaW5zdGFuY2UuCgoKCgMFAAESAxgFFArIAQoEBQACABIDGwQfGroBIE1ha2VzIHRoZSB0ZW1wbGF0ZSBhcHBsaWNhYmxlIGZvciBNaXhlcidzIGNoZWNrIGNhbGxzLiBJbnN0YW5jZXMgb2Ygc3VjaCB0ZW1wbGF0ZSBhcmUgY3JlYXRlZCBkdXJpbmcKIHJlcG9ydCBjYWxscyBpbiBNaXhlciBhbmQgcGFzc2VkIHRvIHRoZSBoYW5kbGVycyBiYXNlZCBvbiB0aGUgcnVsZSBjb25maWd1cmF0aW9ucy4KCgwKBQUAAgABEgMbBBoKDAoFBQACAAISAxsdHgrIAQoEBQACARIDHgQgGroBIE1ha2VzIHRoZSB0ZW1wbGF0ZSBhcHBsaWNhYmxlIGZvciBNaXhlcidzIHJlcG9ydCBjYWxscy4gSW5zdGFuY2VzIG9mIHN1Y2ggdGVtcGxhdGUgYXJlIGNyZWF0ZWQgZHVyaW5nCiBjaGVjayBjYWxscyBpbiBNaXhlciBhbmQgcGFzc2VkIHRvIHRoZSBoYW5kbGVycyBiYXNlZCBvbiB0aGUgcnVsZSBjb25maWd1cmF0aW9ucy4KCgwKBQUAAgEBEgMeBBsKDAoFBQACAQISAx4eHwrNAQoEBQACAhIDIQQfGr8BIE1ha2VzIHRoZSB0ZW1wbGF0ZSBhcHBsaWNhYmxlIGZvciBNaXhlcidzIHF1b3RhIGNhbGxzLiBJbnN0YW5jZXMgb2Ygc3VjaCB0ZW1wbGF0ZSBhcmUgY3JlYXRlZCBkdXJpbmcKIHF1b3RhIGNoZWNrIGNhbGxzIGluIE1peGVyIGFuZCBwYXNzZWQgdG8gdGhlIGhhbmRsZXJzIGJhc2VkIG9uIHRoZSBydWxlIGNvbmZpZ3VyYXRpb25zLgoKDAoFBQACAgESAyEEGgoMCgUFAAICAhIDIR0eCusBCgQFAAIDEgMkBC0a3QEgTWFrZXMgdGhlIHRlbXBsYXRlIGFwcGxpY2FibGUgZm9yIE1peGVyJ3MgYXR0cmlidXRlIGdlbmVyYXRpb24gcGhhc2UuIEluc3RhbmNlcyBvZiBzdWNoIHRlbXBsYXRlIGFyZSBjcmVhdGVkIGR1cmluZwogcHJlLXByb2Nlc3NpbmcgYXR0cmlidXRlIGdlbmVyYXRpb24gcGhhc2UgYW5kIHBhc3NlZCB0byB0aGUgaGFuZGxlcnMgYmFzZWQgb24gdGhlIHJ1bGUgY29uZmlndXJhdGlvbnMuCgoMCgUFAAIDARIDJAQoCgwKBQUAAgMCEgMkKywKMQoBBxIEKAAvARomIEZpbGUgbGV2ZWwgb3B0aW9ucyBmb3IgdGhlIHRlbXBsYXRlLgoKNgoCBwASAyoEMBorIFJlcXVpcmVkOiBvcHRpb24gZm9yIHRoZSBUZW1wbGF0ZVZhcmlldHkuCgoKCgMHAAISAygHIgoLCgMHAAQSBCoEKCQKCgoDBwAGEgMqBBMKCgoDBwABEgMqFCQKCgoDBwADEgMqJy8KpAEKAgcBEgMuBCQamAEgT3B0aW9uYWw6IG9wdGlvbiBmb3IgdGhlIHRlbXBsYXRlIG5hbWUuCiBJZiBub3Qgc3BlY2lmaWVkLCB0aGUgbGFzdCBzZWdtZW50IG9mIHRoZSB0ZW1wbGF0ZSBwcm90bydzIHBhY2thZ2UgbmFtZSBpcyB1c2VkIHRvCiBkZXJpdmUgdGhlIHRlbXBsYXRlIG5hbWUuCgoKCgMHAQISAygHIgoLCgMHAQQSBC4EKjAKCgoDBwEFEgMuBAoKCgoDBwEBEgMuCxgKCgoDBwEDEgMuGyNiBnByb3RvMwq8LAoZZ29vZ2xlL3Byb3RvYnVmL2FueS5wcm90bxIPZ29vZ2xlLnByb3RvYnVmIjYKA0FueRIZCgh0eXBlX3VybBgBIAEoCVIHdHlwZVVybBIUCgV2YWx1ZRgCIAEoDFIFdmFsdWVCTwoTY29tLmdvb2dsZS5wcm90b2J1ZkIIQW55UHJvdG9QAVoFdHlwZXOiAgNHUEKqAh5Hb29nbGUuUHJvdG9idWYuV2VsbEtub3duVHlwZXNK/CoKBxIFHgCUAQEKzAwKAQwSAx4AEjLBDCBQcm90b2NvbCBCdWZmZXJzIC0gR29vZ2xlJ3MgZGF0YSBpbnRlcmNoYW5nZSBmb3JtYXQKIENvcHlyaWdodCAyMDA4IEdvb2dsZSBJbmMuICBBbGwgcmlnaHRzIHJlc2VydmVkLgogaHR0cHM6Ly9kZXZlbG9wZXJzLmdvb2dsZS5jb20vcHJvdG9jb2wtYnVmZmVycy8KCiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKIG1vZGlmaWNhdGlvbiwgYXJlIHBlcm1pdHRlZCBwcm92aWRlZCB0aGF0IHRoZSBmb2xsb3dpbmcgY29uZGl0aW9ucyBhcmUKIG1ldDoKCiAgICAgKiBSZWRpc3RyaWJ1dGlvbnMgb2Ygc291cmNlIGNvZGUgbXVzdCByZXRhaW4gdGhlIGFib3ZlIGNvcHlyaWdodAogbm90aWNlLCB0aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNjbGFpbWVyLgogICAgICogUmVkaXN0cmlidXRpb25zIGluIGJpbmFyeSBmb3JtIG11c3QgcmVwcm9kdWNlIHRoZSBhYm92ZQogY29weXJpZ2h0IG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lcgogaW4gdGhlIGRvY3VtZW50YXRpb24gYW5kL29yIG90aGVyIG1hdGVyaWFscyBwcm92aWRlZCB3aXRoIHRoZQogZGlzdHJpYnV0aW9uLgogICAgICogTmVpdGhlciB0aGUgbmFtZSBvZiBHb29nbGUgSW5jLiBub3IgdGhlIG5hbWVzIG9mIGl0cwogY29udHJpYnV0b3JzIG1heSBiZSB1c2VkIHRvIGVuZG9yc2Ugb3IgcHJvbW90ZSBwcm9kdWN0cyBkZXJpdmVkIGZyb20KIHRoaXMgc29mdHdhcmUgd2l0aG91dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCgogVEhJUyBTT0ZUV0FSRSBJUyBQUk9WSURFRCBCWSBUSEUgQ09QWVJJR0hUIEhPTERFUlMgQU5EIENPTlRSSUJVVE9SUwogIkFTIElTIiBBTkQgQU5ZIEVYUFJFU1MgT1IgSU1QTElFRCBXQVJSQU5USUVTLCBJTkNMVURJTkcsIEJVVCBOT1QKIExJTUlURUQgVE8sIFRIRSBJTVBMSUVEIFdBUlJBTlRJRVMgT0YgTUVSQ0hBTlRBQklMSVRZIEFORCBGSVRORVNTIEZPUgogQSBQQVJUSUNVTEFSIFBVUlBPU0UgQVJFIERJU0NMQUlNRUQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBDT1BZUklHSFQKIE9XTkVSIE9SIENPTlRSSUJVVE9SUyBCRSBMSUFCTEUgRk9SIEFOWSBESVJFQ1QsIElORElSRUNULCBJTkNJREVOVEFMLAogU1BFQ0lBTCwgRVhFTVBMQVJZLCBPUiBDT05TRVFVRU5USUFMIERBTUFHRVMgKElOQ0xVRElORywgQlVUIE5PVAogTElNSVRFRCBUTywgUFJPQ1VSRU1FTlQgT0YgU1VCU1RJVFVURSBHT09EUyBPUiBTRVJWSUNFUzsgTE9TUyBPRiBVU0UsCiBEQVRBLCBPUiBQUk9GSVRTOyBPUiBCVVNJTkVTUyBJTlRFUlJVUFRJT04pIEhPV0VWRVIgQ0FVU0VEIEFORCBPTiBBTlkKIFRIRU9SWSBPRiBMSUFCSUxJVFksIFdIRVRIRVIgSU4gQ09OVFJBQ1QsIFNUUklDVCBMSUFCSUxJVFksIE9SIFRPUlQKIChJTkNMVURJTkcgTkVHTElHRU5DRSBPUiBPVEhFUldJU0UpIEFSSVNJTkcgSU4gQU5ZIFdBWSBPVVQgT0YgVEhFIFVTRQogT0YgVEhJUyBTT0ZUV0FSRSwgRVZFTiBJRiBBRFZJU0VEIE9GIFRIRSBQT1NTSUJJTElUWSBPRiBTVUNIIERBTUFHRS4KCggKAQISAyAIFwoICgEIEgMiADsKCwoECOcHABIDIgA7CgwKBQjnBwACEgMiBxcKDQoGCOcHAAIAEgMiBxcKDgoHCOcHAAIAARIDIgcXCgwKBQjnBwAHEgMiGjoKCAoBCBIDIwAcCgsKBAjnBwESAyMAHAoMCgUI5wcBAhIDIwcRCg0KBgjnBwECABIDIwcRCg4KBwjnBwECAAESAyMHEQoMCgUI5wcBBxIDIxQbCggKAQgSAyQALAoLCgQI5wcCEgMkACwKDAoFCOcHAgISAyQHEwoNCgYI5wcCAgASAyQHEwoOCgcI5wcCAgABEgMkBxMKDAoFCOcHAgcSAyQWKwoICgEIEgMlACkKCwoECOcHAxIDJQApCgwKBQjnBwMCEgMlBxsKDQoGCOcHAwIAEgMlBxsKDgoHCOcHAwIAARIDJQcbCgwKBQjnBwMHEgMlHigKCAoBCBIDJgAiCgsKBAjnBwQSAyYAIgoMCgUI5wcEAhIDJgcaCg0KBgjnBwQCABIDJgcaCg4KBwjnBwQCAAESAyYHGgoMCgUI5wcEAxIDJh0hCggKAQgSAycAIQoLCgQI5wcFEgMnACEKDAoFCOcHBQISAycHGAoNCgYI5wcFAgASAycHGAoOCgcI5wcFAgABEgMnBxgKDAoFCOcHBQcSAycbIArkEAoCBAASBXkAlAEBGtYQIGBBbnlgIGNvbnRhaW5zIGFuIGFyYml0cmFyeSBzZXJpYWxpemVkIHByb3RvY29sIGJ1ZmZlciBtZXNzYWdlIGFsb25nIHdpdGggYQogVVJMIHRoYXQgZGVzY3JpYmVzIHRoZSB0eXBlIG9mIHRoZSBzZXJpYWxpemVkIG1lc3NhZ2UuCgogUHJvdG9idWYgbGlicmFyeSBwcm92aWRlcyBzdXBwb3J0IHRvIHBhY2svdW5wYWNrIEFueSB2YWx1ZXMgaW4gdGhlIGZvcm0KIG9mIHV0aWxpdHkgZnVuY3Rpb25zIG9yIGFkZGl0aW9uYWwgZ2VuZXJhdGVkIG1ldGhvZHMgb2YgdGhlIEFueSB0eXBlLgoKIEV4YW1wbGUgMTogUGFjayBhbmQgdW5wYWNrIGEgbWVzc2FnZSBpbiBDKysuCgogICAgIEZvbyBmb28gPSAuLi47CiAgICAgQW55IGFueTsKICAgICBhbnkuUGFja0Zyb20oZm9vKTsKICAgICAuLi4KICAgICBpZiAoYW55LlVucGFja1RvKCZmb28pKSB7CiAgICAgICAuLi4KICAgICB9CgogRXhhbXBsZSAyOiBQYWNrIGFuZCB1bnBhY2sgYSBtZXNzYWdlIGluIEphdmEuCgogICAgIEZvbyBmb28gPSAuLi47CiAgICAgQW55IGFueSA9IEFueS5wYWNrKGZvbyk7CiAgICAgLi4uCiAgICAgaWYgKGFueS5pcyhGb28uY2xhc3MpKSB7CiAgICAgICBmb28gPSBhbnkudW5wYWNrKEZvby5jbGFzcyk7CiAgICAgfQoKICBFeGFtcGxlIDM6IFBhY2sgYW5kIHVucGFjayBhIG1lc3NhZ2UgaW4gUHl0aG9uLgoKICAgICBmb28gPSBGb28oLi4uKQogICAgIGFueSA9IEFueSgpCiAgICAgYW55LlBhY2soZm9vKQogICAgIC4uLgogICAgIGlmIGFueS5JcyhGb28uREVTQ1JJUFRPUik6CiAgICAgICBhbnkuVW5wYWNrKGZvbykKICAgICAgIC4uLgoKICBFeGFtcGxlIDQ6IFBhY2sgYW5kIHVucGFjayBhIG1lc3NhZ2UgaW4gR28KCiAgICAgIGZvbyA6PSAmcGIuRm9vey4uLn0KICAgICAgYW55LCBlcnIgOj0gcHR5cGVzLk1hcnNoYWxBbnkoZm9vKQogICAgICAuLi4KICAgICAgZm9vIDo9ICZwYi5Gb297fQogICAgICBpZiBlcnIgOj0gcHR5cGVzLlVubWFyc2hhbEFueShhbnksIGZvbyk7IGVyciAhPSBuaWwgewogICAgICAgIC4uLgogICAgICB9CgogVGhlIHBhY2sgbWV0aG9kcyBwcm92aWRlZCBieSBwcm90b2J1ZiBsaWJyYXJ5IHdpbGwgYnkgZGVmYXVsdCB1c2UKICd0eXBlLmdvb2dsZWFwaXMuY29tL2Z1bGwudHlwZS5uYW1lJyBhcyB0aGUgdHlwZSBVUkwgYW5kIHRoZSB1bnBhY2sKIG1ldGhvZHMgb25seSB1c2UgdGhlIGZ1bGx5IHF1YWxpZmllZCB0eXBlIG5hbWUgYWZ0ZXIgdGhlIGxhc3QgJy8nCiBpbiB0aGUgdHlwZSBVUkwsIGZvciBleGFtcGxlICJmb28uYmFyLmNvbS94L3kueiIgd2lsbCB5aWVsZCB0eXBlCiBuYW1lICJ5LnoiLgoKCiBKU09OCiA9PT09CiBUaGUgSlNPTiByZXByZXNlbnRhdGlvbiBvZiBhbiBgQW55YCB2YWx1ZSB1c2VzIHRoZSByZWd1bGFyCiByZXByZXNlbnRhdGlvbiBvZiB0aGUgZGVzZXJpYWxpemVkLCBlbWJlZGRlZCBtZXNzYWdlLCB3aXRoIGFuCiBhZGRpdGlvbmFsIGZpZWxkIGBAdHlwZWAgd2hpY2ggY29udGFpbnMgdGhlIHR5cGUgVVJMLiBFeGFtcGxlOgoKICAgICBwYWNrYWdlIGdvb2dsZS5wcm9maWxlOwogICAgIG1lc3NhZ2UgUGVyc29uIHsKICAgICAgIHN0cmluZyBmaXJzdF9uYW1lID0gMTsKICAgICAgIHN0cmluZyBsYXN0X25hbWUgPSAyOwogICAgIH0KCiAgICAgewogICAgICAgIkB0eXBlIjogInR5cGUuZ29vZ2xlYXBpcy5jb20vZ29vZ2xlLnByb2ZpbGUuUGVyc29uIiwKICAgICAgICJmaXJzdE5hbWUiOiA8c3RyaW5nPiwKICAgICAgICJsYXN0TmFtZSI6IDxzdHJpbmc+CiAgICAgfQoKIElmIHRoZSBlbWJlZGRlZCBtZXNzYWdlIHR5cGUgaXMgd2VsbC1rbm93biBhbmQgaGFzIGEgY3VzdG9tIEpTT04KIHJlcHJlc2VudGF0aW9uLCB0aGF0IHJlcHJlc2VudGF0aW9uIHdpbGwgYmUgZW1iZWRkZWQgYWRkaW5nIGEgZmllbGQKIGB2YWx1ZWAgd2hpY2ggaG9sZHMgdGhlIGN1c3RvbSBKU09OIGluIGFkZGl0aW9uIHRvIHRoZSBgQHR5cGVgCiBmaWVsZC4gRXhhbXBsZSAoZm9yIG1lc3NhZ2UgW2dvb2dsZS5wcm90b2J1Zi5EdXJhdGlvbl1bXSk6CgogICAgIHsKICAgICAgICJAdHlwZSI6ICJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5wcm90b2J1Zi5EdXJhdGlvbiIsCiAgICAgICAidmFsdWUiOiAiMS4yMTJzIgogICAgIH0KCgoKCgMEAAESA3kICwrkBwoEBAACABIEkAECFhrVByBBIFVSTC9yZXNvdXJjZSBuYW1lIHdob3NlIGNvbnRlbnQgZGVzY3JpYmVzIHRoZSB0eXBlIG9mIHRoZQogc2VyaWFsaXplZCBwcm90b2NvbCBidWZmZXIgbWVzc2FnZS4KCiBGb3IgVVJMcyB3aGljaCB1c2UgdGhlIHNjaGVtZSBgaHR0cGAsIGBodHRwc2AsIG9yIG5vIHNjaGVtZSwgdGhlCiBmb2xsb3dpbmcgcmVzdHJpY3Rpb25zIGFuZCBpbnRlcnByZXRhdGlvbnMgYXBwbHk6CgogKiBJZiBubyBzY2hlbWUgaXMgcHJvdmlkZWQsIGBodHRwc2AgaXMgYXNzdW1lZC4KICogVGhlIGxhc3Qgc2VnbWVudCBvZiB0aGUgVVJMJ3MgcGF0aCBtdXN0IHJlcHJlc2VudCB0aGUgZnVsbHkKICAgcXVhbGlmaWVkIG5hbWUgb2YgdGhlIHR5cGUgKGFzIGluIGBwYXRoL2dvb2dsZS5wcm90b2J1Zi5EdXJhdGlvbmApLgogICBUaGUgbmFtZSBzaG91bGQgYmUgaW4gYSBjYW5vbmljYWwgZm9ybSAoZS5nLiwgbGVhZGluZyAiLiIgaXMKICAgbm90IGFjY2VwdGVkKS4KICogQW4gSFRUUCBHRVQgb24gdGhlIFVSTCBtdXN0IHlpZWxkIGEgW2dvb2dsZS5wcm90b2J1Zi5UeXBlXVtdCiAgIHZhbHVlIGluIGJpbmFyeSBmb3JtYXQsIG9yIHByb2R1Y2UgYW4gZXJyb3IuCiAqIEFwcGxpY2F0aW9ucyBhcmUgYWxsb3dlZCB0byBjYWNoZSBsb29rdXAgcmVzdWx0cyBiYXNlZCBvbiB0aGUKICAgVVJMLCBvciBoYXZlIHRoZW0gcHJlY29tcGlsZWQgaW50byBhIGJpbmFyeSB0byBhdm9pZCBhbnkKICAgbG9va3VwLiBUaGVyZWZvcmUsIGJpbmFyeSBjb21wYXRpYmlsaXR5IG5lZWRzIHRvIGJlIHByZXNlcnZlZAogICBvbiBjaGFuZ2VzIHRvIHR5cGVzLiAoVXNlIHZlcnNpb25lZCB0eXBlIG5hbWVzIHRvIG1hbmFnZQogICBicmVha2luZyBjaGFuZ2VzLikKCiBTY2hlbWVzIG90aGVyIHRoYW4gYGh0dHBgLCBgaHR0cHNgIChvciB0aGUgZW1wdHkgc2NoZW1lKSBtaWdodCBiZQogdXNlZCB3aXRoIGltcGxlbWVudGF0aW9uIHNwZWNpZmljIHNlbWFudGljcy4KCgoOCgUEAAIABBIFkAECeQ0KDQoFBAACAAUSBJABAggKDQoFBAACAAESBJABCREKDQoFBAACAAMSBJABFBUKVwoEBAACARIEkwECEhpJIE11c3QgYmUgYSB2YWxpZCBzZXJpYWxpemVkIHByb3RvY29sIGJ1ZmZlciBvZiB0aGUgYWJvdmUgc3BlY2lmaWVkIHR5cGUuCgoPCgUEAAIBBBIGkwECkAEWCg0KBQQAAgEFEgSTAQIHCg0KBQQAAgEBEgSTAQgNCg0KBQQAAgEDEgSTARARYgZwcm90bzMKngkKKG1peGVyL2FkYXB0ZXIvbW9kZWwvdjFiZXRhMS9yZXBvcnQucHJvdG8SIWlzdGlvLm1peGVyLmFkYXB0ZXIubW9kZWwudjFiZXRhMRoUZ29nb3Byb3RvL2dvZ28ucHJvdG8iDgoMUmVwb3J0UmVzdWx0QjZaKGlzdGlvLmlvL2FwaS9taXhlci9hZGFwdGVyL21vZGVsL3YxYmV0YTHI4R4AqOIeAPDhHgBK6AcKBhIEDgAbFwq/BAoBDBIDDgASMrQEIENvcHlyaWdodCAyMDE4IElzdGlvIEF1dGhvcnMKCiBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKIHlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2Ugd2l0aCB0aGUgTGljZW5zZS4KIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjAKCiBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IgYWdyZWVkIHRvIGluIHdyaXRpbmcsIHNvZnR3YXJlCiBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVpdGhlciBleHByZXNzIG9yIGltcGxpZWQuCiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kCiBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4KCggKAQISAxAIKQoICgEIEgMSAD0KCwoECOcHABIDEgA9CgwKBQjnBwACEgMSBxEKDQoGCOcHAAIAEgMSBxEKDgoHCOcHAAIAARIDEgcRCgwKBQjnBwAHEgMSEjwKCQoCAwASAxQHHQoICgEIEgMWAC8KCwoECOcHARIDFgAvCgwKBQjnBwECEgMWByYKDQoGCOcHAQIAEgMWByYKDgoHCOcHAQIAARIDFgglCgwKBQjnBwEDEgMWKS4KCAoBCBIDFwAlCgsKBAjnBwISAxcAJQoMCgUI5wcCAhIDFwccCg0KBgjnBwICABIDFwccCg4KBwjnBwICAAESAxcIGwoMCgUI5wcCAxIDFx8kCggKAQgSAxgAKAoLCgQI5wcDEgMYACgKDAoFCOcHAwISAxgHHwoNCgYI5wcDAgASAxgHHwoOCgcI5wcDAgABEgMYCB4KDAoFCOcHAwMSAxgiJwozCgIEABIDGwAXGiggRXhwcmVzc2VzIHRoZSByZXN1bHQgb2YgYSByZXBvcnQgY2FsbC4KCgoKAwQAARIDGwgUYgZwcm90bzMK1BAKH3BvbGljeS92MWJldGExL3ZhbHVlX3R5cGUucHJvdG8SFGlzdGlvLnBvbGljeS52MWJldGExKrsBCglWYWx1ZVR5cGUSGgoWVkFMVUVfVFlQRV9VTlNQRUNJRklFRBAAEgoKBlNUUklORxABEgkKBUlOVDY0EAISCgoGRE9VQkxFEAMSCAoEQk9PTBAEEg0KCVRJTUVTVEFNUBAFEg4KCklQX0FERFJFU1MQBhIRCg1FTUFJTF9BRERSRVNTEAcSBwoDVVJJEAgSDAoIRE5TX05BTUUQCRIMCghEVVJBVElPThAKEg4KClNUUklOR19NQVAQC0IdWhtpc3Rpby5pby9hcGkvcG9saWN5L3YxYmV0YTFKtQ4KBhIEDgA8AQq/BAoBDBIDDgASMrQEIENvcHlyaWdodCAyMDE4IElzdGlvIEF1dGhvcnMKCiBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKIHlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2Ugd2l0aCB0aGUgTGljZW5zZS4KIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjAKCiBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IgYWdyZWVkIHRvIGluIHdyaXRpbmcsIHNvZnR3YXJlCiBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVpdGhlciBleHByZXNzIG9yIGltcGxpZWQuCiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kCiBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4KCggKAQISAxAIHAoICgEIEgMSADAKCwoECOcHABIDEgAwCgwKBQjnBwACEgMSBxEKDQoGCOcHAAIAEgMSBxEKDgoHCOcHAAIAARIDEgcRCgwKBQjnBwAHEgMSEi8KlgIKAgUAEgQYADwBGokCIFZhbHVlVHlwZSBkZXNjcmliZXMgdGhlIHR5cGVzIHRoYXQgdmFsdWVzIGluIHRoZSBJc3RpbyBzeXN0ZW0gY2FuIHRha2UuIFRoZXNlCiBhcmUgdXNlZCB0byBkZXNjcmliZSB0aGUgdHlwZSBvZiBBdHRyaWJ1dGVzIGF0IHJ1biB0aW1lLCBkZXNjcmliZSB0aGUgdHlwZSBvZgogdGhlIHJlc3VsdCBvZiBldmFsdWF0aW5nIGFuIGV4cHJlc3Npb24sIGFuZCB0byBkZXNjcmliZSB0aGUgcnVudGltZSB0eXBlIG9mCiBmaWVsZHMgb2Ygb3RoZXIgZGVzY3JpcHRvcnMuCgoKCgMFAAESAxgFDgomCgQFAAIAEgMaBB8aGSBJbnZhbGlkLCBkZWZhdWx0IHZhbHVlLgoKDAoFBQACAAESAxoEGgoMCgUFAAIAAhIDGh0eCjkKBAUAAgESAx0EDxosIEFuIHVuZGlzY3JpbWluYXRlZCB2YXJpYWJsZS1sZW5ndGggc3RyaW5nLgoKDAoFBQACAQESAx0ECgoMCgUFAAIBAhIDHQ0OCjgKBAUAAgISAyAEDhorIEFuIHVuZGlzY3JpbWluYXRlZCA2NC1iaXQgc2lnbmVkIGludGVnZXIuCgoMCgUFAAICARIDIAQJCgwKBQUAAgICEgMgDA0KPgoEBQACAxIDIwQPGjEgQW4gdW5kaXNjcmltaW5hdGVkIDY0LWJpdCBmbG9hdGluZy1wb2ludCB2YWx1ZS4KCgwKBQUAAgMBEgMjBAoKDAoFBQACAwISAyMNDgowCgQFAAIEEgMmBA0aIyBBbiB1bmRpc2NyaW1pbmF0ZWQgYm9vbGVhbiB2YWx1ZS4KCgwKBQUAAgQBEgMmBAgKDAoFBQACBAISAyYLDAofCgQFAAIFEgMpBBIaEiBBIHBvaW50IGluIHRpbWUuCgoMCgUFAAIFARIDKQQNCgwKBQUAAgUCEgMpEBEKHQoEBQACBhIDLAQTGhAgQW4gSVAgYWRkcmVzcy4KCgwKBQUAAgYBEgMsBA4KDAoFBQACBgISAywREgogCgQFAAIHEgMvBBYaEyBBbiBlbWFpbCBhZGRyZXNzLgoKDAoFBQACBwESAy8EEQoMCgUFAAIHAhIDLxQVChUKBAUAAggSAzIEDBoIIEEgVVJJLgoKDAoFBQACCAESAzIEBwoMCgUFAAIIAhIDMgoLChoKBAUAAgkSAzUEERoNIEEgRE5TIG5hbWUuCgoMCgUFAAIJARIDNQQMCgwKBQUAAgkCEgM1DxAKMQoEBQACChIDOAQSGiQgQSBzcGFuIGJldHdlZW4gdHdvIHBvaW50cyBpbiB0aW1lLgoKDAoFBQACCgESAzgEDAoMCgUFAAIKAhIDOA8RCkEKBAUAAgsSAzsEFBo0IEEgbWFwIHN0cmluZyAtPiBzdHJpbmcsIHR5cGljYWxseSB1c2VkIGJ5IGhlYWRlcnMuCgoMCgUFAAILARIDOwQOCgwKBQUAAgsCEgM7ERNiBnByb3RvMwr1KAoeZ29vZ2xlL3Byb3RvYnVmL2R1cmF0aW9uLnByb3RvEg9nb29nbGUucHJvdG9idWYiOgoIRHVyYXRpb24SGAoHc2Vjb25kcxgBIAEoA1IHc2Vjb25kcxIUCgVuYW5vcxgCIAEoBVIFbmFub3NCVwoTY29tLmdvb2dsZS5wcm90b2J1ZkINRHVyYXRpb25Qcm90b1ABWgV0eXBlc/gBAaICA0dQQqoCHkdvb2dsZS5Qcm90b2J1Zi5XZWxsS25vd25UeXBlc0qkJwoGEgQeAHQBCswMCgEMEgMeABIywQwgUHJvdG9jb2wgQnVmZmVycyAtIEdvb2dsZSdzIGRhdGEgaW50ZXJjaGFuZ2UgZm9ybWF0CiBDb3B5cmlnaHQgMjAwOCBHb29nbGUgSW5jLiAgQWxsIHJpZ2h0cyByZXNlcnZlZC4KIGh0dHBzOi8vZGV2ZWxvcGVycy5nb29nbGUuY29tL3Byb3RvY29sLWJ1ZmZlcnMvCgogUmVkaXN0cmlidXRpb24gYW5kIHVzZSBpbiBzb3VyY2UgYW5kIGJpbmFyeSBmb3Jtcywgd2l0aCBvciB3aXRob3V0CiBtb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCiBtZXQ6CgogICAgICogUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKIG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lci4KICAgICAqIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUKIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIKIGluIHRoZSBkb2N1bWVudGF0aW9uIGFuZC9vciBvdGhlciBtYXRlcmlhbHMgcHJvdmlkZWQgd2l0aCB0aGUKIGRpc3RyaWJ1dGlvbi4KICAgICAqIE5laXRoZXIgdGhlIG5hbWUgb2YgR29vZ2xlIEluYy4gbm9yIHRoZSBuYW1lcyBvZiBpdHMKIGNvbnRyaWJ1dG9ycyBtYXkgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMgZGVyaXZlZCBmcm9tCiB0aGlzIHNvZnR3YXJlIHdpdGhvdXQgc3BlY2lmaWMgcHJpb3Igd3JpdHRlbiBwZXJtaXNzaW9uLgoKIFRISVMgU09GVFdBUkUgSVMgUFJPVklERUQgQlkgVEhFIENPUFlSSUdIVCBIT0xERVJTIEFORCBDT05UUklCVVRPUlMKICJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCiBMSU1JVEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQgRklUTkVTUyBGT1IKIEEgUEFSVElDVUxBUiBQVVJQT1NFIEFSRSBESVNDTEFJTUVELiBJTiBOTyBFVkVOVCBTSEFMTCBUSEUgQ09QWVJJR0hUCiBPV05FUiBPUiBDT05UUklCVVRPUlMgQkUgTElBQkxFIEZPUiBBTlkgRElSRUNULCBJTkRJUkVDVCwgSU5DSURFTlRBTCwKIFNQRUNJQUwsIEVYRU1QTEFSWSwgT1IgQ09OU0VRVUVOVElBTCBEQU1BR0VTIChJTkNMVURJTkcsIEJVVCBOT1QKIExJTUlURUQgVE8sIFBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLAogREFUQSwgT1IgUFJPRklUUzsgT1IgQlVTSU5FU1MgSU5URVJSVVBUSU9OKSBIT1dFVkVSIENBVVNFRCBBTkQgT04gQU5ZCiBUSEVPUlkgT0YgTElBQklMSVRZLCBXSEVUSEVSIElOIENPTlRSQUNULCBTVFJJQ1QgTElBQklMSVRZLCBPUiBUT1JUCiAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UKIE9GIFRISVMgU09GVFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUgUE9TU0lCSUxJVFkgT0YgU1VDSCBEQU1BR0UuCgoICgECEgMgCBcKCAoBCBIDIgA7CgsKBAjnBwASAyIAOwoMCgUI5wcAAhIDIgcXCg0KBgjnBwACABIDIgcXCg4KBwjnBwACAAESAyIHFwoMCgUI5wcABxIDIho6CggKAQgSAyMAHwoLCgQI5wcBEgMjAB8KDAoFCOcHAQISAyMHFwoNCgYI5wcBAgASAyMHFwoOCgcI5wcBAgABEgMjBxcKDAoFCOcHAQMSAyMaHgoICgEIEgMkABwKCwoECOcHAhIDJAAcCgwKBQjnBwICEgMkBxEKDQoGCOcHAgIAEgMkBxEKDgoHCOcHAgIAARIDJAcRCgwKBQjnBwIHEgMkFBsKCAoBCBIDJQAsCgsKBAjnBwMSAyUALAoMCgUI5wcDAhIDJQcTCg0KBgjnBwMCABIDJQcTCg4KBwjnBwMCAAESAyUHEwoMCgUI5wcDBxIDJRYrCggKAQgSAyYALgoLCgQI5wcEEgMmAC4KDAoFCOcHBAISAyYHGwoNCgYI5wcEAgASAyYHGwoOCgcI5wcEAgABEgMmBxsKDAoFCOcHBAcSAyYeLQoICgEIEgMnACIKCwoECOcHBRIDJwAiCgwKBQjnBwUCEgMnBxoKDQoGCOcHBQIAEgMnBxoKDgoHCOcHBQIAARIDJwcaCgwKBQjnBwUDEgMnHSEKCAoBCBIDKAAhCgsKBAjnBwYSAygAIQoMCgUI5wcGAhIDKAcYCg0KBgjnBwYCABIDKAcYCg4KBwjnBwYCAAESAygHGAoMCgUI5wcGBxIDKBsgCp8QCgIEABIEZgB0ARqSECBBIER1cmF0aW9uIHJlcHJlc2VudHMgYSBzaWduZWQsIGZpeGVkLWxlbmd0aCBzcGFuIG9mIHRpbWUgcmVwcmVzZW50ZWQKIGFzIGEgY291bnQgb2Ygc2Vjb25kcyBhbmQgZnJhY3Rpb25zIG9mIHNlY29uZHMgYXQgbmFub3NlY29uZAogcmVzb2x1dGlvbi4gSXQgaXMgaW5kZXBlbmRlbnQgb2YgYW55IGNhbGVuZGFyIGFuZCBjb25jZXB0cyBsaWtlICJkYXkiCiBvciAibW9udGgiLiBJdCBpcyByZWxhdGVkIHRvIFRpbWVzdGFtcCBpbiB0aGF0IHRoZSBkaWZmZXJlbmNlIGJldHdlZW4KIHR3byBUaW1lc3RhbXAgdmFsdWVzIGlzIGEgRHVyYXRpb24gYW5kIGl0IGNhbiBiZSBhZGRlZCBvciBzdWJ0cmFjdGVkCiBmcm9tIGEgVGltZXN0YW1wLiBSYW5nZSBpcyBhcHByb3hpbWF0ZWx5ICstMTAsMDAwIHllYXJzLgoKICMgRXhhbXBsZXMKCiBFeGFtcGxlIDE6IENvbXB1dGUgRHVyYXRpb24gZnJvbSB0d28gVGltZXN0YW1wcyBpbiBwc2V1ZG8gY29kZS4KCiAgICAgVGltZXN0YW1wIHN0YXJ0ID0gLi4uOwogICAgIFRpbWVzdGFtcCBlbmQgPSAuLi47CiAgICAgRHVyYXRpb24gZHVyYXRpb24gPSAuLi47CgogICAgIGR1cmF0aW9uLnNlY29uZHMgPSBlbmQuc2Vjb25kcyAtIHN0YXJ0LnNlY29uZHM7CiAgICAgZHVyYXRpb24ubmFub3MgPSBlbmQubmFub3MgLSBzdGFydC5uYW5vczsKCiAgICAgaWYgKGR1cmF0aW9uLnNlY29uZHMgPCAwICYmIGR1cmF0aW9uLm5hbm9zID4gMCkgewogICAgICAgZHVyYXRpb24uc2Vjb25kcyArPSAxOwogICAgICAgZHVyYXRpb24ubmFub3MgLT0gMTAwMDAwMDAwMDsKICAgICB9IGVsc2UgaWYgKGR1cmF0aW9ucy5zZWNvbmRzID4gMCAmJiBkdXJhdGlvbi5uYW5vcyA8IDApIHsKICAgICAgIGR1cmF0aW9uLnNlY29uZHMgLT0gMTsKICAgICAgIGR1cmF0aW9uLm5hbm9zICs9IDEwMDAwMDAwMDA7CiAgICAgfQoKIEV4YW1wbGUgMjogQ29tcHV0ZSBUaW1lc3RhbXAgZnJvbSBUaW1lc3RhbXAgKyBEdXJhdGlvbiBpbiBwc2V1ZG8gY29kZS4KCiAgICAgVGltZXN0YW1wIHN0YXJ0ID0gLi4uOwogICAgIER1cmF0aW9uIGR1cmF0aW9uID0gLi4uOwogICAgIFRpbWVzdGFtcCBlbmQgPSAuLi47CgogICAgIGVuZC5zZWNvbmRzID0gc3RhcnQuc2Vjb25kcyArIGR1cmF0aW9uLnNlY29uZHM7CiAgICAgZW5kLm5hbm9zID0gc3RhcnQubmFub3MgKyBkdXJhdGlvbi5uYW5vczsKCiAgICAgaWYgKGVuZC5uYW5vcyA8IDApIHsKICAgICAgIGVuZC5zZWNvbmRzIC09IDE7CiAgICAgICBlbmQubmFub3MgKz0gMTAwMDAwMDAwMDsKICAgICB9IGVsc2UgaWYgKGVuZC5uYW5vcyA+PSAxMDAwMDAwMDAwKSB7CiAgICAgICBlbmQuc2Vjb25kcyArPSAxOwogICAgICAgZW5kLm5hbm9zIC09IDEwMDAwMDAwMDA7CiAgICAgfQoKIEV4YW1wbGUgMzogQ29tcHV0ZSBEdXJhdGlvbiBmcm9tIGRhdGV0aW1lLnRpbWVkZWx0YSBpbiBQeXRob24uCgogICAgIHRkID0gZGF0ZXRpbWUudGltZWRlbHRhKGRheXM9MywgbWludXRlcz0xMCkKICAgICBkdXJhdGlvbiA9IER1cmF0aW9uKCkKICAgICBkdXJhdGlvbi5Gcm9tVGltZWRlbHRhKHRkKQoKICMgSlNPTiBNYXBwaW5nCgogSW4gSlNPTiBmb3JtYXQsIHRoZSBEdXJhdGlvbiB0eXBlIGlzIGVuY29kZWQgYXMgYSBzdHJpbmcgcmF0aGVyIHRoYW4gYW4KIG9iamVjdCwgd2hlcmUgdGhlIHN0cmluZyBlbmRzIGluIHRoZSBzdWZmaXggInMiIChpbmRpY2F0aW5nIHNlY29uZHMpIGFuZAogaXMgcHJlY2VkZWQgYnkgdGhlIG51bWJlciBvZiBzZWNvbmRzLCB3aXRoIG5hbm9zZWNvbmRzIGV4cHJlc3NlZCBhcwogZnJhY3Rpb25hbCBzZWNvbmRzLiBGb3IgZXhhbXBsZSwgMyBzZWNvbmRzIHdpdGggMCBuYW5vc2Vjb25kcyBzaG91bGQgYmUKIGVuY29kZWQgaW4gSlNPTiBmb3JtYXQgYXMgIjNzIiwgd2hpbGUgMyBzZWNvbmRzIGFuZCAxIG5hbm9zZWNvbmQgc2hvdWxkCiBiZSBleHByZXNzZWQgaW4gSlNPTiBmb3JtYXQgYXMgIjMuMDAwMDAwMDAxcyIsIGFuZCAzIHNlY29uZHMgYW5kIDEKIG1pY3Jvc2Vjb25kIHNob3VsZCBiZSBleHByZXNzZWQgaW4gSlNPTiBmb3JtYXQgYXMgIjMuMDAwMDAxcyIuCgoKCgoKAwQAARIDZggQCtwBCgQEAAIAEgNrAhQazgEgU2lnbmVkIHNlY29uZHMgb2YgdGhlIHNwYW4gb2YgdGltZS4gTXVzdCBiZSBmcm9tIC0zMTUsNTc2LDAwMCwwMDAKIHRvICszMTUsNTc2LDAwMCwwMDAgaW5jbHVzaXZlLiBOb3RlOiB0aGVzZSBib3VuZHMgYXJlIGNvbXB1dGVkIGZyb206CiA2MCBzZWMvbWluICogNjAgbWluL2hyICogMjQgaHIvZGF5ICogMzY1LjI1IGRheXMveWVhciAqIDEwMDAwIHllYXJzCgoNCgUEAAIABBIEawJmEgoMCgUEAAIABRIDawIHCgwKBQQAAgABEgNrCA8KDAoFBAACAAMSA2sSEwqDAwoEBAACARIDcwISGvUCIFNpZ25lZCBmcmFjdGlvbnMgb2YgYSBzZWNvbmQgYXQgbmFub3NlY29uZCByZXNvbHV0aW9uIG9mIHRoZSBzcGFuCiBvZiB0aW1lLiBEdXJhdGlvbnMgbGVzcyB0aGFuIG9uZSBzZWNvbmQgYXJlIHJlcHJlc2VudGVkIHdpdGggYSAwCiBgc2Vjb25kc2AgZmllbGQgYW5kIGEgcG9zaXRpdmUgb3IgbmVnYXRpdmUgYG5hbm9zYCBmaWVsZC4gRm9yIGR1cmF0aW9ucwogb2Ygb25lIHNlY29uZCBvciBtb3JlLCBhIG5vbi16ZXJvIHZhbHVlIGZvciB0aGUgYG5hbm9zYCBmaWVsZCBtdXN0IGJlCiBvZiB0aGUgc2FtZSBzaWduIGFzIHRoZSBgc2Vjb25kc2AgZmllbGQuIE11c3QgYmUgZnJvbSAtOTk5LDk5OSw5OTkKIHRvICs5OTksOTk5LDk5OSBpbmNsdXNpdmUuCgoNCgUEAAIBBBIEcwJrFAoMCgUEAAIBBRIDcwIHCgwKBQQAAgEBEgNzCA0KDAoFBAACAQMSA3MQEWIGcHJvdG8zCqAxCh9nb29nbGUvcHJvdG9idWYvdGltZXN0YW1wLnByb3RvEg9nb29nbGUucHJvdG9idWYiOwoJVGltZXN0YW1wEhgKB3NlY29uZHMYASABKANSB3NlY29uZHMSFAoFbmFub3MYAiABKAVSBW5hbm9zQlgKE2NvbS5nb29nbGUucHJvdG9idWZCDlRpbWVzdGFtcFByb3RvUAFaBXR5cGVz+AEBogIDR1BCqgIeR29vZ2xlLlByb3RvYnVmLldlbGxLbm93blR5cGVzSswvCgcSBR4AhAEBCswMCgEMEgMeABIywQwgUHJvdG9jb2wgQnVmZmVycyAtIEdvb2dsZSdzIGRhdGEgaW50ZXJjaGFuZ2UgZm9ybWF0CiBDb3B5cmlnaHQgMjAwOCBHb29nbGUgSW5jLiAgQWxsIHJpZ2h0cyByZXNlcnZlZC4KIGh0dHBzOi8vZGV2ZWxvcGVycy5nb29nbGUuY29tL3Byb3RvY29sLWJ1ZmZlcnMvCgogUmVkaXN0cmlidXRpb24gYW5kIHVzZSBpbiBzb3VyY2UgYW5kIGJpbmFyeSBmb3Jtcywgd2l0aCBvciB3aXRob3V0CiBtb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMgYXJlCiBtZXQ6CgogICAgICogUmVkaXN0cmlidXRpb25zIG9mIHNvdXJjZSBjb2RlIG11c3QgcmV0YWluIHRoZSBhYm92ZSBjb3B5cmlnaHQKIG5vdGljZSwgdGhpcyBsaXN0IG9mIGNvbmRpdGlvbnMgYW5kIHRoZSBmb2xsb3dpbmcgZGlzY2xhaW1lci4KICAgICAqIFJlZGlzdHJpYnV0aW9ucyBpbiBiaW5hcnkgZm9ybSBtdXN0IHJlcHJvZHVjZSB0aGUgYWJvdmUKIGNvcHlyaWdodCBub3RpY2UsIHRoaXMgbGlzdCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIKIGluIHRoZSBkb2N1bWVudGF0aW9uIGFuZC9vciBvdGhlciBtYXRlcmlhbHMgcHJvdmlkZWQgd2l0aCB0aGUKIGRpc3RyaWJ1dGlvbi4KICAgICAqIE5laXRoZXIgdGhlIG5hbWUgb2YgR29vZ2xlIEluYy4gbm9yIHRoZSBuYW1lcyBvZiBpdHMKIGNvbnRyaWJ1dG9ycyBtYXkgYmUgdXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMgZGVyaXZlZCBmcm9tCiB0aGlzIHNvZnR3YXJlIHdpdGhvdXQgc3BlY2lmaWMgcHJpb3Igd3JpdHRlbiBwZXJtaXNzaW9uLgoKIFRISVMgU09GVFdBUkUgSVMgUFJPVklERUQgQlkgVEhFIENPUFlSSUdIVCBIT0xERVJTIEFORCBDT05UUklCVVRPUlMKICJBUyBJUyIgQU5EIEFOWSBFWFBSRVNTIE9SIElNUExJRUQgV0FSUkFOVElFUywgSU5DTFVESU5HLCBCVVQgTk9UCiBMSU1JVEVEIFRPLCBUSEUgSU1QTElFRCBXQVJSQU5USUVTIE9GIE1FUkNIQU5UQUJJTElUWSBBTkQgRklUTkVTUyBGT1IKIEEgUEFSVElDVUxBUiBQVVJQT1NFIEFSRSBESVNDTEFJTUVELiBJTiBOTyBFVkVOVCBTSEFMTCBUSEUgQ09QWVJJR0hUCiBPV05FUiBPUiBDT05UUklCVVRPUlMgQkUgTElBQkxFIEZPUiBBTlkgRElSRUNULCBJTkRJUkVDVCwgSU5DSURFTlRBTCwKIFNQRUNJQUwsIEVYRU1QTEFSWSwgT1IgQ09OU0VRVUVOVElBTCBEQU1BR0VTIChJTkNMVURJTkcsIEJVVCBOT1QKIExJTUlURUQgVE8sIFBST0NVUkVNRU5UIE9GIFNVQlNUSVRVVEUgR09PRFMgT1IgU0VSVklDRVM7IExPU1MgT0YgVVNFLAogREFUQSwgT1IgUFJPRklUUzsgT1IgQlVTSU5FU1MgSU5URVJSVVBUSU9OKSBIT1dFVkVSIENBVVNFRCBBTkQgT04gQU5ZCiBUSEVPUlkgT0YgTElBQklMSVRZLCBXSEVUSEVSIElOIENPTlRSQUNULCBTVFJJQ1QgTElBQklMSVRZLCBPUiBUT1JUCiAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKSBBUklTSU5HIElOIEFOWSBXQVkgT1VUIE9GIFRIRSBVU0UKIE9GIFRISVMgU09GVFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUgUE9TU0lCSUxJVFkgT0YgU1VDSCBEQU1BR0UuCgoICgECEgMgCBcKCAoBCBIDIgA7CgsKBAjnBwASAyIAOwoMCgUI5wcAAhIDIgcXCg0KBgjnBwACABIDIgcXCg4KBwjnBwACAAESAyIHFwoMCgUI5wcABxIDIho6CggKAQgSAyMAHwoLCgQI5wcBEgMjAB8KDAoFCOcHAQISAyMHFwoNCgYI5wcBAgASAyMHFwoOCgcI5wcBAgABEgMjBxcKDAoFCOcHAQMSAyMaHgoICgEIEgMkABwKCwoECOcHAhIDJAAcCgwKBQjnBwICEgMkBxEKDQoGCOcHAgIAEgMkBxEKDgoHCOcHAgIAARIDJAcRCgwKBQjnBwIHEgMkFBsKCAoBCBIDJQAsCgsKBAjnBwMSAyUALAoMCgUI5wcDAhIDJQcTCg0KBgjnBwMCABIDJQcTCg4KBwjnBwMCAAESAyUHEwoMCgUI5wcDBxIDJRYrCggKAQgSAyYALwoLCgQI5wcEEgMmAC8KDAoFCOcHBAISAyYHGwoNCgYI5wcEAgASAyYHGwoOCgcI5wcEAgABEgMmBxsKDAoFCOcHBAcSAyYeLgoICgEIEgMnACIKCwoECOcHBRIDJwAiCgwKBQjnBwUCEgMnBxoKDQoGCOcHBQIAEgMnBxoKDgoHCOcHBQIAARIDJwcaCgwKBQjnBwUDEgMnHSEKCAoBCBIDKAAhCgsKBAjnBwYSAygAIQoMCgUI5wcGAhIDKAcYCg0KBgjnBwYCABIDKAcYCg4KBwjnBwYCAAESAygHGAoMCgUI5wcGBxIDKBsgCqAaCgIEABIFeACEAQEakhogQSBUaW1lc3RhbXAgcmVwcmVzZW50cyBhIHBvaW50IGluIHRpbWUgaW5kZXBlbmRlbnQgb2YgYW55IHRpbWUgem9uZQogb3IgY2FsZW5kYXIsIHJlcHJlc2VudGVkIGFzIHNlY29uZHMgYW5kIGZyYWN0aW9ucyBvZiBzZWNvbmRzIGF0CiBuYW5vc2Vjb25kIHJlc29sdXRpb24gaW4gVVRDIEVwb2NoIHRpbWUuIEl0IGlzIGVuY29kZWQgdXNpbmcgdGhlCiBQcm9sZXB0aWMgR3JlZ29yaWFuIENhbGVuZGFyIHdoaWNoIGV4dGVuZHMgdGhlIEdyZWdvcmlhbiBjYWxlbmRhcgogYmFja3dhcmRzIHRvIHllYXIgb25lLiBJdCBpcyBlbmNvZGVkIGFzc3VtaW5nIGFsbCBtaW51dGVzIGFyZSA2MAogc2Vjb25kcyBsb25nLCBpLmUuIGxlYXAgc2Vjb25kcyBhcmUgInNtZWFyZWQiIHNvIHRoYXQgbm8gbGVhcCBzZWNvbmQKIHRhYmxlIGlzIG5lZWRlZCBmb3IgaW50ZXJwcmV0YXRpb24uIFJhbmdlIGlzIGZyb20KIDAwMDEtMDEtMDFUMDA6MDA6MDBaIHRvIDk5OTktMTItMzFUMjM6NTk6NTkuOTk5OTk5OTk5Wi4KIEJ5IHJlc3RyaWN0aW5nIHRvIHRoYXQgcmFuZ2UsIHdlIGVuc3VyZSB0aGF0IHdlIGNhbiBjb252ZXJ0IHRvCiBhbmQgZnJvbSAgUkZDIDMzMzkgZGF0ZSBzdHJpbmdzLgogU2VlIFtodHRwczovL3d3dy5pZXRmLm9yZy9yZmMvcmZjMzMzOS50eHRdKGh0dHBzOi8vd3d3LmlldGYub3JnL3JmYy9yZmMzMzM5LnR4dCkuCgogIyBFeGFtcGxlcwoKIEV4YW1wbGUgMTogQ29tcHV0ZSBUaW1lc3RhbXAgZnJvbSBQT1NJWCBgdGltZSgpYC4KCiAgICAgVGltZXN0YW1wIHRpbWVzdGFtcDsKICAgICB0aW1lc3RhbXAuc2V0X3NlY29uZHModGltZShOVUxMKSk7CiAgICAgdGltZXN0YW1wLnNldF9uYW5vcygwKTsKCiBFeGFtcGxlIDI6IENvbXB1dGUgVGltZXN0YW1wIGZyb20gUE9TSVggYGdldHRpbWVvZmRheSgpYC4KCiAgICAgc3RydWN0IHRpbWV2YWwgdHY7CiAgICAgZ2V0dGltZW9mZGF5KCZ0diwgTlVMTCk7CgogICAgIFRpbWVzdGFtcCB0aW1lc3RhbXA7CiAgICAgdGltZXN0YW1wLnNldF9zZWNvbmRzKHR2LnR2X3NlYyk7CiAgICAgdGltZXN0YW1wLnNldF9uYW5vcyh0di50dl91c2VjICogMTAwMCk7CgogRXhhbXBsZSAzOiBDb21wdXRlIFRpbWVzdGFtcCBmcm9tIFdpbjMyIGBHZXRTeXN0ZW1UaW1lQXNGaWxlVGltZSgpYC4KCiAgICAgRklMRVRJTUUgZnQ7CiAgICAgR2V0U3lzdGVtVGltZUFzRmlsZVRpbWUoJmZ0KTsKICAgICBVSU5UNjQgdGlja3MgPSAoKChVSU5UNjQpZnQuZHdIaWdoRGF0ZVRpbWUpIDw8IDMyKSB8IGZ0LmR3TG93RGF0ZVRpbWU7CgogICAgIC8vIEEgV2luZG93cyB0aWNrIGlzIDEwMCBuYW5vc2Vjb25kcy4gV2luZG93cyBlcG9jaCAxNjAxLTAxLTAxVDAwOjAwOjAwWgogICAgIC8vIGlzIDExNjQ0NDczNjAwIHNlY29uZHMgYmVmb3JlIFVuaXggZXBvY2ggMTk3MC0wMS0wMVQwMDowMDowMFouCiAgICAgVGltZXN0YW1wIHRpbWVzdGFtcDsKICAgICB0aW1lc3RhbXAuc2V0X3NlY29uZHMoKElOVDY0KSAoKHRpY2tzIC8gMTAwMDAwMDApIC0gMTE2NDQ0NzM2MDBMTCkpOwogICAgIHRpbWVzdGFtcC5zZXRfbmFub3MoKElOVDMyKSAoKHRpY2tzICUgMTAwMDAwMDApICogMTAwKSk7CgogRXhhbXBsZSA0OiBDb21wdXRlIFRpbWVzdGFtcCBmcm9tIEphdmEgYFN5c3RlbS5jdXJyZW50VGltZU1pbGxpcygpYC4KCiAgICAgbG9uZyBtaWxsaXMgPSBTeXN0ZW0uY3VycmVudFRpbWVNaWxsaXMoKTsKCiAgICAgVGltZXN0YW1wIHRpbWVzdGFtcCA9IFRpbWVzdGFtcC5uZXdCdWlsZGVyKCkuc2V0U2Vjb25kcyhtaWxsaXMgLyAxMDAwKQogICAgICAgICAuc2V0TmFub3MoKGludCkgKChtaWxsaXMgJSAxMDAwKSAqIDEwMDAwMDApKS5idWlsZCgpOwoKCiBFeGFtcGxlIDU6IENvbXB1dGUgVGltZXN0YW1wIGZyb20gY3VycmVudCB0aW1lIGluIFB5dGhvbi4KCiAgICAgdGltZXN0YW1wID0gVGltZXN0YW1wKCkKICAgICB0aW1lc3RhbXAuR2V0Q3VycmVudFRpbWUoKQoKICMgSlNPTiBNYXBwaW5nCgogSW4gSlNPTiBmb3JtYXQsIHRoZSBUaW1lc3RhbXAgdHlwZSBpcyBlbmNvZGVkIGFzIGEgc3RyaW5nIGluIHRoZQogW1JGQyAzMzM5XShodHRwczovL3d3dy5pZXRmLm9yZy9yZmMvcmZjMzMzOS50eHQpIGZvcm1hdC4gVGhhdCBpcywgdGhlCiBmb3JtYXQgaXMgInt5ZWFyfS17bW9udGh9LXtkYXl9VHtob3VyfTp7bWlufTp7c2VjfVsue2ZyYWNfc2VjfV1aIgogd2hlcmUge3llYXJ9IGlzIGFsd2F5cyBleHByZXNzZWQgdXNpbmcgZm91ciBkaWdpdHMgd2hpbGUge21vbnRofSwge2RheX0sCiB7aG91cn0sIHttaW59LCBhbmQge3NlY30gYXJlIHplcm8tcGFkZGVkIHRvIHR3byBkaWdpdHMgZWFjaC4gVGhlIGZyYWN0aW9uYWwKIHNlY29uZHMsIHdoaWNoIGNhbiBnbyB1cCB0byA5IGRpZ2l0cyAoaS5lLiB1cCB0byAxIG5hbm9zZWNvbmQgcmVzb2x1dGlvbiksCiBhcmUgb3B0aW9uYWwuIFRoZSAiWiIgc3VmZml4IGluZGljYXRlcyB0aGUgdGltZXpvbmUgKCJVVEMiKTsgdGhlIHRpbWV6b25lCiBpcyByZXF1aXJlZCwgdGhvdWdoIG9ubHkgVVRDIChhcyBpbmRpY2F0ZWQgYnkgIloiKSBpcyBwcmVzZW50bHkgc3VwcG9ydGVkLgoKIEZvciBleGFtcGxlLCAiMjAxNy0wMS0xNVQwMTozMDoxNS4wMVoiIGVuY29kZXMgMTUuMDEgc2Vjb25kcyBwYXN0CiAwMTozMCBVVEMgb24gSmFudWFyeSAxNSwgMjAxNy4KCiBJbiBKYXZhU2NyaXB0LCBvbmUgY2FuIGNvbnZlcnQgYSBEYXRlIG9iamVjdCB0byB0aGlzIGZvcm1hdCB1c2luZyB0aGUKIHN0YW5kYXJkIFt0b0lTT1N0cmluZygpXShodHRwczovL2RldmVsb3Blci5tb3ppbGxhLm9yZy9lbi1VUy9kb2NzL1dlYi9KYXZhU2NyaXB0L1JlZmVyZW5jZS9HbG9iYWxfT2JqZWN0cy9EYXRlL3RvSVNPU3RyaW5nXQogbWV0aG9kLiBJbiBQeXRob24sIGEgc3RhbmRhcmQgYGRhdGV0aW1lLmRhdGV0aW1lYCBvYmplY3QgY2FuIGJlIGNvbnZlcnRlZAogdG8gdGhpcyBmb3JtYXQgdXNpbmcgW2BzdHJmdGltZWBdKGh0dHBzOi8vZG9jcy5weXRob24ub3JnLzIvbGlicmFyeS90aW1lLmh0bWwjdGltZS5zdHJmdGltZSkKIHdpdGggdGhlIHRpbWUgZm9ybWF0IHNwZWMgJyVZLSVtLSVkVCVIOiVNOiVTLiVmWicuIExpa2V3aXNlLCBpbiBKYXZhLCBvbmUKIGNhbiB1c2UgdGhlIEpvZGEgVGltZSdzIFtgSVNPRGF0ZVRpbWVGb3JtYXQuZGF0ZVRpbWUoKWBdKAogaHR0cDovL2pvZGEtdGltZS5zb3VyY2Vmb3JnZS5uZXQvYXBpZG9jcy9vcmcvam9kYS90aW1lL2Zvcm1hdC9JU09EYXRlVGltZUZvcm1hdC5odG1sI2RhdGVUaW1lKCkpCiB0byBvYnRhaW4gYSBmb3JtYXR0ZXIgY2FwYWJsZSBvZiBnZW5lcmF0aW5nIHRpbWVzdGFtcHMgaW4gdGhpcyBmb3JtYXQuCgoKCgoKAwQAARIDeAgRCpwBCgQEAAIAEgN9AhQajgEgUmVwcmVzZW50cyBzZWNvbmRzIG9mIFVUQyB0aW1lIHNpbmNlIFVuaXggZXBvY2gKIDE5NzAtMDEtMDFUMDA6MDA6MDBaLiBNdXN0IGJlIGZyb20gMDAwMS0wMS0wMVQwMDowMDowMFogdG8KIDk5OTktMTItMzFUMjM6NTk6NTlaIGluY2x1c2l2ZS4KCg0KBQQAAgAEEgR9AngTCgwKBQQAAgAFEgN9AgcKDAoFBAACAAESA30IDwoMCgUEAAIAAxIDfRITCuUBCgQEAAIBEgSDAQISGtYBIE5vbi1uZWdhdGl2ZSBmcmFjdGlvbnMgb2YgYSBzZWNvbmQgYXQgbmFub3NlY29uZCByZXNvbHV0aW9uLiBOZWdhdGl2ZQogc2Vjb25kIHZhbHVlcyB3aXRoIGZyYWN0aW9ucyBtdXN0IHN0aWxsIGhhdmUgbm9uLW5lZ2F0aXZlIG5hbm9zIHZhbHVlcwogdGhhdCBjb3VudCBmb3J3YXJkIGluIHRpbWUuIE11c3QgYmUgZnJvbSAwIHRvIDk5OSw5OTksOTk5CiBpbmNsdXNpdmUuCgoOCgUEAAIBBBIFgwECfRQKDQoFBAACAQUSBIMBAgcKDQoFBAACAQESBIMBCA0KDQoFBAACAQMSBIMBEBFiBnByb3RvMwqnLwoZcG9saWN5L3YxYmV0YTEvdHlwZS5wcm90bxIUaXN0aW8ucG9saWN5LnYxYmV0YTEaHmdvb2dsZS9wcm90b2J1Zi9kdXJhdGlvbi5wcm90bxofZ29vZ2xlL3Byb3RvYnVmL3RpbWVzdGFtcC5wcm90byLXBAoFVmFsdWUSIwoMc3RyaW5nX3ZhbHVlGAEgASgJSABSC3N0cmluZ1ZhbHVlEiEKC2ludDY0X3ZhbHVlGAIgASgDSABSCmludDY0VmFsdWUSIwoMZG91YmxlX3ZhbHVlGAMgASgBSABSC2RvdWJsZVZhbHVlEh8KCmJvb2xfdmFsdWUYBCABKAhIAFIJYm9vbFZhbHVlEksKEGlwX2FkZHJlc3NfdmFsdWUYBSABKAsyHy5pc3Rpby5wb2xpY3kudjFiZXRhMS5JUEFkZHJlc3NIAFIOaXBBZGRyZXNzVmFsdWUSSgoPdGltZXN0YW1wX3ZhbHVlGAYgASgLMh8uaXN0aW8ucG9saWN5LnYxYmV0YTEuVGltZVN0YW1wSABSDnRpbWVzdGFtcFZhbHVlEkcKDmR1cmF0aW9uX3ZhbHVlGAcgASgLMh4uaXN0aW8ucG9saWN5LnYxYmV0YTEuRHVyYXRpb25IAFINZHVyYXRpb25WYWx1ZRJUChNlbWFpbF9hZGRyZXNzX3ZhbHVlGAggASgLMiIuaXN0aW8ucG9saWN5LnYxYmV0YTEuRW1haWxBZGRyZXNzSABSEWVtYWlsQWRkcmVzc1ZhbHVlEkUKDmRuc19uYW1lX3ZhbHVlGAkgASgLMh0uaXN0aW8ucG9saWN5LnYxYmV0YTEuRE5TTmFtZUgAUgxkbnNOYW1lVmFsdWUSOAoJdXJpX3ZhbHVlGAogASgLMhkuaXN0aW8ucG9saWN5LnYxYmV0YTEuVXJpSABSCHVyaVZhbHVlQgcKBXZhbHVlIiEKCUlQQWRkcmVzcxIUCgV2YWx1ZRgBIAEoDFIFdmFsdWUiOwoIRHVyYXRpb24SLwoFdmFsdWUYASABKAsyGS5nb29nbGUucHJvdG9idWYuRHVyYXRpb25SBXZhbHVlIj0KCVRpbWVTdGFtcBIwCgV2YWx1ZRgBIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXBSBXZhbHVlIh8KB0ROU05hbWUSFAoFdmFsdWUYASABKAlSBXZhbHVlIiQKDEVtYWlsQWRkcmVzcxIUCgV2YWx1ZRgBIAEoCVIFdmFsdWUiGwoDVXJpEhQKBXZhbHVlGAEgASgJUgV2YWx1ZUIdWhtpc3Rpby5pby9hcGkvcG9saWN5L3YxYmV0YTFKricKBhIEDgB+AQq/BAoBDBIDDgASMrQEIENvcHlyaWdodCAyMDE4IElzdGlvIEF1dGhvcnMKCiBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKIHlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2Ugd2l0aCB0aGUgTGljZW5zZS4KIFlvdSBtYXkgb2J0YWluIGEgY29weSBvZiB0aGUgTGljZW5zZSBhdAoKICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjAKCiBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IgYWdyZWVkIHRvIGluIHdyaXRpbmcsIHNvZnR3YXJlCiBkaXN0cmlidXRlZCB1bmRlciB0aGUgTGljZW5zZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAiQVMgSVMiIEJBU0lTLAogV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVpdGhlciBleHByZXNzIG9yIGltcGxpZWQuCiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kCiBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS4KCggKAQISAxAIHAoICgEIEgMSADAKCwoECOcHABIDEgAwCgwKBQjnBwACEgMSBxEKDQoGCOcHAAIAEgMSBxEKDgoHCOcHAAIAARIDEgcRCgwKBQjnBwAHEgMSEi8KCQoCAwASAxQHJwoJCgIDARIDFQcoCsgGCgIEABIEIABAARq7BiBBbiBpbnN0YW5jZSBmaWVsZCBvZiB0eXBlIFZhbHVlIGRlbm90ZXMgdGhhdCB0aGUgZXhwcmVzc2lvbiBmb3IgdGhlIGZpZWxkIGlzIG9mIGR5bmFtaWMgdHlwZSBhbmQgY2FuIGV2YWxhdXRlIHRvIGFueQogW1ZhbHVlVHlwZV1baXN0aW8ucG9saWN5LnYxYmV0YTEuVmFsdWVUeXBlXSBlbnVtIHZhbHVlcy4gRm9yIGV4YW1wbGUsIHdoZW4KIGF1dGhvcmluZyBhbiBpbnN0YW5jZSBjb25maWd1cmF0aW9uIGZvciBhIHRlbXBsYXRlIHRoYXQgaGFzIGEgZmllbGQgYGRhdGFgIG9mIHR5cGUgYGlzdGlvLnBvbGljeS52MWJldGExLlZhbHVlYCwKIGJvdGggb2YgdGhlIGZvbGxvd2luZyBleHByZXNzaW9ucyBhcmUgdmFsaWQgYGRhdGE6IHNvdXJjZS5pcCB8IGlwKCIwLjAuMC4wIilgLCBgZGF0YTogcmVxdWVzdC5pZCB8ICIiYDsKIHRoZSByZXN1bHRpbmcgdHlwZSBpcyBlaXRoZXIgVmFsdWVUeXBlLklQX0FERFJFU1Mgb3IgVmFsdWVUeXBlLlNUUklORyBmb3IgdGhlIHR3byBjYXNlcyByZXNwZWN0aXZlbHkuCgogT2JqZWN0cyBvZiB0eXBlIFZhbHVlIGFyZSBhbHNvIHBhc3NlZCB0byB0aGUgYWRhcHRlcnMgZHVyaW5nIHJlcXVlc3QtdGltZS4gVGhlcmUgaXMgYSAxOjEgbWFwcGluZyBiZXR3ZWVuCiBvbmVvZiBmaWVsZHMgaW4gYFZhbHVlYCBhbmQgZW51bSB2YWx1ZXMgaW5zaWRlIGBWYWx1ZVR5cGVgLiBEZXBlbmRpbmcgb24gdGhlIGV4cHJlc3Npb24ncyBldmFsdWF0ZWQgYFZhbHVlVHlwZWAsCiB0aGUgZXF1aXZhbGVudCBvbmVvZiBmaWVsZCBpbiBgVmFsdWVgIGlzIHBvcHVsYXRlZCBieSBNaXhlciBhbmQgcGFzc2VkIHRvIHRoZSBhZGFwdGVycy4KCgoKAwQAARIDIAgNCgwKBAQACAASBCEEPwUKDAoFBAAIAAESAyEKDwotCgQEAAIAEgMjCCAaICBVc2VkIGZvciB2YWx1ZXMgb2YgdHlwZSBTVFJJTkcKCgwKBQQAAgAFEgMjCA4KDAoFBAACAAESAyMPGwoMCgUEAAIAAxIDIx4fCiwKBAQAAgESAyYIHhofIFVzZWQgZm9yIHZhbHVlcyBvZiB0eXBlIElOVDY0CgoMCgUEAAIBBRIDJggNCgwKBQQAAgEBEgMmDhkKDAoFBAACAQMSAyYcHQotCgQEAAICEgMpCCAaICBVc2VkIGZvciB2YWx1ZXMgb2YgdHlwZSBET1VCTEUKCgwKBQQAAgIFEgMpCA4KDAoFBAACAgESAykPGwoMCgUEAAICAxIDKR4fCisKBAQAAgMSAywIHBoeIFVzZWQgZm9yIHZhbHVlcyBvZiB0eXBlIEJPT0wKCgwKBQQAAgMFEgMsCAwKDAoFBAACAwESAywNFwoMCgUEAAIDAxIDLBobCjAKBAQAAgQSAy8IJxojIFVzZWQgZm9yIHZhbHVlcyBvZiB0eXBlIElQQWRkcmVzcwoKDAoFBAACBAYSAy8IEQoMCgUEAAIEARIDLxIiCgwKBQQAAgQDEgMvJSYKMAoEBAACBRIDMggmGiMgVXNlZCBmb3IgdmFsdWVzIG9mIHR5cGUgVElNRVNUQU1QCgoMCgUEAAIFBhIDMggRCgwKBQQAAgUBEgMyEiEKDAoFBAACBQMSAzIkJQovCgQEAAIGEgM1CCQaIiBVc2VkIGZvciB2YWx1ZXMgb2YgdHlwZSBEVVJBVElPTgoKDAoFBAACBgYSAzUIEAoMCgUEAAIGARIDNREfCgwKBQQAAgYDEgM1IiMKMwoEBAACBxIDOAgtGiYgVXNlZCBmb3IgdmFsdWVzIG9mIHR5cGUgRW1haWxBZGRyZXNzCgoMCgUEAAIHBhIDOAgUCgwKBQQAAgcBEgM4FSgKDAoFBAACBwMSAzgrLAouCgQEAAIIEgM7CCMaISBVc2VkIGZvciB2YWx1ZXMgb2YgdHlwZSBETlNOYW1lCgoMCgUEAAIIBhIDOwgPCgwKBQQAAggBEgM7EB4KDAoFBAACCAMSAzshIgoqCgQEAAIJEgM+CBsaHSBVc2VkIGZvciB2YWx1ZXMgb2YgdHlwZSBVcmkKCgwKBQQAAgkGEgM+CAsKDAoFBAACCQESAz4MFQoMCgUEAAIJAxIDPhgaCqsCCgIEARIERwBKARqeAiBBbiBpbnN0YW5jZSBmaWVsZCBvZiB0eXBlIElQQWRkcmVzcyBkZW5vdGVzIHRoYXQgdGhlIGV4cHJlc3Npb24gZm9yIHRoZSBmaWVsZCBtdXN0IGV2YWxhdXRlIHRvCiBbVmFsdWVUeXBlLklQX0FERFJFU1NdW2lzdGlvLnBvbGljeS52MWJldGExLlZhbHVlVHlwZS5JUF9BRERSRVNTXQoKIE9iamVjdHMgb2YgdHlwZSBJUEFkZHJlc3MgYXJlIGFsc28gcGFzc2VkIHRvIHRoZSBhZGFwdGVycyBkdXJpbmcgcmVxdWVzdC10aW1lIGZvciB0aGUgaW5zdGFuY2UgZmllbGRzIG9mCiB0eXBlIElQQWRkcmVzcwoKCgoDBAEBEgNHCBEKKgoEBAECABIDSQQUGh0gSVBBZGRyZXNzIGVuY29kZWQgYXMgYnl0ZXMuCgoNCgUEAQIABBIESQRHEwoMCgUEAQIABRIDSQQJCgwKBQQBAgABEgNJCg8KDAoFBAECAAMSA0kSEwqkAgoCBAISBFEAVAEalwIgQW4gaW5zdGFuY2UgZmllbGQgb2YgdHlwZSBEdXJhdGlvbiBkZW5vdGVzIHRoYXQgdGhlIGV4cHJlc3Npb24gZm9yIHRoZSBmaWVsZCBtdXN0IGV2YWxhdXRlIHRvCiBbVmFsdWVUeXBlLkRVUkFUSU9OXVtpc3Rpby5wb2xpY3kudjFiZXRhMS5WYWx1ZVR5cGUuRFVSQVRJT05dCgogT2JqZWN0cyBvZiB0eXBlIER1cmF0aW9uIGFyZSBhbHNvIHBhc3NlZCB0byB0aGUgYWRhcHRlcnMgZHVyaW5nIHJlcXVlc3QtdGltZSBmb3IgdGhlIGluc3RhbmNlIGZpZWxkcyBvZgogdHlwZSBEdXJhdGlvbgoKCgoDBAIBEgNRCBAKPAoEBAICABIDUwQnGi8gRHVyYXRpb24gZW5jb2RlZCBhcyBnb29nbGUucHJvdG9idWYuRHVyYXRpb24uCgoNCgUEAgIABBIEUwRREgoMCgUEAgIABhIDUwQcCgwKBQQCAgABEgNTHSIKDAoFBAICAAMSA1MlJgqpAgoCBAMSBFsAXgEanAIgQW4gaW5zdGFuY2UgZmllbGQgb2YgdHlwZSBUaW1lU3RhbXAgZGVub3RlcyB0aGF0IHRoZSBleHByZXNzaW9uIGZvciB0aGUgZmllbGQgbXVzdCBldmFsYXV0ZSB0bwogW1ZhbHVlVHlwZS5USU1FU1RBTVBdW2lzdGlvLnBvbGljeS52MWJldGExLlZhbHVlVHlwZS5USU1FU1RBTVBdCgogT2JqZWN0cyBvZiB0eXBlIFRpbWVTdGFtcCBhcmUgYWxzbyBwYXNzZWQgdG8gdGhlIGFkYXB0ZXJzIGR1cmluZyByZXF1ZXN0LXRpbWUgZm9yIHRoZSBpbnN0YW5jZSBmaWVsZHMgb2YKIHR5cGUgVGltZVN0YW1wCgoKCgMEAwESA1sIEQo+CgQEAwIAEgNdBCgaMSBUaW1lU3RhbXAgZW5jb2RlZCBhcyBnb29nbGUucHJvdG9idWYuVGltZXN0YW1wLgoKDQoFBAMCAAQSBF0EWxMKDAoFBAMCAAYSA10EHQoMCgUEAwIAARIDXR4jCgwKBQQDAgADEgNdJicKoQIKAgQEEgRlAGgBGpQCIEFuIGluc3RhbmNlIGZpZWxkIG9mIHR5cGUgRE5TTmFtZSBkZW5vdGVzIHRoYXQgdGhlIGV4cHJlc3Npb24gZm9yIHRoZSBmaWVsZCBtdXN0IGV2YWxhdXRlIHRvCiBbVmFsdWVUeXBlLkROU19OQU1FXVtpc3Rpby5wb2xpY3kudjFiZXRhMS5WYWx1ZVR5cGUuRE5TX05BTUVdCgogT2JqZWN0cyBvZiB0eXBlIEROU05hbWUgYXJlIGFsc28gcGFzc2VkIHRvIHRoZSBhZGFwdGVycyBkdXJpbmcgcmVxdWVzdC10aW1lIGZvciB0aGUgaW5zdGFuY2UgZmllbGRzIG9mCiB0eXBlIEROU05hbWUKCgoKAwQEARIDZQgPCikKBAQEAgASA2cEFRocIEROU05hbWUgZW5jb2RlZCBhcyBzdHJpbmcuCgoNCgUEBAIABBIEZwRlEQoMCgUEBAIABRIDZwQKCgwKBQQEAgABEgNnCxAKDAoFBAQCAAMSA2cTFArbAgoCBAUSBHAAcwEazgIgRE8gTk9UIFVTRSAhISBVbmRlciBEZXZlbG9wbWVudAogQW4gaW5zdGFuY2UgZmllbGQgb2YgdHlwZSBFbWFpbEFkZHJlc3MgZGVub3RlcyB0aGF0IHRoZSBleHByZXNzaW9uIGZvciB0aGUgZmllbGQgbXVzdCBldmFsYXV0ZSB0bwogW1ZhbHVlVHlwZS5FTUFJTF9BRERSRVNTXVtpc3Rpby5wb2xpY3kudjFiZXRhMS5WYWx1ZVR5cGUuRU1BSUxfQUREUkVTU10KCiBPYmplY3RzIG9mIHR5cGUgRW1haWxBZGRyZXNzIGFyZSBhbHNvIHBhc3NlZCB0byB0aGUgYWRhcHRlcnMgZHVyaW5nIHJlcXVlc3QtdGltZSBmb3IgdGhlIGluc3RhbmNlIGZpZWxkcyBvZgogdHlwZSBFbWFpbEFkZHJlc3MKCgoKAwQFARIDcAgUCi4KBAQFAgASA3IEFRohIEVtYWlsQWRkcmVzcyBlbmNvZGVkIGFzIHN0cmluZy4KCg0KBQQFAgAEEgRyBHAWCgwKBQQFAgAFEgNyBAoKDAoFBAUCAAESA3ILEAoMCgUEBQIAAxIDchMUCqwCCgIEBhIEewB+ARqfAiBETyBOT1QgVVNFICEhIFVuZGVyIERldmVsb3BtZW50CiBBbiBpbnN0YW5jZSBmaWVsZCBvZiB0eXBlIFVyaSBkZW5vdGVzIHRoYXQgdGhlIGV4cHJlc3Npb24gZm9yIHRoZSBmaWVsZCBtdXN0IGV2YWxhdXRlIHRvCiBbVmFsdWVUeXBlLlVSSV1baXN0aW8ucG9saWN5LnYxYmV0YTEuVmFsdWVUeXBlLlVSSV0KCiBPYmplY3RzIG9mIHR5cGUgVXJpIGFyZSBhbHNvIHBhc3NlZCB0byB0aGUgYWRhcHRlcnMgZHVyaW5nIHJlcXVlc3QtdGltZSBmb3IgdGhlIGluc3RhbmNlIGZpZWxkcyBvZgogdHlwZSBVcmkKCgoKAwQGARIDewgLCiUKBAQGAgASA30EFRoYIFVyaSBlbmNvZGVkIGFzIHN0cmluZy4KCg0KBQQGAgAEEgR9BHsNCgwKBQQGAgAFEgN9BAoKDAoFBAYCAAESA30LEAoMCgUEBgIAAxIDfRMUYgZwcm90bzMK+kIKNG1peGVyL3RlbXBsYXRlL21ldHJpYy90ZW1wbGF0ZV9oYW5kbGVyX3NlcnZpY2UucHJvdG8SBm1ldHJpYxoUZ29nb3Byb3RvL2dvZ28ucHJvdG8aLG1peGVyL2FkYXB0ZXIvbW9kZWwvdjFiZXRhMS9leHRlbnNpb25zLnByb3RvGhlnb29nbGUvcHJvdG9idWYvYW55LnByb3RvGihtaXhlci9hZGFwdGVyL21vZGVsL3YxYmV0YTEvcmVwb3J0LnByb3RvGh9wb2xpY3kvdjFiZXRhMS92YWx1ZV90eXBlLnByb3RvGhlwb2xpY3kvdjFiZXRhMS90eXBlLnByb3RvIqABChNIYW5kbGVNZXRyaWNSZXF1ZXN0EjEKCWluc3RhbmNlcxgBIAMoCzITLm1ldHJpYy5JbnN0YW5jZU1zZ1IJaW5zdGFuY2VzEjsKDmFkYXB0ZXJfY29uZmlnGAIgASgLMhQuZ29vZ2xlLnByb3RvYnVmLkFueVINYWRhcHRlckNvbmZpZxIZCghkZWR1cF9pZBgDIAEoCVIHZGVkdXBJZCKXBAoLSW5zdGFuY2VNc2cSFQoEbmFtZRivyrwiIAEoCVIEbmFtZRIxCgV2YWx1ZRgBIAEoCzIbLmlzdGlvLnBvbGljeS52MWJldGExLlZhbHVlUgV2YWx1ZRJDCgpkaW1lbnNpb25zGAIgAygLMiMubWV0cmljLkluc3RhbmNlTXNnLkRpbWVuc2lvbnNFbnRyeVIKZGltZW5zaW9ucxI2Chdtb25pdG9yZWRfcmVzb3VyY2VfdHlwZRgDIAEoCVIVbW9uaXRvcmVkUmVzb3VyY2VUeXBlEngKHW1vbml0b3JlZF9yZXNvdXJjZV9kaW1lbnNpb25zGAQgAygLMjQubWV0cmljLkluc3RhbmNlTXNnLk1vbml0b3JlZFJlc291cmNlRGltZW5zaW9uc0VudHJ5Uhttb25pdG9yZWRSZXNvdXJjZURpbWVuc2lvbnMaWgoPRGltZW5zaW9uc0VudHJ5EhAKA2tleRgBIAEoCVIDa2V5EjEKBXZhbHVlGAIgASgLMhsuaXN0aW8ucG9saWN5LnYxYmV0YTEuVmFsdWVSBXZhbHVlOgI4ARprCiBNb25pdG9yZWRSZXNvdXJjZURpbWVuc2lvbnNFbnRyeRIQCgNrZXkYASABKAlSA2tleRIxCgV2YWx1ZRgCIAEoCzIbLmlzdGlvLnBvbGljeS52MWJldGExLlZhbHVlUgV2YWx1ZToCOAEivwMKBFR5cGUSNQoFdmFsdWUYASABKA4yHy5pc3Rpby5wb2xpY3kudjFiZXRhMS5WYWx1ZVR5cGVSBXZhbHVlEjwKCmRpbWVuc2lvbnMYAiADKAsyHC5tZXRyaWMuVHlwZS5EaW1lbnNpb25zRW50cnlSCmRpbWVuc2lvbnMScQodbW9uaXRvcmVkX3Jlc291cmNlX2RpbWVuc2lvbnMYBCADKAsyLS5tZXRyaWMuVHlwZS5Nb25pdG9yZWRSZXNvdXJjZURpbWVuc2lvbnNFbnRyeVIbbW9uaXRvcmVkUmVzb3VyY2VEaW1lbnNpb25zGl4KD0RpbWVuc2lvbnNFbnRyeRIQCgNrZXkYASABKAlSA2tleRI1CgV2YWx1ZRgCIAEoDjIfLmlzdGlvLnBvbGljeS52MWJldGExLlZhbHVlVHlwZVIFdmFsdWU6AjgBGm8KIE1vbml0b3JlZFJlc291cmNlRGltZW5zaW9uc0VudHJ5EhAKA2tleRgBIAEoCVIDa2V5EjUKBXZhbHVlGAIgASgOMh8uaXN0aW8ucG9saWN5LnYxYmV0YTEuVmFsdWVUeXBlUgV2YWx1ZToCOAEirwMKDUluc3RhbmNlUGFyYW0SFAoFdmFsdWUYASABKAlSBXZhbHVlEkUKCmRpbWVuc2lvbnMYAiADKAsyJS5tZXRyaWMuSW5zdGFuY2VQYXJhbS5EaW1lbnNpb25zRW50cnlSCmRpbWVuc2lvbnMSNgoXbW9uaXRvcmVkX3Jlc291cmNlX3R5cGUYAyABKAlSFW1vbml0b3JlZFJlc291cmNlVHlwZRJ6Ch1tb25pdG9yZWRfcmVzb3VyY2VfZGltZW5zaW9ucxgEIAMoCzI2Lm1ldHJpYy5JbnN0YW5jZVBhcmFtLk1vbml0b3JlZFJlc291cmNlRGltZW5zaW9uc0VudHJ5Uhttb25pdG9yZWRSZXNvdXJjZURpbWVuc2lvbnMaPQoPRGltZW5zaW9uc0VudHJ5EhAKA2tleRgBIAEoCVIDa2V5EhQKBXZhbHVlGAIgASgJUgV2YWx1ZToCOAEaTgogTW9uaXRvcmVkUmVzb3VyY2VEaW1lbnNpb25zRW50cnkSEAoDa2V5GAEgASgJUgNrZXkSFAoFdmFsdWUYAiABKAlSBXZhbHVlOgI4ATJzChNIYW5kbGVNZXRyaWNTZXJ2aWNlElwKDEhhbmRsZU1ldHJpYxIbLm1ldHJpYy5IYW5kbGVNZXRyaWNSZXF1ZXN0Gi8uaXN0aW8ubWl4ZXIuYWRhcHRlci5tb2RlbC52MWJldGExLlJlcG9ydFJlc3VsdEIe+NLkkwIBgt3kkwIGbWV0cmljyOEeAKjiHgDw4R4ASqYzCgcSBRAAlQEBCugECgEMEgMQABIytAQgQ29weXJpZ2h0IDIwMTcgSXN0aW8gQXV0aG9ycwoKIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSAiTGljZW5zZSIpOwogeW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZSB3aXRoIHRoZSBMaWNlbnNlLgogWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0CgogICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIuMAoKIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvciBhZ3JlZWQgdG8gaW4gd3JpdGluZywgc29mdHdhcmUKIGRpc3RyaWJ1dGVkIHVuZGVyIHRoZSBMaWNlbnNlIGlzIGRpc3RyaWJ1dGVkIG9uIGFuICJBUyBJUyIgQkFTSVMsCiBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9ucyBhbmQKIGxpbWl0YXRpb25zIHVuZGVyIHRoZSBMaWNlbnNlLgoyJyBUSElTIEZJTEUgSVMgQVVUT01BVElDQUxMWSBHRU5FUkFURUQuCgqTCQoBAhIDLggOGogJIFRoZSBgbWV0cmljYCB0ZW1wbGF0ZSBpcyBkZXNpZ25lZCB0byBsZXQgeW91IGRlc2NyaWJlIHJ1bnRpbWUgbWV0cmljIHRvIGRpc3BhdGNoIHRvCiBtb25pdG9yaW5nIGJhY2tlbmRzLgogCiBFeGFtcGxlIGNvbmZpZzoKIAogYGBgeWFtbAogYXBpVmVyc2lvbjogImNvbmZpZy5pc3Rpby5pby92MWFscGhhMiIKIGtpbmQ6IG1ldHJpYwogbWV0YWRhdGE6CiAgIG5hbWU6IHJlcXVlc3RzaXplCiAgIG5hbWVzcGFjZTogaXN0aW8tc3lzdGVtCiBzcGVjOgogICB2YWx1ZTogcmVxdWVzdC5zaXplIHwgMAogICBkaW1lbnNpb25zOgogICAgIHNvdXJjZV9zZXJ2aWNlOiBzb3VyY2Uuc2VydmljZSB8ICJ1bmtub3duIgogICAgIHNvdXJjZV92ZXJzaW9uOiBzb3VyY2UubGFiZWxzWyJ2ZXJzaW9uIl0gfCAidW5rbm93biIKICAgICBkZXN0aW5hdGlvbl9zZXJ2aWNlOiBkZXN0aW5hdGlvbi5zZXJ2aWNlIHwgInVua25vd24iCiAgICAgZGVzdGluYXRpb25fdmVyc2lvbjogZGVzdGluYXRpb24ubGFiZWxzWyJ2ZXJzaW9uIl0gfCAidW5rbm93biIKICAgICByZXNwb25zZV9jb2RlOiByZXNwb25zZS5jb2RlIHwgMjAwCiAgIG1vbml0b3JlZF9yZXNvdXJjZV90eXBlOiAnIlVOU1BFQ0lGSUVEIicKIGBgYAoKIFRoZSBgbWV0cmljYCB0ZW1wbGF0ZSByZXByZXNlbnRzIGEgc2luZ2xlIHBpZWNlIG9mIGRhdGEgdG8gcmVwb3J0LgogCiBXaGVuIHdyaXRpbmcgdGhlIGNvbmZpZ3VyYXRpb24sIHRoZSB2YWx1ZSBmb3IgdGhlIGZpZWxkcyBhc3NvY2lhdGVkIHdpdGggdGhpcyB0ZW1wbGF0ZSBjYW4gZWl0aGVyIGJlIGEKIGxpdGVyYWwgb3IgYW4gW2V4cHJlc3Npb25dKGh0dHBzOi8vaXN0aW8uaW8vZG9jcy9yZWZlcmVuY2UvL2NvbmZpZy9wb2xpY3ktYW5kLXRlbGVtZXRyeS9leHByZXNzaW9uLWxhbmd1YWdlLykuIFBsZWFzZSBub3RlIHRoYXQgaWYgdGhlIGRhdGF0eXBlIG9mIGEgZmllbGQgaXMgbm90IGlzdGlvLnBvbGljeS52MWJldGExLlZhbHVlLAogdGhlbiB0aGUgZXhwcmVzc2lvbidzIFtpbmZlcnJlZCB0eXBlXShodHRwczovL2lzdGlvLmlvL2RvY3MvcmVmZXJlbmNlLy9jb25maWcvcG9saWN5LWFuZC10ZWxlbWV0cnkvZXhwcmVzc2lvbi1sYW5ndWFnZS8jdHlwZS1jaGVja2luZykgbXVzdCBtYXRjaCB0aGUgZGF0YXR5cGUgb2YgdGhlIGZpZWxkLgoKCQoCAwASAzEHHQoJCgIDARIDMgc1CgkKAgMCEgMzByIKCQoCAwMSAzQHMQoJCgIDBBIDNQcoCgkKAgMFEgM2ByIKCAoBCBIDOABWCgsKBAjnBwASAzgAVgoMCgUI5wcAAhIDOAc7Cg0KBgjnBwACABIDOAc7Cg4KBwjnBwACAAESAzgIOgoMCgUI5wcAAxIDOD5VCggKAQgSAzkARAoLCgQI5wcBEgM5AEQKDAoFCOcHAQISAzkHOAoNCgYI5wcBAgASAzkHOAoOCgcI5wcBAgABEgM5CDcKDAoFCOcHAQcSAzk7QwoICgEIEgM7AC8KCwoECOcHAhIDOwAvCgwKBQjnBwICEgM7ByYKDQoGCOcHAgIAEgM7ByYKDgoHCOcHAgIAARIDOwglCgwKBQjnBwIDEgM7KS4KCAoBCBIDPAAlCgsKBAjnBwMSAzwAJQoMCgUI5wcDAhIDPAccCg0KBgjnBwMCABIDPAccCg4KBwjnBwMCAAESAzwIGwoMCgUI5wcDAxIDPB8kCggKAQgSAz0AKAoLCgQI5wcEEgM9ACgKDAoFCOcHBAISAz0HHwoNCgYI5wcEAgASAz0HHwoOCgcI5wcEAgABEgM9CB4KDAoFCOcHBAMSAz0iJwpyCgIGABIEQABEARpmIEhhbmRsZU1ldHJpY1NlcnZpY2UgaXMgaW1wbGVtZW50ZWQgYnkgYmFja2VuZHMgdGhhdCB3YW50cyB0byBoYW5kbGUgcmVxdWVzdC10aW1lICdtZXRyaWMnIGluc3RhbmNlcy4KCgoKAwYAARIDQAgbCmwKBAYAAgASA0IEYxpfIEhhbmRsZU1ldHJpYyBpcyBjYWxsZWQgYnkgTWl4ZXIgYXQgcmVxdWVzdC10aW1lIHRvIGRlbGl2ZXIgJ21ldHJpYycgaW5zdGFuY2VzIHRvIHRoZSBiYWNrZW5kLgoKDAoFBgACAAESA0IIFAoMCgUGAAIAAhIDQhUoCgwKBQYAAgADEgNCM2EKNgoCBAASBEcAVgEaKiBSZXF1ZXN0IG1lc3NhZ2UgZm9yIEhhbmRsZU1ldHJpYyBtZXRob2QuCgoKCgMEAAESA0cIGwoiCgQEAAIAEgNKBCcaFSAnbWV0cmljJyBpbnN0YW5jZXMuCgoMCgUEAAIABBIDSgQMCgwKBQQAAgAGEgNKDRgKDAoFBAACAAESA0oZIgoMCgUEAAIAAxIDSiUmCrkECgQEAAIBEgNSBCsaqwQgQWRhcHRlciBzcGVjaWZpYyBoYW5kbGVyIGNvbmZpZ3VyYXRpb24uCgogTm90ZTogQmFja2VuZHMgY2FuIGFsc28gaW1wbGVtZW50IFtJbmZyYXN0cnVjdHVyZUJhY2tlbmRdW2h0dHBzOi8vaXN0aW8uaW8vZG9jcy9yZWZlcmVuY2UvY29uZmlnL21peGVyL2lzdGlvLm1peGVyLmFkYXB0ZXIubW9kZWwudjFiZXRhMS5odG1sI0luZnJhc3RydWN0dXJlQmFja2VuZF0KIHNlcnZpY2UgYW5kIHRoZXJlZm9yZSBvcHQgdG8gcmVjZWl2ZSBoYW5kbGVyIGNvbmZpZ3VyYXRpb24gZHVyaW5nIHNlc3Npb24gY3JlYXRpb24gdGhyb3VnaCBbSW5mcmFzdHJ1Y3R1cmVCYWNrZW5kLkNyZWF0ZVNlc3Npb25dW1RPRE86IExpbmsgdG8gdGhpcyBmcmFnbWVudF0KIGNhbGwuIEluIHRoYXQgY2FzZSwgYWRhcHRlcl9jb25maWcgd2lsbCBoYXZlIHR5cGVfdXJsIGFzICdnb29nbGUucHJvdG9idWYuQW55LnR5cGVfdXJsJyBhbmQgd291bGQgY29udGFpbiBzdHJpbmcKIHZhbHVlIG9mIHNlc3Npb25faWQgKHJldHVybmVkIGZyb20gSW5mcmFzdHJ1Y3R1cmVCYWNrZW5kLkNyZWF0ZVNlc3Npb24pLgoKDQoFBAACAQQSBFIESicKDAoFBAACAQYSA1IEFwoMCgUEAAIBARIDUhgmCgwKBQQAAgEDEgNSKSoKOgoEBAACAhIDVQQYGi0gSWQgdG8gZGVkdXBlIGlkZW50aWNhbCByZXF1ZXN0cyBmcm9tIE1peGVyLgoKDQoFBAACAgQSBFUEUisKDAoFBAACAgUSA1UECgoMCgUEAAICARIDVQsTCgwKBQQAAgIDEgNVFhcKqAEKAgQBEgRaAG8BGpsBIENvbnRhaW5zIGluc3RhbmNlIHBheWxvYWQgZm9yICdtZXRyaWMnIHRlbXBsYXRlLiBUaGlzIGlzIHBhc3NlZCB0byBpbmZyYXN0cnVjdHVyZSBiYWNrZW5kcyBkdXJpbmcgcmVxdWVzdC10aW1lCiB0aHJvdWdoIEhhbmRsZU1ldHJpY1NlcnZpY2UuSGFuZGxlTWV0cmljLgoKCgoDBAEBEgNaCBMKQgoEBAECABIDXQQbGjUgTmFtZSBvZiB0aGUgaW5zdGFuY2UgYXMgc3BlY2lmaWVkIGluIGNvbmZpZ3VyYXRpb24uCgoNCgUEAQIABBIEXQRaFQoMCgUEAQIABRIDXQQKCgwKBQQBAgABEgNdCw8KDAoFBAECAAMSA10SGgooCgQEAQIBEgNgBCkaGyBUaGUgdmFsdWUgYmVpbmcgcmVwb3J0ZWQuCgoNCgUEAQIBBBIEYARdGwoMCgUEAQIBBhIDYAQeCgwKBQQBAgEBEgNgHyQKDAoFBAECAQMSA2AnKApGCgQEAQICEgNjBDsaOSBUaGUgdW5pcXVlIGlkZW50aXR5IG9mIHRoZSBwYXJ0aWN1bGFyIG1ldHJpYyB0byByZXBvcnQuCgoNCgUEAQICBBIEYwRgKQoMCgUEAQICBhIDYwQrCgwKBQQBAgIBEgNjLDYKDAoFBAECAgMSA2M5OgqVAgoEBAECAxIDaAQnGocCIE9wdGlvbmFsLiBBbiBleHByZXNzaW9uIHRvIGNvbXB1dGUgdGhlIHR5cGUgb2YgdGhlIG1vbml0b3JlZCByZXNvdXJjZSB0aGlzIG1ldHJpYyBpcyBiZWluZyByZXBvcnRlZCBvbi4KIElmIHRoZSBtZXRyaWMgYmFja2VuZCBzdXBwb3J0cyBtb25pdG9yZWQgcmVzb3VyY2VzLCB0aGVzZSBmaWVsZHMgYXJlIHVzZWQgdG8gcG9wdWxhdGUgdGhhdCByZXNvdXJjZS4gT3RoZXJ3aXNlCiB0aGVzZSBmaWVsZHMgd2lsbCBiZSBpZ25vcmVkIGJ5IHRoZSBhZGFwdGVyLgoKDQoFBAECAwQSBGgEYzsKDAoFBAECAwUSA2gECgoMCgUEAQIDARIDaAsiCgwKBQQBAgMDEgNoJSYKpgIKBAQBAgQSA20EThqYAiBPcHRpb25hbC4gQSBzZXQgb2YgZXhwcmVzc2lvbnMgdGhhdCB3aWxsIGZvcm0gdGhlIGRpbWVuc2lvbnMgb2YgdGhlIG1vbml0b3JlZCByZXNvdXJjZSB0aGlzIG1ldHJpYyBpcyBiZWluZyByZXBvcnRlZCBvbi4KIElmIHRoZSBtZXRyaWMgYmFja2VuZCBzdXBwb3J0cyBtb25pdG9yZWQgcmVzb3VyY2VzLCB0aGVzZSBmaWVsZHMgYXJlIHVzZWQgdG8gcG9wdWxhdGUgdGhhdCByZXNvdXJjZS4gT3RoZXJ3aXNlCiB0aGVzZSBmaWVsZHMgd2lsbCBiZSBpZ25vcmVkIGJ5IHRoZSBhZGFwdGVyLgoKDQoFBAECBAQSBG0EaCcKDAoFBAECBAYSA20EKwoMCgUEAQIEARIDbSxJCgwKBQQBAgQDEgNtTE0K8QEKAgQCEgVzAIABARrjASBDb250YWlucyBpbmZlcnJlZCB0eXBlIGluZm9ybWF0aW9uIGFib3V0IHNwZWNpZmljIGluc3RhbmNlIG9mICdtZXRyaWMnIHRlbXBsYXRlLiBUaGlzIGlzIHBhc3NlZCB0bwogaW5mcmFzdHJ1Y3R1cmUgYmFja2VuZHMgZHVyaW5nIGNvbmZpZ3VyYXRpb24tdGltZSB0aHJvdWdoIFtJbmZyYXN0cnVjdHVyZUJhY2tlbmQuQ3JlYXRlU2Vzc2lvbl1bVE9ETzogTGluayB0byB0aGlzIGZyYWdtZW50XS4KCgoKAwQCARIDcwgMCigKBAQCAgASA3YELRobIFRoZSB2YWx1ZSBiZWluZyByZXBvcnRlZC4KCg0KBQQCAgAEEgR2BHMOCgwKBQQCAgAGEgN2BCIKDAoFBAICAAESA3YjKAoMCgUEAgIAAxIDdissCkYKBAQCAgESA3kEPxo5IFRoZSB1bmlxdWUgaWRlbnRpdHkgb2YgdGhlIHBhcnRpY3VsYXIgbWV0cmljIHRvIHJlcG9ydC4KCg0KBQQCAgEEEgR5BHYtCgwKBQQCAgEGEgN5BC8KDAoFBAICAQESA3kwOgoMCgUEAgIBAxIDeT0+CqYCCgQEAgICEgN+BFIamAIgT3B0aW9uYWwuIEEgc2V0IG9mIGV4cHJlc3Npb25zIHRoYXQgd2lsbCBmb3JtIHRoZSBkaW1lbnNpb25zIG9mIHRoZSBtb25pdG9yZWQgcmVzb3VyY2UgdGhpcyBtZXRyaWMgaXMgYmVpbmcgcmVwb3J0ZWQgb24uCiBJZiB0aGUgbWV0cmljIGJhY2tlbmQgc3VwcG9ydHMgbW9uaXRvcmVkIHJlc291cmNlcywgdGhlc2UgZmllbGRzIGFyZSB1c2VkIHRvIHBvcHVsYXRlIHRoYXQgcmVzb3VyY2UuIE90aGVyd2lzZQogdGhlc2UgZmllbGRzIHdpbGwgYmUgaWdub3JlZCBieSB0aGUgYWRhcHRlci4KCg0KBQQCAgIEEgR+BHk/CgwKBQQCAgIGEgN+BC8KDAoFBAICAgESA34wTQoMCgUEAgICAxIDflBRCk8KAgQDEgaDAQCVAQEaQSBSZXByZXNlbnRzIGluc3RhbmNlIGNvbmZpZ3VyYXRpb24gc2NoZW1hIGZvciAnbWV0cmljJyB0ZW1wbGF0ZS4KCgsKAwQDARIEgwEIFQopCgQEAwIAEgSGAQQVGhsgVGhlIHZhbHVlIGJlaW5nIHJlcG9ydGVkLgoKDwoFBAMCAAQSBoYBBIMBFwoNCgUEAwIABRIEhgEECgoNCgUEAwIAARIEhgELEAoNCgUEAwIAAxIEhgETFApHCgQEAwIBEgSJAQQnGjkgVGhlIHVuaXF1ZSBpZGVudGl0eSBvZiB0aGUgcGFydGljdWxhciBtZXRyaWMgdG8gcmVwb3J0LgoKDwoFBAMCAQQSBokBBIYBFQoNCgUEAwIBBhIEiQEEFwoNCgUEAwIBARIEiQEYIgoNCgUEAwIBAxIEiQElJgqWAgoEBAMCAhIEjgEEJxqHAiBPcHRpb25hbC4gQW4gZXhwcmVzc2lvbiB0byBjb21wdXRlIHRoZSB0eXBlIG9mIHRoZSBtb25pdG9yZWQgcmVzb3VyY2UgdGhpcyBtZXRyaWMgaXMgYmVpbmcgcmVwb3J0ZWQgb24uCiBJZiB0aGUgbWV0cmljIGJhY2tlbmQgc3VwcG9ydHMgbW9uaXRvcmVkIHJlc291cmNlcywgdGhlc2UgZmllbGRzIGFyZSB1c2VkIHRvIHBvcHVsYXRlIHRoYXQgcmVzb3VyY2UuIE90aGVyd2lzZQogdGhlc2UgZmllbGRzIHdpbGwgYmUgaWdub3JlZCBieSB0aGUgYWRhcHRlci4KCg8KBQQDAgIEEgaOAQSJAScKDQoFBAMCAgUSBI4BBAoKDQoFBAMCAgESBI4BCyIKDQoFBAMCAgMSBI4BJSYKpwIKBAQDAgMSBJMBBDoamAIgT3B0aW9uYWwuIEEgc2V0IG9mIGV4cHJlc3Npb25zIHRoYXQgd2lsbCBmb3JtIHRoZSBkaW1lbnNpb25zIG9mIHRoZSBtb25pdG9yZWQgcmVzb3VyY2UgdGhpcyBtZXRyaWMgaXMgYmVpbmcgcmVwb3J0ZWQgb24uCiBJZiB0aGUgbWV0cmljIGJhY2tlbmQgc3VwcG9ydHMgbW9uaXRvcmVkIHJlc291cmNlcywgdGhlc2UgZmllbGRzIGFyZSB1c2VkIHRvIHBvcHVsYXRlIHRoYXQgcmVzb3VyY2UuIE90aGVyd2lzZQogdGhlc2UgZmllbGRzIHdpbGwgYmUgaWdub3JlZCBieSB0aGUgYWRhcHRlci4KCg8KBQQDAgMEEgaTAQSOAScKDQoFBAMCAwYSBJMBBBcKDQoFBAMCAwESBJMBGDUKDQoFBAMCAwMSBJMBODliBnByb3RvMw==" -{{- end }} diff --git a/bitnami/wavefront-adapter-for-istio/templates/istio/rule-http.yaml b/bitnami/wavefront-adapter-for-istio/templates/istio/rule-http.yaml deleted file mode 100644 index 9f6e415..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/istio/rule-http.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.istio.create .Values.metrics.http }} -# rule to dispatch to handler wavefront-handler -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: rule -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-wavefront-http-rule - namespace: {{ .Values.istio.namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - match: context.protocol == "http" - actions: - - handler: {{ include "common.names.fullname" . }}-wavefront-handler.{{ .Values.istio.namespace }} - instances: - - {{ include "common.names.fullname" . }}-requestsize.instance.{{ .Release.Namespace }} - - {{ include "common.names.fullname" . }}-requestcount.instance.{{ .Release.Namespace }} - - {{ include "common.names.fullname" . }}-requestduration.instance.{{ .Release.Namespace }} - - {{ include "common.names.fullname" . }}-responsesize.instance.{{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/wavefront-adapter-for-istio/templates/istio/rule-tcp.yaml b/bitnami/wavefront-adapter-for-istio/templates/istio/rule-tcp.yaml deleted file mode 100644 index e92c550..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/istio/rule-tcp.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if and .Values.istio.create .Values.metrics.tcp }} -# rule to dispatch tcp metrics to handler wavefront-handler -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: rule -metadata: - name: {{ include "common.names.fullname" . }}-wavefront-tcp-rule - namespace: {{ .Values.istio.namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - match: context.protocol == "tcp" - actions: - - handler: {{ include "common.names.fullname" . }}-wavefront-handler.{{ .Values.istio.namespace }} - instances: - - {{ include "common.names.fullname" . }}-tcpsentbytes.instance.{{ .Release.Namespace }} - - {{ include "common.names.fullname" . }}-tcpreceivedbytes.instance.{{ .Release.Namespace }} ---- -# rule to dispatch tcp connection open metric to handler wavefront-handler -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: rule -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-wavefront-tcp-connection-open-rule - namespace: {{ .Values.istio.namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - match: context.protocol == "tcp" && connection.event == "open" - actions: - - handler: {{ include "common.names.fullname" . }}-wavefront-handler.{{ .Values.istio.namespace }} - instances: - - {{ include "common.names.fullname" . }}-tcpconnectionsopened.instance.{{ .Release.Namespace }} ---- -# rule to dispatch tcp connection close metric to handler wavefront-handler -apiVersion: {{ include "wfafi.istio.apiVersion" . }} -kind: rule -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ include "common.names.fullname" . }}-wavefront-tcp-connection-close-rule - namespace: {{ .Values.istio.namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - match: context.protocol == "tcp" && connection.event == "close" - actions: - - handler: {{ include "common.names.fullname" . }}-wavefront-handler.{{ .Values.istio.namespace }} - instances: - - {{ include "common.names.fullname" . }}-tcpconnectionsclosed.instance.{{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/wavefront-adapter-for-istio/templates/service.yaml b/bitnami/wavefront-adapter-for-istio/templates/service.yaml deleted file mode 100644 index 887da12..0000000 --- a/bitnami/wavefront-adapter-for-istio/templates/service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: grpc - port: {{ .Values.service.port }} - targetPort: grpc - protocol: TCP - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: wavefront-adapter-for-istio diff --git a/bitnami/wavefront-adapter-for-istio/values.yaml b/bitnami/wavefront-adapter-for-istio/values.yaml deleted file mode 100644 index e8ab271..0000000 --- a/bitnami/wavefront-adapter-for-istio/values.yaml +++ /dev/null @@ -1,452 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -## @section Global parameters -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - imagePullSecrets: [] - storageClass: "" - -## Override Kubernetes version -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" - -## String to partially override common.names.fullname template (will maintain the release name) -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" - -## String to fully override common.names.fullname template -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" - -## Add labels to all the deployed resources -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} - -## Add annotations to all the deployed resources -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section Wavefront Adapter for Istio deployment parameters -## -image: - ## @param image.registry Adapter image registry - ## - registry: docker.io - ## @param image.repository Adapter image repository - ## - repository: bitnami/wavefront-adapter-for-istio - ## @param image.tag Adapter image tag (immutabe tags are recommended) - ## - tag: 0.1.5-debian-10-r161 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - ## @param image.pullPolicy Adapter image pull policy - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - ## @param image.pullSecrets Adapter image pull secrets - ## - pullSecrets: [] - # - myRegistryKeySecretName - ## Enable debug mode - ## @param image.debug Enable image debug mode - ## - debug: false - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - -## Command and args for running the container (set to default if not set). Use array form -## @param command Override default container command (useful when using custom images) -## -command: [] -## Args for running the container (set to default if not set). Use array form -## @param args Override default container args (useful when using custom images) -## -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## @param hostAliases Add deployment host aliases -## -hostAliases: [] - -## wavefront-adapter-for-istio resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param resources.limits The resources limits for the Adapter container - ## - limits: {} - # cpu: 200m - # memory: 256Mi - ## @param resources.requests The requested resourcesc for the Adapter container - ## - requests: {} - # cpu: 200m - # memory: 10Mi - -## wavefront-adapter-for-istio containers' Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled Adapter containers' Security Context -## @param containerSecurityContext.runAsUser Set Adapter container's Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set Adapter container's Security Context runAsNonRoot -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - -## wavefront-adapter-for-istio pods' Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled Adapter pods' Security Context -## @param podSecurityContext.fsGroup Set Adapter pod's Security Context fsGroup -## -podSecurityContext: - enabled: true - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set -## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## @param affinity Affinity for pod assignment -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## @param nodeSelector Node labels for pod assignment -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## @param tolerations Tolerations for pod assignment -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -## @param podLabels Extra labels for Adapter pods -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## @skip podAnnotations -## -podAnnotations: - sidecar.istio.io/inject: "false" - scheduler.alpha.kubernetes.io/critical-pod: "" - -## wavefront-adapter-for-istio pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## @param priorityClassName Adapter pod priority -## -priorityClassName: "" - -## lifecycleHooks for the wavefront-adapter-for-istio container to automate configuration before or after startup. -## @param lifecycleHooks Add lifecycle hooks to the Adapter deployment -## -lifecycleHooks: {} - -## Custom Liveness probes for wavefront-adapter-for-istio -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} - -## Custom Rediness probes wavefront-adapter-for-istio -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## @param updateStrategy.type Adapter deployment update strategy -## -updateStrategy: - type: RollingUpdate - -## Adapter Container port -## @param containerPort Adapter container port -## -containerPort: 8000 -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## @param extraEnvVars Add extra environment variables to the Adapter container -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" - -## Secret with extra environment variables -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars -## -extraEnvVarsSecret: "" - -## Extra volumes to add to the deployment -## @param extraVolumes Optionally specify extra list of additional volumes for Adapter pods -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Adapter container(s) -## -extraVolumeMounts: [] - -## Add init containers to the wavefront-adapter-for-istio pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## @param initContainers Add additional init containers to the Adapter pods -## -initContainers: [] - -## Add sidecars to the wavefront-adapter-for-istio pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -## @param sidecars Add additional sidecar containers to the Adapter pod -## -sidecars: [] - -## Use an external wavefront-proxy host -## -externalProxy: - ## @param externalProxy.host Host of a wavefront-proxy instance (required if wavefront.enabled = false) - ## - host: "" - ## @param externalProxy.port Host of a wavefront-proxy instance (required if wavefront.enabled = false) - ## - port: 2878 - -## Adapter prefix parameter -## @param adapterLogLevel Adapter log level -## -adapterLogLevel: info - -## Istio settings -## -istio: - ## @param istio.create Deploy istio objects - ## - create: true - ## @param istio.namespace Namespace to deploy the Istio objects - ## - namespace: istio-system - ## @param istio.apiVersion Override Istio API version - ## - apiVersion: "" - -## Adapter Metrics parameters -## -metrics: - ## @param metrics.flushInterval Interval to flush the metrics - ## - flushInterval: 5s - ## @param metrics.source Source tag for all metrics handled by the adapter - ## - source: istio - ## @param metrics.prefix Prefix to prepend to all metrics handled by the adapter - ## - prefix: istio - ## @param metrics.http Enable the collection of http metrics - ## - http: true - ## @param metrics.tcp Enable the collection of tcp metrics - ## - tcp: true - -## @section Traffic Exposure Parameters -## Service parameters -## -service: - ## @param service.type Adapter service type - ## - type: ClusterIP - ## HTTP Port - ## @param service.port Adapter service port - ## - port: 8000 - ## loadBalancerIP for the Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## @param service.loadBalancerIP Adapter service LoadBalancer IP - ## - loadBalancerIP: "" - ## loadBalancerIP source ranges for the Service - ## @param service.loadBalancerSourceRanges loadBalancerIP source ranges for the Service - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## - ## nodePorts: - ## http: - ## https: - ## @param service.nodePorts.http NodePort for the HTTP endpoint - ## - nodePorts: - http: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## @param service.externalTrafficPolicy External traffic policy for the service - ## - externalTrafficPolicy: Cluster - -## @section Wavefront sub-chart parameters -## Wavefront chart parameters -## NOTE: This solution will currently work with wavefront-proxy, reason why we disable the rest of -## the services by default -## -wavefront: - ## @param wavefront.enabled Deploy Wavefront chart (necessary if externalProxyHost is not set) - ## - enabled: true - - ## @param wavefront.wavefront.url Wavefront SAAS service URL - ## @param wavefront.wavefront.token Wavefront SAAS token - ## - wavefront: - url: https://YOUR_CLUSTER.wavefront.com - token: YOUR_API_TOKEN - - ## @param wavefront.collector.enabled Deploy Wavefront collector (not used by the Adapter pod) - ## - collector: - enabled: false - ## @param wavefront.rbac.create Create RBAC rules (not necessary as the Adapter only uses wavefront-proxy) - ## - rbac: - create: false - proxy: - ## @param wavefront.proxy.enabled Deploy Wavefront Proxy (required if externalProxyHost is not set) - ## - enabled: true - ## @param wavefront.proxy.port Deployed Wavefront Proxy port (required if externalProxyHost is not set) - ## - port: 2878 - ## @param wavefront.serviceAccount.create Create Wavefront serivce account (not necessary as the Adapter only uses wavefront-proxy) - ## - serviceAccount: - create: false diff --git a/bitnami/wavefront-hpa-adapter/Chart.lock b/bitnami/wavefront-hpa-adapter/Chart.lock deleted file mode 100644 index 4590a5a..0000000 --- a/bitnami/wavefront-hpa-adapter/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.8.0 -digest: sha256:3e342a25057f87853e52d83e1d14e6d8727c15fd85aaae22e7594489cc129f15 -generated: "2021-09-10T09:34:44.755321347Z" diff --git a/bitnami/wavefront-hpa-adapter/Chart.yaml b/bitnami/wavefront-hpa-adapter/Chart.yaml deleted file mode 100644 index 22b51d8..0000000 --- a/bitnami/wavefront-hpa-adapter/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 0.9.8 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Wavefront HPA Adapter for Kubernetes is a Kubernetes Horizontal Pod Autoscaler adapter. It enables Kubernetes workloads to be scaled based on Wavefront metrics. -engine: gotpl -home: https://github.com/wavefrontHQ/wavefront-kubernetes-adapter -icon: https://bitnami.com/assets/stacks/wavefront-hpa-adapter/img/wavefront-hpa-adapter-stack-220x234.png -keywords: - - alerting - - adapter - - metrics - - monitoring - - observability - - wavefront -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: wavefront-hpa-adapter -sources: - - https://github.com/bitnami/bitnami-docker-wavefront-hpa-adapter -version: 0.1.5 diff --git a/bitnami/wavefront-hpa-adapter/README.md b/bitnami/wavefront-hpa-adapter/README.md deleted file mode 100644 index e24c565..0000000 --- a/bitnami/wavefront-hpa-adapter/README.md +++ /dev/null @@ -1,189 +0,0 @@ -# wavefront-hpa-adapter - -[Wavefront HPA Adapter for Kubernetes](https://github.com/wavefrontHQ/wavefront-kubernetes-adapter) Wavefront HPA Adapter for Kubernetes is a Kubernetes Horizontal Pod Autoscaler adapter. It enables Kubernetes workloads to be scaled based on Wavefront metrics. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/wavefront-hpa-adapter -``` - -## Introduction -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - -[Wavefront HPA Adapter for Kubernetes](https://github.com/wavefrontHQ/wavefront-kubernetes-adapter) Deployment in a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/wavefront-hpa-adapter -``` - -These commands deploy wavefront-hpa-adapter on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` helm release: - -```console -$ helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | -------------------------------------------------- | --------------- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### Wavefront HPA Adapter for Kubernetes deployment parameters - -| Name | Description | Value | -| --------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------ | -| `image.registry` | Adapter image registry | `docker.io` | -| `image.repository` | Adapter image repository | `bitnami/wavefront-hpa-adapter` | -| `image.tag` | Adapter image tag (immutabe tags are recommended) | `0.9.8-scratch-r4` | -| `image.pullPolicy` | Adapter image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Adapter image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `resources.limits` | The resources limits for the Adapter container | `{}` | -| `resources.requests` | The requested resourcesc for the Adapter container | `{}` | -| `containerSecurityContext.enabled` | Enabled Adapter containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set Adapter container's Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set Adapter container's Security Context runAsNonRoot | `true` | -| `podSecurityContext.enabled` | Enabled Adapter pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Set Adapter pod's Security Context fsGroup | `1001` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `podLabels` | Extra labels for Adapter pods | `{}` | -| `podAnnotations` | Annotations for Adapter pods | `{}` | -| `priorityClassName` | Adapter pod priority | `""` | -| `lifecycleHooks` | Add lifecycle hooks to the Adapter deployment | `{}` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `updateStrategy.type` | Adapter deployment update strategy | `RollingUpdate` | -| `containerPort` | Adapter container port | `6443` | -| `extraEnvVars` | Add extra environment variables to the Adapter container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | -| `extraVolumes` | Optionally specify extra list of additional volumes for Adapter pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Adapter container(s) | `[]` | -| `initContainers` | Add additional init containers to the Adapter pods | `[]` | -| `sidecars` | Add additional sidecar containers to the Adapter pod | `[]` | -| `adapterMetricPrefix` | Adapter metric `prefix` parameter | `kubernetes` | -| `adapterAPIClientTimeout` | Adapter API timeout | `10s` | -| `adapterMetricRelistInterval` | Adapter metric relist interval | `10m` | -| `adapterLogLevel` | Adapter log level | `info` | -| `adapterRules` | Adapter array of rules | `[]` | -| `adapterSSLCertDir` | Adapter SSL Certs directory | `/etc/ssl/certs` | -| `adapterSSLCertsSecret` | Adapter SSL Certs secret (will use autogenerated if empty) | `""` | -| `wavefront.url` | External Wavefront URL | `https://YOUR_CLUSTER.wavefront.com` | -| `wavefront.token` | External Wavefront Token | `YOUR_API_TOKEN` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | -------------------------------------------- | ----------- | -| `service.type` | Adapter service type | `ClusterIP` | -| `service.port` | Adapter service port | `443` | -| `service.loadBalancerIP` | Adapter service LoadBalancer IP | `""` | -| `service.loadBalancerSourceRanges` | loadBalancerIP source ranges for the Service | `[]` | -| `service.nodePorts.http` | NodePort for the HTTP endpoint | `""` | -| `service.externalTrafficPolicy` | External traffic policy for the service | `Cluster` | - - -### RBAC parameters - -| Name | Description | Value | -| ----------------------- | ----------------------------------------------------------- | ------ | -| `rbac.create` | Weather to create & use RBAC resources or not | `true` | -| `serviceAccount.create` | Enable the creation of a ServiceAccount for Reconciler pods | `true` | -| `serviceAccount.name` | Name of the created ServiceAccount | `""` | -| `apiService.create` | Create the APIService objects in Kubernetes API | `true` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set livenessProbe.successThreshold=5 \ - bitnami/wavefront-hpa-adapter -``` - -The above command sets the `livenessProbe.successThreshold` to `5`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/wavefront-hpa-adapter -``` - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Connect to a Wavefront instance - -Wavefront HPA for Kubernetes only works when it configured to use a Wavefront SaaS instance with a proper API token. This is done by setting the `wavefront.url` and `wavefront.token` values. Obtain an instance and an API token by signing up for an account through the [official Wavefront sign-up page](https://www.wavefront.com/sign-up). Refer to the [chart documentation for a configuration example](https://docs.bitnami.com/kubernetes/apps/wavefront-hpa-adapter-for-kubernetes/get-started/configure-connection/). - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -```bash -$ helm upgrade my-release bitnami/wavefront-hpa-adapter -``` diff --git a/bitnami/wavefront-hpa-adapter/ci/rules.yaml b/bitnami/wavefront-hpa-adapter/ci/rules.yaml deleted file mode 100644 index 1cb28c5..0000000 --- a/bitnami/wavefront-hpa-adapter/ci/rules.yaml +++ /dev/null @@ -1,2 +0,0 @@ -adapterRules: - - rule: test diff --git a/bitnami/wavefront-hpa-adapter/templates/NOTES.txt b/bitnami/wavefront-hpa-adapter/templates/NOTES.txt deleted file mode 100644 index 2716130..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/NOTES.txt +++ /dev/null @@ -1,20 +0,0 @@ -** Please be patient while the chart is being deployed ** - -1. Get the application URL by running these commands: - -{{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ template "common.names.fullname" . }} - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - echo "The renconciler is available at http://127.0.0.1:{{ .Values.service.port }}" - kubectl port-forward svc/{{ template "common.names.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} & -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "wfhpaa.validateValues" . }} diff --git a/bitnami/wavefront-hpa-adapter/templates/_helpers.tpl b/bitnami/wavefront-hpa-adapter/templates/_helpers.tpl deleted file mode 100644 index 31b367f..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/_helpers.tpl +++ /dev/null @@ -1,50 +0,0 @@ -{{/* -Return the proper wavefront-hpa-adapter image name -*/}} -{{- define "wfhpaa.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create the name of the Service Account to use -*/}} -{{- define "wfhpaa.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} - {{- default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else }} - {{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "wfhpaa.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "wfhpaa.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "wfhpaa.validateValues.wavefront" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Wavefront HPA Adapter for Kubernetes - Wavefront configuration */}} -{{- define "wfhpaa.validateValues.wavefront" -}} -{{- if not .Values.wavefront.url -}} -wavefront-hpa-adaper: MissingWavefrontURL - A Wavefront instance URL must be specified. Please set the wavefront.url value -{{- end }} -{{- if not .Values.wavefront.token -}} -wavefront-hpa-adaper: MissingWavefrontToken - A Wavefront instance Token must be specified. Please set the wavefront.token value -{{- end }} -{{- end -}} diff --git a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml b/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml deleted file mode 100644 index fa447f1..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}:system:auth-delegator - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: - - kind: ServiceAccount - name: {{ include "wfhpaa.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml b/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml deleted file mode 100644 index d75702c..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-auth-reader-role-binding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - namespace: kube-system - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: - - kind: ServiceAccount - name: {{ include "wfhpaa.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-deployment.yaml b/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-deployment.yaml deleted file mode 100644 index 1f0b749..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-deployment.yaml +++ /dev/null @@ -1,170 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: wavefront-hpa-adapter - template: - metadata: - {{- if .Values.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "wfhpaa.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ include "wfhpaa.serviceAccountName" . }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "wavefront-hpa-adapter" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "wavefront-hpa-adapter" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: wavefront-hpa-adapter - image: {{ template "wfhpaa.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- else }} - command: - - /wavefront-adapter - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- else }} - args: - - --wavefront-url={{ .Values.wavefront.url }} - - --wavefront-token={{ .Values.wavefront.token }} - - --wavefront-metric-prefix={{ .Values.adapterMetricPrefix }} - - --metrics-relist-interval={{ .Values.adapterMetricRelistInterval }} - - --cert-dir={{ .Values.adapterSSLCertDir }} - - --secure-port={{ .Values.containerPort }} - - --api-client-timeout={{ .Values.adapterAPIClientTimeout }} - {{- if .Values.adapterRules }} - - --external-metrics-config=/bitnami/wavefront-hpa-adapter/conf/config.yaml - {{- end }} - - --logtostderr=true - - --log-level={{ .Values.adapterLogLevel }} - {{- end }} - env: - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - ports: - - containerPort: {{ .Values.containerPort }} - name: https - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - tcpSocket: - port: https - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: https - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - mountPath: /tmp - name: temp-vol - {{- if .Values.adapterRules }} - - mountPath: /bitnami/wavefront-hpa-adapter/conf - name: config - readOnly: true - {{- end }} - {{- if .Values.adapterSSLCertsSecret }} - - name: ssl-cert-dirs - mountPath: {{ .Values.adapterSSLCertDir }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.adapterSSLCertsSecret }} - - name: ssl-cert-dirs - secret: - secretName: {{ .Values.adapterSSLCertsSecret }} - {{- end }} - - name: temp-vol - emptyDir: {} - {{- if .Values.adapterRules }} - - name: config - configMap: - name: {{ include "common.names.fullname" . }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml b/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml deleted file mode 100644 index e6e629a..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "wfhpaa.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-service-account.yaml b/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-service-account.yaml deleted file mode 100644 index aa0ecb9..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-service-account.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create }} -kind: ServiceAccount -apiVersion: v1 -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-service.yaml b/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-service.yaml deleted file mode 100644 index 792510e..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiserver-service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: https - port: {{ .Values.service.port }} - targetPort: https - protocol: TCP - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter diff --git a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiservice.yaml b/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiservice.yaml deleted file mode 100644 index 5f17a09..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-apiservice.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.apiService.create }} -apiVersion: apiregistration.k8s.io/v1beta1 -kind: APIService -metadata: - name: v1beta1.custom.metrics.k8s.io - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - service: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - group: custom.metrics.k8s.io - version: v1beta1 - insecureSkipTLSVerify: true - groupPriorityMinimum: 100 - versionPriority: 100 -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-cluster-role.yaml b/bitnami/wavefront-hpa-adapter/templates/custom-metrics-cluster-role.yaml deleted file mode 100644 index e3e6360..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-cluster-role.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-custom-metrics-reader - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - custom.metrics.k8s.io - resources: ["*"] - verbs: ["get", "list"] diff --git a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-configmap.yaml b/bitnami/wavefront-hpa-adapter/templates/custom-metrics-configmap.yaml deleted file mode 100644 index 6b07d86..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.adapterRules }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - config.yaml: | - rules: {{- include "common.tplvalues.render" ( dict "value" .Values.adapterRules "context" $ ) | nindent 6 }} -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml b/bitnami/wavefront-hpa-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml deleted file mode 100644 index 19b1042..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/custom-metrics-resource-reader-cluster-role.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - namespaces - - pods - - services - verbs: - - get - - list - - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/external-metrics-apiservice.yaml b/bitnami/wavefront-hpa-adapter/templates/external-metrics-apiservice.yaml deleted file mode 100644 index 6fd9af8..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/external-metrics-apiservice.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.apiService.create }} -apiVersion: apiregistration.k8s.io/v1beta1 -kind: APIService -metadata: - name: v1beta1.external.metrics.k8s.io - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - service: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - group: external.metrics.k8s.io - version: v1beta1 - insecureSkipTLSVerify: true - groupPriorityMinimum: 100 - versionPriority: 100 -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/external-metrics-cluster-role.yaml b/bitnami/wavefront-hpa-adapter/templates/external-metrics-cluster-role.yaml deleted file mode 100644 index a115cfc..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/external-metrics-cluster-role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-external-metrics-reader - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - external.metrics.k8s.io - resources: ["*"] - verbs: ["get", "list"] -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/extra-list.yaml b/bitnami/wavefront-hpa-adapter/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml b/bitnami/wavefront-hpa-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml deleted file mode 100644 index c47b4a3..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/hpa-custom-metrics-cluster-role-binding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-custom-metrics-reader - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "common.names.fullname" . }}-custom-metrics-reader -subjects: - - kind: ServiceAccount - name: horizontal-pod-autoscaler - namespace: kube-system -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml b/bitnami/wavefront-hpa-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml deleted file mode 100644 index 9e588c9..0000000 --- a/bitnami/wavefront-hpa-adapter/templates/hpa-external-metrics-cluster-role-binding.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-hpa-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-external-metrics-reader - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "common.names.fullname" . }}-external-metrics-reader -subjects: - - kind: ServiceAccount - name: horizontal-pod-autoscaler - namespace: kube-system -{{- end }} diff --git a/bitnami/wavefront-hpa-adapter/values.yaml b/bitnami/wavefront-hpa-adapter/values.yaml deleted file mode 100644 index 24f3b59..0000000 --- a/bitnami/wavefront-hpa-adapter/values.yaml +++ /dev/null @@ -1,433 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -## @section Global parameters -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - imagePullSecrets: [] -# - myRegistryKeySecretName - storageClass: "" - -## Override Kubernetes version -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" - -## String to partially override common.names.fullname template (will maintain the release name) -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" - -## String to fully override common.names.fullname template -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" - -## Add labels to all the deployed resources -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} - -## Add annotations to all the deployed resources -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section Wavefront HPA Adapter for Kubernetes deployment parameters -## -image: - ## @param image.registry Adapter image registry - ## - registry: docker.io - ## @param image.repository Adapter image repository - ## - repository: bitnami/wavefront-hpa-adapter - ## @param image.tag Adapter image tag (immutabe tags are recommended) - ## - tag: 0.9.8-scratch-r4 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - ## @param image.pullPolicy Adapter image pull policy - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - ## @param image.pullSecrets Adapter image pull secrets - ## - pullSecrets: [] - # - myRegistryKeySecretName - ## Enable debug mode - ## @param image.debug Enable image debug mode - ## - debug: false - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - -## Command and args for running the container (set to default if not set). Use array form -## @param command Override default container command (useful when using custom images) -## -command: [] -## Args for running the container (set to default if not set). Use array form -## @param args Override default container args (useful when using custom images) -## -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## @param hostAliases Add deployment host aliases -## -hostAliases: [] - -## wavefront-hpa-adapter resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param resources.limits The resources limits for the Adapter container - ## - limits: {} - # cpu: 200m - # memory: 256Mi - ## @param resources.requests The requested resourcesc for the Adapter container - ## - requests: {} - # cpu: 200m - # memory: 10Mi - -## wavefront-hpa-adapter containers' Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled Adapter containers' Security Context -## @param containerSecurityContext.runAsUser Set Adapter container's Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set Adapter container's Security Context runAsNonRoot -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - -## wavefront-hpa-adapter pods' Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled Adapter pods' Security Context -## @param podSecurityContext.fsGroup Set Adapter pod's Security Context fsGroup -## -podSecurityContext: - enabled: true - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set -## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## @param affinity Affinity for pod assignment -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## @param nodeSelector Node labels for pod assignment -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## @param tolerations Tolerations for pod assignment -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -## @param podLabels Extra labels for Adapter pods -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## @param podAnnotations Annotations for Adapter pods -## -podAnnotations: {} - -## wavefront-hpa-adapter pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## @param priorityClassName Adapter pod priority -## -priorityClassName: "" - -## lifecycleHooks for the wavefront-hpa-adapter container to automate configuration before or after startup. -## @param lifecycleHooks Add lifecycle hooks to the Adapter deployment -## -lifecycleHooks: {} - -## Custom Liveness probes for wavefront-hpa-adapter -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} - -## Custom Rediness probes wavefront-hpa-adapter -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## @param updateStrategy.type Adapter deployment update strategy -## -updateStrategy: - type: RollingUpdate - -## Adapter Container port -## @param containerPort Adapter container port -## -containerPort: 6443 -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## @param extraEnvVars Add extra environment variables to the Adapter container -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" - -## Secret with extra environment variables -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars -## -extraEnvVarsSecret: "" - -## Extra volumes to add to the deployment -## @param extraVolumes Optionally specify extra list of additional volumes for Adapter pods -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Adapter container(s) -## -extraVolumeMounts: [] - -## Add init containers to the wavefront-hpa-adapter pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## @param initContainers Add additional init containers to the Adapter pods -## -initContainers: [] - -## Add sidecars to the wavefront-hpa-adapter pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -## @param sidecars Add additional sidecar containers to the Adapter pod -## -sidecars: [] - -## Adapter prefix parameter -## @param adapterMetricPrefix Adapter metric `prefix` parameter -## -adapterMetricPrefix: kubernetes - -## Adapter API Timeout -## @param adapterAPIClientTimeout Adapter API timeout -## -adapterAPIClientTimeout: 10s - -## Adapter prefix parameter -## @param adapterMetricRelistInterval Adapter metric relist interval -## -adapterMetricRelistInterval: 10m - -## Adapter tags parameter -## @param adapterLogLevel Adapter log level -## -adapterLogLevel: info - -## Adapter rules -## @param adapterRules Adapter array of rules -## -adapterRules: [] - -## Adapter rules -## @param adapterSSLCertDir Adapter SSL Certs directory -## -adapterSSLCertDir: "/etc/ssl/certs" - -## Adapter SSL certs secrets -## @param adapterSSLCertsSecret Adapter SSL Certs secret (will use autogenerated if empty) -## -adapterSSLCertsSecret: "" - -## External wavefront settings -## -wavefront: - ## @param wavefront.url External Wavefront URL - ## - url: https://YOUR_CLUSTER.wavefront.com - ## @param wavefront.token External Wavefront Token - ## - token: YOUR_API_TOKEN - -## @section Traffic Exposure Parameters -## Service parameters -## -service: - ## @param service.type Adapter service type - ## - type: ClusterIP - ## HTTP Port - ## @param service.port Adapter service port - ## - port: 443 - ## loadBalancerIP for the Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## @param service.loadBalancerIP Adapter service LoadBalancer IP - ## - loadBalancerIP: "" - ## loadBalancerIP source ranges for the Service - ## @param service.loadBalancerSourceRanges loadBalancerIP source ranges for the Service - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## - ## nodePorts: - ## http: - ## https: - ## @param service.nodePorts.http NodePort for the HTTP endpoint - ## - nodePorts: - http: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## @param service.externalTrafficPolicy External traffic policy for the service - ## - externalTrafficPolicy: Cluster - -## @section RBAC parameters -## Specifies whether RBAC resources should be created -## @param rbac.create Weather to create & use RBAC resources or not -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## @param serviceAccount.create Enable the creation of a ServiceAccount for Reconciler pods -## @param serviceAccount.name Name of the created ServiceAccount -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: "" - -## Specifies if the API Services should be registered in the Kubernetes API -## @param apiService.create Create the APIService objects in Kubernetes API -## -apiService: - create: true diff --git a/bitnami/wavefront-prometheus-storage-adapter/Chart.lock b/bitnami/wavefront-prometheus-storage-adapter/Chart.lock deleted file mode 100644 index 3355825..0000000 --- a/bitnami/wavefront-prometheus-storage-adapter/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: wavefront - repository: https://charts.bitnami.com/bitnami - version: 3.1.11 -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:07ef843353e48a994c7a75f7549a8af7ffe281616f3d9a8a3305a5fb672b187f -generated: "2021-09-21T13:15:19.741168033Z" diff --git a/bitnami/wavefront-prometheus-storage-adapter/Chart.yaml b/bitnami/wavefront-prometheus-storage-adapter/Chart.yaml deleted file mode 100644 index 435c1c0..0000000 --- a/bitnami/wavefront-prometheus-storage-adapter/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 1.0.3 -dependencies: - - condition: wavefront.enabled - name: wavefront - repository: https://charts.bitnami.com/bitnami - version: 3.x.x - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Wavefront Storage Adapter is a Prometheus integration to transfer metrics from Prometheus to Wavefront. It lets you save Prometheus data in Wavefront without changing your existing Prometheus setup. -engine: gotpl -home: https://github.com/wavefrontHQ/prometheus-storage-adapter -icon: https://bitnami.com/assets/stacks/wavefront-prometheus-storage-adapter/img/wavefront-prometheus-storage-adapter-stack-220x234.png -keywords: - - alerting - - adapter - - metrics - - monitoring - - observability - - wavefront -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: wavefront-prometheus-storage-adapter -sources: - - https://github.com/bitnami/bitnami-docker-wavefront-prometheus-storage-adapter -version: 1.0.8 diff --git a/bitnami/wavefront-prometheus-storage-adapter/README.md b/bitnami/wavefront-prometheus-storage-adapter/README.md deleted file mode 100644 index 93e7093..0000000 --- a/bitnami/wavefront-prometheus-storage-adapter/README.md +++ /dev/null @@ -1,206 +0,0 @@ -# wavefront-prometheus-storage-adapter - -[Wavefront Storage Adapter for Prometheus](https://github.com/wavefrontHQ/prometheus-storage-adapter) is a Prometheus integration to transfer metrics from Prometheus to Wavefront. It works as a "fork", such that data written to Prometheus is also written to Wavefront. It supports metrics path conversion and direct ingestion of metrics. -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/wavefront-prometheus-storage-adapter -``` - -## Introduction -Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads. - -This chart bootstraps a [Wavefront Storage Adapter for Prometheus](https://github.com/wavefrontHQ/prometheus-storage-adapter) Deployment in a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/wavefront-prometheus-storage-adapter -``` - -These commands deploy wavefront-prometheus-storage-adapter on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` helm release: - -```console -$ helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | -------------------------------------------------- | --------------- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### Wavefront Prometheus Storage Adapter deployment parameters - -| Name | Description | Value | -| --------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------------------------------------- | -| `image.registry` | Adapter image registry | `docker.io` | -| `image.repository` | Adapter image repository | `bitnami/wavefront-prometheus-storage-adapter` | -| `image.tag` | Adapter image tag (immutabe tags are recommended) | `1.0.3-debian-10-r173` | -| `image.pullPolicy` | Adapter image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Adapter image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `15` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `resources.limits` | The resources limits for the Adapter container | `{}` | -| `resources.requests` | The requested resourcesc for the Adapter container | `{}` | -| `containerSecurityContext.enabled` | Enabled Adapter containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set Adapter container's Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set Adapter container's Security Context runAsNonRoot | `true` | -| `podSecurityContext.enabled` | Enabled Adapter pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Set Adapter pod's Security Context fsGroup | `1001` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `podLabels` | Extra labels for Adapter pods | `{}` | -| `podAnnotations` | Annotations for Adapter pods | `{}` | -| `priorityClassName` | Adapter pod priority | `""` | -| `lifecycleHooks` | Add lifecycle hooks to the Adapter deployment | `{}` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `updateStrategy.type` | Adapter deployment update strategy | `RollingUpdate` | -| `containerPort` | Adapter container port | `1234` | -| `extraEnvVars` | Add extra environment variables to the Adapter container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | -| `extraVolumes` | Optionally specify extra list of additional volumes for Adapter pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for Adapter container(s) | `[]` | -| `initContainers` | Add additional init containers to the Adapter pods | `[]` | -| `sidecars` | Add additional sidecar containers to the Adapter pod | `[]` | -| `externalProxy.host` | Host of a wavefront-proxy instance (required if wavefront.enabled = false) | `""` | -| `externalProxy.port` | Host of a wavefront-proxy instance (required if wavefront.enabled = false) | `2878` | -| `adapterPrefix` | Adapter `prefix` parameter | `""` | -| `adapterTags` | Adapter `tags` parameter | `""` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | -------------------------------------------- | ----------- | -| `service.type` | Adapter service type | `ClusterIP` | -| `service.port` | Adapter service port | `1234` | -| `service.loadBalancerIP` | Adapter service LoadBalancer IP | `""` | -| `service.loadBalancerSourceRanges` | loadBalancerIP source ranges for the Service | `[]` | -| `service.nodePorts.http` | NodePort for the HTTP endpoint | `""` | -| `service.externalTrafficPolicy` | External traffic policy for the service | `Cluster` | - - -### Wavefront sub-chart parameters - -| Name | Description | Value | -| --------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------------ | -| `wavefront.enabled` | Deploy Wavefront chart (necessary if externalProxyHost is not set) | `true` | -| `wavefront.wavefront.url` | Wavefront SAAS service URL | `https://YOUR_CLUSTER.wavefront.com` | -| `wavefront.wavefront.token` | Wavefront SAAS token | `YOUR_API_TOKEN` | -| `wavefront.collector.enabled` | Deploy Wavefront collector (not used by the Adapter pod) | `false` | -| `wavefront.rbac.create` | Create RBAC rules (not necessary as the Adapter only uses wavefront-proxy) | `false` | -| `wavefront.proxy.enabled` | Deploy Wavefront Proxy (required if externalProxyHost is not set) | `true` | -| `wavefront.proxy.port` | Deployed Wavefront Proxy port (required if externalProxyHost is not set) | `2878` | -| `wavefront.serviceAccount.create` | Create Wavefront serivce account (not necessary as the Adapter only uses wavefront-proxy) | `false` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set livenessProbe.successThreshold=5 \ - bitnami/wavefront-prometheus-storage-adapter -``` - -The above command sets the `livenessProbe.successThreshold` to `5`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/wavefront-prometheus-storage-adapter -``` - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Connect to a Wavefront Proxy instance - -The Wavefront Prometheus Storage Adapter chart needs to be connected to a Wavefront Proxy instance. This can be done in two different ways: - -- Deploying the Wavefront subchart, using only the Wavefront Proxy component (default behavior): This is done by setting `wavefront.enabled=true` and `wavefront.proxy.enabled=true`, but leaving the `externalProxy.host` value unset. We recommend disabling the rest of the Wavefront sub-chart resources as they would not be used by the Prometheus Storage Adapter. You also need to configure the Wavefront SaaS URL and token using the `wavefont.wavefront.url` and `wavefront.wavefront.token` parameters. - -- Using an external Wavefront Proxy instance: This is done by setting the `externalProxy.host` and `externalProxy.port` values. In this case, you should set the `wavefront.enabled` value to `false`. You also need to configure the Wavefront SaaS URL and token using the `wavefront.wavefront.url` and `wavefront.wavefront.token` parameters. - -Refer to the [chart documentation for more detailed configuration examples](https://docs.bitnami.com/kubernetes/apps/wavefront-storage-adapter-for-prometheus/get-started/configure-connection/). - -### Configure Prometheus - -Once the Wavefront Prometheus Storage Adapter is deployed, you will need to configure the `prometheus.yml` file in your Prometheus installation adding the following lines (substitute the RELEASE_NAME placeholder): - -```yaml -remote_write: - - url: "http://RELEASE_NAME-wavefront-prometheus-storage-adapter:1234/receive" -``` - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -```bash -$ helm upgrade my-release bitnami/wavefront-prometheus-storage-adapter -``` - -### To 1.0.0 - -This major updates the Wavefront subchart to its newest major release, 3.0.0, which contains a new major version for kube-state-metrics. For more information on this subchart's major version, please refer to the [Wavefront upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/wavefront#to-300). diff --git a/bitnami/wavefront-prometheus-storage-adapter/ci/values-external.yaml b/bitnami/wavefront-prometheus-storage-adapter/ci/values-external.yaml deleted file mode 100644 index 9ad2a40..0000000 --- a/bitnami/wavefront-prometheus-storage-adapter/ci/values-external.yaml +++ /dev/null @@ -1,6 +0,0 @@ -wavefront: - enabled: false - -externalProxy: - host: test-proxy - port: 1234 diff --git a/bitnami/wavefront-prometheus-storage-adapter/templates/NOTES.txt b/bitnami/wavefront-prometheus-storage-adapter/templates/NOTES.txt deleted file mode 100644 index e88844a..0000000 --- a/bitnami/wavefront-prometheus-storage-adapter/templates/NOTES.txt +++ /dev/null @@ -1,25 +0,0 @@ -** Please be patient while the chart is being deployed ** - -1. Get the application URL by running these commands: - -{{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ template "common.names.fullname" . }} - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - echo "The renconciler is available at http://127.0.0.1:{{ .Values.service.port }}" - kubectl port-forward svc/{{ template "common.names.fullname" . }} {{ .Values.service.port }}:{{ .Values.service.port }} & -{{- end }} - -2. Make sure that your running Prometheus instance has the following configuration in the prometheus.yml file - - remote_write: - - url: "http://{{ template "common.names.fullname" . }}:{{ .Values.service.port }}/receive" - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "wfpsa.validateValues" . }} diff --git a/bitnami/wavefront-prometheus-storage-adapter/templates/_helpers.tpl b/bitnami/wavefront-prometheus-storage-adapter/templates/_helpers.tpl deleted file mode 100644 index 8d99ab1..0000000 --- a/bitnami/wavefront-prometheus-storage-adapter/templates/_helpers.tpl +++ /dev/null @@ -1,94 +0,0 @@ -{{/* -Return the proper wavefront-prometheus-storage-adapter image name -*/}} -{{- define "wfpsa.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "wfpsa.proxy.fullname" -}} -{{- printf "%s-%s" .Release.Name "wavefront-proxy" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "wfpsa.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "wfpsa.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "wfpsa.validateValues.proxy" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Wavefront Prometheus Storage Adapter - Wavefront Proxy configuration */}} -{{- define "wfpsa.validateValues.proxy" -}} -{{- if and (not .Values.wavefront.enabled) (not .Values.externalProxy.host) -}} -wavefront-prometheus-storage-adaper: MissingProxy - The Storage Adapter must connect to a Wavefront Proxy instance. Use one of the following options: - - 1) Deploy the Wavefront subchart with the Wavefront Proxy. Recommended values: - - wavefront: - enabled: true - collector: - enabled: false - rbac: - create: false - serviceAccount: - create: false - proxy: - enabled: true - - 2) Use an existing Wavefront Proxy instance. Set the externalProxy.host and externalProxy.port values -{{- end -}} - -{{- if and (.Values.wavefront.enabled) (not .Values.wavefront.proxy.enabled) -}} -wavefront-prometheus-storage-adaper: SubchartProxyNotDeployed - The Wavefront subchart is being deployed without the mandatory Wavefront Proxy instance. Set wavefront.proxy.enabled=true. We recommend the following values: - - wavefront: - enabled: true - collector: - enabled: false - rbac: - create: false - serviceAccount: - create: false - proxy: - enabled: true -{{- end }} - -{{- if and .Values.wavefront.enabled .Values.externalProxy.host -}} -wavefront-prometheus-storage-adaper: ConflictingProxies - The Wavefront subchart is being deployed and an external Wavefront Proxy is set. Select ONLY one of the following options: - - 1) Deploy the Wavefront subchart with the Wavefront Proxy. Recommended values: - - wavefront: - enabled: true - collector: - enabled: false - rbac: - create: false - serviceAccount: - create: false - proxy: - enabled: true - - 2) Use an existing Wavefront Proxy instance. Set the externalProxy.host and externalProxy.port values -{{- end }} -{{- end -}} diff --git a/bitnami/wavefront-prometheus-storage-adapter/templates/deployment.yaml b/bitnami/wavefront-prometheus-storage-adapter/templates/deployment.yaml deleted file mode 100644 index 523fdac..0000000 --- a/bitnami/wavefront-prometheus-storage-adapter/templates/deployment.yaml +++ /dev/null @@ -1,146 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-prometheus-storage-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: wavefront-prometheus-storage-adapter - template: - metadata: - {{- if .Values.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: wavefront-prometheus-storage-adapter - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "wfpsa.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "wavefront-prometheus-storage-adapter" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "wavefront-prometheus-storage-adapter" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: wavefront-prometheus-storage-adapter - image: {{ template "wfpsa.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- else }} - command: - - adapter - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- else }} - args: - - -listen={{ .Values.containerPort }} - - -proxy={{ ternary (include "wfpsa.proxy.fullname" .) .Values.externalProxy.host .Values.wavefront.proxy.enabled }} - - -proxy-port={{ ternary .Values.wavefront.proxy.port .Values.externalProxy.port .Values.wavefront.proxy.enabled }} - {{- if .Values.adapterPrefix }} - - -prefix={{ .Values.adapterPrefix }} - {{- end }} - {{- if .Values.image.debug }} - - -debug - {{- end }} - {{- if .Values.adapterTags }} - - -tags={{ .Values.adapterTags }} - {{- end }} - {{- end }} - env: - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - ports: - - containerPort: {{ .Values.containerPort }} - name: http - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /health - port: http - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.extraVolumes }} - volumes: {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/wavefront-prometheus-storage-adapter/templates/extra-list.yaml b/bitnami/wavefront-prometheus-storage-adapter/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/wavefront-prometheus-storage-adapter/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/wavefront-prometheus-storage-adapter/templates/service.yaml b/bitnami/wavefront-prometheus-storage-adapter/templates/service.yaml deleted file mode 100644 index 0aac78a..0000000 --- a/bitnami/wavefront-prometheus-storage-adapter/templates/service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: wavefront-prometheus-storage-adapter - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - {{- if (and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http))) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: wavefront-prometheus-storage-adapter diff --git a/bitnami/wavefront-prometheus-storage-adapter/values.yaml b/bitnami/wavefront-prometheus-storage-adapter/values.yaml deleted file mode 100644 index b3aa8bf..0000000 --- a/bitnami/wavefront-prometheus-storage-adapter/values.yaml +++ /dev/null @@ -1,423 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -## @section Global parameters -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - imagePullSecrets: [] - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - storageClass: "" - -## Override Kubernetes version -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" - -## String to partially override common.names.fullname template (will maintain the release name) -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" - -## String to fully override common.names.fullname template -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" - -## Add labels to all the deployed resources -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} - -## Add annotations to all the deployed resources -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section Wavefront Prometheus Storage Adapter deployment parameters -## -image: - ## @param image.registry Adapter image registry - ## - registry: docker.io - ## @param image.repository Adapter image repository - ## - repository: bitnami/wavefront-prometheus-storage-adapter - ## @param image.tag Adapter image tag (immutabe tags are recommended) - ## - tag: 1.0.3-debian-10-r173 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - ## @param image.pullPolicy Adapter image pull policy - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - ## @param image.pullSecrets Adapter image pull secrets - ## - pullSecrets: [] - # - myRegistryKeySecretName - ## Enable debug mode - ## @param image.debug Enable image debug mode - ## - debug: false - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - failureThreshold: 5 - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - failureThreshold: 5 - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - -## Command and args for running the container (set to default if not set). Use array form -## @param command Override default container command (useful when using custom images) -## -command: [] -## Args for running the container (set to default if not set). Use array form -## @param args Override default container args (useful when using custom images) -## -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## @param hostAliases Add deployment host aliases -## -hostAliases: [] - -## wavefront-prometheus-storage-adapter resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param resources.limits The resources limits for the Adapter container - ## - limits: {} - # cpu: 200m - # memory: 256Mi - ## @param resources.requests The requested resourcesc for the Adapter container - ## - requests: {} - # cpu: 200m - # memory: 10Mi - -## wavefront-prometheus-storage-adapter containers' Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled Adapter containers' Security Context -## @param containerSecurityContext.runAsUser Set Adapter container's Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set Adapter container's Security Context runAsNonRoot -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - -## wavefront-prometheus-storage-adapter pods' Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled Adapter pods' Security Context -## @param podSecurityContext.fsGroup Set Adapter pod's Security Context fsGroup -## -podSecurityContext: - enabled: true - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set -## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## @param affinity Affinity for pod assignment -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## @param nodeSelector Node labels for pod assignment -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## @param tolerations Tolerations for pod assignment -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -## @param podLabels Extra labels for Adapter pods -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## @param podAnnotations Annotations for Adapter pods -## -podAnnotations: {} - -## wavefront-prometheus-storage-adapter pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## @param priorityClassName Adapter pod priority -## -priorityClassName: "" - -## lifecycleHooks for the wavefront-prometheus-storage-adapter container to automate configuration before or after startup. -## @param lifecycleHooks Add lifecycle hooks to the Adapter deployment -## -lifecycleHooks: {} - -## Custom Liveness probes for wavefront-prometheus-storage-adapter -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} - -## Custom Rediness probes wavefront-prometheus-storage-adapter -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## @param updateStrategy.type Adapter deployment update strategy -## -updateStrategy: - type: RollingUpdate - -## Adapter Container port -## @param containerPort Adapter container port -## -containerPort: 1234 -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## @param extraEnvVars Add extra environment variables to the Adapter container -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" - -## Secret with extra environment variables -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars -## -extraEnvVarsSecret: "" - -## Extra volumes to add to the deployment -## @param extraVolumes Optionally specify extra list of additional volumes for Adapter pods -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for Adapter container(s) -## -extraVolumeMounts: [] - -## Add init containers to the wavefront-prometheus-storage-adapter pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## @param initContainers Add additional init containers to the Adapter pods -## -initContainers: [] - -## Add sidecars to the wavefront-prometheus-storage-adapter pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -## @param sidecars Add additional sidecar containers to the Adapter pod -## -sidecars: [] - -## Use an external wavefront-proxy host -## -externalProxy: - ## @param externalProxy.host Host of a wavefront-proxy instance (required if wavefront.enabled = false) - ## - host: "" - ## @param externalProxy.port Host of a wavefront-proxy instance (required if wavefront.enabled = false) - ## - port: 2878 - -## Adapter prefix parameter -## @param adapterPrefix Adapter `prefix` parameter -## -adapterPrefix: "" - -## Adapter tags parameter -## @param adapterTags Adapter `tags` parameter -## -adapterTags: "" - -## @section Traffic Exposure Parameters -## Service parameters -## -service: - ## @param service.type Adapter service type - ## - type: ClusterIP - ## HTTP Port - ## @param service.port Adapter service port - ## - port: 1234 - ## loadBalancerIP for the Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## @param service.loadBalancerIP Adapter service LoadBalancer IP - ## - loadBalancerIP: "" - ## loadBalancerIP source ranges for the Service - ## @param service.loadBalancerSourceRanges loadBalancerIP source ranges for the Service - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## - ## nodePorts: - ## http: - ## https: - ## @param service.nodePorts.http NodePort for the HTTP endpoint - ## - nodePorts: - http: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## @param service.externalTrafficPolicy External traffic policy for the service - ## - externalTrafficPolicy: Cluster - -## @section Wavefront sub-chart parameters -## Wavefront chart parameters -## NOTE: This solution will currently work with wavefront-proxy, reason why we disable the rest of -## the services by default -## -wavefront: - ## @param wavefront.enabled Deploy Wavefront chart (necessary if externalProxyHost is not set) - ## - enabled: true - - ## @param wavefront.wavefront.url Wavefront SAAS service URL - ## @param wavefront.wavefront.token Wavefront SAAS token - ## - wavefront: - url: https://YOUR_CLUSTER.wavefront.com - token: YOUR_API_TOKEN - - ## @param wavefront.collector.enabled Deploy Wavefront collector (not used by the Adapter pod) - ## - collector: - enabled: false - ## @param wavefront.rbac.create Create RBAC rules (not necessary as the Adapter only uses wavefront-proxy) - ## - rbac: - create: false - proxy: - ## @param wavefront.proxy.enabled Deploy Wavefront Proxy (required if externalProxyHost is not set) - ## - enabled: true - ## @param wavefront.proxy.port Deployed Wavefront Proxy port (required if externalProxyHost is not set) - ## - port: 2878 - ## @param wavefront.serviceAccount.create Create Wavefront serivce account (not necessary as the Adapter only uses wavefront-proxy) - ## - serviceAccount: - create: false diff --git a/bitnami/wavefront/.helmignore b/bitnami/wavefront/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/wavefront/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/wavefront/Chart.lock b/bitnami/wavefront/Chart.lock deleted file mode 100644 index df9a8e9..0000000 --- a/bitnami/wavefront/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -- name: kube-state-metrics - repository: https://charts.bitnami.com/bitnami - version: 2.1.8 -digest: sha256:f7b0f46b9341d95c39a858faf6a458dfc45c81e3888b36bf5ec0778ed3ccd46f -generated: "2021-09-22T18:23:10.016049236Z" diff --git a/bitnami/wavefront/Chart.yaml b/bitnami/wavefront/Chart.yaml deleted file mode 100644 index 364de3f..0000000 --- a/bitnami/wavefront/Chart.yaml +++ /dev/null @@ -1,33 +0,0 @@ -annotations: - category: Analytics -apiVersion: v2 -appVersion: 1.7.1 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x - - condition: kube-state-metrics.enabled - name: kube-state-metrics - repository: https://charts.bitnami.com/bitnami - version: 2.x.x -description: Chart for Wavefront Collector for Kubernetes -engine: gotpl -home: https://www.wavefront.com -icon: https://bitnami.com/assets/stacks/wavefront-collector/img/wavefront-collector-stack-220x234.png -keywords: - - metric - - monitoring - - observability - - alerting -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: wavefront -sources: - - https://github.com/bitnami/bitnami-docker-wavefront-kubernetes-collector - - https://github.com/bitnami/bitnami-docker-wavefront-proxy - - https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes - - https://github.com/wavefrontHQ/wavefront-proxy -version: 3.1.12 diff --git a/bitnami/wavefront/README.md b/bitnami/wavefront/README.md deleted file mode 100644 index 7d58ec0..0000000 --- a/bitnami/wavefront/README.md +++ /dev/null @@ -1,318 +0,0 @@ -# Wavefront Collector for Kubernetes - -[Wavefront](https://wavefront.com) is a cloud-native monitoring and analytics platform that provides three dimensional microservices observability with metrics, histograms and OpenTracing-compatible distributed tracing. - -## TL;DR - -```console -$ kubectl create namespace wavefront -$ helm install my-release bitnami/wavefront --namespace wavefront \ - --set clusterName= \ - --set wavefront.url=https://.wavefront.com \ - --set wavefront.token= -``` - -## Introduction - -This chart will deploy the Wavefront Collector for Kubernetes and Wavefront Proxy to your Kubernetes cluster. You can use this chart to install multiple Wavefront Proxy releases, though only one Wavefront Collector for Kubernetes per cluster should be used. - -You can learn more about the Wavefront and Kubernetes integration [in the official documentation](https://docs.wavefront.com/wavefront_kubernetes.html) - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release` (if not already done, create a `wavefront` namespace): - -```console -$ kubectl create namespace wavefront -$ helm install my-release bitnami/wavefront --namespace wavefront \ - --set clusterName= \ - --set wavefront.url=https://.wavefront.com \ - --set wavefront.token= -``` - -The command deploys Wavefront on the Kubernetes cluster in the `wavefront` namespace using the configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -The **required** parameters are `clusterName`, `wavefront.url` and `wavefront.token`. You will need to provide values for those options for a successful installation of the chart. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. If you want to also remove the namespace please execute `kubectl delete namespace wavefront`. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------------------- | ----- | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | -| `extraDeploy` | Extra objects to deploy (value evaluated as a template) | `[]` | - - -### Wavefront Common parameters - -| Name | Description | Value | -| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------ | -| `clusterName` | This is a unique name for the cluster (required) | `KUBERNETES_CLUSTER_NAME` | -| `wavefront.url` | Wavefront URL for your cluster (required) | `https://YOUR_CLUSTER.wavefront.com` | -| `wavefront.token` | Wavefront API Token (required) | `YOUR_API_TOKEN` | -| `wavefront.existingSecret` | Name of an existing secret containing the token | `""` | -| `podSecurityPolicy.create` | Specifies whether PodSecurityPolicy resources should be created | `false` | -| `rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `serviceAccount.create` | Create Wavefront service account | `true` | -| `serviceAccount.name` | Name of Wavefront service account | `""` | -| `projectPacific.enabled` | Enable and create role binding for Tanzu Kubernetes cluster | `false` | -| `tkgi.enabled` | Properties for TKGI environments. If enabled, a role binding to handle pod security policy will be installed within the TKGI cluster | `false` | - - -### Collector parameters - -| Name | Description | Value | -| ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ---------------------------------------- | -| `collector.enabled` | Setup and enable the Wavefront collector to gather metrics | `true` | -| `collector.image.registry` | Wavefront collector Image registry | `docker.io` | -| `collector.image.repository` | Wavefront collector Image repository | `bitnami/wavefront-kubernetes-collector` | -| `collector.image.tag` | Wavefront collector Image tag (immutable tags are recommended) | `1.7.1-scratch-r0` | -| `collector.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `collector.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `collector.hostAliases` | Deployment pod host aliases | `[]` | -| `collector.useDaemonset` | Use Wavefront collector in Daemonset mode | `true` | -| `collector.usePKSPrefix` | If installing into a TKGi/PKS environment, set this to true. Prefixes metrics with 'pks.kubernetes.' | `false` | -| `collector.maxProcs` | Maximum number of CPUs that can be used simultaneously | `""` | -| `collector.logLevel` | Log level. Allowed values: `info`, `debug` or `trace` | `""` | -| `collector.interval` | Default metrics collection interval | `""` | -| `collector.flushInterval` | How often to force a metrics flush | `""` | -| `collector.sinkDelay` | Timeout for exporting data | `""` | -| `collector.useReadOnlyPort` | Use un-authenticated port for kubelet | `false` | -| `collector.useProxy` | Use a Wavefront Proxy to send metrics through | `true` | -| `collector.proxyAddress` | Can be used to specify a specific address for the Wavefront Proxy | `""` | -| `collector.kubernetesState` | Collect metrics about Kubernetes resource states | `true` | -| `collector.apiServerMetrics` | Collect metrics about Kubernetes API server | `false` | -| `collector.tags` | Map of tags to apply to all metrics collected by the collector | `{}` | -| `collector.hostOSMetrics` | If set to true, host OS metrics will be collected | `false` | -| `collector.filters.metricDenyList` | Optimized metrics collection to omit peripheral metrics. | `[]` | -| `collector.filters.tagExclude` | Filter out generated labels | `[]` | -| `collector.events.enabled` | Events can also be collected and sent to Wavefront | `false` | -| `collector.discovery.enabled` | Rules based and Prometheus endpoints auto-discovery | `true` | -| `collector.discovery.annotationPrefix` | When specified, this replaces `prometheus.io` as the prefix for annotations used to auto-discover Prometheus endpoints | `""` | -| `collector.discovery.enableRuntimeConfigs` | Whether to enable runtime discovery configurations | `true` | -| `collector.discovery.config` | Configuration for rules based auto-discovery | `[]` | -| `collector.existingConfigmap` | Name of existing ConfigMap with collector configuration | `""` | -| `collector.command` | Override default container command (useful when using custom images) | `[]` | -| `collector.args` | Override default container args (useful when using custom images) | `[]` | -| `collector.resources.limits` | The resources limits for the collector container | `{}` | -| `collector.resources.requests` | The requested resources for the collector container | `{}` | -| `collector.containerSecurityContext.enabled` | Enable Container Security Context configuration | `true` | -| `collector.containerSecurityContext.runAsUser` | Set Container's Security Context runAsUser | `1001` | -| `collector.containerSecurityContext.runAsNonRoot` | Set Container's Security Context runAsNonRoot | `true` | -| `collector.podSecurityContext.enabled` | Enable Pod Security Context configuration | `true` | -| `collector.podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` | -| `collector.podAffinityPreset` | Wavefront collector pod affinity preset. Ignored if `collector.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `collector.podAntiAffinityPreset` | Wavefront collector pod anti-affinity preset. Ignored if `collector.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `collector.nodeAffinityPreset.type` | Wavefront collector node affinity preset type. Ignored if `collector.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `collector.nodeAffinityPreset.key` | Wavefront collector node label key to match Ignored if `collector.affinity` is set. | `""` | -| `collector.nodeAffinityPreset.values` | Wavefront collector node label values to match. Ignored if `collector.affinity` is set. | `[]` | -| `collector.affinity` | Wavefront collector affinity for pod assignment | `{}` | -| `collector.nodeSelector` | Wavefront collector node labels for pod assignment | `{}` | -| `collector.tolerations` | Wavefront collector tolerations for pod assignment | `[]` | -| `collector.podLabels` | Wavefront collector pod extra labels | `{}` | -| `collector.podAnnotations` | Annotations for Wavefront collector pods | `{}` | -| `collector.priorityClassName` | Wavefront Collector pods' priority | `""` | -| `collector.lifecycleHooks` | Lifecycle hooks for the Wavefront Collector container to automate configuration before or after startup | `{}` | -| `collector.customLivenessProbe` | Override default liveness probe | `{}` | -| `collector.customReadinessProbe` | Override default readiness probe | `{}` | -| `collector.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `collector.extraEnvVars` | Extra environment variables to be set on collector container | `[]` | -| `collector.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | -| `collector.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` | -| `collector.extraVolumes` | Optionally specify extra list of additional volumes for collector container | `[]` | -| `collector.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for collector container | `[]` | -| `collector.initContainers` | Add init containers to the Wavefront proxy pods | `[]` | -| `collector.sidecars` | Add sidecars to the Wavefront proxy pods | `[]` | - - -### Proxy parameters - -| Name | Description | Value | -| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `proxy.enabled` | Setup and enable Wavefront proxy to send metrics through | `true` | -| `proxy.image.registry` | Wavefront proxy image registry | `docker.io` | -| `proxy.image.repository` | Wavefront proxy image repository | `bitnami/wavefront-proxy` | -| `proxy.image.tag` | Wavefront proxy image tag (immutable tags are recommended) | `10.8.0-debian-10-r14` | -| `proxy.image.pullPolicy` | Wavefront proxy image pull policy | `IfNotPresent` | -| `proxy.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `proxy.hostAliases` | Deployment pod host aliases | `[]` | -| `proxy.resources.limits` | The resources limits for the proxy container | `{}` | -| `proxy.resources.requests` | The requested resources for the proxy container | `{}` | -| `proxy.containerSecurityContext.enabled` | Enable Container Security Context configuration | `true` | -| `proxy.containerSecurityContext.runAsUser` | Set Container's Security Context runAsUser | `1001` | -| `proxy.containerSecurityContext.runAsNonRoot` | Set Container's Security Context runAsNonRoot | `true` | -| `proxy.podSecurityContext.enabled` | Enable Pod Security Context configuration | `true` | -| `proxy.podSecurityContext.fsGroup` | Group ID for the volumes of the pod | `1001` | -| `proxy.podAffinityPreset` | Wavefront proxy pod affinity preset. Ignored if `proxy.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `proxy.podAntiAffinityPreset` | Wavefront proxy pod anti-affinity preset. Ignored if `proxy.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `proxy.nodeAffinityPreset.type` | Wavefront proxy node affinity preset type. Ignored if `proxy.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `proxy.nodeAffinityPreset.key` | Wavefront proxy node label key to match Ignored if `proxy.affinity` is set. | `""` | -| `proxy.nodeAffinityPreset.values` | Wavefront proxy node label values to match. Ignored if `proxy.affinity` is set. | `[]` | -| `proxy.affinity` | Wavefront proxy affinity for pod assignment | `{}` | -| `proxy.nodeSelector` | Wavefront proxy node labels for pod assignment | `{}` | -| `proxy.tolerations` | Wavefront proxy tolerations for pod assignment | `[]` | -| `proxy.podLabels` | Wavefront proxy pod extra labels | `{}` | -| `proxy.podAnnotations` | Annotations for Wavefront proxy pods | `{}` | -| `proxy.priorityClassName` | Wavefront proxy pods' priority class name | `""` | -| `proxy.lifecycleHooks` | Lifecycle hooks for the Wavefront proxy container to automate configuration before or after startup | `{}` | -| `proxy.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `proxy.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `proxy.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `proxy.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `proxy.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `proxy.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `proxy.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `proxy.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `proxy.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` | -| `proxy.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `proxy.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `proxy.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `proxy.customLivenessProbe` | Override default liveness probe | `{}` | -| `proxy.customReadinessProbe` | Override default readiness probe | `{}` | -| `proxy.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `proxy.extraEnvVars` | Extra environment variables to be set on proxy container | `[]` | -| `proxy.extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | -| `proxy.extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` | -| `proxy.extraVolumes` | Optionally specify extra list of additional volumes for proxy container | `[]` | -| `proxy.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for proxy container | `[]` | -| `proxy.initContainers` | Add init containers to the Wavefront proxy pods | `[]` | -| `proxy.sidecars` | Add sidecars to the Wavefront proxy pods | `[]` | -| `proxy.replicas` | Replicas to deploy for Wavefront proxy (usually 1) | `1` | -| `proxy.port` | The port number the proxy will listen on for metrics in Wavefront data format | `2878` | -| `proxy.tracePort` | The port number the proxy will listen on for tracing spans in Wavefront trace data format (usually 30000) | `""` | -| `proxy.jaegerPort` | The port number the proxy will listen on for tracing spans in Jaeger data format (usually 30001) | `""` | -| `proxy.traceJaegerHttpListenerPort` | TCP ports to receive Jaeger Thrift formatted data via HTTP. The data is then sent to Wavefront in Wavefront span format (usually 30080) | `""` | -| `proxy.traceJaegerGrpcListenerPort` | TCP ports to receive Jaeger GRPC formatted data via HTTP (usually 14250) | `""` | -| `proxy.zipkinPort` | The port number the proxy will listen on for tracing spans in Zipkin data format (usually 9411) | `""` | -| `proxy.traceSamplingRate` | Sampling rate to apply to tracing spans sent to the proxy | `""` | -| `proxy.traceSamplingDuration` | When set to greater than 0, spans that exceed this duration will force trace to be sampled (ms) | `""` | -| `proxy.traceJaegerApplicationName` | Custom application name for traces received on Jaeger's traceJaegerListenerPorts or traceJaegerHttpListenerPorts. | `""` | -| `proxy.traceZipkinApplicationName` | Custom application name for traces received on Zipkin's traceZipkinListenerPorts. | `""` | -| `proxy.histogramPort` | Port for histogram distribution format data (usually 40000) | `""` | -| `proxy.histogramMinutePort` | Port to accumulate 1-minute based histograms on Wavefront data format (usually 40001) | `""` | -| `proxy.histogramHourPort` | Port to accumulate 1-hour based histograms on Wavefront data format (usually 40002) | `""` | -| `proxy.histogramDayPort` | Port to accumulate 1-day based histograms on Wavefront data format (usually 40003) | `""` | -| `proxy.deltaCounterPort` | Port to accumulate 1-minute delta counters on Wavefront data format (usually 50000) | `""` | -| `proxy.args` | Any configuration property can be passed to the proxy via command line args in the format: `-- ` | `""` | -| `proxy.heap` | Wavefront proxy Java heap maximum usage (java -Xmx command line option) | `""` | -| `proxy.existingConfigmap` | Name of existing ConfigMap with Proxy preprocessor configuration | `""` | -| `proxy.preprocessor` | Preprocessor rules is a powerful way to apply filtering or to enhance metrics as they flow | `{}` | - - -### Kube State Metrics parameters - -| Name | Description | Value | -| ---------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `kube-state-metrics.enabled` | If enabled the kube-state-metrics chart will be installed as a subchart and the collector will be configured to capture metrics. | `false` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set proxy.replicas=3 \ - bitnami/wavefront -``` - -The above command sets 3 proxy replicas. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/wavefront -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use DaemonSet (preferred) or Deployment - -It is possible to deploy the Collector as a `Daemonset` or a `Deployment`. Refer to the documentation for [detailed information on the differences between these options](https://docs.bitnami.com/kubernetes/apps/wavefront/configuration/configure-collector/). - -The most common use case is to deploy the Wavefront Collector as a `DaemonSet` to obtain information from the different nodes. However, there are some use cases where a `Deployment` can be used to gather data (at application level) without deploying a pod per node. - -### Use a different Wavefront version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/apps/wavefront/configuration/change-image-version/). - -### Use Sidecars and Init Containers - -If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. - -Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.bitnami.com/kubernetes/apps/wavefront/configuration/configure-sidecar-init-containers/). - -### Add extra environment variables - -To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: WAVEFRONT_WHATEVER - value: value -``` - -Alternatively, use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Set Pod affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 3.0.0 - -This major updates the kube-state-metrics subchart to it newest major, 2.0.0, which contains name changes to a few of its values. For more information on this subchart's major, please refer to [kube-state-metrics upgrade notes](https://github.com/bitnami/charts/tree/master/bitnami/kube-state-metrics#to-200). - -### To 2.0.0 - -The wavefront-collector container has been moved to scratch. From now on the content of wavefront-collector container will be just the wavefront-collector binary, so it will not have a shell. - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/apps/wavefront/administration/upgrade-helm3/). diff --git a/bitnami/wavefront/templates/NOTES.txt b/bitnami/wavefront/templates/NOTES.txt deleted file mode 100644 index cb80d22..0000000 --- a/bitnami/wavefront/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -Wavefront is setup and configured to collect metrics from your Kubernetes cluster. You should see metrics flowing within a few minutes. - -You can visit this dashboard in Wavefront to see your Kubernetes metrics: - -{{ .Values.wavefront.url }}/dashboard/integration-kubernetes-summary - -{{ include "common.warnings.rollingTag" .Values.collector.image }} -{{ include "common.warnings.rollingTag" .Values.proxy.image }} -{{- include "wavefront.validateValues" . }} diff --git a/bitnami/wavefront/templates/_helpers.tpl b/bitnami/wavefront/templates/_helpers.tpl deleted file mode 100644 index 5be1355..0000000 --- a/bitnami/wavefront/templates/_helpers.tpl +++ /dev/null @@ -1,153 +0,0 @@ -{{/* -Return the proper collector image name -*/}} -{{- define "wavefront.collector.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.collector.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper proxy image name -*/}} -{{- define "wavefront.proxy.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.proxy.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "wavefront.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.collector.image .Values.proxy.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "wavefront.collector.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s-collector" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Return true if the proxy configmap object should be created -*/}} -{{- define "wavefront.proxy.createConfigmap" -}} -{{- if and .Values.proxy.preprocessor (not .Values.proxy.ExistingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proxy configuration configmap name -*/}} -{{- define "wavefront.proxy.configmapName" -}} -{{- if .Values.proxy.existingConfigmap -}} - {{- printf "%s" (tpl .Values.proxy.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-proxy-preprocessor" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if the collector configmap object should be created -*/}} -{{- define "wavefront.collector.createConfigmap" -}} -{{- if and .Values.collector.enabled (not .Values.collector.ExistingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the collector configuration configmap name -*/}} -{{- define "wavefront.collector.configmapName" -}} -{{- if .Values.collector.existingConfigmap -}} - {{- printf "%s" (tpl .Values.collector.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-collector-config" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the token secret name -*/}} -{{- define "wavefront.token.secretName" -}} -{{- if .Values.wavefront.existingSecret -}} - {{- printf "%s" (tpl .Values.wavefront.existingSecret $) -}} -{{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "wavefront.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "wavefront.validateValues.clusterName" .) -}} -{{- $messages := append $messages (include "wavefront.validateValues.collector-proxy" .) -}} -{{- $messages := append $messages (include "wavefront.validateValues.api" .) -}} -{{- $messages := append $messages (include "wavefront.validateValues.proxy" .) -}} -{{- $messages := append $messages (include "wavefront.validateValues.instance" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Wavefront - clusterName */}} -{{- define "wavefront.validateValues.clusterName" -}} -{{- if or (not .Values.clusterName) (eq .Values.clusterName "KUBERNETES_CLUSTER_NAME") -}} -wavefront: clusterName - You must set the value for 'clusterName' to uniquely identify this Kubernetes cluster in Wavefront. -{{- end -}} -{{- end -}} - -{{/* Validate values of Wavfront - collector-proxy */}} -{{- define "wavefront.validateValues.collector-proxy" -}} -{{- if and .Values.collector.useProxy (not .Values.proxy.enabled) (not .Values.collector.proxyAddress) -}} -wavefront: collector-proxy - Collector is set to use proxy but `proxy.enabled` is not true and `collector.proxyAddress` is not provided. -{{- end -}} -{{- end -}} - -{{/* Validate values of Wavefront - API */}} -{{- define "wavefront.validateValues.api" -}} -{{- $validUrl := and (.Values.wavefront.url) (ne .Values.wavefront.url "https://YOUR_CLUSTER.wavefront.com") -}} -{{- $validToken := or .Values.wavefront.existingSecret (and (.Values.wavefront.token) (ne .Values.wavefront.token "YOUR_API_TOKEN")) -}} -{{- if and (not .Values.collector.useProxy) (or (not $validUrl) (not $validToken)) -}} -wavefront: api - Collector is set to use direct ingestion API but `wavefront.url` or `wavefront.token` are not specified. -{{- end -}} -{{- end -}} - -{{/* Validate values of Wavefront - Proxy */}} -{{- define "wavefront.validateValues.proxy" -}} -{{- $validUrl := and (.Values.wavefront.url) (ne .Values.wavefront.url "https://YOUR_CLUSTER.wavefront.com") -}} -{{- $validToken := or .Values.wavefront.existingSecret (and (.Values.wavefront.token) (ne .Values.wavefront.token "YOUR_API_TOKEN")) -}} -{{- if and .Values.proxy.enabled (or (not $validUrl) (not $validToken)) }} -wavefront: proxy - Proxy is enabled but `wavefront.url` or `wavefront.token` are not specified. -{{- end }} -{{- end }} - -{{/* Validate values of Wavefront - URL or token */}} -{{- define "wavefront.validateValues.instance" -}} -{{- $validUrl := and (.Values.wavefront.url) (ne .Values.wavefront.url "https://YOUR_CLUSTER.wavefront.com") -}} -{{- $validToken := or .Values.wavefront.existingSecret (and (.Values.wavefront.token) (ne .Values.wavefront.token "YOUR_API_TOKEN")) -}} -{{- if or (not $validUrl) (not $validToken) }} -wavefront: instance - You did not specify a valid URL or Token for Wavefront. - If you do not have a Wavefront instance you can get a free trial here - - https://www.wavefront.com/sign-up - - If you already have access to Wavefront please specify your URL and Token then try again. -{{- end }} -{{- end }} diff --git a/bitnami/wavefront/templates/api-token-secret.yaml b/bitnami/wavefront/templates/api-token-secret.yaml deleted file mode 100644 index 88b7033..0000000 --- a/bitnami/wavefront/templates/api-token-secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.wavefront.token (not .Values.wavefront.existingSecret) }} -apiVersion: v1 -kind: Secret -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: collector - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - api-token: {{ .Values.wavefront.token | b64enc | quote }} -{{- end }} diff --git a/bitnami/wavefront/templates/collector-cluster-role.yaml b/bitnami/wavefront/templates/collector-cluster-role.yaml deleted file mode 100644 index c7ac1f4..0000000 --- a/bitnami/wavefront/templates/collector-cluster-role.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if and .Values.rbac.create .Values.collector.enabled }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: ClusterRole -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: collector - kubernetes.io/bootstrapping: rbac-defaults - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-collector -rules: - - apiGroups: - - "" - resources: - - events - - namespaces - - nodes - - nodes/proxy - - nodes/stats - - pods - - replicationcontrollers - - secrets - - services - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - update - - create - - list - - watch -{{- if .Values.podSecurityPolicy.create }} - - apiGroups: - - policy - resourceNames: - - {{ template "common.names.fullname" . }} - resources: - - podsecuritypolicies - verbs: - - use - - apiGroups: - - "" - resources: - - pods - verbs: - - create -{{- end }} -{{- if .Values.collector.kubernetesState }} - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - statefulsets - - replicasets - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - jobs - - cronjobs - verbs: - - get - - list - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch -{{- end }} - - nonResourceURLs: ["/metrics"] - verbs: - - get -{{- if .Values.tkgi.enabled }} -- apiGroups: - - policy - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - pks-privileged -{{- end }} -{{- end }} diff --git a/bitnami/wavefront/templates/collector-clusterrolebinding.yaml b/bitnami/wavefront/templates/collector-clusterrolebinding.yaml deleted file mode 100644 index b26f875..0000000 --- a/bitnami/wavefront/templates/collector-clusterrolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.rbac.create .Values.collector.enabled }} -kind: ClusterRoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: collector - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-collector - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "common.names.fullname" . }}-collector -subjects: - - kind: ServiceAccount - name: {{ template "wavefront.collector.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/wavefront/templates/collector-config.yaml b/bitnami/wavefront/templates/collector-config.yaml deleted file mode 100644 index 6049ab2..0000000 --- a/bitnami/wavefront/templates/collector-config.yaml +++ /dev/null @@ -1,178 +0,0 @@ -{{- if (include "wavefront.collector.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: collector - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-collector-config - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - config.yaml: | - clusterName: {{ .Values.clusterName }} - enableDiscovery: {{ .Values.collector.discovery.enabled }} - enableEvents: {{ .Values.collector.events.enabled }} - defaultCollectionInterval: {{ .Values.collector.interval | default "60s" }} - flushInterval: {{ .Values.collector.flushInterval | default "10s" }} - sinkExportDataTimeout: {{ .Values.collector.sinkDelay | default "20s" }} - - sinks: - {{- if .Values.collector.useProxy }} - {{- if .Values.collector.proxyAddress }} - - proxyAddress: {{ .Values.collector.proxyAddress }} - {{- else }} - - proxyAddress: {{ template "common.names.fullname" . }}-proxy:{{ .Values.proxy.port }} - {{- end }} - {{- else }} - - server: {{ .Values.wavefront.url }} - token: {{ .Values.wavefront.token }} - {{- end }} - {{- if .Values.collector.tags }} - tags: {{- include "common.tplvalues.render" ( dict "value" .Values.collector.tags "context" . ) | nindent 8 }} - {{- end }} - {{- if .Values.collector.filters }} - filters: {{- include "common.tplvalues.render" ( dict "value" .Values.collector.filters "context" . ) | nindent 8 }} - {{- end }} - - sources: - kubernetes_source: - {{- if .Values.collector.useReadOnlyPort }} - url: - kubeletPort: 10255 - kubeletHttps: false - {{- else }} - url: https://kubernetes.default.svc - kubeletPort: 10250 - kubeletHttps: true - {{- end }} - {{- if .Values.serviceAccount.create }} - useServiceAccount: true - {{- else }} - useServiceAccount: false - {{- end }} - insecure: true - {{- if .Values.collector.usePKSPrefix }} - prefix: pks.kubernetes. - {{- else }} - prefix: kubernetes. - {{- end }} - filters: - metricBlacklist: - - 'kubernetes.sys_container.*' - - 'kubernetes.node.ephemeral_storage.*' - - internal_stats_source: - {{- if .Values.collector.usePKSPrefix }} - prefix: pks.kubernetes. - {{- else }} - prefix: kubernetes. - {{- end }} - - {{- if .Values.collector.kubernetesState }} - kubernetes_state_source: - {{- if .Values.collector.usePKSPrefix }} - prefix: pks.kubernetes. - {{- else }} - prefix: kubernetes. - {{- end }} - {{- end }} - - {{- if .Values.collector.hostOSMetrics }} - telegraf_sources: - - plugins: [] - {{- end }} - - {{- if .Values.collector.apiServerMetrics }} - # Kubernetes API Server - prometheus_sources: - - url: https://kubernetes.default.svc.cluster.local:443/metrics - httpConfig: - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - prefix: kube.apiserver. - filters: - metricWhitelist: - - 'kube.apiserver.apiserver.*' - - 'kube.apiserver.etcd.*' - - 'kube.apiserver.process.*' - {{- end }} - - {{- if .Values.collector.events.enabled }} - events: - {{- if .Values.collector.events.filters }} - filters: {{- include "common.tplvalues.render" ( dict "value" .Values.collector.events.filters "context" . ) | nindent 8 }} - {{- end }} - {{- end }} - - {{- if .Values.collector.discovery.enabled }} - - discovery: - {{- if .Values.collector.discovery.annotationPrefix }} - annotation_prefix: {{ .Values.collector.discovery.annotationPrefix | quote }} - {{- end }} - {{- if .Values.collector.discovery.enableRuntimeConfigs }} - enable_runtime_plugins: {{ .Values.collector.discovery.enableRuntimeConfigs }} - {{- end }} - - plugins: - - # auto-discover kube DNS - - name: kube-dns-discovery - type: prometheus - selectors: - images: - - '*kube-dns/sidecar*' - labels: - k8s-app: - - kube-dns - port: 10054 - path: /metrics - scheme: http - prefix: kube.dns. - filters: - metricWhitelist: - - 'kube.dns.http.request.duration.microseconds' - - 'kube.dns.http.request.size.bytes' - - 'kube.dns.http.requests.total.counter' - - 'kube.dns.http.response.size.bytes' - - 'kube.dns.kubedns.dnsmasq.*' - - 'kube.dns.process.*' - - # auto-discover coredns - - name: coredns-discovery - type: prometheus - selectors: - images: - - '*coredns:*' - labels: - k8s-app: - - kube-dns - port: 9153 - path: /metrics - scheme: http - prefix: kube.coredns. - filters: - metricWhitelist: - - 'kube.coredns.coredns.cache.*' - - 'kube.coredns.coredns.dns.request.count.total.counter' - - 'kube.coredns.coredns.dns.request.duration.seconds' - - 'kube.coredns.coredns.dns.request.size.bytes' - - 'kube.coredns.coredns.dns.request.type.count.total.counter' - - 'kube.coredns.coredns.dns.response.rcode.count.total.counter' - - 'kube.coredns.coredns.dns.response.size.bytes' - - 'kube.coredns.process.*' - - {{- if .Values.collector.discovery.config }} - - # user supplied discovery config -{{- include "common.tplvalues.render" ( dict "value" .Values.collector.discovery.config "context" . ) | nindent 6 }} - {{- end }} - {{- end }} - -{{- end }} diff --git a/bitnami/wavefront/templates/collector-daemonset.yaml b/bitnami/wavefront/templates/collector-daemonset.yaml deleted file mode 100644 index acfd089..0000000 --- a/bitnami/wavefront/templates/collector-daemonset.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- if and .Values.collector.enabled .Values.collector.useDaemonset }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: collector - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-collector - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.collector.updateStrategy }} - updateStrategy: {{- toYaml .Values.collector.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: collector - template: - metadata: - {{- if .Values.collector.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.collector.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: collector - {{- if .Values.collector.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.collector.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "wavefront.collector.serviceAccountName" . }} - {{- include "wavefront.imagePullSecrets" . | nindent 6 }} - {{- if .Values.collector.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.collector.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.collector.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.collector.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.collector.podAffinityPreset "component" "collector" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.collector.podAntiAffinityPreset "component" "collector" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.collector.nodeAffinityPreset.type "key" .Values.collector.nodeAffinityPreset.key "values" .Values.collector.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.collector.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.collector.nodeSelector "context" $) | nindent 8 }} - {{- end }} - tolerations: - - effect: NoSchedule - key: node.alpha.kubernetes.io/role - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - {{- if .Values.collector.tolerations }} - {{- include "common.tplvalues.render" (dict "value" .Values.collector.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.collector.priorityClassName }} - priorityClassName: {{ .Values.collector.priorityClassName | quote }} - {{- end }} - {{- if .Values.collector.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.collector.podSecurityContext.fsGroup }} - {{- end }} - {{- if .Values.collector.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.collector.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: wavefront-collector - image: {{ template "wavefront.collector.image" . }} - imagePullPolicy: {{ .Values.collector.image.pullPolicy }} - {{- if .Values.collector.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.collector.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.collector.containerSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.collector.containerSecurityContext.runAsUser }} - runAsNonRoot: {{ .Values.collector.containerSecurityContext.runAsNonRoot }} - {{- end }} - command: - {{- if .Values.collector.command }} - {{- include "common.tplvalues.render" (dict "value" .Values.collector.command "context" $) | nindent 12 }} - {{- else }} - - /wavefront-collector - - --daemon=true - - --config-file=/etc/collector/config.yaml - {{- if .Values.collector.maxProcs }} - - --max-procs={{ .Values.collector.maxProcs }} - {{- end }} - {{- if .Values.collector.logLevel }} - - --log-level={{ .Values.collector.logLevel }} - {{- end }} - {{- end }} - {{- if .Values.collector.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.collector.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: HOST_PROC - value: /host/proc - - name: POD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAMESPACE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - {{- if .Values.collector.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.collector.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.collector.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.collector.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.collector.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.collector.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: 8088 - protocol: TCP - {{- if .Values.collector.resources }} - resources: {{- toYaml .Values.collector.resources | nindent 12 }} - {{- end }} - {{- if .Values.collector.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.collector.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.collector.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.collector.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: procfs - mountPath: /host/proc - readOnly: true - - name: config - mountPath: /etc/collector/ - readOnly: true - {{- if .Values.collector.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.collector.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.collector.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.collector.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: procfs - hostPath: - path: /proc - - name: config - configMap: - name: {{ include "wavefront.collector.configmapName" . }} - {{- if .Values.collector.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.collector.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/wavefront/templates/collector-deployment.yaml b/bitnami/wavefront/templates/collector-deployment.yaml deleted file mode 100644 index c556a7b..0000000 --- a/bitnami/wavefront/templates/collector-deployment.yaml +++ /dev/null @@ -1,138 +0,0 @@ -{{- if and .Values.collector.enabled (not .Values.collector.useDaemonset) }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: collector - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-collector - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.collector.updateStrategy }} - strategy: {{- toYaml .Values.collector.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: collector - template: - metadata: - {{- if .Values.collector.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.collector.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: collector - {{- if .Values.collector.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.collector.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "wavefront.collector.serviceAccountName" . }} - {{- include "wavefront.imagePullSecrets" . | nindent 6 }} - {{- if .Values.collector.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.collector.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.collector.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.collector.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.collector.podAffinityPreset "component" "collector" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.collector.podAntiAffinityPreset "component" "collector" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.collector.nodeAffinityPreset.type "key" .Values.collector.nodeAffinityPreset.key "values" .Values.collector.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.collector.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.collector.nodeSelector "context" $) | nindent 8 }} - {{- end }} - tolerations: - - effect: NoSchedule - key: node.alpha.kubernetes.io/role - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - {{- if .Values.collector.tolerations }} - {{- include "common.tplvalues.render" (dict "value" .Values.collector.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.collector.priorityClassName }} - priorityClassName: {{ .Values.collector.priorityClassName | quote }} - {{- end }} - {{- if .Values.collector.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.collector.podSecurityContext.fsGroup }} - {{- end }} - {{- if .Values.collector.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.collector.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: wavefront-collector - image: {{ template "wavefront.collector.image" . }} - imagePullPolicy: {{ .Values.collector.image.pullPolicy }} - {{- if .Values.collector.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.collector.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.collector.containerSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.collector.containerSecurityContext.runAsUser }} - runAsNonRoot: {{ .Values.collector.containerSecurityContext.runAsNonRoot }} - {{- end }} - command: - {{- if .Values.collector.command }} - {{- include "common.tplvalues.render" (dict "value" .Values.collector.command "context" $) | nindent 12 }} - {{- else }} - - /wavefront-collector - - --daemon=false - - --config-file=/etc/collector/config.yaml - {{- if .Values.collector.maxProcs }} - - --max-procs={{ .Values.collector.maxProcs }} - {{- end }} - {{- if .Values.collector.logLevel }} - - --log-level={{ .Values.collector.logLevel }} - {{- end }} - {{- end }} - {{- if .Values.collector.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.collector.args "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.collector.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.collector.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.collector.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.collector.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.collector.resources }} - resources: {{- toYaml .Values.collector.resources | nindent 12 }} - {{- end }} - {{- if .Values.collector.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.collector.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.collector.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.collector.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: config - mountPath: /etc/collector/ - readOnly: true - - name: ssl-certs - mountPath: /etc/ssl/certs - readOnly: true - {{- if .Values.collector.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.collector.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.collector.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.collector.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: config - configMap: - name: {{ include "wavefront.collector.configmapName" . }} - - name: ssl-certs - hostPath: - path: /etc/ssl/certs - {{- if .Values.collector.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.collector.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/wavefront/templates/collector-service-account.yaml b/bitnami/wavefront/templates/collector-service-account.yaml deleted file mode 100644 index fd02181..0000000 --- a/bitnami/wavefront/templates/collector-service-account.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.collector.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: collector - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "wavefront.collector.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/bitnami/wavefront/templates/extra-list.yaml b/bitnami/wavefront/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/wavefront/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/wavefront/templates/podsecuritypolicy.yaml b/bitnami/wavefront/templates/podsecuritypolicy.yaml deleted file mode 100644 index 9d4dd0d..0000000 --- a/bitnami/wavefront/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: collector -spec: - privileged: false - allowPrivilegeEscalation: true - volumes: - - configMap - - secret - - hostPath - allowedHostPaths: - - pathPrefix: "/proc" - readOnly: true # only allow read-only mounts - runAsUser: - # Require the container to run without root privileges. - rule: 'MustRunAsNonRoot' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - seLinux: - rule: 'RunAsAny' - hostPorts: - - max: 65535 - min: 1 -{{- end }} diff --git a/bitnami/wavefront/templates/project-pacific-rolebinding.yaml b/bitnami/wavefront/templates/project-pacific-rolebinding.yaml deleted file mode 100644 index 355bc00..0000000 --- a/bitnami/wavefront/templates/project-pacific-rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.projectPacific.enabled }} -kind: RoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - {{- if .Values.commonLabels }} - labels: {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: rolebinding-default-privileged-sa-ns_wavefront - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: psp:vmware-system-privileged - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: Group - apiGroup: rbac.authorization.k8s.io - name: system:serviceaccounts -{{ end }} diff --git a/bitnami/wavefront/templates/proxy-deployment.yaml b/bitnami/wavefront/templates/proxy-deployment.yaml deleted file mode 100644 index 54d2a1a..0000000 --- a/bitnami/wavefront/templates/proxy-deployment.yaml +++ /dev/null @@ -1,204 +0,0 @@ -{{- if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: proxy - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-proxy - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.proxy.updateStrategy }} - strategy: {{- toYaml .Values.proxy.updateStrategy | nindent 4 }} - {{- end }} - replicas: {{ .Values.proxy.replicas }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: proxy - template: - metadata: - {{- if .Values.proxy.podAnnotations }} - annotations: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: proxy - {{- if .Values.proxy.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.proxy.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "wavefront.imagePullSecrets" . | nindent 6 }} - {{- if .Values.proxy.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.proxy.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.proxy.podAffinityPreset "component" "proxy" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.proxy.podAntiAffinityPreset "component" "proxy" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.proxy.nodeAffinityPreset.type "key" .Values.proxy.nodeAffinityPreset.key "values" .Values.proxy.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.proxy.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.proxy.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.proxy.priorityClassName }} - priorityClassName: {{ .Values.proxy.priorityClassName | quote }} - {{- end }} - {{- if .Values.proxy.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.proxy.podSecurityContext.fsGroup }} - {{- end }} - {{- if .Values.proxy.initContainers }} - initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: wavefront-proxy - image: {{ template "wavefront.proxy.image" . }} - imagePullPolicy: {{ .Values.proxy.image.pullPolicy }} - {{- if .Values.proxy.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.proxy.containerSecurityContext.enabled }} - securityContext: - runAsUser: {{ .Values.proxy.containerSecurityContext.runAsUser }} - runAsNonRoot: {{ .Values.proxy.containerSecurityContext.runAsNonRoot }} - {{- end }} - env: - - name: WAVEFRONT_URL - value: {{ .Values.wavefront.url }}/api - - name: WAVEFRONT_TOKEN - valueFrom: - secretKeyRef: - name: {{ include "wavefront.token.secretName" . }} - key: api-token - - name: WAVEFRONT_PROXY_ARGS - value: {{ .Values.proxy.args }} - {{- if .Values.proxy.tracePort }} --traceListenerPorts {{ .Values.proxy.tracePort }}{{- end -}} - {{- if .Values.proxy.jaegerPort }} --traceJaegerListenerPorts {{ .Values.proxy.jaegerPort }}{{- end -}} - {{- if .Values.proxy.traceJaegerHttpListenerPort }} --traceJaegerHttpListenerPorts {{ .Values.proxy.traceJaegerHttpListenerPort }}{{- end -}} - {{- if .Values.proxy.traceJaegerGrpcListenerPort }} --traceJaegerGrpcListenerPorts {{ .Values.proxy.traceJaegerGrpcListenerPort }}{{- end -}} - {{- if .Values.proxy.zipkinPort }} --traceZipkinListenerPorts {{ .Values.proxy.zipkinPort }}{{- end -}} - {{- if .Values.proxy.traceSamplingRate }} --traceSamplingRate {{ .Values.proxy.traceSamplingRate }}{{- end -}} - {{- if .Values.proxy.traceSamplingDuration }} --traceSamplingDuration {{ .Values.proxy.traceSamplingDuration }}{{- end -}} - {{- if .Values.proxy.traceJaegerApplicationName }} --traceJaegerApplicationName {{ .Values.proxy.traceJaegerApplicationName }}{{- end -}} - {{- if .Values.proxy.traceZipkinApplicationName }} --traceZipkinApplicationName {{ .Values.proxy.traceZipkinApplicationName }}{{- end -}} - {{- if .Values.proxy.histogramPort }} --histogramDistListenerPorts {{ .Values.proxy.histogramPort }}{{- end -}} - {{- if .Values.proxy.histogramMinutePort }} --histogramMinuteListenerPorts {{ .Values.proxy.histogramMinutePort }}{{- end -}} - {{- if .Values.proxy.histogramHourPort }} --histogramHourListenerPorts {{ .Values.proxy.histogramHourPort }}{{- end -}} - {{- if .Values.proxy.histogramDayPort }} --histogramDayListenerPorts {{ .Values.proxy.histogramDayPort }}{{- end -}} - {{- if .Values.proxy.deltaCounterPort }} --deltaCounterPorts {{ .Values.proxy.deltaCounterPort }}{{- end -}} - {{- if .Values.proxy.preprocessor }} --preprocessorConfigFile /etc/wavefront/wavefront-proxy/preprocessor/rules.yaml{{- end -}} - {{- if .Values.proxy.heap }} - - name: JAVA_HEAP_USAGE - value: {{ .Values.proxy.heap | quote }} - {{- end }} - {{- if .Values.proxy.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.proxy.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.proxy.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.proxy.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.proxy.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.proxy.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - containerPort: {{ .Values.proxy.port }} - protocol: TCP - {{- if .Values.proxy.tracePort }} - - containerPort: {{ .Values.proxy.tracePort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.jaegerPort }} - - containerPort: {{ .Values.proxy.jaegerPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.traceJaegerHttpListenerPort }} - - containerPort: {{ .Values.proxy.traceJaegerHttpListenerPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.traceJaegerGrpcListenerPort }} - - containerPort: {{ .Values.proxy.traceJaegerGrpcListenerPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.zipkinPort }} - - containerPort: {{ .Values.proxy.zipkinPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.histogramPort }} - - containerPort: {{ .Values.proxy.histogramPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.histogramMinutePort }} - - containerPort: {{ .Values.proxy.histogramMinutePort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.histogramHourPort }} - - containerPort: {{ .Values.proxy.histogramHourPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.histogramDayPort }} - - containerPort: {{ .Values.proxy.histogramDayPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.deltaCounterPort }} - - containerPort: {{ .Values.proxy.deltaCounterPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{- toYaml .Values.proxy.resources | nindent 12 }} - {{- end }} - {{- if .Values.proxy.livenessProbe.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.proxy.port }} - initialDelaySeconds: {{ .Values.proxy.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.proxy.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.proxy.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.proxy.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.proxy.livenessProbe.failureThreshold }} - {{- else if .Values.proxy.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.proxy.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: {{ .Values.proxy.port }} - initialDelaySeconds: {{ .Values.proxy.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.proxy.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.proxy.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.proxy.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.proxy.readinessProbe.failureThreshold }} - {{- else if .Values.proxy.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.proxy.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.proxy.preprocessor }} - - name: preprocessor - mountPath: /etc/wavefront/wavefront-proxy/preprocessor - {{- end }} - {{- if .Values.proxy.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.proxy.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.proxy.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.proxy.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.proxy.preprocessor }} - - name: preprocessor - configMap: - name: {{ include "wavefront.proxy.configmapName" . }} - {{- end }} - {{- if .Values.proxy.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.proxy.extraVolumes "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/bitnami/wavefront/templates/proxy-preprocessor-config.yaml b/bitnami/wavefront/templates/proxy-preprocessor-config.yaml deleted file mode 100644 index a9e4df4..0000000 --- a/bitnami/wavefront/templates/proxy-preprocessor-config.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if (include "wavefront.proxy.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: proxy - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-proxy-preprocessor - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{ tpl (toYaml .Values.proxy.preprocessor) . | nindent 2 }} -{{- end }} diff --git a/bitnami/wavefront/templates/proxy-service.yaml b/bitnami/wavefront/templates/proxy-service.yaml deleted file mode 100644 index 1742d5d..0000000 --- a/bitnami/wavefront/templates/proxy-service.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if .Values.proxy.enabled }} -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: proxy - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-proxy - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - ports: - - name: wavefront - port: {{ .Values.proxy.port }} - protocol: TCP - {{- if .Values.proxy.tracePort }} - - name: wavefront-trace - port: {{ .Values.proxy.tracePort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.jaegerPort }} - - name: jaeger - port: {{ .Values.proxy.jaegerPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.traceJaegerHttpListenerPort }} - - name: jaeger-thriftdata - port: {{ .Values.proxy.traceJaegerHttpListenerPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.zipkinPort }} - - name: zipkin - port: {{ .Values.proxy.zipkinPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.histogramPort }} - - name: histogram - port: {{ .Values.proxy.histogramPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.histogramMinutePort }} - - name: histogram-minute - port: {{ .Values.proxy.histogramMinutePort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.histogramHourPort }} - - name: histogram-hour - port: {{ .Values.proxy.histogramHourPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.histogramDayPort }} - - name: histogram-day - port: {{ .Values.proxy.histogramDayPort }} - protocol: TCP - {{- end }} - {{- if .Values.proxy.deltaCounterPort }} - - name: delta-counter - port: {{ .Values.proxy.deltaCounterPort }} - protocol: TCP - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: proxy - type: ClusterIP -{{ end }} diff --git a/bitnami/wavefront/templates/tkgi-rolebinding.yaml b/bitnami/wavefront/templates/tkgi-rolebinding.yaml deleted file mode 100644 index 3629fc9..0000000 --- a/bitnami/wavefront/templates/tkgi-rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.tkgi.enabled }} -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: rolebinding-default-restricted-sa-ns_wavefront - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: psp:restricted - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: Group - apiGroup: rbac.authorization.k8s.io - name: system:serviceaccounts -{{ end }} diff --git a/bitnami/wavefront/values.yaml b/bitnami/wavefront/values.yaml deleted file mode 100644 index beb4fb0..0000000 --- a/bitnami/wavefront/values.yaml +++ /dev/null @@ -1,771 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param commonAnnotations Add annotations to all the deployed resources -## -commonAnnotations: {} -## @param extraDeploy Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## @section Wavefront Common parameters - -## @param clusterName This is a unique name for the cluster (required) -## All metrics will receive a `cluster` tag with this value -## -clusterName: KUBERNETES_CLUSTER_NAME -## @param wavefront.url Wavefront URL for your cluster (required) -## @param wavefront.token Wavefront API Token (required) -## @param wavefront.existingSecret Name of an existing secret containing the token -## -wavefront: - url: https://YOUR_CLUSTER.wavefront.com - token: YOUR_API_TOKEN - existingSecret: "" -## @param podSecurityPolicy.create Specifies whether PodSecurityPolicy resources should be created -## -podSecurityPolicy: - create: false -## @param rbac.create Specifies whether RBAC resources should be created -## -rbac: - create: true -serviceAccount: - ## @param serviceAccount.create Create Wavefront service account - ## - create: true - ## @param serviceAccount.name Name of Wavefront service account - ## If not set and create is true, a name is generated using the fullname template - ## - name: "" -## @param projectPacific.enabled Enable and create role binding for Tanzu Kubernetes cluster -## If enabled, a role binding to handle pod security policy will be installed within the Kubernetes cluster -## -projectPacific: - enabled: false -## @param tkgi.enabled Properties for TKGI environments. If enabled, a role binding to handle pod security policy will be installed within the TKGI cluster -## -tkgi: - enabled: false - -## @section Collector parameters - -## Wavefront Collector is responsible to get all Kubernetes metrics from your cluster. -## It will capture Kubernetes resources metrics available from the kubelets, -## as well as auto-discovery capabilities. -## -collector: - ## @param collector.enabled Setup and enable the Wavefront collector to gather metrics - ## - enabled: true - ## @param collector.image.registry Wavefront collector Image registry - ## @param collector.image.repository Wavefront collector Image repository - ## @param collector.image.tag Wavefront collector Image tag (immutable tags are recommended) - ## @param collector.image.pullPolicy Image pull policy - ## @param collector.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/wavefront-kubernetes-collector - tag: 1.7.1-scratch-r0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param collector.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param collector.useDaemonset Use Wavefront collector in Daemonset mode - ## If set to false, Deployment will be used for the collector. - ## Setting this to true is strongly recommended - ## - useDaemonset: true - ## @param collector.usePKSPrefix If installing into a TKGi/PKS environment, set this to true. Prefixes metrics with 'pks.kubernetes.' - ## - usePKSPrefix: false - ## @param collector.maxProcs Maximum number of CPUs that can be used simultaneously - ## e.g: - ## maxProcs: 0 - ## - maxProcs: "" - ## @param collector.logLevel Log level. Allowed values: `info`, `debug` or `trace` - ## - logLevel: "" - ## @param collector.interval Default metrics collection interval - ## e.g: - ## interval: 60s - ## - interval: "" - ## @param collector.flushInterval How often to force a metrics flush - ## e.g: - ## flushInterval: 10s - ## - flushInterval: "" - ## @param collector.sinkDelay Timeout for exporting data - ## e.g: - ## sinkDelay: 20s - ## - sinkDelay: "" - ## @param collector.useReadOnlyPort Use un-authenticated port for kubelet - ## If set to true, will use the unauthenticated real only port for the kubelet - ## If set to false, will use the encrypted full access port for the kubelet (default false) - ## - useReadOnlyPort: false - ## @param collector.useProxy Use a Wavefront Proxy to send metrics through - ## When true you must either specify a value for `collector.proxyAddress` or set `proxy.enabled` to true - ## If set to false, metrics will be sent to Wavefront via the Direct Ingestion API - ## - useProxy: true - ## @param collector.proxyAddress Can be used to specify a specific address for the Wavefront Proxy - ## The proxy can be anywhere network reachable including outside of the cluster - ## Required if `collector.useProxy` is true and `proxy.enabled` is false - ## e.g: - ## proxyAddress: wavefront-proxy:2878 - ## - proxyAddress: "" - ## @param collector.kubernetesState Collect metrics about Kubernetes resource states - ## These metrics are more efficient than kube-state-metrics - ## - kubernetesState: true - ## @param collector.apiServerMetrics Collect metrics about Kubernetes API server - ## - apiServerMetrics: false - ## @param collector.tags Map of tags to apply to all metrics collected by the collector - ## Sample tags to include (env, region) - ## tags: - ## env: production - ## region: us-west-2 - ## - tags: {} - ## @param collector.hostOSMetrics If set to true, host OS metrics will be collected - ## - hostOSMetrics: false - ## Filters to apply towards all metrics collected by the collector - ## @param collector.filters.metricDenyList [array] Optimized metrics collection to omit peripheral metrics. - ## @param collector.filters.tagExclude [array] Filter out generated labels - ## e.g: - ## filters: - ## tagWhilelistSets: - ## - kind: - ## - "Deployment" - ## - reason: - ## - "ScalingReplicaSet" - ## - "ReplicaSetCreateError" - ## - kind: - ## - "HorizontalPodAutoscaler" - ## reason: - ## - "Failed*" - ## - filters: - metricDenyList: - - 'kubernetes.sys_container.*' - - 'kubernetes.collector.runtime.*' - - 'kubernetes.*.network.rx_rate' - - 'kubernetes.*.network.rx_errors_rate' - - 'kubernetes.*.network.tx_rate' - - 'kubernetes.*.network.tx_errors_rate' - - 'kubernetes.*.memory.page_faults' - - 'kubernetes.*.memory.page_faults_rate' - - 'kubernetes.*.memory.major_page_faults' - - 'kubernetes.*.memory.major_page_faults_rate' - - 'kubernetes.*.filesystem.inodes' - - 'kubernetes.*.filesystem.inodes_free' - - 'kubernetes.*.ephemeral_storage.request' - - 'kubernetes.*.ephemeral_storage.limit' - tagExclude: - - 'label?controller?revision*' - - 'label?pod?template*' - - 'annotation_kubectl_kubernetes_io_last_applied_configuration' - ## Events can also be collected and sent to Wavefront. - ## Requires Wavefront Proxy 6.0 or greater. - ## Events should be filtered before being enabled, see event filtering documentation for details - ## Ref: https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes/blob/master/docs/filtering.md - ## - events: - ## @param collector.events.enabled Events can also be collected and sent to Wavefront - ## - enabled: false - ## Rules based discovery configuration - ## Ref: https://github.com/wavefrontHQ/wavefront-kubernetes-collector/blob/master/docs/discovery.md - ## - discovery: - ## @param collector.discovery.enabled Rules based and Prometheus endpoints auto-discovery - ## - enabled: true - ## @param collector.discovery.annotationPrefix When specified, this replaces `prometheus.io` as the prefix for annotations used to auto-discover Prometheus endpoints - ## e.g: - ## annotationPrefix: "wavefront.com" - ## - annotationPrefix: "" - ## @param collector.discovery.enableRuntimeConfigs Whether to enable runtime discovery configurations - ## Ref: https://github.com/wavefrontHQ/wavefront-collector-for-kubernetes/blob/master/docs/discovery.md#runtime-configurations - ## - enableRuntimeConfigs: true - ## @param collector.discovery.config Configuration for rules based auto-discovery - ## e.g: - ## config: - ## # auto-discover a sample prometheus application - ## - name: prom-example - ## type: prometheus - ## selectors: - ## labels: - ## k8s-app: - ## - prom-example - ## port: 8080 - ## path: /metrics - ## prefix: kube.prom-example. - ## tags: - ## alt_name: sample-app - ## # auto-discover mongodb pods (replace USER:PASSWORD) - ## - name: mongodb - ## type: telegraf/mongodb - ## selectors: - ## images: - ## - '*mongo:*' - ## port: 27017 - ## conf: | - ## servers = ["mongodb://USER:PASSWORD@${host}:${port}"] - ## gather_perdb_stats = true - ## filters: - ## metricBlacklist: - ## - 'mongodb.member.status' - ## - 'mongodb.state' - ## - 'mongodb.db.stats.type' - ## # auto-discover rabbitmq pods (replace USER and PASSWORD) - ## - name: rabbitmq - ## type: telegraf/rabbitmq - ## selectors: - ## images: - ## - '*rabbitmq:*' - ## port: 15672 - ## conf: | - ## url = "http://${host}:${port}" - ## username = "USER" - ## password = "PASSWORD" - ## - config: [] - ## @param collector.existingConfigmap Name of existing ConfigMap with collector configuration - ## - existingConfigmap: "" - ## @param collector.command Override default container command (useful when using custom images) - ## - command: [] - ## @param collector.args Override default container args (useful when using custom images) - ## - args: [] - ## Wavefront Collector resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param collector.resources.limits The resources limits for the collector container - ## @param collector.resources.requests The requested resources for the collector container - ## - resources: - ## Example: - ## limits: - ## cpu: 200m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 200m - ## memory: 10Mi - requests: {} - ## Container Security Context configuration - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param collector.containerSecurityContext.enabled Enable Container Security Context configuration - ## @param collector.containerSecurityContext.runAsUser Set Container's Security Context runAsUser - ## @param collector.containerSecurityContext.runAsNonRoot Set Container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## Pod Security Context configuration - ## @param collector.podSecurityContext.enabled Enable Pod Security Context configuration - ## @param collector.podSecurityContext.fsGroup Group ID for the volumes of the pod - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## @param collector.podAffinityPreset Wavefront collector pod affinity preset. Ignored if `collector.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param collector.podAntiAffinityPreset Wavefront collector pod anti-affinity preset. Ignored if `collector.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Wavefront Collector Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param collector.nodeAffinityPreset.type Wavefront collector node affinity preset type. Ignored if `collector.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param collector.nodeAffinityPreset.key Wavefront collector node label key to match Ignored if `collector.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param collector.nodeAffinityPreset.values Wavefront collector node label values to match. Ignored if `collector.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param collector.affinity Wavefront collector affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: collector.podAffinityPreset, collector.podAntiAffinityPreset, and collector.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param collector.nodeSelector Wavefront collector node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param collector.tolerations Wavefront collector tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param collector.podLabels Wavefront collector pod extra labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param collector.podAnnotations Annotations for Wavefront collector pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param collector.priorityClassName Wavefront Collector pods' priority - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param collector.lifecycleHooks Lifecycle hooks for the Wavefront Collector container to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param collector.customLivenessProbe Override default liveness probe - ## - customLivenessProbe: {} - ## @param collector.customReadinessProbe Override default readiness probe - ## - customReadinessProbe: {} - ## @param collector.updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached - ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the - ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will - ## terminate the single previous pod, so that the new, incoming pod can attach to the PV - ## - updateStrategy: - type: RollingUpdate - ## @param collector.extraEnvVars Extra environment variables to be set on collector container - ## For example: - ## - name: BEARER_AUTH - ## value: true - ## - extraEnvVars: [] - ## @param collector.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables - ## - extraEnvVarsCM: "" - ## @param collector.extraEnvVarsSecret Name of existing Secret containing extra environment variables - ## - extraEnvVarsSecret: "" - ## @param collector.extraVolumes Optionally specify extra list of additional volumes for collector container - ## - extraVolumes: [] - ## @param collector.extraVolumeMounts Optionally specify extra list of additional volumeMounts for collector container - ## - extraVolumeMounts: [] - ## @param collector.initContainers Add init containers to the Wavefront proxy pods - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param collector.sidecars Add sidecars to the Wavefront proxy pods - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - -## @section Proxy parameters - -## Wavefront Proxy is a metrics forwarder that is used to relay metrics to the Wavefront SaaS service. -## It can receive metrics from the Wavefront Collector as well as other metrics collection services -## within your cluster. The proxy also supports preprocessor rules to allow you to further filter -## and enhance your metric names, and tags. Should network connectivity fall between the proxy and -## Wavefront SaaS service, the proxy will buffer metrics, which will be flushed when connectivity resumes. -## Ref: https://docs.wavefront.com/proxies.html -## -proxy: - ## @param proxy.enabled Setup and enable Wavefront proxy to send metrics through - ## - enabled: true - ## @param proxy.image.registry Wavefront proxy image registry - ## @param proxy.image.repository Wavefront proxy image repository - ## @param proxy.image.tag Wavefront proxy image tag (immutable tags are recommended) - ## @param proxy.image.pullPolicy Wavefront proxy image pull policy - ## @param proxy.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/wavefront-proxy - tag: 10.8.0-debian-10-r14 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param proxy.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## Wavefront Proxy resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param proxy.resources.limits The resources limits for the proxy container - ## @param proxy.resources.requests The requested resources for the proxy container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 4Gi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 1Gi - requests: {} - ## Container Security Context configuration - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## @param proxy.containerSecurityContext.enabled Enable Container Security Context configuration - ## @param proxy.containerSecurityContext.runAsUser Set Container's Security Context runAsUser - ## @param proxy.containerSecurityContext.runAsNonRoot Set Container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## Pod Security Context configuration - ## @param proxy.podSecurityContext.enabled Enable Pod Security Context configuration - ## @param proxy.podSecurityContext.fsGroup Group ID for the volumes of the pod - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## @param proxy.podAffinityPreset Wavefront proxy pod affinity preset. Ignored if `proxy.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param proxy.podAntiAffinityPreset Wavefront proxy pod anti-affinity preset. Ignored if `proxy.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Wavefront Proxy Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param proxy.nodeAffinityPreset.type Wavefront proxy node affinity preset type. Ignored if `proxy.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param proxy.nodeAffinityPreset.key Wavefront proxy node label key to match Ignored if `proxy.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param proxy.nodeAffinityPreset.values Wavefront proxy node label values to match. Ignored if `proxy.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param proxy.affinity Wavefront proxy affinity for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: proxy.podAffinityPreset, proxy.podAntiAffinityPreset, and proxy.nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param proxy.nodeSelector Wavefront proxy node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param proxy.tolerations Wavefront proxy tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param proxy.podLabels Wavefront proxy pod extra labels - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param proxy.podAnnotations Annotations for Wavefront proxy pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param proxy.priorityClassName Wavefront proxy pods' priority class name - ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ - ## - priorityClassName: "" - ## @param proxy.lifecycleHooks Lifecycle hooks for the Wavefront proxy container to automate configuration before or after startup - ## - lifecycleHooks: {} - ## Wavefront Proxy liveness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param proxy.livenessProbe.enabled Enable livenessProbe - ## @param proxy.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param proxy.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param proxy.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param proxy.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param proxy.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 10 - timeoutSeconds: 1 - periodSeconds: 20 - failureThreshold: 6 - successThreshold: 1 - ## Wavefront Proxy readiness probe. Evaluated as a template. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param proxy.readinessProbe.enabled Enable readinessProbe - ## @param proxy.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param proxy.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param proxy.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param proxy.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param proxy.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 10 - timeoutSeconds: 1 - periodSeconds: 20 - failureThreshold: 6 - successThreshold: 1 - ## @param proxy.customLivenessProbe Override default liveness probe - ## - customLivenessProbe: {} - ## @param proxy.customReadinessProbe Override default readiness probe - ## - customReadinessProbe: {} - ## @param proxy.updateStrategy.type Update strategy - only really applicable for deployments with RWO PVs attached - ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the - ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will - ## terminate the single previous pod, so that the new, incoming pod can attach to the PV - ## - updateStrategy: - type: RollingUpdate - ## @param proxy.extraEnvVars Extra environment variables to be set on proxy container - ## For example: - ## - name: BEARER_AUTH - ## value: true - ## - extraEnvVars: [] - ## @param proxy.extraEnvVarsCM Name of existing ConfigMap containing extra environment variables - ## - extraEnvVarsCM: "" - ## @param proxy.extraEnvVarsSecret Name of existing Secret containing extra environment variables - ## - extraEnvVarsSecret: "" - ## @param proxy.extraVolumes Optionally specify extra list of additional volumes for proxy container - ## - extraVolumes: [] - ## @param proxy.extraVolumeMounts Optionally specify extra list of additional volumeMounts for proxy container - ## - extraVolumeMounts: [] - ## @param proxy.initContainers Add init containers to the Wavefront proxy pods - ## Example: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - initContainers: [] - ## @param proxy.sidecars Add sidecars to the Wavefront proxy pods - ## Example: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param proxy.replicas Replicas to deploy for Wavefront proxy (usually 1) - ## - replicas: 1 - ## @param proxy.port The port number the proxy will listen on for metrics in Wavefront data format - ## - port: 2878 - ## @param proxy.tracePort The port number the proxy will listen on for tracing spans in Wavefront trace data format (usually 30000) - ## e.g: - ## tracePort: 30000 - ## - tracePort: "" - ## @param proxy.jaegerPort The port number the proxy will listen on for tracing spans in Jaeger data format (usually 30001) - ## e.g: - ## jaegerPort: 30001 - ## - jaegerPort: "" - ## @param proxy.traceJaegerHttpListenerPort TCP ports to receive Jaeger Thrift formatted data via HTTP. The data is then sent to Wavefront in Wavefront span format (usually 30080) - ## e.g: - ## traceJaegerHttpListenerPort: 30080 - ## - traceJaegerHttpListenerPort: "" - ## @param proxy.traceJaegerGrpcListenerPort TCP ports to receive Jaeger GRPC formatted data via HTTP (usually 14250) - ## e.g: - ## traceJaegerGrpcListenerPort: 14250 - ## - traceJaegerGrpcListenerPort: "" - ## @param proxy.zipkinPort The port number the proxy will listen on for tracing spans in Zipkin data format (usually 9411) - ## e.g: - ## zipkinPort: 9411 - ## - zipkinPort: "" - ## @param proxy.traceSamplingRate Sampling rate to apply to tracing spans sent to the proxy - ## This rate is applied to all data formats the proxy is listening on. - ## Value should be between 0.0 and 1.0 - ## e.g: - ## traceSamplingRate: 0.25 - ## - traceSamplingRate: "" - ## @param proxy.traceSamplingDuration When set to greater than 0, spans that exceed this duration will force trace to be sampled (ms) - ## spans that are greater than or equal to this value will be sampled. - ## e.g: - ## traceSamplingDuration: 500 - ## - traceSamplingDuration: "" - ## @param proxy.traceJaegerApplicationName Custom application name for traces received on Jaeger's traceJaegerListenerPorts or traceJaegerHttpListenerPorts. - ## e.g: - ## traceJaegerApplicationName: MyJaegerDemo - ## - traceJaegerApplicationName: "" - ## @param proxy.traceZipkinApplicationName Custom application name for traces received on Zipkin's traceZipkinListenerPorts. - ## e.g: - ## traceZipkinApplicationName: MyZipkinDemo - ## - traceZipkinApplicationName: "" - ## @param proxy.histogramPort Port for histogram distribution format data (usually 40000) - ## e.g: - ## histogramPort: 40000 - ## - histogramPort: "" - ## @param proxy.histogramMinutePort Port to accumulate 1-minute based histograms on Wavefront data format (usually 40001) - ## e.g: - ## histogramMinutePort: 40001 - ## - histogramMinutePort: "" - ## @param proxy.histogramHourPort Port to accumulate 1-hour based histograms on Wavefront data format (usually 40002) - ## e.g: - ## histogramHourPort: 40002 - ## - histogramHourPort: "" - ## @param proxy.histogramDayPort Port to accumulate 1-day based histograms on Wavefront data format (usually 40003) - ## e.g: - ## histogramDayPort: 40003 - ## - histogramDayPort: "" - ## @param proxy.deltaCounterPort Port to accumulate 1-minute delta counters on Wavefront data format (usually 50000) - ## e.g: - ## deltaCounterPort: 50000 - ## - deltaCounterPort: "" - ## @param proxy.args Any configuration property can be passed to the proxy via command line args in the format: `-- ` - ## Multiple properties can be specified separated by whitespace - ## Ref: https://docs.wavefront.com/proxies_configuring.html - ## - args: "" - ## @param proxy.heap Wavefront proxy Java heap maximum usage (java -Xmx command line option) - ## By default Java will consume up to 4G of heap memory - ## e.g: - ## heap: 1024m - ## - heap: "" - ## @param proxy.existingConfigmap Name of existing ConfigMap with Proxy preprocessor configuration - ## - existingConfigmap: "" - ## @param proxy.preprocessor Preprocessor rules is a powerful way to apply filtering or to enhance metrics as they flow - ## through the proxy. You can configure the rules here. By default a rule to drop Kubernetes - ## generated labels is applied to remove unnecessary and often noisy tags. - ## Ref: https://docs.wavefront.com/proxies_preprocessor_rules.html - ## e.g: - ## preprocessor: - ## rules.yaml: | - ## '2878': - ## # fix %2F to be a / instead. May be required on EKS. - ## - rule : fix-forward-slash - ## action : replaceRegex - ## scope : pointLine - ## search : "%2F" - ## replace : "/" - ## # replace bad characters ("&", "$", "!", "@") with underscores in the entire point line string - ## - rule : replace-badchars - ## action : replaceRegex - ## scope : pointLine - ## search : "[&\\$!@]" - ## replace : "_" - ## - preprocessor: {} - -## @section Kube State Metrics parameters - -## kube-state-metrics are used to get metrics about the state of the Kubernetes scheduler -## @param kube-state-metrics.enabled If enabled the kube-state-metrics chart will be installed as a subchart and the collector will be configured to capture metrics. -## -kube-state-metrics: - enabled: false diff --git a/bitnami/wildfly/.helmignore b/bitnami/wildfly/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/wildfly/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/wildfly/Chart.lock b/bitnami/wildfly/Chart.lock deleted file mode 100644 index 026d975..0000000 --- a/bitnami/wildfly/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.8.0 -digest: sha256:3e342a25057f87853e52d83e1d14e6d8727c15fd85aaae22e7594489cc129f15 -generated: "2021-08-24T21:00:01.620862339Z" diff --git a/bitnami/wildfly/Chart.yaml b/bitnami/wildfly/Chart.yaml deleted file mode 100644 index 7698251..0000000 --- a/bitnami/wildfly/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - category: ApplicationServer -apiVersion: v2 -appVersion: 24.0.1 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Chart for Wildfly -engine: gotpl -home: https://github.com/bitnami/charts/tree/master/bitnami/wildfly -icon: https://bitnami.com/assets/stacks/wildfly/img/wildfly-stack-220x234.png -keywords: - - wildfly - - java - - http - - web - - application server - - jsp -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: wildfly -sources: - - https://github.com/bitnami/bitnami-docker-wildfly - - http://wildfly.org -version: 11.1.2 diff --git a/bitnami/wildfly/README.md b/bitnami/wildfly/README.md deleted file mode 100644 index d713fef..0000000 --- a/bitnami/wildfly/README.md +++ /dev/null @@ -1,327 +0,0 @@ -# WildFly - -[Wildfly](http://wildfly.org/) formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. - -## TL;DR - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/wildfly -``` - -## Introduction - -This chart bootstraps a [WildFly](https://github.com/bitnami/bitnami-docker-wildfly) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/wildfly -``` - -These commands deploy WildFly on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------- | --------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | - - -### WildFly Image parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------- | ---------------------- | -| `image.registry` | WildFly image registry | `docker.io` | -| `image.repository` | WildFly image repository | `bitnami/wildfly` | -| `image.tag` | WildFly image tag (immutable tags are recommended) | `24.0.1-debian-10-r44` | -| `image.pullPolicy` | WildFly image pull policy | `IfNotPresent` | -| `image.pullSecrets` | WildFly image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | - - -### WildFly Configuration parameters - -| Name | Description | Value | -| ------------------------- | ---------------------------------------------------------------------- | ------- | -| `wildflyUsername` | WildFly username | `user` | -| `wildflyPassword` | WildFly user password | `""` | -| `exposeManagementConsole` | Allows exposing the WildFly Management console outside the cluster | `false` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraEnvVars` | Array with extra environment variables to add to the WildFly container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | - - -### WildFly deployment parameters - -| Name | Description | Value | -| --------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- | -| `replicaCount` | Number of Wildfly replicas to deploy | `1` | -| `updateStrategy.type` | WildFly deployment strategy type | `RollingUpdate` | -| `hostAliases` | WildFly pod host aliases | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes for WildFly pods | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for WildFly container(s) | `[]` | -| `sidecars` | Add additional sidecar containers to the WildFly pod | `[]` | -| `initContainers` | Add additional init containers to the WildFly pods | `[]` | -| `podLabels` | Extra labels for WildFly pods | `{}` | -| `podAnnotations` | Annotations for WildFly pods | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `{}` | -| `resources.limits` | The resources limits for the WildFly container | `{}` | -| `resources.requests` | The requested resources for the WildFly container | `{}` | -| `containerPorts.http` | WildFly HTTP container port | `8080` | -| `containerPorts.mgmt` | WildFly HTTPS container port | `9990` | -| `podSecurityContext.enabled` | Enabled WildFly pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Set WildFly pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled WildFly containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set WildFly container's Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set WildFly container's Security Context runAsNonRoot | `true` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | - - -### Traffic Exposure Parameters - -| Name | Description | Value | -| ---------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | WildFly service type | `LoadBalancer` | -| `service.port` | WildFly service HTTP port | `80` | -| `service.mgmtPort` | WildFly service management console port | `9990` | -| `service.nodePorts.http` | Node port for HTTP | `""` | -| `service.nodePorts.mgmt` | Node port for Management console | `""` | -| `service.clusterIP` | WildFly service Cluster IP | `""` | -| `service.loadBalancerIP` | WildFly service Load Balancer IP | `""` | -| `service.loadBalancerSourceRanges` | WildFly service Load Balancer sources | `[]` | -| `service.externalTrafficPolicy` | WildFly service external traffic policy | `Cluster` | -| `service.annotations` | Additional custom annotations for WildFly service | `{}` | -| `service.extraPorts` | Extra ports to expose on WildFly service | `[]` | -| `ingress.enabled` | Enable ingress record generation for WildFly | `false` | -| `ingress.certManager` | Add the corresponding annotations for cert-manager integration | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress record | `wildfly.local` | -| `ingress.path` | Default path for the ingress record | `/` | -| `ingress.annotations` | Additional custom annotations for the ingress record | `{}` | -| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | -| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | -| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | -| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | -| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | -| `mgmtIngress.enabled` | Set to true to enable ingress record generation for the Management console | `false` | -| `mgmtIngress.certManager` | Set this to true in order to add the corresponding annotations for cert-manager | `false` | -| `mgmtIngress.pathType` | Ingress path type | `ImplementationSpecific` | -| `mgmtIngress.hostname` | When the Management ingress is enabled, a host pointing to this will be created | `management.local` | -| `mgmtIngress.annotations` | Health Ingress annotations | `{}` | -| `mgmtIngress.tls` | Enable TLS configuration for the hostname defined at `mgmtIngress.hostname` parameter | `false` | -| `mgmtIngress.extraHosts` | The list of additional hostnames to be covered with this Management ingress record | `[]` | -| `mgmtIngress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | -| `mgmtIngress.extraTls` | TLS configuration for additional hostnames to be covered | `[]` | -| `mgmtIngress.secrets` | TLS Secret configuration | `[]` | - - -### Persistence Parameters - -| Name | Description | Value | -| --------------------------------------------- | ----------------------------------------------------------------------------------------------- | ----------------------- | -| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | -| `persistence.storageClass` | Persistent Volume storage class | `""` | -| `persistence.accessModes` | Persistent Volume access modes | `[]` | -| `persistence.size` | Persistent Volume size | `8Gi` | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | -| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `10-debian-10-r188` | -| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `Always` | -| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | -| `volumePermissions.securityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | - - -The above parameters map to the env variables defined in [bitnami/wildfly](http://github.com/bitnami/bitnami-docker-wildfly). For more information please refer to the [bitnami/wildfly](http://github.com/bitnami/bitnami-docker-wildfly) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -$ helm install my-release \ - --set wildflyUser=manager,wildflyPassword=password \ - bitnami/wildfly -``` - -The above command sets the WildFly management username and password to `manager` and `password` respectively. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install my-release -f values.yaml bitnami/wildfly -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -## Persistence - -The [Bitnami WildFly](https://github.com/bitnami/bitnami-docker-wildfly) image stores the WildFly data and configurations at the `/bitnami/wildfly` path of the container. - -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Parameters](#parameters) section to configure the PVC or to disable persistence. - -### Adjust permissions of persistent volume mountpoint - -As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. - -By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. -As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. - -You can enable this initContainer by setting `volumePermissions.enabled` to `true`. - -### Add extra environment variables - -To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: DEBUG -``` - -Alternatively, use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Use Sidecars and Init Containers - -If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter. Similarly, extra init containers can be added using the `initContainers` parameter. - -Refer to the chart documentation for more information on, and examples of, configuring and using [sidecars and init containers](https://docs.bitnami.com/kubernetes/infrastructure/wildfly/configuration/configure-sidecar-init-containers/). - -### Set Pod affinity - -This chart allows you to set custom Pod affinity using the `affinity` parameter. Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -### To 10.0.0 - -Due to recent changes in the container image (see [Notable changes](https://github.com/bitnami/bitnami-docker-apache#notable-changes)), the major version of the chart has been bumped preemptively. - -Upgrading from version `9.x.x` should be possible without any extra required step, but it's highly recommended to backup your custom web apps data before upgrading. - -### To 7.0.0 - -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- Ingress configuration was also adapted to follow the Helm charts best practices. -- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -Consequences: - -- Backwards compatibility is not guaranteed. However, you can easily workaround this issue by removing Wildfly deployment before upgrading (the following example assumes that the release name is `wildfly`): - -```console -$ export WILDFLY_PASSWORD=$(kubectl get secret --namespace default wildfly -o jsonpath="{.data.wildfly-password}" | base64 --decode) -$ kubectl delete deployments.apps wildfly -$ helm upgrade wildfly bitnami/wildfly --set wildflyPassword=$WILDFLY_PASSWORD -``` - -### To 6.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/wildfly/administration/upgrade-helm3/). - -### To 2.1.0 - -WildFly container was moved to a non-root approach. There shouldn't be any issue when upgrading since the corresponding `securityContext` is enabled by default. Both the container image and the chart can be upgraded by running the command below: - -``` -$ helm upgrade my-release bitnami/wildfly -``` - -If you use a previous container image (previous to **14.0.1-r75**) disable the `securityContext` by running the command below: - -``` -$ helm upgrade my-release bitnami/wildfly --set securityContext.enabled=false,image.tag=XXX -``` - -### To 1.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is wildfly: - -```console -$ kubectl patch deployment wildfly --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` diff --git a/bitnami/wildfly/ci/ct-values.yaml b/bitnami/wildfly/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/wildfly/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/wildfly/ci/values-with-ingress-and-initcontainers.yaml b/bitnami/wildfly/ci/values-with-ingress-and-initcontainers.yaml deleted file mode 100644 index 92198e1..0000000 --- a/bitnami/wildfly/ci/values-with-ingress-and-initcontainers.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct -service: - type: ClusterIP -exposeManagementConsole: true -ingress: - enabled: true - tls: true - hostname: wildfly.local -mgmtIngress: - enabled: true - tls: true - hostname: management.hostname -volumePermissions: - enabled: true diff --git a/bitnami/wildfly/templates/NOTES.txt b/bitnami/wildfly/templates/NOTES.txt deleted file mode 100644 index e35fb0f..0000000 --- a/bitnami/wildfly/templates/NOTES.txt +++ /dev/null @@ -1,78 +0,0 @@ - -** Please be patient while the chart is being deployed ** - -{{- if and .Values.exposeManagementConsole (or (eq "NodePort" .Values.service.type) (eq "LoadBalancer" .Values.service.type) .Values.mgmtIngress.enabled) }} -------------------------------------------------------------------------------- - WARNING - - By specifying "exposeManagementConsole=true" you have most likely exposed - the WildFly Management console externally. - - Please note this is not recommended for production environments since - you are exposing your WildFly server to potential attacks. -------------------------------------------------------------------------------- -{{- end }} - -{{- if or .Values.ingress.enabled (and .Values.mgmtIngress.enabled .Values.exposeManagementConsole) }} - -1. Get the Wildfly URL and associate its hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - {{- if .Values.ingress.enabled }} - echo "Wildfly URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}" - echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts - {{- end }} - {{- if and .Values.mgmtIngress.enabled .Values.exposeManagementConsole }} - echo "Wildfly Management URL: http{{ if .Values.mgmtIngress.tls }}s{{ end }}://{{ .Values.mgmtIngress.hostname }}" - echo "$CLUSTER_IP {{ .Values.mgmtIngress.hostname }}" | sudo tee -a /etc/hosts - {{- end }} - -{{- else }} - -1. Get the WildFly URL by running: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo "WildFly URL: http://$NODE_IP:$NODE_PORT" - {{- if .Values.exposeManagementConsole }} - export NODE_MGMT_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ template "common.names.fullname" . }}) - echo "WildFly Management URL: http://$NODE_IP:$NODE_MGMT_PORT" - {{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - {{- $port:=.Values.service.port | toString }} - echo "WildFly URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.service.port }}{{ end }}/ - {{- if .Values.exposeManagementConsole }} - {{- $mgmtPort:=.Values.service.mgmtPort | toString }} - echo "WildFly Management URL: http://$SERVICE_IP{{- if ne $mgmtPort "80" }}:{{ .Values.service.mgmtPort }}{{ end }}/ - {{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 8080:{{ .Values.service.port }} & - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} 9990:{{ .Values.service.mgmtPort }} & - echo "WildFly URL: http://127.0.0.1:8080/" - echo "WildFly Management URL: http://127.0.0.1:9990/: - -{{- end }} -{{- end }} - -2. Login with the following credentials - - echo Username: {{ .Values.wildflyUsername }} - echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.data.wildfly-password}" | base64 --decode) - -{{- include "wildfly.checkRollingTags" . }} -{{- $passwordValidationErrors := list -}} -{{- $secretName := include "common.names.fullname" . -}} -{{- $requiredWildflyPassword := dict "valueKey" "wildflyPassword" "secret" $secretName "field" "wildfly-password" "context" $ -}} -{{- $requiredWildflyPasswordError := include "common.validations.values.single.empty" $requiredWildflyPassword -}} -{{- $passwordValidationErrors = append $passwordValidationErrors $requiredWildflyPasswordError -}} -{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/wildfly/templates/_helpers.tpl b/bitnami/wildfly/templates/_helpers.tpl deleted file mode 100644 index 94a1ac4..0000000 --- a/bitnami/wildfly/templates/_helpers.tpl +++ /dev/null @@ -1,29 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Wildfly image name -*/}} -{{- define "wildfly.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "wildfly.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "wildfly.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Check if there are rolling tags in the images -*/}} -{{- define "wildfly.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- end -}} diff --git a/bitnami/wildfly/templates/deployment.yaml b/bitnami/wildfly/templates/deployment.yaml deleted file mode 100644 index dfa6ed2..0000000 --- a/bitnami/wildfly/templates/deployment.yaml +++ /dev/null @@ -1,158 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - strategy: {{- include "common.tplvalues.render" (dict "value" .Values.updateStrategy "context" $ ) | nindent 4 }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "wildfly.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ template "wildfly.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} /bitnami/wildfly - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto"}} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/wildfly - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: wildfly - image: {{ template "wildfly.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" .Values.image.debug | quote }} - - name: WILDFLY_USERNAME - value: {{ default "" .Values.wildflyUsername | quote }} - - name: WILDFLY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.names.fullname" . }} - key: wildfly-password - - name: WILDFLY_HTTP_PORT_NUMBER - value: {{ .Values.containerPorts.http | quote }} - - name: WILDFLY_MANAGEMENT_PORT_NUMBER - value: {{ .Values.containerPorts.mgmt | quote }} - - name: WILDFLY_SERVER_LISTEN_ADDRESS - value: "0.0.0.0" - - name: WILDFLY_MANAGEMENT_LISTEN_ADDRESS - value: {{ ternary "0.0.0.0" "127.0.0.1" .Values.exposeManagementConsole | quote }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- end }} - ports: - - name: http - containerPort: {{ .Values.containerPorts.http }} - - name: mgmt - containerPort: {{ .Values.containerPorts.mgmt }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/wildfly - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: data - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ template "common.names.fullname" . }} - {{- else }} - emptyDir: {} - {{- end -}} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} diff --git a/bitnami/wildfly/templates/extra-list.yaml b/bitnami/wildfly/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/wildfly/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/wildfly/templates/ingress.yaml b/bitnami/wildfly/templates/ingress.yaml deleted file mode 100644 index 1b402be..0000000 --- a/bitnami/wildfly/templates/ingress.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.ingress.annotations .Values.commonAnnotations .Values.ingress.certManager }} - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname | quote }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.ingress.tls .Values.ingress.extraTls }} - tls: - {{- if .Values.ingress.tls }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - {{- range .Values.ingress.extraHosts }} - - {{ .name | quote }} - {{- end }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/wildfly/templates/management-ingress.yaml b/bitnami/wildfly/templates/management-ingress.yaml deleted file mode 100644 index a677cec..0000000 --- a/bitnami/wildfly/templates/management-ingress.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if and .Values.exposeManagementConsole .Values.mgmtIngress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ printf "%s-%s" (include "common.names.fullname" .) "management" }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.mgmtIngress.annotations .Values.commonAnnotations .Values.mgmtIngress.certManager }} - annotations: - {{- if .Values.mgmtIngress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- if .Values.mgmtIngress.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.mgmtIngress.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - rules: - {{- if .Values.mgmtIngress.hostname }} - - host: {{ .Values.mgmtIngress.hostname | quote }} - http: - paths: - {{- if .Values.mgmtIngress.extraPaths }} - {{- toYaml .Values.mgmtIngress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.mgmtIngress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.mgmtIngress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "mgmt" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.mgmtIngress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "mgmt" "context" $) | nindent 14 }} - {{- end }} - {{- if or .Values.mgmtIngress.tls .Values.mgmtIngress.extraTls }} - tls: - {{- if .Values.mgmtIngress.tls }} - - hosts: - - {{ .Values.mgmtIngress.hostname | quote }} - {{- range .Values.mgmtIngress.extraHosts }} - - {{ .name | quote }} - {{- end }} - secretName: {{ printf "%s-tls" .Values.mgmtIngress.hostname }} - {{- end }} - {{- if .Values.mgmtIngress.extraTls }} - {{- include "common.tplvalues.render" ( dict "value" .Values.mgmtIngress.extraTls "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/bitnami/wildfly/templates/pvc.yaml b/bitnami/wildfly/templates/pvc.yaml deleted file mode 100644 index b982de5..0000000 --- a/bitnami/wildfly/templates/pvc.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.persistence.enabled -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} -{{- end -}} diff --git a/bitnami/wildfly/templates/secrets.yaml b/bitnami/wildfly/templates/secrets.yaml deleted file mode 100644 index 398adfe..0000000 --- a/bitnami/wildfly/templates/secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if .Values.wildflyPassword }} - wildfly-password: {{ .Values.wildflyPassword | b64enc | quote }} - {{- else }} - wildfly-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} diff --git a/bitnami/wildfly/templates/svc.yaml b/bitnami/wildfly/templates/svc.yaml deleted file mode 100644 index a5142b4..0000000 --- a/bitnami/wildfly/templates/svc.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges) }} - loadBalancerSourceRanges: {{- toYaml . | nindent 4 }} - {{- end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port}} - targetPort: http - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} - nodePort: {{ .Values.service.nodePorts.http }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if or (eq .Values.service.type "ClusterIP") .Values.exposeManagementConsole }} - - name: mgmt - port: {{ .Values.service.mgmtPort}} - targetPort: mgmt - {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.mgmt)) }} - nodePort: {{ .Values.service.nodePorts.mgmt }} - {{- else if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/wildfly/templates/tls-secrets.yaml b/bitnami/wildfly/templates/tls-secrets.yaml deleted file mode 100644 index 8fb43e1..0000000 --- a/bitnami/wildfly/templates/tls-secrets.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if or .Values.ingress.enabled .Values.mgmtIngress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if .Values.mgmtIngress.secrets }} -{{- range .Values.mgmtIngress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls (not .Values.ingress.certManager) }} -{{- $ca := genCA "wildfly-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- if and .Values.mgmtIngress.tls (not .Values.mgmtIngress.certManager) }} -{{- $ca := genCA "wildfly-ca" 365 }} -{{- $cert := genSignedCert .Values.mgmtIngress.hostname nil (list .Values.mgmtIngress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.mgmtIngress.hostname }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/bitnami/wildfly/values.yaml b/bitnami/wildfly/values.yaml deleted file mode 100644 index c842830..0000000 --- a/bitnami/wildfly/values.yaml +++ /dev/null @@ -1,551 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets [array] Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param commonLabels [object] Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations [object] Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local -## @param extraDeploy [array] Array of extra objects to deploy with the release -## -extraDeploy: [] - -## @section WildFly Image parameters - -## Bitnami WildFly image -## ref: https://hub.docker.com/r/bitnami/redis/tags/ -## @param image.registry WildFly image registry -## @param image.repository WildFly image repository -## @param image.tag WildFly image tag (immutable tags are recommended) -## @param image.pullPolicy WildFly image pull policy -## @param image.pullSecrets [array] WildFly image pull secrets -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/wildfly - tag: 24.0.1-debian-10-r44 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - -## @section WildFly Configuration parameters -## WildFly settings based on environment variables -## ref: https://github.com/bitnami/bitnami-docker-wildfly#configuration - -## @param wildflyUsername WildFly username -## -wildflyUsername: user -## @param wildflyPassword WildFly user password -## Defaults to a random 10-character alphanumeric string if not set -## -wildflyPassword: "" -## @param exposeManagementConsole Allows exposing the WildFly Management console outside the cluster -## -exposeManagementConsole: false -## @param command [array] Override default container command (useful when using custom images) -## -command: [] -## @param args [array] Override default container args (useful when using custom images) -## -args: [] -## @param extraEnvVars [array] Array with extra environment variables to add to the WildFly container -## e.g: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars -## -extraEnvVarsSecret: "" - -## @section WildFly deployment parameters - -## @param replicaCount Number of Wildfly replicas to deploy -## -replicaCount: 1 -## @param updateStrategy.type WildFly deployment strategy type -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## NOTE: Set it to `Recreate` if you use a PV that cannot be mounted on multiple pods -## e.g: -## updateStrategy: -## type: RollingUpdate -## rollingUpdate: -## maxSurge: 25% -## maxUnavailable: 25% -## -updateStrategy: - type: RollingUpdate -## @param hostAliases [array] WildFly pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param extraVolumes [array] Optionally specify extra list of additional volumes for WildFly pods -## -extraVolumes: [] -## @param extraVolumeMounts [array] Optionally specify extra list of additional volumeMounts for WildFly container(s) -## -extraVolumeMounts: [] -## @param sidecars [array] Add additional sidecar containers to the WildFly pod -## e.g: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] -## @param initContainers [array] Add additional init containers to the WildFly pods -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## e.g: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param podLabels [object] Extra labels for WildFly pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations [object] Annotations for WildFly pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set - ## - key: "" - ## @param nodeAffinityPreset.values [array] Node label values to match. Ignored if `affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity [object] Affinity for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## NOTE: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector [object] Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations [object] Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: {} -## WildFly containers' resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## @param resources.limits [object] The resources limits for the WildFly container -## @param resources.requests [object] The requested resources for the WildFly container -## -resources: - limits: {} - requests: - memory: 512Mi - cpu: 300m -## Container ports -## @param containerPorts.http WildFly HTTP container port -## @param containerPorts.mgmt WildFly HTTPS container port -## -containerPorts: - http: 8080 - mgmt: 9990 -## Configure Pods Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled WildFly pods' Security Context -## @param podSecurityContext.fsGroup Set WildFly pod's Security Context fsGroup -## -podSecurityContext: - enabled: true - fsGroup: 1001 -## Configure Container Security Context (only main container) -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled WildFly containers' Security Context -## @param containerSecurityContext.runAsUser Set WildFly container's Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set WildFly container's Security Context runAsNonRoot -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true -## Configure extra options for WildFly containers' liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @skip livenessProbe.httpGet -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - httpGet: - path: / - port: http - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -## @param readinessProbe.enabled Enable readinessProbe -## @skip readinessProbe.httpGet -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - httpGet: - path: / - port: http - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 3 - successThreshold: 1 -## @param customLivenessProbe [object] Custom livenessProbe that overrides the default one -## -customLivenessProbe: {} -## @param customReadinessProbe [object] Custom readinessProbe that overrides the default one -## -customReadinessProbe: {} - -## @section Traffic Exposure Parameters - -## WildFly service parameters -## -service: - ## @param service.type WildFly service type - ## - type: LoadBalancer - ## @param service.port WildFly service HTTP port - ## - port: 80 - ## @param service.mgmtPort WildFly service management console port - ## - mgmtPort: 9990 - ## Node ports to expose - ## @param service.nodePorts.http Node port for HTTP - ## @param service.nodePorts.mgmt Node port for Management console - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - http: "" - mgmt: "" - ## @param service.clusterIP WildFly service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.loadBalancerIP WildFly service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer - ## - loadBalancerIP: "" - ## @param service.loadBalancerSourceRanges [array] WildFly service Load Balancer sources - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.externalTrafficPolicy WildFly service external traffic policy - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.annotations [object] Additional custom annotations for WildFly service - ## - annotations: {} - ## @param service.extraPorts [array] Extra ports to expose on WildFly service - ## - extraPorts: [] -## Configure the ingress resource that allows you to access the WildFly installation -## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress record generation for WildFly - ## - enabled: false - ## @param ingress.certManager Add the corresponding annotations for cert-manager integration - ## - certManager: false - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.hostname Default host for the ingress record - ## - hostname: wildfly.local - ## @param ingress.path Default path for the ingress record - ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers - ## - path: / - ## @param ingress.annotations [object] Additional custom annotations for the ingress record - ## NOTE: If `ingress.certManager=true`, annotation `kubernetes.io/tls-acme: "true"` will automatically be added - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Relay on cert-manager to create it by setting `ingress.certManager=true` - ## - Relay on Helm to create self-signed certificates by setting `ingress.tls=true` and `ingress.certManager=false` - ## - tls: false - ## @param ingress.extraHosts [array] An array with additional hostname(s) to be covered with the ingress record - ## e.g: - ## extraHosts: - ## - name: wildfly.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths [array] An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls [array] TLS configuration for additional hostname(s) to be covered with this ingress record - ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - wildfly.local - ## secretName: wildfly.local-tls - ## - extraTls: [] - ## @param ingress.secrets [array] Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: wildfly.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] -## Management Console Ingress parameters -## -mgmtIngress: - ## @param mgmtIngress.enabled Set to true to enable ingress record generation for the Management console - ## - enabled: false - ## @param mgmtIngress.certManager Set this to true in order to add the corresponding annotations for cert-manager - ## - certManager: false - ## @param mgmtIngress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param mgmtIngress.hostname When the Management ingress is enabled, a host pointing to this will be created - ## - hostname: management.local - ## @param mgmtIngress.annotations Health Ingress annotations - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - ## - annotations: {} - ## @param mgmtIngress.tls Enable TLS configuration for the hostname defined at `mgmtIngress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.mgmtIngress.hostname }} - ## You can use the mgmtIngress.secrets parameter to create this TLS secret, relay on cert-manager to create it, or - ## let the chart create self-signed certificates for you - ## - tls: false - ## @param mgmtIngress.extraHosts The list of additional hostnames to be covered with this Management ingress record - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## E.g. - ## extraHosts: - ## - name: management.local - ## path: / - ## - extraHosts: [] - ## @param mgmtIngress.extraPaths [array] An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param mgmtIngress.extraTls TLS configuration for additional hostnames to be covered - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## E.g. - ## extraTls: - ## - hosts: - ## - management.local - ## secretName: management.local-tls - ## - extraTls: [] - ## @param mgmtIngress.secrets TLS Secret configuration - ## If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or -----BEGIN RSA PRIVATE KEY----- - ## name should line up with a secretName set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create the secret for you - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - ## E.g. - ## secrets: - ## - name: management.local-tls - ## key: - ## certificate: - ## - secrets: [] - -## @section Persistence Parameters - -## Persistence Parameters -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - ## @param persistence.enabled Enable persistence using Persistent Volume Claims - ## - enabled: true - ## @param persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param persistence.accessModes [array] Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param persistence.size Persistent Volume size - ## - size: 8Gi -## 'volumePermissions' init container parameters -## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values -## based on the podSecurityContext/containerSecurityContext parameters -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` - ## - enabled: false - ## Bitnami Shell image - ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ - ## @param volumePermissions.image.registry Bitnami Shell image registry - ## @param volumePermissions.image.repository Bitnami Shell image repository - ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy - ## @param volumePermissions.image.pullSecrets [array] Bitnami Shell image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r188 - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container's resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## @param volumePermissions.resources.limits [object] The resources limits for the init container - ## @param volumePermissions.resources.requests [object] The requested resources for the init container - ## - resources: - limits: {} - requests: {} - ## Init container Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param volumePermissions.securityContext.runAsUser Set init container's Security Context runAsUser - ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the - ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) - ## - securityContext: - runAsUser: 0 diff --git a/bitnami/wordpress/.helmignore b/bitnami/wordpress/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/wordpress/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/wordpress/ci/ct-values.yaml b/bitnami/wordpress/ci/ct-values.yaml deleted file mode 100644 index b738e2a..0000000 --- a/bitnami/wordpress/ci/ct-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -service: - type: ClusterIP diff --git a/bitnami/wordpress/ci/values-hpa-pdb.yaml b/bitnami/wordpress/ci/values-hpa-pdb.yaml deleted file mode 100644 index d996388..0000000 --- a/bitnami/wordpress/ci/values-hpa-pdb.yaml +++ /dev/null @@ -1,4 +0,0 @@ -autoscaling: - enabled: true -pdb: - create: true diff --git a/bitnami/wordpress/templates/extra-list.yaml b/bitnami/wordpress/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/wordpress/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/bitnami/wordpress/templates/hpa.yaml b/bitnami/wordpress/templates/hpa.yaml deleted file mode 100644 index d9f3131..0000000 --- a/bitnami/wordpress/templates/hpa.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ template "common.names.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- end }} - {{- if .Values.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- end }} -{{- end }} diff --git a/bitnami/wordpress/templates/pdb.yaml b/bitnami/wordpress/templates/pdb.yaml deleted file mode 100644 index c37a3d0..0000000 --- a/bitnami/wordpress/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.pdb.create }} -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/bitnami/wordpress/templates/servicemonitor.yaml b/bitnami/wordpress/templates/servicemonitor.yaml deleted file mode 100644 index fef4982..0000000 --- a/bitnami/wordpress/templates/servicemonitor.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace | quote }} - {{- else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: metrics - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- if .Values.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: metrics -{{- end }} diff --git a/bitnami/zookeeper/.helmignore b/bitnami/zookeeper/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/bitnami/zookeeper/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/bitnami/zookeeper/templates/extra-list.yaml b/bitnami/zookeeper/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/bitnami/zookeeper/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/metadata/artifacthub-pkg.yml b/metadata/artifacthub-pkg.yml deleted file mode 100644 index f57c88a..0000000 --- a/metadata/artifacthub-pkg.yml +++ /dev/null @@ -1,59 +0,0 @@ -# Artifact Hub package metadata file -version: A SemVer 2 version (required) -name: The name of the package (only alphanum, no spaces, dashes allowed) (required) -displayName: The name of the package nicely formatted (required) -createdAt: The date this package was created (RFC3339 layout) (required) -description: A short description of the package (required) -logoPath: Path to the logo image file relative to the package directory (optional, but it improves package visibility) -logoURL: The URL of the logo image (optional, an alternative to logoPath if the image is hosted somewhere else) -digest: String that uniquely identifies this package version (optional) -license: SPDX identifier of the package license (https://spdx.org/licenses/) (optional) -homeURL: The URL of the project home page (optional) -appVersion: The version of the app that this contains (optional) -containersImages: # (optional) - - name: Image identifier (optional) - image: The format should match ${REGISTRYHOST}/${USERNAME}/${NAME}:${TAG} - whitelisted: When set to true, this image won't be scanned for security vulnerabilities -containsSecurityUpdates: Whether this package version contains security updates (optional, boolean) -operator: Whether this package is an Operator (optional, boolean) -deprecated: Whether this package is deprecated (optional, boolean) -prerelease: Whether this package version is a pre-release (optional, boolean) -keywords: # (optional) - - A list of keywords about this package - - Using one or more categories names as keywords will improve package visibility -links: # (optional) - - name: Title of the link (required for each link) - url: URL of the link (required for each link) -readme: | # (optional, can be provided from a README.md file as well) - Package documentation in markdown format - - Content added here will be rendered on Artifact Hub -install: | # (optional) - Brief install instructions in markdown format - - Content added here will be displayed when the INSTALL button on the package details page is clicked. -changes: # (optional - it is also possible to provide a list of strings with just the descriptions instead of using objects) - - kind: added # Supported kinds are: added, changed, deprecated, removed, fixed and security - description: cool feature - links: - - name: Github Issue - url: https://github.com/issue-url - - name: Github PR - url: https://github.com/pr-url - - kind: fixed - description: minor bug - links: - - name: Github Issue - url: https://github.com/issue-url -maintainers: # (optional) - - name: The maintainer name (required for each maintainer) - email: The maintainer email (required for each maintainer) -provider: # (optional) - name: The name of the individual, company, or service that provides this package -ignore: # (optional, used to ignore some falco rules or opa policies files in a package) - - lib # Entries use .gitignore syntax) -recommendations: # (optional, list of recommended packages) - - url: https://artifacthub.io/packages/helm/artifact-hub/artifact-hub -annotations: # (optional, keys and values must be strings) - key1: value1 - key2: value2 \ No newline at end of file diff --git a/bitnami/airflow/.helmignore b/riftbit/airflow/.helmignore similarity index 100% rename from bitnami/airflow/.helmignore rename to riftbit/airflow/.helmignore diff --git a/bitnami/airflow/Chart.lock b/riftbit/airflow/Chart.lock similarity index 100% rename from bitnami/airflow/Chart.lock rename to riftbit/airflow/Chart.lock diff --git a/bitnami/airflow/Chart.yaml b/riftbit/airflow/Chart.yaml similarity index 100% rename from bitnami/airflow/Chart.yaml rename to riftbit/airflow/Chart.yaml diff --git a/bitnami/airflow/README.md b/riftbit/airflow/README.md similarity index 100% rename from bitnami/airflow/README.md rename to riftbit/airflow/README.md diff --git a/bitnami/airflow/ci/values-production-with-config.yaml b/riftbit/airflow/ci/values-production-with-config.yaml similarity index 100% rename from bitnami/airflow/ci/values-production-with-config.yaml rename to riftbit/airflow/ci/values-production-with-config.yaml diff --git a/bitnami/airflow/files/dags/README.md b/riftbit/airflow/files/dags/README.md similarity index 100% rename from bitnami/airflow/files/dags/README.md rename to riftbit/airflow/files/dags/README.md diff --git a/bitnami/airflow/templates/NOTES.txt b/riftbit/airflow/templates/NOTES.txt similarity index 100% rename from bitnami/airflow/templates/NOTES.txt rename to riftbit/airflow/templates/NOTES.txt diff --git a/bitnami/airflow/templates/_git_helpers.tpl b/riftbit/airflow/templates/_git_helpers.tpl similarity index 100% rename from bitnami/airflow/templates/_git_helpers.tpl rename to riftbit/airflow/templates/_git_helpers.tpl diff --git a/bitnami/airflow/templates/_helpers.tpl b/riftbit/airflow/templates/_helpers.tpl similarity index 100% rename from bitnami/airflow/templates/_helpers.tpl rename to riftbit/airflow/templates/_helpers.tpl diff --git a/bitnami/airflow/templates/config/configmap.yaml b/riftbit/airflow/templates/config/configmap.yaml similarity index 100% rename from bitnami/airflow/templates/config/configmap.yaml rename to riftbit/airflow/templates/config/configmap.yaml diff --git a/bitnami/airflow/templates/config/secret-external-db.yaml b/riftbit/airflow/templates/config/secret-external-db.yaml similarity index 100% rename from bitnami/airflow/templates/config/secret-external-db.yaml rename to riftbit/airflow/templates/config/secret-external-db.yaml diff --git a/bitnami/airflow/templates/config/secret-external-redis.yaml b/riftbit/airflow/templates/config/secret-external-redis.yaml similarity index 100% rename from bitnami/airflow/templates/config/secret-external-redis.yaml rename to riftbit/airflow/templates/config/secret-external-redis.yaml diff --git a/bitnami/airflow/templates/config/secret-ldap.yaml b/riftbit/airflow/templates/config/secret-ldap.yaml similarity index 100% rename from bitnami/airflow/templates/config/secret-ldap.yaml rename to riftbit/airflow/templates/config/secret-ldap.yaml diff --git a/bitnami/airflow/templates/config/secret.yaml b/riftbit/airflow/templates/config/secret.yaml similarity index 100% rename from bitnami/airflow/templates/config/secret.yaml rename to riftbit/airflow/templates/config/secret.yaml diff --git a/bitnami/airflow/templates/extradeploy.yaml b/riftbit/airflow/templates/extradeploy.yaml similarity index 100% rename from bitnami/airflow/templates/extradeploy.yaml rename to riftbit/airflow/templates/extradeploy.yaml diff --git a/bitnami/airflow/templates/metrics/deployment.yaml b/riftbit/airflow/templates/metrics/deployment.yaml similarity index 100% rename from bitnami/airflow/templates/metrics/deployment.yaml rename to riftbit/airflow/templates/metrics/deployment.yaml diff --git a/bitnami/airflow/templates/metrics/service.yaml b/riftbit/airflow/templates/metrics/service.yaml similarity index 100% rename from bitnami/airflow/templates/metrics/service.yaml rename to riftbit/airflow/templates/metrics/service.yaml diff --git a/bitnami/airflow/templates/metrics/servicemonitor.yaml b/riftbit/airflow/templates/metrics/servicemonitor.yaml similarity index 100% rename from bitnami/airflow/templates/metrics/servicemonitor.yaml rename to riftbit/airflow/templates/metrics/servicemonitor.yaml diff --git a/bitnami/airflow/templates/rbac/role.yaml b/riftbit/airflow/templates/rbac/role.yaml similarity index 100% rename from bitnami/airflow/templates/rbac/role.yaml rename to riftbit/airflow/templates/rbac/role.yaml diff --git a/bitnami/airflow/templates/rbac/rolebinding.yaml b/riftbit/airflow/templates/rbac/rolebinding.yaml similarity index 100% rename from bitnami/airflow/templates/rbac/rolebinding.yaml rename to riftbit/airflow/templates/rbac/rolebinding.yaml diff --git a/bitnami/airflow/templates/rbac/serviceaccount.yaml b/riftbit/airflow/templates/rbac/serviceaccount.yaml similarity index 100% rename from bitnami/airflow/templates/rbac/serviceaccount.yaml rename to riftbit/airflow/templates/rbac/serviceaccount.yaml diff --git a/bitnami/airflow/templates/scheduler/deployment.yaml b/riftbit/airflow/templates/scheduler/deployment.yaml similarity index 100% rename from bitnami/airflow/templates/scheduler/deployment.yaml rename to riftbit/airflow/templates/scheduler/deployment.yaml diff --git a/bitnami/airflow/templates/scheduler/networkpolicy.yaml b/riftbit/airflow/templates/scheduler/networkpolicy.yaml similarity index 100% rename from bitnami/airflow/templates/scheduler/networkpolicy.yaml rename to riftbit/airflow/templates/scheduler/networkpolicy.yaml diff --git a/bitnami/airflow/templates/scheduler/poddisruptionbudget.yaml b/riftbit/airflow/templates/scheduler/poddisruptionbudget.yaml similarity index 100% rename from bitnami/airflow/templates/scheduler/poddisruptionbudget.yaml rename to riftbit/airflow/templates/scheduler/poddisruptionbudget.yaml diff --git a/bitnami/airflow/templates/scheduler/service-headless.yaml b/riftbit/airflow/templates/scheduler/service-headless.yaml similarity index 100% rename from bitnami/airflow/templates/scheduler/service-headless.yaml rename to riftbit/airflow/templates/scheduler/service-headless.yaml diff --git a/bitnami/airflow/templates/web/deployment.yaml b/riftbit/airflow/templates/web/deployment.yaml similarity index 100% rename from bitnami/airflow/templates/web/deployment.yaml rename to riftbit/airflow/templates/web/deployment.yaml diff --git a/bitnami/airflow/templates/web/ingress.yaml b/riftbit/airflow/templates/web/ingress.yaml similarity index 100% rename from bitnami/airflow/templates/web/ingress.yaml rename to riftbit/airflow/templates/web/ingress.yaml diff --git a/bitnami/airflow/templates/web/poddisruptionbudget.yaml b/riftbit/airflow/templates/web/poddisruptionbudget.yaml similarity index 100% rename from bitnami/airflow/templates/web/poddisruptionbudget.yaml rename to riftbit/airflow/templates/web/poddisruptionbudget.yaml diff --git a/bitnami/airflow/templates/web/service.yaml b/riftbit/airflow/templates/web/service.yaml similarity index 100% rename from bitnami/airflow/templates/web/service.yaml rename to riftbit/airflow/templates/web/service.yaml diff --git a/bitnami/airflow/templates/worker/horizontalpodautoscaler.yaml b/riftbit/airflow/templates/worker/horizontalpodautoscaler.yaml similarity index 100% rename from bitnami/airflow/templates/worker/horizontalpodautoscaler.yaml rename to riftbit/airflow/templates/worker/horizontalpodautoscaler.yaml diff --git a/bitnami/airflow/templates/worker/networkpolicy.yaml b/riftbit/airflow/templates/worker/networkpolicy.yaml similarity index 100% rename from bitnami/airflow/templates/worker/networkpolicy.yaml rename to riftbit/airflow/templates/worker/networkpolicy.yaml diff --git a/bitnami/airflow/templates/worker/poddisruptionbudget.yaml b/riftbit/airflow/templates/worker/poddisruptionbudget.yaml similarity index 100% rename from bitnami/airflow/templates/worker/poddisruptionbudget.yaml rename to riftbit/airflow/templates/worker/poddisruptionbudget.yaml diff --git a/bitnami/airflow/templates/worker/service-headless.yaml b/riftbit/airflow/templates/worker/service-headless.yaml similarity index 100% rename from bitnami/airflow/templates/worker/service-headless.yaml rename to riftbit/airflow/templates/worker/service-headless.yaml diff --git a/bitnami/airflow/templates/worker/statefulset.yaml b/riftbit/airflow/templates/worker/statefulset.yaml similarity index 100% rename from bitnami/airflow/templates/worker/statefulset.yaml rename to riftbit/airflow/templates/worker/statefulset.yaml diff --git a/bitnami/airflow/values.yaml b/riftbit/airflow/values.yaml similarity index 100% rename from bitnami/airflow/values.yaml rename to riftbit/airflow/values.yaml diff --git a/bitnami/argo-cd/.helmignore b/riftbit/argo-cd/.helmignore similarity index 100% rename from bitnami/argo-cd/.helmignore rename to riftbit/argo-cd/.helmignore diff --git a/bitnami/argo-cd/Chart.lock b/riftbit/argo-cd/Chart.lock similarity index 100% rename from bitnami/argo-cd/Chart.lock rename to riftbit/argo-cd/Chart.lock diff --git a/bitnami/argo-cd/Chart.yaml b/riftbit/argo-cd/Chart.yaml similarity index 100% rename from bitnami/argo-cd/Chart.yaml rename to riftbit/argo-cd/Chart.yaml diff --git a/bitnami/argo-cd/README.md b/riftbit/argo-cd/README.md similarity index 100% rename from bitnami/argo-cd/README.md rename to riftbit/argo-cd/README.md diff --git a/bitnami/argo-cd/crds/application.yaml b/riftbit/argo-cd/crds/application.yaml similarity index 100% rename from bitnami/argo-cd/crds/application.yaml rename to riftbit/argo-cd/crds/application.yaml diff --git a/bitnami/argo-cd/crds/project.yaml b/riftbit/argo-cd/crds/project.yaml similarity index 100% rename from bitnami/argo-cd/crds/project.yaml rename to riftbit/argo-cd/crds/project.yaml diff --git a/bitnami/argo-cd/templates/NOTES.txt b/riftbit/argo-cd/templates/NOTES.txt similarity index 100% rename from bitnami/argo-cd/templates/NOTES.txt rename to riftbit/argo-cd/templates/NOTES.txt diff --git a/bitnami/argo-cd/templates/_helpers.tpl b/riftbit/argo-cd/templates/_helpers.tpl similarity index 100% rename from bitnami/argo-cd/templates/_helpers.tpl rename to riftbit/argo-cd/templates/_helpers.tpl diff --git a/bitnami/argo-cd/templates/application-controller/clusterrole.yaml b/riftbit/argo-cd/templates/application-controller/clusterrole.yaml similarity index 100% rename from bitnami/argo-cd/templates/application-controller/clusterrole.yaml rename to riftbit/argo-cd/templates/application-controller/clusterrole.yaml diff --git a/bitnami/argo-cd/templates/application-controller/clusterrolebinding.yaml b/riftbit/argo-cd/templates/application-controller/clusterrolebinding.yaml similarity index 100% rename from bitnami/argo-cd/templates/application-controller/clusterrolebinding.yaml rename to riftbit/argo-cd/templates/application-controller/clusterrolebinding.yaml diff --git a/bitnami/argo-cd/templates/application-controller/deployment.yaml b/riftbit/argo-cd/templates/application-controller/deployment.yaml similarity index 100% rename from bitnami/argo-cd/templates/application-controller/deployment.yaml rename to riftbit/argo-cd/templates/application-controller/deployment.yaml diff --git a/bitnami/argo-cd/templates/application-controller/metrics-svc.yaml b/riftbit/argo-cd/templates/application-controller/metrics-svc.yaml similarity index 100% rename from bitnami/argo-cd/templates/application-controller/metrics-svc.yaml rename to riftbit/argo-cd/templates/application-controller/metrics-svc.yaml diff --git a/bitnami/argo-cd/templates/application-controller/prometheus-rule.yaml b/riftbit/argo-cd/templates/application-controller/prometheus-rule.yaml similarity index 100% rename from bitnami/argo-cd/templates/application-controller/prometheus-rule.yaml rename to riftbit/argo-cd/templates/application-controller/prometheus-rule.yaml diff --git a/bitnami/argo-cd/templates/application-controller/role.yaml b/riftbit/argo-cd/templates/application-controller/role.yaml similarity index 100% rename from bitnami/argo-cd/templates/application-controller/role.yaml rename to riftbit/argo-cd/templates/application-controller/role.yaml diff --git a/bitnami/argo-cd/templates/application-controller/rolebinding.yaml b/riftbit/argo-cd/templates/application-controller/rolebinding.yaml similarity index 100% rename from bitnami/argo-cd/templates/application-controller/rolebinding.yaml rename to riftbit/argo-cd/templates/application-controller/rolebinding.yaml diff --git a/bitnami/argo-cd/templates/application-controller/service-account.yaml b/riftbit/argo-cd/templates/application-controller/service-account.yaml similarity index 100% rename from bitnami/argo-cd/templates/application-controller/service-account.yaml rename to riftbit/argo-cd/templates/application-controller/service-account.yaml diff --git a/bitnami/argo-cd/templates/application-controller/service.yaml b/riftbit/argo-cd/templates/application-controller/service.yaml similarity index 100% rename from bitnami/argo-cd/templates/application-controller/service.yaml rename to riftbit/argo-cd/templates/application-controller/service.yaml diff --git a/bitnami/argo-cd/templates/application-controller/servicemonitor.yaml b/riftbit/argo-cd/templates/application-controller/servicemonitor.yaml similarity index 100% rename from bitnami/argo-cd/templates/application-controller/servicemonitor.yaml rename to riftbit/argo-cd/templates/application-controller/servicemonitor.yaml diff --git a/bitnami/argo-cd/templates/argocd-cm.yaml b/riftbit/argo-cd/templates/argocd-cm.yaml similarity index 100% rename from bitnami/argo-cd/templates/argocd-cm.yaml rename to riftbit/argo-cd/templates/argocd-cm.yaml diff --git a/bitnami/argo-cd/templates/argocd-secret.yaml b/riftbit/argo-cd/templates/argocd-secret.yaml similarity index 100% rename from bitnami/argo-cd/templates/argocd-secret.yaml rename to riftbit/argo-cd/templates/argocd-secret.yaml diff --git a/bitnami/argo-cd/templates/cluster-configs.yaml b/riftbit/argo-cd/templates/cluster-configs.yaml similarity index 100% rename from bitnami/argo-cd/templates/cluster-configs.yaml rename to riftbit/argo-cd/templates/cluster-configs.yaml diff --git a/bitnami/argo-cd/templates/dex/deployment.yaml b/riftbit/argo-cd/templates/dex/deployment.yaml similarity index 100% rename from bitnami/argo-cd/templates/dex/deployment.yaml rename to riftbit/argo-cd/templates/dex/deployment.yaml diff --git a/bitnami/argo-cd/templates/dex/metrics-svc.yaml b/riftbit/argo-cd/templates/dex/metrics-svc.yaml similarity index 100% rename from bitnami/argo-cd/templates/dex/metrics-svc.yaml rename to riftbit/argo-cd/templates/dex/metrics-svc.yaml diff --git a/bitnami/argo-cd/templates/dex/role.yaml b/riftbit/argo-cd/templates/dex/role.yaml similarity index 100% rename from bitnami/argo-cd/templates/dex/role.yaml rename to riftbit/argo-cd/templates/dex/role.yaml diff --git a/bitnami/argo-cd/templates/dex/rolebinding.yaml b/riftbit/argo-cd/templates/dex/rolebinding.yaml similarity index 100% rename from bitnami/argo-cd/templates/dex/rolebinding.yaml rename to riftbit/argo-cd/templates/dex/rolebinding.yaml diff --git a/bitnami/argo-cd/templates/dex/service-account.yaml b/riftbit/argo-cd/templates/dex/service-account.yaml similarity index 100% rename from bitnami/argo-cd/templates/dex/service-account.yaml rename to riftbit/argo-cd/templates/dex/service-account.yaml diff --git a/bitnami/argo-cd/templates/dex/service.yaml b/riftbit/argo-cd/templates/dex/service.yaml similarity index 100% rename from bitnami/argo-cd/templates/dex/service.yaml rename to riftbit/argo-cd/templates/dex/service.yaml diff --git a/bitnami/argo-cd/templates/dex/servicemonitor.yaml b/riftbit/argo-cd/templates/dex/servicemonitor.yaml similarity index 100% rename from bitnami/argo-cd/templates/dex/servicemonitor.yaml rename to riftbit/argo-cd/templates/dex/servicemonitor.yaml diff --git a/bitnami/argo-cd/templates/extra-list.yaml b/riftbit/argo-cd/templates/extra-list.yaml similarity index 100% rename from bitnami/argo-cd/templates/extra-list.yaml rename to riftbit/argo-cd/templates/extra-list.yaml diff --git a/bitnami/argo-cd/templates/known-hosts-cm.yaml b/riftbit/argo-cd/templates/known-hosts-cm.yaml similarity index 100% rename from bitnami/argo-cd/templates/known-hosts-cm.yaml rename to riftbit/argo-cd/templates/known-hosts-cm.yaml diff --git a/bitnami/argo-cd/templates/repo-server/deployment.yaml b/riftbit/argo-cd/templates/repo-server/deployment.yaml similarity index 100% rename from bitnami/argo-cd/templates/repo-server/deployment.yaml rename to riftbit/argo-cd/templates/repo-server/deployment.yaml diff --git a/bitnami/argo-cd/templates/repo-server/hpa.yaml b/riftbit/argo-cd/templates/repo-server/hpa.yaml similarity index 100% rename from bitnami/argo-cd/templates/repo-server/hpa.yaml rename to riftbit/argo-cd/templates/repo-server/hpa.yaml diff --git a/bitnami/argo-cd/templates/repo-server/metrics-svc.yaml b/riftbit/argo-cd/templates/repo-server/metrics-svc.yaml similarity index 100% rename from bitnami/argo-cd/templates/repo-server/metrics-svc.yaml rename to riftbit/argo-cd/templates/repo-server/metrics-svc.yaml diff --git a/bitnami/argo-cd/templates/repo-server/repository-credentials-secret.yaml b/riftbit/argo-cd/templates/repo-server/repository-credentials-secret.yaml similarity index 100% rename from bitnami/argo-cd/templates/repo-server/repository-credentials-secret.yaml rename to riftbit/argo-cd/templates/repo-server/repository-credentials-secret.yaml diff --git a/bitnami/argo-cd/templates/repo-server/role.yaml b/riftbit/argo-cd/templates/repo-server/role.yaml similarity index 100% rename from bitnami/argo-cd/templates/repo-server/role.yaml rename to riftbit/argo-cd/templates/repo-server/role.yaml diff --git a/bitnami/argo-cd/templates/repo-server/rolebinding.yaml b/riftbit/argo-cd/templates/repo-server/rolebinding.yaml similarity index 100% rename from bitnami/argo-cd/templates/repo-server/rolebinding.yaml rename to riftbit/argo-cd/templates/repo-server/rolebinding.yaml diff --git a/bitnami/argo-cd/templates/repo-server/service-account.yaml b/riftbit/argo-cd/templates/repo-server/service-account.yaml similarity index 100% rename from bitnami/argo-cd/templates/repo-server/service-account.yaml rename to riftbit/argo-cd/templates/repo-server/service-account.yaml diff --git a/bitnami/argo-cd/templates/repo-server/service.yaml b/riftbit/argo-cd/templates/repo-server/service.yaml similarity index 100% rename from bitnami/argo-cd/templates/repo-server/service.yaml rename to riftbit/argo-cd/templates/repo-server/service.yaml diff --git a/bitnami/argo-cd/templates/repo-server/servicemonitor.yaml b/riftbit/argo-cd/templates/repo-server/servicemonitor.yaml similarity index 100% rename from bitnami/argo-cd/templates/repo-server/servicemonitor.yaml rename to riftbit/argo-cd/templates/repo-server/servicemonitor.yaml diff --git a/bitnami/argo-cd/templates/server/clusterrole.yaml b/riftbit/argo-cd/templates/server/clusterrole.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/clusterrole.yaml rename to riftbit/argo-cd/templates/server/clusterrole.yaml diff --git a/bitnami/argo-cd/templates/server/clusterrolebinding.yaml b/riftbit/argo-cd/templates/server/clusterrolebinding.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/clusterrolebinding.yaml rename to riftbit/argo-cd/templates/server/clusterrolebinding.yaml diff --git a/bitnami/argo-cd/templates/server/deployment.yaml b/riftbit/argo-cd/templates/server/deployment.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/deployment.yaml rename to riftbit/argo-cd/templates/server/deployment.yaml diff --git a/bitnami/argo-cd/templates/server/grpc-tls-secret.yaml b/riftbit/argo-cd/templates/server/grpc-tls-secret.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/grpc-tls-secret.yaml rename to riftbit/argo-cd/templates/server/grpc-tls-secret.yaml diff --git a/bitnami/argo-cd/templates/server/hpa.yaml b/riftbit/argo-cd/templates/server/hpa.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/hpa.yaml rename to riftbit/argo-cd/templates/server/hpa.yaml diff --git a/bitnami/argo-cd/templates/server/ingress-grcp.yaml b/riftbit/argo-cd/templates/server/ingress-grcp.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/ingress-grcp.yaml rename to riftbit/argo-cd/templates/server/ingress-grcp.yaml diff --git a/bitnami/argo-cd/templates/server/ingress.yaml b/riftbit/argo-cd/templates/server/ingress.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/ingress.yaml rename to riftbit/argo-cd/templates/server/ingress.yaml diff --git a/bitnami/argo-cd/templates/server/metrics-svc.yaml b/riftbit/argo-cd/templates/server/metrics-svc.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/metrics-svc.yaml rename to riftbit/argo-cd/templates/server/metrics-svc.yaml diff --git a/bitnami/argo-cd/templates/server/role.yaml b/riftbit/argo-cd/templates/server/role.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/role.yaml rename to riftbit/argo-cd/templates/server/role.yaml diff --git a/bitnami/argo-cd/templates/server/rolebinding.yaml b/riftbit/argo-cd/templates/server/rolebinding.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/rolebinding.yaml rename to riftbit/argo-cd/templates/server/rolebinding.yaml diff --git a/bitnami/argo-cd/templates/server/service-account.yaml b/riftbit/argo-cd/templates/server/service-account.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/service-account.yaml rename to riftbit/argo-cd/templates/server/service-account.yaml diff --git a/bitnami/argo-cd/templates/server/service.yaml b/riftbit/argo-cd/templates/server/service.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/service.yaml rename to riftbit/argo-cd/templates/server/service.yaml diff --git a/bitnami/argo-cd/templates/server/servicemonitor.yaml b/riftbit/argo-cd/templates/server/servicemonitor.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/servicemonitor.yaml rename to riftbit/argo-cd/templates/server/servicemonitor.yaml diff --git a/bitnami/argo-cd/templates/server/tls-secret.yaml b/riftbit/argo-cd/templates/server/tls-secret.yaml similarity index 100% rename from bitnami/argo-cd/templates/server/tls-secret.yaml rename to riftbit/argo-cd/templates/server/tls-secret.yaml diff --git a/bitnami/argo-cd/templates/styles-cm.yaml b/riftbit/argo-cd/templates/styles-cm.yaml similarity index 100% rename from bitnami/argo-cd/templates/styles-cm.yaml rename to riftbit/argo-cd/templates/styles-cm.yaml diff --git a/bitnami/argo-cd/templates/tls-certs-cm.yaml b/riftbit/argo-cd/templates/tls-certs-cm.yaml similarity index 100% rename from bitnami/argo-cd/templates/tls-certs-cm.yaml rename to riftbit/argo-cd/templates/tls-certs-cm.yaml diff --git a/bitnami/argo-cd/values.yaml b/riftbit/argo-cd/values.yaml similarity index 100% rename from bitnami/argo-cd/values.yaml rename to riftbit/argo-cd/values.yaml diff --git a/bitnami/apache/.helmignore b/riftbit/cassandra/.helmignore similarity index 100% rename from bitnami/apache/.helmignore rename to riftbit/cassandra/.helmignore diff --git a/bitnami/cassandra/Chart.lock b/riftbit/cassandra/Chart.lock similarity index 100% rename from bitnami/cassandra/Chart.lock rename to riftbit/cassandra/Chart.lock diff --git a/bitnami/cassandra/Chart.yaml b/riftbit/cassandra/Chart.yaml similarity index 100% rename from bitnami/cassandra/Chart.yaml rename to riftbit/cassandra/Chart.yaml diff --git a/bitnami/cassandra/README.md b/riftbit/cassandra/README.md similarity index 100% rename from bitnami/cassandra/README.md rename to riftbit/cassandra/README.md diff --git a/bitnami/cassandra/ci/values-volume-permissions.yaml b/riftbit/cassandra/ci/values-volume-permissions.yaml similarity index 100% rename from bitnami/cassandra/ci/values-volume-permissions.yaml rename to riftbit/cassandra/ci/values-volume-permissions.yaml diff --git a/bitnami/cassandra/templates/NOTES.txt b/riftbit/cassandra/templates/NOTES.txt similarity index 100% rename from bitnami/cassandra/templates/NOTES.txt rename to riftbit/cassandra/templates/NOTES.txt diff --git a/bitnami/cassandra/templates/_helpers.tpl b/riftbit/cassandra/templates/_helpers.tpl similarity index 100% rename from bitnami/cassandra/templates/_helpers.tpl rename to riftbit/cassandra/templates/_helpers.tpl diff --git a/bitnami/cassandra/templates/cassandra-secret.yaml b/riftbit/cassandra/templates/cassandra-secret.yaml similarity index 100% rename from bitnami/cassandra/templates/cassandra-secret.yaml rename to riftbit/cassandra/templates/cassandra-secret.yaml diff --git a/bitnami/apache/templates/extra-list.yaml b/riftbit/cassandra/templates/extra-list.yaml similarity index 100% rename from bitnami/apache/templates/extra-list.yaml rename to riftbit/cassandra/templates/extra-list.yaml diff --git a/bitnami/cassandra/templates/headless-svc.yaml b/riftbit/cassandra/templates/headless-svc.yaml similarity index 100% rename from bitnami/cassandra/templates/headless-svc.yaml rename to riftbit/cassandra/templates/headless-svc.yaml diff --git a/bitnami/cassandra/templates/networkpolicy.yaml b/riftbit/cassandra/templates/networkpolicy.yaml similarity index 100% rename from bitnami/cassandra/templates/networkpolicy.yaml rename to riftbit/cassandra/templates/networkpolicy.yaml diff --git a/bitnami/cassandra/templates/pdb.yaml b/riftbit/cassandra/templates/pdb.yaml similarity index 100% rename from bitnami/cassandra/templates/pdb.yaml rename to riftbit/cassandra/templates/pdb.yaml diff --git a/bitnami/cassandra/templates/service.yaml b/riftbit/cassandra/templates/service.yaml similarity index 100% rename from bitnami/cassandra/templates/service.yaml rename to riftbit/cassandra/templates/service.yaml diff --git a/bitnami/cassandra/templates/serviceaccount.yaml b/riftbit/cassandra/templates/serviceaccount.yaml similarity index 100% rename from bitnami/cassandra/templates/serviceaccount.yaml rename to riftbit/cassandra/templates/serviceaccount.yaml diff --git a/bitnami/cassandra/templates/servicemonitor.yaml b/riftbit/cassandra/templates/servicemonitor.yaml similarity index 100% rename from bitnami/cassandra/templates/servicemonitor.yaml rename to riftbit/cassandra/templates/servicemonitor.yaml diff --git a/bitnami/cassandra/templates/statefulset.yaml b/riftbit/cassandra/templates/statefulset.yaml similarity index 100% rename from bitnami/cassandra/templates/statefulset.yaml rename to riftbit/cassandra/templates/statefulset.yaml diff --git a/bitnami/cassandra/templates/tls-secret.yaml b/riftbit/cassandra/templates/tls-secret.yaml similarity index 100% rename from bitnami/cassandra/templates/tls-secret.yaml rename to riftbit/cassandra/templates/tls-secret.yaml diff --git a/bitnami/cassandra/values.yaml b/riftbit/cassandra/values.yaml similarity index 100% rename from bitnami/cassandra/values.yaml rename to riftbit/cassandra/values.yaml diff --git a/bitnami/aspnet-core/.helmignore b/riftbit/cert-manager/.helmignore similarity index 100% rename from bitnami/aspnet-core/.helmignore rename to riftbit/cert-manager/.helmignore diff --git a/bitnami/cert-manager/Chart.lock b/riftbit/cert-manager/Chart.lock similarity index 100% rename from bitnami/cert-manager/Chart.lock rename to riftbit/cert-manager/Chart.lock diff --git a/bitnami/cert-manager/Chart.yaml b/riftbit/cert-manager/Chart.yaml similarity index 100% rename from bitnami/cert-manager/Chart.yaml rename to riftbit/cert-manager/Chart.yaml diff --git a/bitnami/cert-manager/README.md b/riftbit/cert-manager/README.md similarity index 100% rename from bitnami/cert-manager/README.md rename to riftbit/cert-manager/README.md diff --git a/bitnami/cert-manager/templates/NOTES.txt b/riftbit/cert-manager/templates/NOTES.txt similarity index 100% rename from bitnami/cert-manager/templates/NOTES.txt rename to riftbit/cert-manager/templates/NOTES.txt diff --git a/bitnami/cert-manager/templates/_helpers.tpl b/riftbit/cert-manager/templates/_helpers.tpl similarity index 100% rename from bitnami/cert-manager/templates/_helpers.tpl rename to riftbit/cert-manager/templates/_helpers.tpl diff --git a/bitnami/cert-manager/templates/cainjector/deployment.yaml b/riftbit/cert-manager/templates/cainjector/deployment.yaml similarity index 100% rename from bitnami/cert-manager/templates/cainjector/deployment.yaml rename to riftbit/cert-manager/templates/cainjector/deployment.yaml diff --git a/bitnami/cert-manager/templates/cainjector/rbac.yaml b/riftbit/cert-manager/templates/cainjector/rbac.yaml similarity index 100% rename from bitnami/cert-manager/templates/cainjector/rbac.yaml rename to riftbit/cert-manager/templates/cainjector/rbac.yaml diff --git a/bitnami/cert-manager/templates/cainjector/serviceaccount.yaml b/riftbit/cert-manager/templates/cainjector/serviceaccount.yaml similarity index 100% rename from bitnami/cert-manager/templates/cainjector/serviceaccount.yaml rename to riftbit/cert-manager/templates/cainjector/serviceaccount.yaml diff --git a/bitnami/cert-manager/templates/controller/deployment.yaml b/riftbit/cert-manager/templates/controller/deployment.yaml similarity index 100% rename from bitnami/cert-manager/templates/controller/deployment.yaml rename to riftbit/cert-manager/templates/controller/deployment.yaml diff --git a/bitnami/cert-manager/templates/controller/rbac.yaml b/riftbit/cert-manager/templates/controller/rbac.yaml similarity index 100% rename from bitnami/cert-manager/templates/controller/rbac.yaml rename to riftbit/cert-manager/templates/controller/rbac.yaml diff --git a/bitnami/cert-manager/templates/controller/service.yaml b/riftbit/cert-manager/templates/controller/service.yaml similarity index 100% rename from bitnami/cert-manager/templates/controller/service.yaml rename to riftbit/cert-manager/templates/controller/service.yaml diff --git a/bitnami/cert-manager/templates/controller/serviceaccount.yaml b/riftbit/cert-manager/templates/controller/serviceaccount.yaml similarity index 100% rename from bitnami/cert-manager/templates/controller/serviceaccount.yaml rename to riftbit/cert-manager/templates/controller/serviceaccount.yaml diff --git a/bitnami/cert-manager/templates/controller/servicemonitor.yaml b/riftbit/cert-manager/templates/controller/servicemonitor.yaml similarity index 100% rename from bitnami/cert-manager/templates/controller/servicemonitor.yaml rename to riftbit/cert-manager/templates/controller/servicemonitor.yaml diff --git a/bitnami/cert-manager/templates/crds/crd-certificaterequests.yaml b/riftbit/cert-manager/templates/crds/crd-certificaterequests.yaml similarity index 100% rename from bitnami/cert-manager/templates/crds/crd-certificaterequests.yaml rename to riftbit/cert-manager/templates/crds/crd-certificaterequests.yaml diff --git a/bitnami/cert-manager/templates/crds/crd-certificates.yaml b/riftbit/cert-manager/templates/crds/crd-certificates.yaml similarity index 100% rename from bitnami/cert-manager/templates/crds/crd-certificates.yaml rename to riftbit/cert-manager/templates/crds/crd-certificates.yaml diff --git a/bitnami/cert-manager/templates/crds/crd-challenges.yaml b/riftbit/cert-manager/templates/crds/crd-challenges.yaml similarity index 100% rename from bitnami/cert-manager/templates/crds/crd-challenges.yaml rename to riftbit/cert-manager/templates/crds/crd-challenges.yaml diff --git a/bitnami/cert-manager/templates/crds/crd-clusterissuers.yaml b/riftbit/cert-manager/templates/crds/crd-clusterissuers.yaml similarity index 100% rename from bitnami/cert-manager/templates/crds/crd-clusterissuers.yaml rename to riftbit/cert-manager/templates/crds/crd-clusterissuers.yaml diff --git a/bitnami/cert-manager/templates/crds/crd-issuers.yaml b/riftbit/cert-manager/templates/crds/crd-issuers.yaml similarity index 100% rename from bitnami/cert-manager/templates/crds/crd-issuers.yaml rename to riftbit/cert-manager/templates/crds/crd-issuers.yaml diff --git a/bitnami/cert-manager/templates/crds/crd-orders.yaml b/riftbit/cert-manager/templates/crds/crd-orders.yaml similarity index 100% rename from bitnami/cert-manager/templates/crds/crd-orders.yaml rename to riftbit/cert-manager/templates/crds/crd-orders.yaml diff --git a/bitnami/aspnet-core/templates/extra-list.yaml b/riftbit/cert-manager/templates/extra-list.yaml similarity index 100% rename from bitnami/aspnet-core/templates/extra-list.yaml rename to riftbit/cert-manager/templates/extra-list.yaml diff --git a/bitnami/cert-manager/templates/webhook/deployment.yaml b/riftbit/cert-manager/templates/webhook/deployment.yaml similarity index 100% rename from bitnami/cert-manager/templates/webhook/deployment.yaml rename to riftbit/cert-manager/templates/webhook/deployment.yaml diff --git a/bitnami/cert-manager/templates/webhook/rbac.yaml b/riftbit/cert-manager/templates/webhook/rbac.yaml similarity index 100% rename from bitnami/cert-manager/templates/webhook/rbac.yaml rename to riftbit/cert-manager/templates/webhook/rbac.yaml diff --git a/bitnami/cert-manager/templates/webhook/service.yaml b/riftbit/cert-manager/templates/webhook/service.yaml similarity index 100% rename from bitnami/cert-manager/templates/webhook/service.yaml rename to riftbit/cert-manager/templates/webhook/service.yaml diff --git a/bitnami/cert-manager/templates/webhook/serviceaccount.yaml b/riftbit/cert-manager/templates/webhook/serviceaccount.yaml similarity index 100% rename from bitnami/cert-manager/templates/webhook/serviceaccount.yaml rename to riftbit/cert-manager/templates/webhook/serviceaccount.yaml diff --git a/bitnami/cert-manager/values.yaml b/riftbit/cert-manager/values.yaml similarity index 100% rename from bitnami/cert-manager/values.yaml rename to riftbit/cert-manager/values.yaml diff --git a/bitnami/common/.helmignore b/riftbit/common/.helmignore similarity index 100% rename from bitnami/common/.helmignore rename to riftbit/common/.helmignore diff --git a/bitnami/common/Chart.yaml b/riftbit/common/Chart.yaml similarity index 69% rename from bitnami/common/Chart.yaml rename to riftbit/common/Chart.yaml index c4e8dbf..27fbab8 100644 --- a/bitnami/common/Chart.yaml +++ b/riftbit/common/Chart.yaml @@ -3,8 +3,8 @@ annotations: apiVersion: v2 # Please make sure that version and appVersion are always the same. appVersion: 1.8.0 -description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/master/bitnami/common +description: A Library Helm Chart for grouping common logic between riftbit charts. This chart is not deployable by itself. +home: https://github.com/riftbit/charts/tree/main/riftbit/common icon: https://bitnami.com/downloads/logos/bitnami-mark.png keywords: - common @@ -17,7 +17,7 @@ maintainers: name: Bitnami name: common sources: - - https://github.com/bitnami/charts - - http://www.bitnami.com/ + - https://github.com/riftbit/charts + - https://riftbit.com/ type: library version: 1.9.1 diff --git a/bitnami/common/README.md b/riftbit/common/README.md similarity index 99% rename from bitnami/common/README.md rename to riftbit/common/README.md index dc0400f..d71ce6b 100644 --- a/bitnami/common/README.md +++ b/riftbit/common/README.md @@ -8,7 +8,7 @@ A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for gro dependencies: - name: common version: 0.x.x - repository: https://charts.bitnami.com/bitnami + repository: https://charts.riftbit.com/ ``` ```bash @@ -216,7 +216,7 @@ size: path: type: string description: Path to be persisted. - example: /bitnami + example: /riftbit ## An instance would be: # enabled: true diff --git a/bitnami/common/templates/_affinities.tpl b/riftbit/common/templates/_affinities.tpl similarity index 100% rename from bitnami/common/templates/_affinities.tpl rename to riftbit/common/templates/_affinities.tpl diff --git a/bitnami/common/templates/_capabilities.tpl b/riftbit/common/templates/_capabilities.tpl similarity index 100% rename from bitnami/common/templates/_capabilities.tpl rename to riftbit/common/templates/_capabilities.tpl diff --git a/bitnami/common/templates/_errors.tpl b/riftbit/common/templates/_errors.tpl similarity index 100% rename from bitnami/common/templates/_errors.tpl rename to riftbit/common/templates/_errors.tpl diff --git a/bitnami/common/templates/_images.tpl b/riftbit/common/templates/_images.tpl similarity index 100% rename from bitnami/common/templates/_images.tpl rename to riftbit/common/templates/_images.tpl diff --git a/bitnami/common/templates/_ingress.tpl b/riftbit/common/templates/_ingress.tpl similarity index 100% rename from bitnami/common/templates/_ingress.tpl rename to riftbit/common/templates/_ingress.tpl diff --git a/bitnami/common/templates/_labels.tpl b/riftbit/common/templates/_labels.tpl similarity index 100% rename from bitnami/common/templates/_labels.tpl rename to riftbit/common/templates/_labels.tpl diff --git a/bitnami/common/templates/_names.tpl b/riftbit/common/templates/_names.tpl similarity index 100% rename from bitnami/common/templates/_names.tpl rename to riftbit/common/templates/_names.tpl diff --git a/bitnami/common/templates/_secrets.tpl b/riftbit/common/templates/_secrets.tpl similarity index 100% rename from bitnami/common/templates/_secrets.tpl rename to riftbit/common/templates/_secrets.tpl diff --git a/bitnami/common/templates/_storage.tpl b/riftbit/common/templates/_storage.tpl similarity index 100% rename from bitnami/common/templates/_storage.tpl rename to riftbit/common/templates/_storage.tpl diff --git a/bitnami/common/templates/_tplvalues.tpl b/riftbit/common/templates/_tplvalues.tpl similarity index 100% rename from bitnami/common/templates/_tplvalues.tpl rename to riftbit/common/templates/_tplvalues.tpl diff --git a/bitnami/common/templates/_utils.tpl b/riftbit/common/templates/_utils.tpl similarity index 100% rename from bitnami/common/templates/_utils.tpl rename to riftbit/common/templates/_utils.tpl diff --git a/bitnami/common/templates/_warnings.tpl b/riftbit/common/templates/_warnings.tpl similarity index 100% rename from bitnami/common/templates/_warnings.tpl rename to riftbit/common/templates/_warnings.tpl diff --git a/bitnami/common/templates/validations/_cassandra.tpl b/riftbit/common/templates/validations/_cassandra.tpl similarity index 100% rename from bitnami/common/templates/validations/_cassandra.tpl rename to riftbit/common/templates/validations/_cassandra.tpl diff --git a/bitnami/common/templates/validations/_mariadb.tpl b/riftbit/common/templates/validations/_mariadb.tpl similarity index 100% rename from bitnami/common/templates/validations/_mariadb.tpl rename to riftbit/common/templates/validations/_mariadb.tpl diff --git a/bitnami/common/templates/validations/_mongodb.tpl b/riftbit/common/templates/validations/_mongodb.tpl similarity index 100% rename from bitnami/common/templates/validations/_mongodb.tpl rename to riftbit/common/templates/validations/_mongodb.tpl diff --git a/bitnami/common/templates/validations/_postgresql.tpl b/riftbit/common/templates/validations/_postgresql.tpl similarity index 100% rename from bitnami/common/templates/validations/_postgresql.tpl rename to riftbit/common/templates/validations/_postgresql.tpl diff --git a/bitnami/common/templates/validations/_redis.tpl b/riftbit/common/templates/validations/_redis.tpl similarity index 100% rename from bitnami/common/templates/validations/_redis.tpl rename to riftbit/common/templates/validations/_redis.tpl diff --git a/bitnami/common/templates/validations/_validations.tpl b/riftbit/common/templates/validations/_validations.tpl similarity index 100% rename from bitnami/common/templates/validations/_validations.tpl rename to riftbit/common/templates/validations/_validations.tpl diff --git a/bitnami/common/values.yaml b/riftbit/common/values.yaml similarity index 100% rename from bitnami/common/values.yaml rename to riftbit/common/values.yaml diff --git a/bitnami/cassandra/.helmignore b/riftbit/concourse/.helmignore similarity index 100% rename from bitnami/cassandra/.helmignore rename to riftbit/concourse/.helmignore diff --git a/bitnami/concourse/Chart.lock b/riftbit/concourse/Chart.lock similarity index 100% rename from bitnami/concourse/Chart.lock rename to riftbit/concourse/Chart.lock diff --git a/bitnami/concourse/Chart.yaml b/riftbit/concourse/Chart.yaml similarity index 100% rename from bitnami/concourse/Chart.yaml rename to riftbit/concourse/Chart.yaml diff --git a/bitnami/concourse/README.md b/riftbit/concourse/README.md similarity index 100% rename from bitnami/concourse/README.md rename to riftbit/concourse/README.md diff --git a/bitnami/concourse/templates/NOTES.txt b/riftbit/concourse/templates/NOTES.txt similarity index 100% rename from bitnami/concourse/templates/NOTES.txt rename to riftbit/concourse/templates/NOTES.txt diff --git a/bitnami/concourse/templates/_helpers.tpl b/riftbit/concourse/templates/_helpers.tpl similarity index 100% rename from bitnami/concourse/templates/_helpers.tpl rename to riftbit/concourse/templates/_helpers.tpl diff --git a/bitnami/concourse/templates/config/secret-external-db.yaml b/riftbit/concourse/templates/config/secret-external-db.yaml similarity index 100% rename from bitnami/concourse/templates/config/secret-external-db.yaml rename to riftbit/concourse/templates/config/secret-external-db.yaml diff --git a/bitnami/cassandra/templates/extra-list.yaml b/riftbit/concourse/templates/extra-list.yaml similarity index 100% rename from bitnami/cassandra/templates/extra-list.yaml rename to riftbit/concourse/templates/extra-list.yaml diff --git a/bitnami/concourse/templates/web/configmap.yaml b/riftbit/concourse/templates/web/configmap.yaml similarity index 100% rename from bitnami/concourse/templates/web/configmap.yaml rename to riftbit/concourse/templates/web/configmap.yaml diff --git a/bitnami/concourse/templates/web/deployment.yaml b/riftbit/concourse/templates/web/deployment.yaml similarity index 100% rename from bitnami/concourse/templates/web/deployment.yaml rename to riftbit/concourse/templates/web/deployment.yaml diff --git a/bitnami/concourse/templates/web/gateway-service.yaml b/riftbit/concourse/templates/web/gateway-service.yaml similarity index 100% rename from bitnami/concourse/templates/web/gateway-service.yaml rename to riftbit/concourse/templates/web/gateway-service.yaml diff --git a/bitnami/concourse/templates/web/ingress.yaml b/riftbit/concourse/templates/web/ingress.yaml similarity index 100% rename from bitnami/concourse/templates/web/ingress.yaml rename to riftbit/concourse/templates/web/ingress.yaml diff --git a/bitnami/concourse/templates/web/podsecuritypolicy.yaml b/riftbit/concourse/templates/web/podsecuritypolicy.yaml similarity index 100% rename from bitnami/concourse/templates/web/podsecuritypolicy.yaml rename to riftbit/concourse/templates/web/podsecuritypolicy.yaml diff --git a/bitnami/concourse/templates/web/rbac.yaml b/riftbit/concourse/templates/web/rbac.yaml similarity index 100% rename from bitnami/concourse/templates/web/rbac.yaml rename to riftbit/concourse/templates/web/rbac.yaml diff --git a/bitnami/concourse/templates/web/secret.yaml b/riftbit/concourse/templates/web/secret.yaml similarity index 100% rename from bitnami/concourse/templates/web/secret.yaml rename to riftbit/concourse/templates/web/secret.yaml diff --git a/bitnami/concourse/templates/web/service-account.yaml b/riftbit/concourse/templates/web/service-account.yaml similarity index 100% rename from bitnami/concourse/templates/web/service-account.yaml rename to riftbit/concourse/templates/web/service-account.yaml diff --git a/bitnami/concourse/templates/web/service.yaml b/riftbit/concourse/templates/web/service.yaml similarity index 100% rename from bitnami/concourse/templates/web/service.yaml rename to riftbit/concourse/templates/web/service.yaml diff --git a/bitnami/concourse/templates/web/tls-secrets.yaml b/riftbit/concourse/templates/web/tls-secrets.yaml similarity index 100% rename from bitnami/concourse/templates/web/tls-secrets.yaml rename to riftbit/concourse/templates/web/tls-secrets.yaml diff --git a/bitnami/concourse/templates/worker/deployment.yaml b/riftbit/concourse/templates/worker/deployment.yaml similarity index 100% rename from bitnami/concourse/templates/worker/deployment.yaml rename to riftbit/concourse/templates/worker/deployment.yaml diff --git a/bitnami/concourse/templates/worker/horizontalpodautoscaler.yaml b/riftbit/concourse/templates/worker/horizontalpodautoscaler.yaml similarity index 100% rename from bitnami/concourse/templates/worker/horizontalpodautoscaler.yaml rename to riftbit/concourse/templates/worker/horizontalpodautoscaler.yaml diff --git a/bitnami/concourse/templates/worker/poddisruptionbudget.yaml b/riftbit/concourse/templates/worker/poddisruptionbudget.yaml similarity index 100% rename from bitnami/concourse/templates/worker/poddisruptionbudget.yaml rename to riftbit/concourse/templates/worker/poddisruptionbudget.yaml diff --git a/bitnami/concourse/templates/worker/podsecuritypolicy.yaml b/riftbit/concourse/templates/worker/podsecuritypolicy.yaml similarity index 100% rename from bitnami/concourse/templates/worker/podsecuritypolicy.yaml rename to riftbit/concourse/templates/worker/podsecuritypolicy.yaml diff --git a/bitnami/concourse/templates/worker/rbac.yaml b/riftbit/concourse/templates/worker/rbac.yaml similarity index 100% rename from bitnami/concourse/templates/worker/rbac.yaml rename to riftbit/concourse/templates/worker/rbac.yaml diff --git a/bitnami/concourse/templates/worker/secret.yaml b/riftbit/concourse/templates/worker/secret.yaml similarity index 100% rename from bitnami/concourse/templates/worker/secret.yaml rename to riftbit/concourse/templates/worker/secret.yaml diff --git a/bitnami/concourse/templates/worker/service-account.yaml b/riftbit/concourse/templates/worker/service-account.yaml similarity index 100% rename from bitnami/concourse/templates/worker/service-account.yaml rename to riftbit/concourse/templates/worker/service-account.yaml diff --git a/bitnami/concourse/templates/worker/service.yaml b/riftbit/concourse/templates/worker/service.yaml similarity index 100% rename from bitnami/concourse/templates/worker/service.yaml rename to riftbit/concourse/templates/worker/service.yaml diff --git a/bitnami/concourse/templates/worker/statefulset.yaml b/riftbit/concourse/templates/worker/statefulset.yaml similarity index 100% rename from bitnami/concourse/templates/worker/statefulset.yaml rename to riftbit/concourse/templates/worker/statefulset.yaml diff --git a/bitnami/concourse/values.yaml b/riftbit/concourse/values.yaml similarity index 100% rename from bitnami/concourse/values.yaml rename to riftbit/concourse/values.yaml diff --git a/bitnami/cert-manager/.helmignore b/riftbit/consul/.helmignore similarity index 100% rename from bitnami/cert-manager/.helmignore rename to riftbit/consul/.helmignore diff --git a/bitnami/consul/Chart.lock b/riftbit/consul/Chart.lock similarity index 100% rename from bitnami/consul/Chart.lock rename to riftbit/consul/Chart.lock diff --git a/bitnami/consul/Chart.yaml b/riftbit/consul/Chart.yaml similarity index 100% rename from bitnami/consul/Chart.yaml rename to riftbit/consul/Chart.yaml diff --git a/bitnami/consul/README.md b/riftbit/consul/README.md similarity index 100% rename from bitnami/consul/README.md rename to riftbit/consul/README.md diff --git a/bitnami/aspnet-core/ci/values-ingress.yaml b/riftbit/consul/ci/values-ingress.yaml similarity index 100% rename from bitnami/aspnet-core/ci/values-ingress.yaml rename to riftbit/consul/ci/values-ingress.yaml diff --git a/bitnami/consul/templates/NOTES.txt b/riftbit/consul/templates/NOTES.txt similarity index 100% rename from bitnami/consul/templates/NOTES.txt rename to riftbit/consul/templates/NOTES.txt diff --git a/bitnami/consul/templates/_helpers.tpl b/riftbit/consul/templates/_helpers.tpl similarity index 100% rename from bitnami/consul/templates/_helpers.tpl rename to riftbit/consul/templates/_helpers.tpl diff --git a/bitnami/consul/templates/configmap.yaml b/riftbit/consul/templates/configmap.yaml similarity index 100% rename from bitnami/consul/templates/configmap.yaml rename to riftbit/consul/templates/configmap.yaml diff --git a/bitnami/consul/templates/consul-headless-service.yaml b/riftbit/consul/templates/consul-headless-service.yaml similarity index 100% rename from bitnami/consul/templates/consul-headless-service.yaml rename to riftbit/consul/templates/consul-headless-service.yaml diff --git a/bitnami/cert-manager/templates/extra-list.yaml b/riftbit/consul/templates/extra-list.yaml similarity index 100% rename from bitnami/cert-manager/templates/extra-list.yaml rename to riftbit/consul/templates/extra-list.yaml diff --git a/bitnami/consul/templates/gossip-secret.yaml b/riftbit/consul/templates/gossip-secret.yaml similarity index 100% rename from bitnami/consul/templates/gossip-secret.yaml rename to riftbit/consul/templates/gossip-secret.yaml diff --git a/bitnami/consul/templates/ingress.yaml b/riftbit/consul/templates/ingress.yaml similarity index 100% rename from bitnami/consul/templates/ingress.yaml rename to riftbit/consul/templates/ingress.yaml diff --git a/bitnami/consul/templates/metrics-svc.yaml b/riftbit/consul/templates/metrics-svc.yaml similarity index 100% rename from bitnami/consul/templates/metrics-svc.yaml rename to riftbit/consul/templates/metrics-svc.yaml diff --git a/bitnami/consul/templates/pdb.yaml b/riftbit/consul/templates/pdb.yaml similarity index 100% rename from bitnami/consul/templates/pdb.yaml rename to riftbit/consul/templates/pdb.yaml diff --git a/bitnami/consul/templates/service.yaml b/riftbit/consul/templates/service.yaml similarity index 100% rename from bitnami/consul/templates/service.yaml rename to riftbit/consul/templates/service.yaml diff --git a/bitnami/consul/templates/servicemonitor.yaml b/riftbit/consul/templates/servicemonitor.yaml similarity index 100% rename from bitnami/consul/templates/servicemonitor.yaml rename to riftbit/consul/templates/servicemonitor.yaml diff --git a/bitnami/consul/templates/statefulset.yaml b/riftbit/consul/templates/statefulset.yaml similarity index 100% rename from bitnami/consul/templates/statefulset.yaml rename to riftbit/consul/templates/statefulset.yaml diff --git a/bitnami/consul/templates/tls-secrets.yaml b/riftbit/consul/templates/tls-secrets.yaml similarity index 100% rename from bitnami/consul/templates/tls-secrets.yaml rename to riftbit/consul/templates/tls-secrets.yaml diff --git a/bitnami/consul/values.yaml b/riftbit/consul/values.yaml similarity index 100% rename from bitnami/consul/values.yaml rename to riftbit/consul/values.yaml diff --git a/bitnami/discourse/.helmignore b/riftbit/discourse/.helmignore similarity index 100% rename from bitnami/discourse/.helmignore rename to riftbit/discourse/.helmignore diff --git a/bitnami/discourse/Chart.lock b/riftbit/discourse/Chart.lock similarity index 100% rename from bitnami/discourse/Chart.lock rename to riftbit/discourse/Chart.lock diff --git a/bitnami/discourse/Chart.yaml b/riftbit/discourse/Chart.yaml similarity index 100% rename from bitnami/discourse/Chart.yaml rename to riftbit/discourse/Chart.yaml diff --git a/bitnami/discourse/README.md b/riftbit/discourse/README.md similarity index 100% rename from bitnami/discourse/README.md rename to riftbit/discourse/README.md diff --git a/bitnami/discourse/templates/NOTES.txt b/riftbit/discourse/templates/NOTES.txt similarity index 100% rename from bitnami/discourse/templates/NOTES.txt rename to riftbit/discourse/templates/NOTES.txt diff --git a/bitnami/discourse/templates/_helpers.tpl b/riftbit/discourse/templates/_helpers.tpl similarity index 100% rename from bitnami/discourse/templates/_helpers.tpl rename to riftbit/discourse/templates/_helpers.tpl diff --git a/bitnami/discourse/templates/configmaps.yaml b/riftbit/discourse/templates/configmaps.yaml similarity index 100% rename from bitnami/discourse/templates/configmaps.yaml rename to riftbit/discourse/templates/configmaps.yaml diff --git a/bitnami/discourse/templates/deployment.yaml b/riftbit/discourse/templates/deployment.yaml similarity index 100% rename from bitnami/discourse/templates/deployment.yaml rename to riftbit/discourse/templates/deployment.yaml diff --git a/bitnami/discourse/templates/ingress.yaml b/riftbit/discourse/templates/ingress.yaml similarity index 100% rename from bitnami/discourse/templates/ingress.yaml rename to riftbit/discourse/templates/ingress.yaml diff --git a/bitnami/discourse/templates/pvc.yaml b/riftbit/discourse/templates/pvc.yaml similarity index 100% rename from bitnami/discourse/templates/pvc.yaml rename to riftbit/discourse/templates/pvc.yaml diff --git a/bitnami/discourse/templates/secrets-database.yaml b/riftbit/discourse/templates/secrets-database.yaml similarity index 100% rename from bitnami/discourse/templates/secrets-database.yaml rename to riftbit/discourse/templates/secrets-database.yaml diff --git a/bitnami/discourse/templates/secrets-discourse.yaml b/riftbit/discourse/templates/secrets-discourse.yaml similarity index 100% rename from bitnami/discourse/templates/secrets-discourse.yaml rename to riftbit/discourse/templates/secrets-discourse.yaml diff --git a/bitnami/discourse/templates/secrets-redis.yaml b/riftbit/discourse/templates/secrets-redis.yaml similarity index 100% rename from bitnami/discourse/templates/secrets-redis.yaml rename to riftbit/discourse/templates/secrets-redis.yaml diff --git a/bitnami/discourse/templates/service.yaml b/riftbit/discourse/templates/service.yaml similarity index 100% rename from bitnami/discourse/templates/service.yaml rename to riftbit/discourse/templates/service.yaml diff --git a/bitnami/discourse/templates/serviceaccount.yaml b/riftbit/discourse/templates/serviceaccount.yaml similarity index 100% rename from bitnami/discourse/templates/serviceaccount.yaml rename to riftbit/discourse/templates/serviceaccount.yaml diff --git a/bitnami/discourse/templates/tls-secrets.yaml b/riftbit/discourse/templates/tls-secrets.yaml similarity index 100% rename from bitnami/discourse/templates/tls-secrets.yaml rename to riftbit/discourse/templates/tls-secrets.yaml diff --git a/bitnami/discourse/values.yaml b/riftbit/discourse/values.yaml similarity index 100% rename from bitnami/discourse/values.yaml rename to riftbit/discourse/values.yaml diff --git a/bitnami/concourse/.helmignore b/riftbit/dokuwiki/.helmignore similarity index 100% rename from bitnami/concourse/.helmignore rename to riftbit/dokuwiki/.helmignore diff --git a/bitnami/dokuwiki/Chart.lock b/riftbit/dokuwiki/Chart.lock similarity index 100% rename from bitnami/dokuwiki/Chart.lock rename to riftbit/dokuwiki/Chart.lock diff --git a/bitnami/dokuwiki/Chart.yaml b/riftbit/dokuwiki/Chart.yaml similarity index 100% rename from bitnami/dokuwiki/Chart.yaml rename to riftbit/dokuwiki/Chart.yaml diff --git a/bitnami/dokuwiki/README.md b/riftbit/dokuwiki/README.md similarity index 100% rename from bitnami/dokuwiki/README.md rename to riftbit/dokuwiki/README.md diff --git a/bitnami/dokuwiki/ci/ct-values.yaml b/riftbit/dokuwiki/ci/ct-values.yaml similarity index 100% rename from bitnami/dokuwiki/ci/ct-values.yaml rename to riftbit/dokuwiki/ci/ct-values.yaml diff --git a/bitnami/dokuwiki/templates/NOTES.txt b/riftbit/dokuwiki/templates/NOTES.txt similarity index 100% rename from bitnami/dokuwiki/templates/NOTES.txt rename to riftbit/dokuwiki/templates/NOTES.txt diff --git a/bitnami/dokuwiki/templates/_helpers.tpl b/riftbit/dokuwiki/templates/_helpers.tpl similarity index 100% rename from bitnami/dokuwiki/templates/_helpers.tpl rename to riftbit/dokuwiki/templates/_helpers.tpl diff --git a/bitnami/dokuwiki/templates/deployment.yaml b/riftbit/dokuwiki/templates/deployment.yaml similarity index 100% rename from bitnami/dokuwiki/templates/deployment.yaml rename to riftbit/dokuwiki/templates/deployment.yaml diff --git a/bitnami/dokuwiki/templates/dokuwiki-pvc.yaml b/riftbit/dokuwiki/templates/dokuwiki-pvc.yaml similarity index 100% rename from bitnami/dokuwiki/templates/dokuwiki-pvc.yaml rename to riftbit/dokuwiki/templates/dokuwiki-pvc.yaml diff --git a/bitnami/concourse/templates/extra-list.yaml b/riftbit/dokuwiki/templates/extra-list.yaml similarity index 100% rename from bitnami/concourse/templates/extra-list.yaml rename to riftbit/dokuwiki/templates/extra-list.yaml diff --git a/bitnami/dokuwiki/templates/ingress.yaml b/riftbit/dokuwiki/templates/ingress.yaml similarity index 100% rename from bitnami/dokuwiki/templates/ingress.yaml rename to riftbit/dokuwiki/templates/ingress.yaml diff --git a/bitnami/dokuwiki/templates/secrets.yaml b/riftbit/dokuwiki/templates/secrets.yaml similarity index 100% rename from bitnami/dokuwiki/templates/secrets.yaml rename to riftbit/dokuwiki/templates/secrets.yaml diff --git a/bitnami/dokuwiki/templates/svc.yaml b/riftbit/dokuwiki/templates/svc.yaml similarity index 100% rename from bitnami/dokuwiki/templates/svc.yaml rename to riftbit/dokuwiki/templates/svc.yaml diff --git a/bitnami/dokuwiki/templates/tls-secrets.yaml b/riftbit/dokuwiki/templates/tls-secrets.yaml similarity index 100% rename from bitnami/dokuwiki/templates/tls-secrets.yaml rename to riftbit/dokuwiki/templates/tls-secrets.yaml diff --git a/bitnami/dokuwiki/values.yaml b/riftbit/dokuwiki/values.yaml similarity index 100% rename from bitnami/dokuwiki/values.yaml rename to riftbit/dokuwiki/values.yaml diff --git a/bitnami/consul/.helmignore b/riftbit/elasticsearch/.helmignore similarity index 100% rename from bitnami/consul/.helmignore rename to riftbit/elasticsearch/.helmignore diff --git a/bitnami/elasticsearch/Chart.lock b/riftbit/elasticsearch/Chart.lock similarity index 100% rename from bitnami/elasticsearch/Chart.lock rename to riftbit/elasticsearch/Chart.lock diff --git a/bitnami/elasticsearch/Chart.yaml b/riftbit/elasticsearch/Chart.yaml similarity index 100% rename from bitnami/elasticsearch/Chart.yaml rename to riftbit/elasticsearch/Chart.yaml diff --git a/bitnami/elasticsearch/README.md b/riftbit/elasticsearch/README.md similarity index 100% rename from bitnami/elasticsearch/README.md rename to riftbit/elasticsearch/README.md diff --git a/bitnami/elasticsearch/ci/ct-values.yaml b/riftbit/elasticsearch/ci/ct-values.yaml similarity index 100% rename from bitnami/elasticsearch/ci/ct-values.yaml rename to riftbit/elasticsearch/ci/ct-values.yaml diff --git a/bitnami/elasticsearch/templates/NOTES.txt b/riftbit/elasticsearch/templates/NOTES.txt similarity index 100% rename from bitnami/elasticsearch/templates/NOTES.txt rename to riftbit/elasticsearch/templates/NOTES.txt diff --git a/bitnami/elasticsearch/templates/_helpers.tpl b/riftbit/elasticsearch/templates/_helpers.tpl similarity index 100% rename from bitnami/elasticsearch/templates/_helpers.tpl rename to riftbit/elasticsearch/templates/_helpers.tpl diff --git a/bitnami/elasticsearch/templates/configmap-curator.yaml b/riftbit/elasticsearch/templates/configmap-curator.yaml similarity index 100% rename from bitnami/elasticsearch/templates/configmap-curator.yaml rename to riftbit/elasticsearch/templates/configmap-curator.yaml diff --git a/bitnami/elasticsearch/templates/configmap-es.yaml b/riftbit/elasticsearch/templates/configmap-es.yaml similarity index 100% rename from bitnami/elasticsearch/templates/configmap-es.yaml rename to riftbit/elasticsearch/templates/configmap-es.yaml diff --git a/bitnami/elasticsearch/templates/configmap-initscripts.yaml b/riftbit/elasticsearch/templates/configmap-initscripts.yaml similarity index 100% rename from bitnami/elasticsearch/templates/configmap-initscripts.yaml rename to riftbit/elasticsearch/templates/configmap-initscripts.yaml diff --git a/bitnami/elasticsearch/templates/coordinating-hpa.yaml b/riftbit/elasticsearch/templates/coordinating-hpa.yaml similarity index 100% rename from bitnami/elasticsearch/templates/coordinating-hpa.yaml rename to riftbit/elasticsearch/templates/coordinating-hpa.yaml diff --git a/bitnami/elasticsearch/templates/coordinating-statefulset.yaml b/riftbit/elasticsearch/templates/coordinating-statefulset.yaml similarity index 100% rename from bitnami/elasticsearch/templates/coordinating-statefulset.yaml rename to riftbit/elasticsearch/templates/coordinating-statefulset.yaml diff --git a/bitnami/elasticsearch/templates/coordinating-svc.yaml b/riftbit/elasticsearch/templates/coordinating-svc.yaml similarity index 100% rename from bitnami/elasticsearch/templates/coordinating-svc.yaml rename to riftbit/elasticsearch/templates/coordinating-svc.yaml diff --git a/bitnami/elasticsearch/templates/cronjob.yaml b/riftbit/elasticsearch/templates/cronjob.yaml similarity index 100% rename from bitnami/elasticsearch/templates/cronjob.yaml rename to riftbit/elasticsearch/templates/cronjob.yaml diff --git a/bitnami/elasticsearch/templates/data-hpa.yaml b/riftbit/elasticsearch/templates/data-hpa.yaml similarity index 100% rename from bitnami/elasticsearch/templates/data-hpa.yaml rename to riftbit/elasticsearch/templates/data-hpa.yaml diff --git a/bitnami/elasticsearch/templates/data-statefulset.yaml b/riftbit/elasticsearch/templates/data-statefulset.yaml similarity index 100% rename from bitnami/elasticsearch/templates/data-statefulset.yaml rename to riftbit/elasticsearch/templates/data-statefulset.yaml diff --git a/bitnami/elasticsearch/templates/data-svc.yaml b/riftbit/elasticsearch/templates/data-svc.yaml similarity index 100% rename from bitnami/elasticsearch/templates/data-svc.yaml rename to riftbit/elasticsearch/templates/data-svc.yaml diff --git a/bitnami/elasticsearch/templates/hooks/job.install.yaml b/riftbit/elasticsearch/templates/hooks/job.install.yaml similarity index 100% rename from bitnami/elasticsearch/templates/hooks/job.install.yaml rename to riftbit/elasticsearch/templates/hooks/job.install.yaml diff --git a/bitnami/elasticsearch/templates/ingest-statefulset.yaml b/riftbit/elasticsearch/templates/ingest-statefulset.yaml similarity index 100% rename from bitnami/elasticsearch/templates/ingest-statefulset.yaml rename to riftbit/elasticsearch/templates/ingest-statefulset.yaml diff --git a/bitnami/elasticsearch/templates/ingest-svc.yaml b/riftbit/elasticsearch/templates/ingest-svc.yaml similarity index 100% rename from bitnami/elasticsearch/templates/ingest-svc.yaml rename to riftbit/elasticsearch/templates/ingest-svc.yaml diff --git a/bitnami/elasticsearch/templates/master-hpa.yaml b/riftbit/elasticsearch/templates/master-hpa.yaml similarity index 100% rename from bitnami/elasticsearch/templates/master-hpa.yaml rename to riftbit/elasticsearch/templates/master-hpa.yaml diff --git a/bitnami/elasticsearch/templates/master-statefulset.yaml b/riftbit/elasticsearch/templates/master-statefulset.yaml similarity index 100% rename from bitnami/elasticsearch/templates/master-statefulset.yaml rename to riftbit/elasticsearch/templates/master-statefulset.yaml diff --git a/bitnami/elasticsearch/templates/master-svc.yaml b/riftbit/elasticsearch/templates/master-svc.yaml similarity index 100% rename from bitnami/elasticsearch/templates/master-svc.yaml rename to riftbit/elasticsearch/templates/master-svc.yaml diff --git a/bitnami/elasticsearch/templates/metrics-deploy.yaml b/riftbit/elasticsearch/templates/metrics-deploy.yaml similarity index 100% rename from bitnami/elasticsearch/templates/metrics-deploy.yaml rename to riftbit/elasticsearch/templates/metrics-deploy.yaml diff --git a/bitnami/elasticsearch/templates/metrics-svc.yaml b/riftbit/elasticsearch/templates/metrics-svc.yaml similarity index 100% rename from bitnami/elasticsearch/templates/metrics-svc.yaml rename to riftbit/elasticsearch/templates/metrics-svc.yaml diff --git a/bitnami/elasticsearch/templates/podsecuritypolicy.yaml b/riftbit/elasticsearch/templates/podsecuritypolicy.yaml similarity index 100% rename from bitnami/elasticsearch/templates/podsecuritypolicy.yaml rename to riftbit/elasticsearch/templates/podsecuritypolicy.yaml diff --git a/bitnami/elasticsearch/templates/role.yaml b/riftbit/elasticsearch/templates/role.yaml similarity index 100% rename from bitnami/elasticsearch/templates/role.yaml rename to riftbit/elasticsearch/templates/role.yaml diff --git a/bitnami/elasticsearch/templates/rolebinding.yaml b/riftbit/elasticsearch/templates/rolebinding.yaml similarity index 100% rename from bitnami/elasticsearch/templates/rolebinding.yaml rename to riftbit/elasticsearch/templates/rolebinding.yaml diff --git a/bitnami/elasticsearch/templates/secrets.yaml b/riftbit/elasticsearch/templates/secrets.yaml similarity index 100% rename from bitnami/elasticsearch/templates/secrets.yaml rename to riftbit/elasticsearch/templates/secrets.yaml diff --git a/bitnami/elasticsearch/templates/serviceaccount.yaml b/riftbit/elasticsearch/templates/serviceaccount.yaml similarity index 100% rename from bitnami/elasticsearch/templates/serviceaccount.yaml rename to riftbit/elasticsearch/templates/serviceaccount.yaml diff --git a/bitnami/elasticsearch/templates/servicemonitor.yaml b/riftbit/elasticsearch/templates/servicemonitor.yaml similarity index 100% rename from bitnami/elasticsearch/templates/servicemonitor.yaml rename to riftbit/elasticsearch/templates/servicemonitor.yaml diff --git a/bitnami/elasticsearch/templates/tls-secret.yaml b/riftbit/elasticsearch/templates/tls-secret.yaml similarity index 100% rename from bitnami/elasticsearch/templates/tls-secret.yaml rename to riftbit/elasticsearch/templates/tls-secret.yaml diff --git a/bitnami/elasticsearch/values.yaml b/riftbit/elasticsearch/values.yaml similarity index 100% rename from bitnami/elasticsearch/values.yaml rename to riftbit/elasticsearch/values.yaml diff --git a/bitnami/dokuwiki/.helmignore b/riftbit/etcd/.helmignore similarity index 100% rename from bitnami/dokuwiki/.helmignore rename to riftbit/etcd/.helmignore diff --git a/bitnami/etcd/Chart.lock b/riftbit/etcd/Chart.lock similarity index 100% rename from bitnami/etcd/Chart.lock rename to riftbit/etcd/Chart.lock diff --git a/bitnami/etcd/Chart.yaml b/riftbit/etcd/Chart.yaml similarity index 100% rename from bitnami/etcd/Chart.yaml rename to riftbit/etcd/Chart.yaml diff --git a/bitnami/etcd/README.md b/riftbit/etcd/README.md similarity index 100% rename from bitnami/etcd/README.md rename to riftbit/etcd/README.md diff --git a/bitnami/etcd/ci/values-disaster-recovery.yaml b/riftbit/etcd/ci/values-disaster-recovery.yaml similarity index 100% rename from bitnami/etcd/ci/values-disaster-recovery.yaml rename to riftbit/etcd/ci/values-disaster-recovery.yaml diff --git a/bitnami/etcd/ci/values-metrics.yaml b/riftbit/etcd/ci/values-metrics.yaml similarity index 100% rename from bitnami/etcd/ci/values-metrics.yaml rename to riftbit/etcd/ci/values-metrics.yaml diff --git a/bitnami/etcd/ci/values-pdb.yaml b/riftbit/etcd/ci/values-pdb.yaml similarity index 100% rename from bitnami/etcd/ci/values-pdb.yaml rename to riftbit/etcd/ci/values-pdb.yaml diff --git a/bitnami/etcd/templates/NOTES.txt b/riftbit/etcd/templates/NOTES.txt similarity index 100% rename from bitnami/etcd/templates/NOTES.txt rename to riftbit/etcd/templates/NOTES.txt diff --git a/bitnami/etcd/templates/_helpers.tpl b/riftbit/etcd/templates/_helpers.tpl similarity index 100% rename from bitnami/etcd/templates/_helpers.tpl rename to riftbit/etcd/templates/_helpers.tpl diff --git a/bitnami/etcd/templates/configmap.yaml b/riftbit/etcd/templates/configmap.yaml similarity index 100% rename from bitnami/etcd/templates/configmap.yaml rename to riftbit/etcd/templates/configmap.yaml diff --git a/bitnami/etcd/templates/cronjob.yaml b/riftbit/etcd/templates/cronjob.yaml similarity index 100% rename from bitnami/etcd/templates/cronjob.yaml rename to riftbit/etcd/templates/cronjob.yaml diff --git a/bitnami/consul/templates/extra-list.yaml b/riftbit/etcd/templates/extra-list.yaml similarity index 100% rename from bitnami/consul/templates/extra-list.yaml rename to riftbit/etcd/templates/extra-list.yaml diff --git a/bitnami/etcd/templates/networkpolicy.yaml b/riftbit/etcd/templates/networkpolicy.yaml similarity index 100% rename from bitnami/etcd/templates/networkpolicy.yaml rename to riftbit/etcd/templates/networkpolicy.yaml diff --git a/bitnami/etcd/templates/pdb.yaml b/riftbit/etcd/templates/pdb.yaml similarity index 100% rename from bitnami/etcd/templates/pdb.yaml rename to riftbit/etcd/templates/pdb.yaml diff --git a/bitnami/etcd/templates/podmonitor.yaml b/riftbit/etcd/templates/podmonitor.yaml similarity index 100% rename from bitnami/etcd/templates/podmonitor.yaml rename to riftbit/etcd/templates/podmonitor.yaml diff --git a/bitnami/etcd/templates/secrets.yaml b/riftbit/etcd/templates/secrets.yaml similarity index 100% rename from bitnami/etcd/templates/secrets.yaml rename to riftbit/etcd/templates/secrets.yaml diff --git a/bitnami/etcd/templates/serviceaccount.yaml b/riftbit/etcd/templates/serviceaccount.yaml similarity index 100% rename from bitnami/etcd/templates/serviceaccount.yaml rename to riftbit/etcd/templates/serviceaccount.yaml diff --git a/bitnami/etcd/templates/snapshot-pvc.yaml b/riftbit/etcd/templates/snapshot-pvc.yaml similarity index 100% rename from bitnami/etcd/templates/snapshot-pvc.yaml rename to riftbit/etcd/templates/snapshot-pvc.yaml diff --git a/bitnami/etcd/templates/statefulset.yaml b/riftbit/etcd/templates/statefulset.yaml similarity index 100% rename from bitnami/etcd/templates/statefulset.yaml rename to riftbit/etcd/templates/statefulset.yaml diff --git a/bitnami/etcd/templates/svc-headless.yaml b/riftbit/etcd/templates/svc-headless.yaml similarity index 100% rename from bitnami/etcd/templates/svc-headless.yaml rename to riftbit/etcd/templates/svc-headless.yaml diff --git a/bitnami/etcd/templates/svc.yaml b/riftbit/etcd/templates/svc.yaml similarity index 100% rename from bitnami/etcd/templates/svc.yaml rename to riftbit/etcd/templates/svc.yaml diff --git a/bitnami/etcd/values.yaml b/riftbit/etcd/values.yaml similarity index 100% rename from bitnami/etcd/values.yaml rename to riftbit/etcd/values.yaml diff --git a/bitnami/drupal/.helmignore b/riftbit/fluentd/.helmignore similarity index 100% rename from bitnami/drupal/.helmignore rename to riftbit/fluentd/.helmignore diff --git a/bitnami/fluentd/Chart.lock b/riftbit/fluentd/Chart.lock similarity index 100% rename from bitnami/fluentd/Chart.lock rename to riftbit/fluentd/Chart.lock diff --git a/bitnami/fluentd/Chart.yaml b/riftbit/fluentd/Chart.yaml similarity index 100% rename from bitnami/fluentd/Chart.yaml rename to riftbit/fluentd/Chart.yaml diff --git a/bitnami/fluentd/README.md b/riftbit/fluentd/README.md similarity index 100% rename from bitnami/fluentd/README.md rename to riftbit/fluentd/README.md diff --git a/bitnami/fluentd/templates/NOTES.txt b/riftbit/fluentd/templates/NOTES.txt similarity index 100% rename from bitnami/fluentd/templates/NOTES.txt rename to riftbit/fluentd/templates/NOTES.txt diff --git a/bitnami/fluentd/templates/_helpers.tpl b/riftbit/fluentd/templates/_helpers.tpl similarity index 100% rename from bitnami/fluentd/templates/_helpers.tpl rename to riftbit/fluentd/templates/_helpers.tpl diff --git a/bitnami/fluentd/templates/aggregator-configmap.yaml b/riftbit/fluentd/templates/aggregator-configmap.yaml similarity index 100% rename from bitnami/fluentd/templates/aggregator-configmap.yaml rename to riftbit/fluentd/templates/aggregator-configmap.yaml diff --git a/bitnami/fluentd/templates/aggregator-hpa.yaml b/riftbit/fluentd/templates/aggregator-hpa.yaml similarity index 100% rename from bitnami/fluentd/templates/aggregator-hpa.yaml rename to riftbit/fluentd/templates/aggregator-hpa.yaml diff --git a/bitnami/fluentd/templates/aggregator-statefulset.yaml b/riftbit/fluentd/templates/aggregator-statefulset.yaml similarity index 100% rename from bitnami/fluentd/templates/aggregator-statefulset.yaml rename to riftbit/fluentd/templates/aggregator-statefulset.yaml diff --git a/bitnami/fluentd/templates/aggregator-svc-headless.yaml b/riftbit/fluentd/templates/aggregator-svc-headless.yaml similarity index 100% rename from bitnami/fluentd/templates/aggregator-svc-headless.yaml rename to riftbit/fluentd/templates/aggregator-svc-headless.yaml diff --git a/bitnami/fluentd/templates/aggregator-svc.yaml b/riftbit/fluentd/templates/aggregator-svc.yaml similarity index 100% rename from bitnami/fluentd/templates/aggregator-svc.yaml rename to riftbit/fluentd/templates/aggregator-svc.yaml diff --git a/bitnami/contour/templates/envoy/extra-list.yaml b/riftbit/fluentd/templates/extra-list.yaml similarity index 100% rename from bitnami/contour/templates/envoy/extra-list.yaml rename to riftbit/fluentd/templates/extra-list.yaml diff --git a/bitnami/fluentd/templates/forwarder-clusterrole.yaml b/riftbit/fluentd/templates/forwarder-clusterrole.yaml similarity index 100% rename from bitnami/fluentd/templates/forwarder-clusterrole.yaml rename to riftbit/fluentd/templates/forwarder-clusterrole.yaml diff --git a/bitnami/fluentd/templates/forwarder-clusterrolebinding.yaml b/riftbit/fluentd/templates/forwarder-clusterrolebinding.yaml similarity index 100% rename from bitnami/fluentd/templates/forwarder-clusterrolebinding.yaml rename to riftbit/fluentd/templates/forwarder-clusterrolebinding.yaml diff --git a/bitnami/fluentd/templates/forwarder-configmap.yaml b/riftbit/fluentd/templates/forwarder-configmap.yaml similarity index 100% rename from bitnami/fluentd/templates/forwarder-configmap.yaml rename to riftbit/fluentd/templates/forwarder-configmap.yaml diff --git a/bitnami/fluentd/templates/forwarder-daemonset.yaml b/riftbit/fluentd/templates/forwarder-daemonset.yaml similarity index 100% rename from bitnami/fluentd/templates/forwarder-daemonset.yaml rename to riftbit/fluentd/templates/forwarder-daemonset.yaml diff --git a/bitnami/fluentd/templates/forwarder-psp.yaml b/riftbit/fluentd/templates/forwarder-psp.yaml similarity index 100% rename from bitnami/fluentd/templates/forwarder-psp.yaml rename to riftbit/fluentd/templates/forwarder-psp.yaml diff --git a/bitnami/fluentd/templates/forwarder-svc.yaml b/riftbit/fluentd/templates/forwarder-svc.yaml similarity index 100% rename from bitnami/fluentd/templates/forwarder-svc.yaml rename to riftbit/fluentd/templates/forwarder-svc.yaml diff --git a/bitnami/fluentd/templates/ingress.yaml b/riftbit/fluentd/templates/ingress.yaml similarity index 100% rename from bitnami/fluentd/templates/ingress.yaml rename to riftbit/fluentd/templates/ingress.yaml diff --git a/bitnami/fluentd/templates/metrics-svc.yaml b/riftbit/fluentd/templates/metrics-svc.yaml similarity index 100% rename from bitnami/fluentd/templates/metrics-svc.yaml rename to riftbit/fluentd/templates/metrics-svc.yaml diff --git a/bitnami/fluentd/templates/serviceaccount.yaml b/riftbit/fluentd/templates/serviceaccount.yaml similarity index 100% rename from bitnami/fluentd/templates/serviceaccount.yaml rename to riftbit/fluentd/templates/serviceaccount.yaml diff --git a/bitnami/fluentd/templates/servicemonitor.yaml b/riftbit/fluentd/templates/servicemonitor.yaml similarity index 100% rename from bitnami/fluentd/templates/servicemonitor.yaml rename to riftbit/fluentd/templates/servicemonitor.yaml diff --git a/bitnami/fluentd/templates/tls-certs.yaml b/riftbit/fluentd/templates/tls-certs.yaml similarity index 100% rename from bitnami/fluentd/templates/tls-certs.yaml rename to riftbit/fluentd/templates/tls-certs.yaml diff --git a/bitnami/fluentd/values.yaml b/riftbit/fluentd/values.yaml similarity index 100% rename from bitnami/fluentd/values.yaml rename to riftbit/fluentd/values.yaml diff --git a/bitnami/ejbca/.helmignore b/riftbit/ghost/.helmignore similarity index 100% rename from bitnami/ejbca/.helmignore rename to riftbit/ghost/.helmignore diff --git a/bitnami/ghost/Chart.lock b/riftbit/ghost/Chart.lock similarity index 100% rename from bitnami/ghost/Chart.lock rename to riftbit/ghost/Chart.lock diff --git a/bitnami/ghost/Chart.yaml b/riftbit/ghost/Chart.yaml similarity index 100% rename from bitnami/ghost/Chart.yaml rename to riftbit/ghost/Chart.yaml diff --git a/bitnami/ghost/README.md b/riftbit/ghost/README.md similarity index 100% rename from bitnami/ghost/README.md rename to riftbit/ghost/README.md diff --git a/bitnami/drupal/ci/ct-values.yaml b/riftbit/ghost/ci/ct-values.yaml similarity index 100% rename from bitnami/drupal/ci/ct-values.yaml rename to riftbit/ghost/ci/ct-values.yaml diff --git a/bitnami/ghost/ci/values-with-metrics-and-ingress.yaml b/riftbit/ghost/ci/values-with-metrics-and-ingress.yaml similarity index 100% rename from bitnami/ghost/ci/values-with-metrics-and-ingress.yaml rename to riftbit/ghost/ci/values-with-metrics-and-ingress.yaml diff --git a/bitnami/ghost/templates/NOTES.txt b/riftbit/ghost/templates/NOTES.txt similarity index 100% rename from bitnami/ghost/templates/NOTES.txt rename to riftbit/ghost/templates/NOTES.txt diff --git a/bitnami/ghost/templates/_helpers.tpl b/riftbit/ghost/templates/_helpers.tpl similarity index 100% rename from bitnami/ghost/templates/_helpers.tpl rename to riftbit/ghost/templates/_helpers.tpl diff --git a/bitnami/ghost/templates/deployment.yaml b/riftbit/ghost/templates/deployment.yaml similarity index 100% rename from bitnami/ghost/templates/deployment.yaml rename to riftbit/ghost/templates/deployment.yaml diff --git a/bitnami/ghost/templates/external-db-secrets.yaml b/riftbit/ghost/templates/external-db-secrets.yaml similarity index 100% rename from bitnami/ghost/templates/external-db-secrets.yaml rename to riftbit/ghost/templates/external-db-secrets.yaml diff --git a/bitnami/dokuwiki/templates/extra-list.yaml b/riftbit/ghost/templates/extra-list.yaml similarity index 100% rename from bitnami/dokuwiki/templates/extra-list.yaml rename to riftbit/ghost/templates/extra-list.yaml diff --git a/bitnami/ghost/templates/ingress.yaml b/riftbit/ghost/templates/ingress.yaml similarity index 100% rename from bitnami/ghost/templates/ingress.yaml rename to riftbit/ghost/templates/ingress.yaml diff --git a/bitnami/ghost/templates/pvc.yaml b/riftbit/ghost/templates/pvc.yaml similarity index 100% rename from bitnami/ghost/templates/pvc.yaml rename to riftbit/ghost/templates/pvc.yaml diff --git a/bitnami/ghost/templates/secrets.yaml b/riftbit/ghost/templates/secrets.yaml similarity index 100% rename from bitnami/ghost/templates/secrets.yaml rename to riftbit/ghost/templates/secrets.yaml diff --git a/bitnami/ghost/templates/svc.yaml b/riftbit/ghost/templates/svc.yaml similarity index 100% rename from bitnami/ghost/templates/svc.yaml rename to riftbit/ghost/templates/svc.yaml diff --git a/bitnami/ghost/templates/tls-secrets.yaml b/riftbit/ghost/templates/tls-secrets.yaml similarity index 100% rename from bitnami/ghost/templates/tls-secrets.yaml rename to riftbit/ghost/templates/tls-secrets.yaml diff --git a/bitnami/ghost/values.schema.json b/riftbit/ghost/values.schema.json similarity index 100% rename from bitnami/ghost/values.schema.json rename to riftbit/ghost/values.schema.json diff --git a/bitnami/ghost/values.yaml b/riftbit/ghost/values.yaml similarity index 100% rename from bitnami/ghost/values.yaml rename to riftbit/ghost/values.yaml diff --git a/bitnami/elasticsearch/.helmignore b/riftbit/grafana-tempo/.helmignore similarity index 100% rename from bitnami/elasticsearch/.helmignore rename to riftbit/grafana-tempo/.helmignore diff --git a/bitnami/grafana-tempo/Chart.lock b/riftbit/grafana-tempo/Chart.lock similarity index 100% rename from bitnami/grafana-tempo/Chart.lock rename to riftbit/grafana-tempo/Chart.lock diff --git a/bitnami/grafana-tempo/Chart.yaml b/riftbit/grafana-tempo/Chart.yaml similarity index 100% rename from bitnami/grafana-tempo/Chart.yaml rename to riftbit/grafana-tempo/Chart.yaml diff --git a/bitnami/grafana-tempo/README.md b/riftbit/grafana-tempo/README.md similarity index 100% rename from bitnami/grafana-tempo/README.md rename to riftbit/grafana-tempo/README.md diff --git a/bitnami/grafana-tempo/templates/NOTES.txt b/riftbit/grafana-tempo/templates/NOTES.txt similarity index 100% rename from bitnami/grafana-tempo/templates/NOTES.txt rename to riftbit/grafana-tempo/templates/NOTES.txt diff --git a/bitnami/grafana-tempo/templates/_helpers.tpl b/riftbit/grafana-tempo/templates/_helpers.tpl similarity index 100% rename from bitnami/grafana-tempo/templates/_helpers.tpl rename to riftbit/grafana-tempo/templates/_helpers.tpl diff --git a/bitnami/grafana-tempo/templates/compactor/deployment.yaml b/riftbit/grafana-tempo/templates/compactor/deployment.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/compactor/deployment.yaml rename to riftbit/grafana-tempo/templates/compactor/deployment.yaml diff --git a/bitnami/grafana-tempo/templates/compactor/service.yaml b/riftbit/grafana-tempo/templates/compactor/service.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/compactor/service.yaml rename to riftbit/grafana-tempo/templates/compactor/service.yaml diff --git a/bitnami/grafana-tempo/templates/compactor/servicemonitor.yaml b/riftbit/grafana-tempo/templates/compactor/servicemonitor.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/compactor/servicemonitor.yaml rename to riftbit/grafana-tempo/templates/compactor/servicemonitor.yaml diff --git a/bitnami/grafana-tempo/templates/distributor/deployment.yaml b/riftbit/grafana-tempo/templates/distributor/deployment.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/distributor/deployment.yaml rename to riftbit/grafana-tempo/templates/distributor/deployment.yaml diff --git a/bitnami/grafana-tempo/templates/distributor/service.yaml b/riftbit/grafana-tempo/templates/distributor/service.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/distributor/service.yaml rename to riftbit/grafana-tempo/templates/distributor/service.yaml diff --git a/bitnami/grafana-tempo/templates/distributor/servicemonitor.yaml b/riftbit/grafana-tempo/templates/distributor/servicemonitor.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/distributor/servicemonitor.yaml rename to riftbit/grafana-tempo/templates/distributor/servicemonitor.yaml diff --git a/bitnami/drupal/templates/extra-list.yaml b/riftbit/grafana-tempo/templates/extra-list.yaml similarity index 100% rename from bitnami/drupal/templates/extra-list.yaml rename to riftbit/grafana-tempo/templates/extra-list.yaml diff --git a/bitnami/grafana-tempo/templates/gossip-ring-headless-service.yaml b/riftbit/grafana-tempo/templates/gossip-ring-headless-service.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/gossip-ring-headless-service.yaml rename to riftbit/grafana-tempo/templates/gossip-ring-headless-service.yaml diff --git a/bitnami/grafana-tempo/templates/ingester/service.yaml b/riftbit/grafana-tempo/templates/ingester/service.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/ingester/service.yaml rename to riftbit/grafana-tempo/templates/ingester/service.yaml diff --git a/bitnami/grafana-tempo/templates/ingester/servicemonitor.yaml b/riftbit/grafana-tempo/templates/ingester/servicemonitor.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/ingester/servicemonitor.yaml rename to riftbit/grafana-tempo/templates/ingester/servicemonitor.yaml diff --git a/bitnami/grafana-tempo/templates/ingester/statefulset.yaml b/riftbit/grafana-tempo/templates/ingester/statefulset.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/ingester/statefulset.yaml rename to riftbit/grafana-tempo/templates/ingester/statefulset.yaml diff --git a/bitnami/grafana-tempo/templates/overrides-configmap.yaml b/riftbit/grafana-tempo/templates/overrides-configmap.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/overrides-configmap.yaml rename to riftbit/grafana-tempo/templates/overrides-configmap.yaml diff --git a/bitnami/grafana-tempo/templates/querier/deployment.yaml b/riftbit/grafana-tempo/templates/querier/deployment.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/querier/deployment.yaml rename to riftbit/grafana-tempo/templates/querier/deployment.yaml diff --git a/bitnami/grafana-tempo/templates/querier/service.yaml b/riftbit/grafana-tempo/templates/querier/service.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/querier/service.yaml rename to riftbit/grafana-tempo/templates/querier/service.yaml diff --git a/bitnami/grafana-tempo/templates/querier/servicemonitor.yaml b/riftbit/grafana-tempo/templates/querier/servicemonitor.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/querier/servicemonitor.yaml rename to riftbit/grafana-tempo/templates/querier/servicemonitor.yaml diff --git a/bitnami/grafana-tempo/templates/query-frontend/deployment.yaml b/riftbit/grafana-tempo/templates/query-frontend/deployment.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/query-frontend/deployment.yaml rename to riftbit/grafana-tempo/templates/query-frontend/deployment.yaml diff --git a/bitnami/grafana-tempo/templates/query-frontend/headless-service.yaml b/riftbit/grafana-tempo/templates/query-frontend/headless-service.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/query-frontend/headless-service.yaml rename to riftbit/grafana-tempo/templates/query-frontend/headless-service.yaml diff --git a/bitnami/grafana-tempo/templates/query-frontend/query-configmap.yaml b/riftbit/grafana-tempo/templates/query-frontend/query-configmap.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/query-frontend/query-configmap.yaml rename to riftbit/grafana-tempo/templates/query-frontend/query-configmap.yaml diff --git a/bitnami/grafana-tempo/templates/query-frontend/service.yaml b/riftbit/grafana-tempo/templates/query-frontend/service.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/query-frontend/service.yaml rename to riftbit/grafana-tempo/templates/query-frontend/service.yaml diff --git a/bitnami/grafana-tempo/templates/query-frontend/servicemonitor.yaml b/riftbit/grafana-tempo/templates/query-frontend/servicemonitor.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/query-frontend/servicemonitor.yaml rename to riftbit/grafana-tempo/templates/query-frontend/servicemonitor.yaml diff --git a/bitnami/grafana-tempo/templates/service-account.yaml b/riftbit/grafana-tempo/templates/service-account.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/service-account.yaml rename to riftbit/grafana-tempo/templates/service-account.yaml diff --git a/bitnami/grafana-tempo/templates/tempo-configmap.yaml b/riftbit/grafana-tempo/templates/tempo-configmap.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/tempo-configmap.yaml rename to riftbit/grafana-tempo/templates/tempo-configmap.yaml diff --git a/bitnami/grafana-tempo/templates/vulture/deployment.yaml b/riftbit/grafana-tempo/templates/vulture/deployment.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/vulture/deployment.yaml rename to riftbit/grafana-tempo/templates/vulture/deployment.yaml diff --git a/bitnami/grafana-tempo/templates/vulture/service.yaml b/riftbit/grafana-tempo/templates/vulture/service.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/vulture/service.yaml rename to riftbit/grafana-tempo/templates/vulture/service.yaml diff --git a/bitnami/grafana-tempo/templates/vulture/servicemonitor.yaml b/riftbit/grafana-tempo/templates/vulture/servicemonitor.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/vulture/servicemonitor.yaml rename to riftbit/grafana-tempo/templates/vulture/servicemonitor.yaml diff --git a/bitnami/grafana-tempo/values.yaml b/riftbit/grafana-tempo/values.yaml similarity index 100% rename from bitnami/grafana-tempo/values.yaml rename to riftbit/grafana-tempo/values.yaml diff --git a/bitnami/haproxy/Chart.lock b/riftbit/haproxy/Chart.lock similarity index 100% rename from bitnami/haproxy/Chart.lock rename to riftbit/haproxy/Chart.lock diff --git a/bitnami/haproxy/Chart.yaml b/riftbit/haproxy/Chart.yaml similarity index 100% rename from bitnami/haproxy/Chart.yaml rename to riftbit/haproxy/Chart.yaml diff --git a/bitnami/haproxy/README.md b/riftbit/haproxy/README.md similarity index 100% rename from bitnami/haproxy/README.md rename to riftbit/haproxy/README.md diff --git a/bitnami/haproxy/templates/NOTES.txt b/riftbit/haproxy/templates/NOTES.txt similarity index 100% rename from bitnami/haproxy/templates/NOTES.txt rename to riftbit/haproxy/templates/NOTES.txt diff --git a/bitnami/haproxy/templates/_helpers.tpl b/riftbit/haproxy/templates/_helpers.tpl similarity index 100% rename from bitnami/haproxy/templates/_helpers.tpl rename to riftbit/haproxy/templates/_helpers.tpl diff --git a/bitnami/haproxy/templates/configmap.yaml b/riftbit/haproxy/templates/configmap.yaml similarity index 100% rename from bitnami/haproxy/templates/configmap.yaml rename to riftbit/haproxy/templates/configmap.yaml diff --git a/bitnami/haproxy/templates/deployment.yaml b/riftbit/haproxy/templates/deployment.yaml similarity index 100% rename from bitnami/haproxy/templates/deployment.yaml rename to riftbit/haproxy/templates/deployment.yaml diff --git a/bitnami/etcd/templates/extra-list.yaml b/riftbit/haproxy/templates/extra-list.yaml similarity index 100% rename from bitnami/etcd/templates/extra-list.yaml rename to riftbit/haproxy/templates/extra-list.yaml diff --git a/bitnami/haproxy/templates/hpa.yaml b/riftbit/haproxy/templates/hpa.yaml similarity index 100% rename from bitnami/haproxy/templates/hpa.yaml rename to riftbit/haproxy/templates/hpa.yaml diff --git a/bitnami/haproxy/templates/pdb.yaml b/riftbit/haproxy/templates/pdb.yaml similarity index 100% rename from bitnami/haproxy/templates/pdb.yaml rename to riftbit/haproxy/templates/pdb.yaml diff --git a/bitnami/haproxy/templates/service-account.yaml b/riftbit/haproxy/templates/service-account.yaml similarity index 100% rename from bitnami/haproxy/templates/service-account.yaml rename to riftbit/haproxy/templates/service-account.yaml diff --git a/bitnami/haproxy/templates/service.yaml b/riftbit/haproxy/templates/service.yaml similarity index 100% rename from bitnami/haproxy/templates/service.yaml rename to riftbit/haproxy/templates/service.yaml diff --git a/bitnami/haproxy/values.yaml b/riftbit/haproxy/values.yaml similarity index 100% rename from bitnami/haproxy/values.yaml rename to riftbit/haproxy/values.yaml diff --git a/bitnami/etcd/.helmignore b/riftbit/harbor/.helmignore similarity index 100% rename from bitnami/etcd/.helmignore rename to riftbit/harbor/.helmignore diff --git a/bitnami/harbor/Chart.lock b/riftbit/harbor/Chart.lock similarity index 100% rename from bitnami/harbor/Chart.lock rename to riftbit/harbor/Chart.lock diff --git a/bitnami/harbor/Chart.yaml b/riftbit/harbor/Chart.yaml similarity index 100% rename from bitnami/harbor/Chart.yaml rename to riftbit/harbor/Chart.yaml diff --git a/bitnami/harbor/README.md b/riftbit/harbor/README.md similarity index 100% rename from bitnami/harbor/README.md rename to riftbit/harbor/README.md diff --git a/bitnami/harbor/cert/tls.crt b/riftbit/harbor/cert/tls.crt similarity index 100% rename from bitnami/harbor/cert/tls.crt rename to riftbit/harbor/cert/tls.crt diff --git a/bitnami/harbor/cert/tls.key b/riftbit/harbor/cert/tls.key similarity index 100% rename from bitnami/harbor/cert/tls.key rename to riftbit/harbor/cert/tls.key diff --git a/bitnami/harbor/ci/values-production.yaml b/riftbit/harbor/ci/values-production.yaml similarity index 100% rename from bitnami/harbor/ci/values-production.yaml rename to riftbit/harbor/ci/values-production.yaml diff --git a/bitnami/harbor/conf/clair.yaml b/riftbit/harbor/conf/clair.yaml similarity index 100% rename from bitnami/harbor/conf/clair.yaml rename to riftbit/harbor/conf/clair.yaml diff --git a/bitnami/harbor/conf/notary-server.json b/riftbit/harbor/conf/notary-server.json similarity index 100% rename from bitnami/harbor/conf/notary-server.json rename to riftbit/harbor/conf/notary-server.json diff --git a/bitnami/harbor/conf/notary-signer.json b/riftbit/harbor/conf/notary-signer.json similarity index 100% rename from bitnami/harbor/conf/notary-signer.json rename to riftbit/harbor/conf/notary-signer.json diff --git a/bitnami/harbor/templates/NOTES.txt b/riftbit/harbor/templates/NOTES.txt similarity index 100% rename from bitnami/harbor/templates/NOTES.txt rename to riftbit/harbor/templates/NOTES.txt diff --git a/bitnami/harbor/templates/_helpers.tpl b/riftbit/harbor/templates/_helpers.tpl similarity index 100% rename from bitnami/harbor/templates/_helpers.tpl rename to riftbit/harbor/templates/_helpers.tpl diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-cm-envvars.yaml b/riftbit/harbor/templates/chartmuseum/chartmuseum-cm-envvars.yaml similarity index 100% rename from bitnami/harbor/templates/chartmuseum/chartmuseum-cm-envvars.yaml rename to riftbit/harbor/templates/chartmuseum/chartmuseum-cm-envvars.yaml diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml b/riftbit/harbor/templates/chartmuseum/chartmuseum-dpl.yaml similarity index 100% rename from bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml rename to riftbit/harbor/templates/chartmuseum/chartmuseum-dpl.yaml diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml b/riftbit/harbor/templates/chartmuseum/chartmuseum-pvc.yaml similarity index 100% rename from bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml rename to riftbit/harbor/templates/chartmuseum/chartmuseum-pvc.yaml diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml b/riftbit/harbor/templates/chartmuseum/chartmuseum-secret.yaml similarity index 100% rename from bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml rename to riftbit/harbor/templates/chartmuseum/chartmuseum-secret.yaml diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml b/riftbit/harbor/templates/chartmuseum/chartmuseum-svc.yaml similarity index 100% rename from bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml rename to riftbit/harbor/templates/chartmuseum/chartmuseum-svc.yaml diff --git a/bitnami/harbor/templates/clair/clair-dpl.yaml b/riftbit/harbor/templates/clair/clair-dpl.yaml similarity index 100% rename from bitnami/harbor/templates/clair/clair-dpl.yaml rename to riftbit/harbor/templates/clair/clair-dpl.yaml diff --git a/bitnami/harbor/templates/clair/clair-secret.yaml b/riftbit/harbor/templates/clair/clair-secret.yaml similarity index 100% rename from bitnami/harbor/templates/clair/clair-secret.yaml rename to riftbit/harbor/templates/clair/clair-secret.yaml diff --git a/bitnami/harbor/templates/clair/clair-svc.yaml b/riftbit/harbor/templates/clair/clair-svc.yaml similarity index 100% rename from bitnami/harbor/templates/clair/clair-svc.yaml rename to riftbit/harbor/templates/clair/clair-svc.yaml diff --git a/bitnami/harbor/templates/core/core-cm-envvars.yaml b/riftbit/harbor/templates/core/core-cm-envvars.yaml similarity index 100% rename from bitnami/harbor/templates/core/core-cm-envvars.yaml rename to riftbit/harbor/templates/core/core-cm-envvars.yaml diff --git a/bitnami/harbor/templates/core/core-cm.yaml b/riftbit/harbor/templates/core/core-cm.yaml similarity index 100% rename from bitnami/harbor/templates/core/core-cm.yaml rename to riftbit/harbor/templates/core/core-cm.yaml diff --git a/bitnami/harbor/templates/core/core-dpl.yaml b/riftbit/harbor/templates/core/core-dpl.yaml similarity index 100% rename from bitnami/harbor/templates/core/core-dpl.yaml rename to riftbit/harbor/templates/core/core-dpl.yaml diff --git a/bitnami/harbor/templates/core/core-secret-envvars.yaml b/riftbit/harbor/templates/core/core-secret-envvars.yaml similarity index 100% rename from bitnami/harbor/templates/core/core-secret-envvars.yaml rename to riftbit/harbor/templates/core/core-secret-envvars.yaml diff --git a/bitnami/harbor/templates/core/core-secret.yaml b/riftbit/harbor/templates/core/core-secret.yaml similarity index 100% rename from bitnami/harbor/templates/core/core-secret.yaml rename to riftbit/harbor/templates/core/core-secret.yaml diff --git a/bitnami/harbor/templates/core/core-svc.yaml b/riftbit/harbor/templates/core/core-svc.yaml similarity index 100% rename from bitnami/harbor/templates/core/core-svc.yaml rename to riftbit/harbor/templates/core/core-svc.yaml diff --git a/bitnami/fluentd/templates/extra-list.yaml b/riftbit/harbor/templates/extra-list.yaml similarity index 100% rename from bitnami/fluentd/templates/extra-list.yaml rename to riftbit/harbor/templates/extra-list.yaml diff --git a/bitnami/harbor/templates/ingress/ingress.yaml b/riftbit/harbor/templates/ingress/ingress.yaml similarity index 100% rename from bitnami/harbor/templates/ingress/ingress.yaml rename to riftbit/harbor/templates/ingress/ingress.yaml diff --git a/bitnami/harbor/templates/ingress/secret.yaml b/riftbit/harbor/templates/ingress/secret.yaml similarity index 100% rename from bitnami/harbor/templates/ingress/secret.yaml rename to riftbit/harbor/templates/ingress/secret.yaml diff --git a/bitnami/harbor/templates/internal/internal-crt-secret.yaml b/riftbit/harbor/templates/internal/internal-crt-secret.yaml similarity index 100% rename from bitnami/harbor/templates/internal/internal-crt-secret.yaml rename to riftbit/harbor/templates/internal/internal-crt-secret.yaml diff --git a/bitnami/harbor/templates/jobservice/jobservice-cm-envvars.yaml b/riftbit/harbor/templates/jobservice/jobservice-cm-envvars.yaml similarity index 100% rename from bitnami/harbor/templates/jobservice/jobservice-cm-envvars.yaml rename to riftbit/harbor/templates/jobservice/jobservice-cm-envvars.yaml diff --git a/bitnami/harbor/templates/jobservice/jobservice-cm.yaml b/riftbit/harbor/templates/jobservice/jobservice-cm.yaml similarity index 100% rename from bitnami/harbor/templates/jobservice/jobservice-cm.yaml rename to riftbit/harbor/templates/jobservice/jobservice-cm.yaml diff --git a/bitnami/harbor/templates/jobservice/jobservice-dpl.yaml b/riftbit/harbor/templates/jobservice/jobservice-dpl.yaml similarity index 100% rename from bitnami/harbor/templates/jobservice/jobservice-dpl.yaml rename to riftbit/harbor/templates/jobservice/jobservice-dpl.yaml diff --git a/bitnami/harbor/templates/jobservice/jobservice-pvc.yaml b/riftbit/harbor/templates/jobservice/jobservice-pvc.yaml similarity index 100% rename from bitnami/harbor/templates/jobservice/jobservice-pvc.yaml rename to riftbit/harbor/templates/jobservice/jobservice-pvc.yaml diff --git a/bitnami/harbor/templates/jobservice/jobservice-secret-envvars.yaml b/riftbit/harbor/templates/jobservice/jobservice-secret-envvars.yaml similarity index 100% rename from bitnami/harbor/templates/jobservice/jobservice-secret-envvars.yaml rename to riftbit/harbor/templates/jobservice/jobservice-secret-envvars.yaml diff --git a/bitnami/harbor/templates/jobservice/jobservice-secrets.yaml b/riftbit/harbor/templates/jobservice/jobservice-secrets.yaml similarity index 100% rename from bitnami/harbor/templates/jobservice/jobservice-secrets.yaml rename to riftbit/harbor/templates/jobservice/jobservice-secrets.yaml diff --git a/bitnami/harbor/templates/jobservice/jobservice-svc.yaml b/riftbit/harbor/templates/jobservice/jobservice-svc.yaml similarity index 100% rename from bitnami/harbor/templates/jobservice/jobservice-svc.yaml rename to riftbit/harbor/templates/jobservice/jobservice-svc.yaml diff --git a/bitnami/harbor/templates/nginx/configmap-http.yaml b/riftbit/harbor/templates/nginx/configmap-http.yaml similarity index 100% rename from bitnami/harbor/templates/nginx/configmap-http.yaml rename to riftbit/harbor/templates/nginx/configmap-http.yaml diff --git a/bitnami/harbor/templates/nginx/configmap-https.yaml b/riftbit/harbor/templates/nginx/configmap-https.yaml similarity index 100% rename from bitnami/harbor/templates/nginx/configmap-https.yaml rename to riftbit/harbor/templates/nginx/configmap-https.yaml diff --git a/bitnami/harbor/templates/nginx/deployment.yaml b/riftbit/harbor/templates/nginx/deployment.yaml similarity index 100% rename from bitnami/harbor/templates/nginx/deployment.yaml rename to riftbit/harbor/templates/nginx/deployment.yaml diff --git a/bitnami/harbor/templates/nginx/secret.yaml b/riftbit/harbor/templates/nginx/secret.yaml similarity index 100% rename from bitnami/harbor/templates/nginx/secret.yaml rename to riftbit/harbor/templates/nginx/secret.yaml diff --git a/bitnami/harbor/templates/nginx/service.yaml b/riftbit/harbor/templates/nginx/service.yaml similarity index 100% rename from bitnami/harbor/templates/nginx/service.yaml rename to riftbit/harbor/templates/nginx/service.yaml diff --git a/bitnami/harbor/templates/notary/notary-secret-envvars.yaml b/riftbit/harbor/templates/notary/notary-secret-envvars.yaml similarity index 100% rename from bitnami/harbor/templates/notary/notary-secret-envvars.yaml rename to riftbit/harbor/templates/notary/notary-secret-envvars.yaml diff --git a/bitnami/harbor/templates/notary/notary-secret.yaml b/riftbit/harbor/templates/notary/notary-secret.yaml similarity index 100% rename from bitnami/harbor/templates/notary/notary-secret.yaml rename to riftbit/harbor/templates/notary/notary-secret.yaml diff --git a/bitnami/harbor/templates/notary/notary-server.yaml b/riftbit/harbor/templates/notary/notary-server.yaml similarity index 100% rename from bitnami/harbor/templates/notary/notary-server.yaml rename to riftbit/harbor/templates/notary/notary-server.yaml diff --git a/bitnami/harbor/templates/notary/notary-signer.yaml b/riftbit/harbor/templates/notary/notary-signer.yaml similarity index 100% rename from bitnami/harbor/templates/notary/notary-signer.yaml rename to riftbit/harbor/templates/notary/notary-signer.yaml diff --git a/bitnami/harbor/templates/notary/notary-svc.yaml b/riftbit/harbor/templates/notary/notary-svc.yaml similarity index 100% rename from bitnami/harbor/templates/notary/notary-svc.yaml rename to riftbit/harbor/templates/notary/notary-svc.yaml diff --git a/bitnami/harbor/templates/portal/portal-cm.yaml b/riftbit/harbor/templates/portal/portal-cm.yaml similarity index 100% rename from bitnami/harbor/templates/portal/portal-cm.yaml rename to riftbit/harbor/templates/portal/portal-cm.yaml diff --git a/bitnami/harbor/templates/portal/portal-dpl.yaml b/riftbit/harbor/templates/portal/portal-dpl.yaml similarity index 100% rename from bitnami/harbor/templates/portal/portal-dpl.yaml rename to riftbit/harbor/templates/portal/portal-dpl.yaml diff --git a/bitnami/harbor/templates/portal/portal-svc.yaml b/riftbit/harbor/templates/portal/portal-svc.yaml similarity index 100% rename from bitnami/harbor/templates/portal/portal-svc.yaml rename to riftbit/harbor/templates/portal/portal-svc.yaml diff --git a/bitnami/harbor/templates/registry/registry-cm.yaml b/riftbit/harbor/templates/registry/registry-cm.yaml similarity index 100% rename from bitnami/harbor/templates/registry/registry-cm.yaml rename to riftbit/harbor/templates/registry/registry-cm.yaml diff --git a/bitnami/harbor/templates/registry/registry-dpl.yaml b/riftbit/harbor/templates/registry/registry-dpl.yaml similarity index 100% rename from bitnami/harbor/templates/registry/registry-dpl.yaml rename to riftbit/harbor/templates/registry/registry-dpl.yaml diff --git a/bitnami/harbor/templates/registry/registry-pvc.yaml b/riftbit/harbor/templates/registry/registry-pvc.yaml similarity index 100% rename from bitnami/harbor/templates/registry/registry-pvc.yaml rename to riftbit/harbor/templates/registry/registry-pvc.yaml diff --git a/bitnami/harbor/templates/registry/registry-secret.yaml b/riftbit/harbor/templates/registry/registry-secret.yaml similarity index 100% rename from bitnami/harbor/templates/registry/registry-secret.yaml rename to riftbit/harbor/templates/registry/registry-secret.yaml diff --git a/bitnami/harbor/templates/registry/registry-svc.yaml b/riftbit/harbor/templates/registry/registry-svc.yaml similarity index 100% rename from bitnami/harbor/templates/registry/registry-svc.yaml rename to riftbit/harbor/templates/registry/registry-svc.yaml diff --git a/bitnami/harbor/templates/trivy/trivy-cm-envvars.yaml b/riftbit/harbor/templates/trivy/trivy-cm-envvars.yaml similarity index 100% rename from bitnami/harbor/templates/trivy/trivy-cm-envvars.yaml rename to riftbit/harbor/templates/trivy/trivy-cm-envvars.yaml diff --git a/bitnami/harbor/templates/trivy/trivy-secret-envvars.yaml b/riftbit/harbor/templates/trivy/trivy-secret-envvars.yaml similarity index 100% rename from bitnami/harbor/templates/trivy/trivy-secret-envvars.yaml rename to riftbit/harbor/templates/trivy/trivy-secret-envvars.yaml diff --git a/bitnami/harbor/templates/trivy/trivy-sts.yaml b/riftbit/harbor/templates/trivy/trivy-sts.yaml similarity index 100% rename from bitnami/harbor/templates/trivy/trivy-sts.yaml rename to riftbit/harbor/templates/trivy/trivy-sts.yaml diff --git a/bitnami/harbor/templates/trivy/trivy-svc.yaml b/riftbit/harbor/templates/trivy/trivy-svc.yaml similarity index 100% rename from bitnami/harbor/templates/trivy/trivy-svc.yaml rename to riftbit/harbor/templates/trivy/trivy-svc.yaml diff --git a/bitnami/harbor/values.yaml b/riftbit/harbor/values.yaml similarity index 100% rename from bitnami/harbor/values.yaml rename to riftbit/harbor/values.yaml diff --git a/bitnami/external-dns/.helmignore b/riftbit/influxdb/.helmignore similarity index 100% rename from bitnami/external-dns/.helmignore rename to riftbit/influxdb/.helmignore diff --git a/bitnami/influxdb/Chart.lock b/riftbit/influxdb/Chart.lock similarity index 100% rename from bitnami/influxdb/Chart.lock rename to riftbit/influxdb/Chart.lock diff --git a/bitnami/influxdb/Chart.yaml b/riftbit/influxdb/Chart.yaml similarity index 100% rename from bitnami/influxdb/Chart.yaml rename to riftbit/influxdb/Chart.yaml diff --git a/bitnami/influxdb/README.md b/riftbit/influxdb/README.md similarity index 100% rename from bitnami/influxdb/README.md rename to riftbit/influxdb/README.md diff --git a/bitnami/influxdb/files/conf/README.md b/riftbit/influxdb/files/conf/README.md similarity index 100% rename from bitnami/influxdb/files/conf/README.md rename to riftbit/influxdb/files/conf/README.md diff --git a/bitnami/influxdb/files/docker-entrypoint-initdb.d/README.md b/riftbit/influxdb/files/docker-entrypoint-initdb.d/README.md similarity index 100% rename from bitnami/influxdb/files/docker-entrypoint-initdb.d/README.md rename to riftbit/influxdb/files/docker-entrypoint-initdb.d/README.md diff --git a/bitnami/influxdb/templates/NOTES.txt b/riftbit/influxdb/templates/NOTES.txt similarity index 100% rename from bitnami/influxdb/templates/NOTES.txt rename to riftbit/influxdb/templates/NOTES.txt diff --git a/bitnami/influxdb/templates/_helpers.tpl b/riftbit/influxdb/templates/_helpers.tpl similarity index 100% rename from bitnami/influxdb/templates/_helpers.tpl rename to riftbit/influxdb/templates/_helpers.tpl diff --git a/bitnami/influxdb/templates/extradeploy.yaml b/riftbit/influxdb/templates/extradeploy.yaml similarity index 100% rename from bitnami/influxdb/templates/extradeploy.yaml rename to riftbit/influxdb/templates/extradeploy.yaml diff --git a/bitnami/influxdb/templates/influxdb/configmap-backup.yaml b/riftbit/influxdb/templates/influxdb/configmap-backup.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/configmap-backup.yaml rename to riftbit/influxdb/templates/influxdb/configmap-backup.yaml diff --git a/bitnami/influxdb/templates/influxdb/configmap-initdb-scripts.yaml b/riftbit/influxdb/templates/influxdb/configmap-initdb-scripts.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/configmap-initdb-scripts.yaml rename to riftbit/influxdb/templates/influxdb/configmap-initdb-scripts.yaml diff --git a/bitnami/influxdb/templates/influxdb/configmap.yaml b/riftbit/influxdb/templates/influxdb/configmap.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/configmap.yaml rename to riftbit/influxdb/templates/influxdb/configmap.yaml diff --git a/bitnami/influxdb/templates/influxdb/cronjob-backup.yaml b/riftbit/influxdb/templates/influxdb/cronjob-backup.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/cronjob-backup.yaml rename to riftbit/influxdb/templates/influxdb/cronjob-backup.yaml diff --git a/bitnami/influxdb/templates/influxdb/deployment-standalone.yaml b/riftbit/influxdb/templates/influxdb/deployment-standalone.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/deployment-standalone.yaml rename to riftbit/influxdb/templates/influxdb/deployment-standalone.yaml diff --git a/bitnami/influxdb/templates/influxdb/pvc-backup.yaml b/riftbit/influxdb/templates/influxdb/pvc-backup.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/pvc-backup.yaml rename to riftbit/influxdb/templates/influxdb/pvc-backup.yaml diff --git a/bitnami/influxdb/templates/influxdb/pvc.yaml b/riftbit/influxdb/templates/influxdb/pvc.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/pvc.yaml rename to riftbit/influxdb/templates/influxdb/pvc.yaml diff --git a/bitnami/influxdb/templates/influxdb/secrets-backup.yaml b/riftbit/influxdb/templates/influxdb/secrets-backup.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/secrets-backup.yaml rename to riftbit/influxdb/templates/influxdb/secrets-backup.yaml diff --git a/bitnami/influxdb/templates/influxdb/secrets.yaml b/riftbit/influxdb/templates/influxdb/secrets.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/secrets.yaml rename to riftbit/influxdb/templates/influxdb/secrets.yaml diff --git a/bitnami/influxdb/templates/influxdb/service-headless.yaml b/riftbit/influxdb/templates/influxdb/service-headless.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/service-headless.yaml rename to riftbit/influxdb/templates/influxdb/service-headless.yaml diff --git a/bitnami/influxdb/templates/influxdb/service-metrics.yaml b/riftbit/influxdb/templates/influxdb/service-metrics.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/service-metrics.yaml rename to riftbit/influxdb/templates/influxdb/service-metrics.yaml diff --git a/bitnami/influxdb/templates/influxdb/service.yaml b/riftbit/influxdb/templates/influxdb/service.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/service.yaml rename to riftbit/influxdb/templates/influxdb/service.yaml diff --git a/bitnami/influxdb/templates/influxdb/servicemonitor.yaml b/riftbit/influxdb/templates/influxdb/servicemonitor.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/servicemonitor.yaml rename to riftbit/influxdb/templates/influxdb/servicemonitor.yaml diff --git a/bitnami/influxdb/templates/influxdb/statefulset-high-availability.yaml b/riftbit/influxdb/templates/influxdb/statefulset-high-availability.yaml similarity index 100% rename from bitnami/influxdb/templates/influxdb/statefulset-high-availability.yaml rename to riftbit/influxdb/templates/influxdb/statefulset-high-availability.yaml diff --git a/bitnami/influxdb/templates/ingress.yaml b/riftbit/influxdb/templates/ingress.yaml similarity index 100% rename from bitnami/influxdb/templates/ingress.yaml rename to riftbit/influxdb/templates/ingress.yaml diff --git a/bitnami/influxdb/templates/networkpolicy.yaml b/riftbit/influxdb/templates/networkpolicy.yaml similarity index 100% rename from bitnami/influxdb/templates/networkpolicy.yaml rename to riftbit/influxdb/templates/networkpolicy.yaml diff --git a/bitnami/influxdb/templates/relay/configmap.yaml b/riftbit/influxdb/templates/relay/configmap.yaml similarity index 100% rename from bitnami/influxdb/templates/relay/configmap.yaml rename to riftbit/influxdb/templates/relay/configmap.yaml diff --git a/bitnami/influxdb/templates/relay/deployment.yaml b/riftbit/influxdb/templates/relay/deployment.yaml similarity index 100% rename from bitnami/influxdb/templates/relay/deployment.yaml rename to riftbit/influxdb/templates/relay/deployment.yaml diff --git a/bitnami/influxdb/templates/relay/service.yaml b/riftbit/influxdb/templates/relay/service.yaml similarity index 100% rename from bitnami/influxdb/templates/relay/service.yaml rename to riftbit/influxdb/templates/relay/service.yaml diff --git a/bitnami/influxdb/templates/service-collectd.yaml b/riftbit/influxdb/templates/service-collectd.yaml similarity index 100% rename from bitnami/influxdb/templates/service-collectd.yaml rename to riftbit/influxdb/templates/service-collectd.yaml diff --git a/bitnami/influxdb/values.yaml b/riftbit/influxdb/values.yaml similarity index 100% rename from bitnami/influxdb/values.yaml rename to riftbit/influxdb/values.yaml diff --git a/bitnami/jupyterhub/Chart.lock b/riftbit/jupyterhub/Chart.lock similarity index 100% rename from bitnami/jupyterhub/Chart.lock rename to riftbit/jupyterhub/Chart.lock diff --git a/bitnami/jupyterhub/Chart.yaml b/riftbit/jupyterhub/Chart.yaml similarity index 100% rename from bitnami/jupyterhub/Chart.yaml rename to riftbit/jupyterhub/Chart.yaml diff --git a/bitnami/jupyterhub/README.md b/riftbit/jupyterhub/README.md similarity index 100% rename from bitnami/jupyterhub/README.md rename to riftbit/jupyterhub/README.md diff --git a/bitnami/jupyterhub/templates/NOTES.txt b/riftbit/jupyterhub/templates/NOTES.txt similarity index 100% rename from bitnami/jupyterhub/templates/NOTES.txt rename to riftbit/jupyterhub/templates/NOTES.txt diff --git a/bitnami/jupyterhub/templates/_helpers.tpl b/riftbit/jupyterhub/templates/_helpers.tpl similarity index 100% rename from bitnami/jupyterhub/templates/_helpers.tpl rename to riftbit/jupyterhub/templates/_helpers.tpl diff --git a/bitnami/ghost/templates/extra-list.yaml b/riftbit/jupyterhub/templates/extra-list.yaml similarity index 100% rename from bitnami/ghost/templates/extra-list.yaml rename to riftbit/jupyterhub/templates/extra-list.yaml diff --git a/bitnami/jupyterhub/templates/hub/configmap.yaml b/riftbit/jupyterhub/templates/hub/configmap.yaml similarity index 100% rename from bitnami/jupyterhub/templates/hub/configmap.yaml rename to riftbit/jupyterhub/templates/hub/configmap.yaml diff --git a/bitnami/jupyterhub/templates/hub/deployment.yaml b/riftbit/jupyterhub/templates/hub/deployment.yaml similarity index 100% rename from bitnami/jupyterhub/templates/hub/deployment.yaml rename to riftbit/jupyterhub/templates/hub/deployment.yaml diff --git a/bitnami/jupyterhub/templates/hub/externaldb-secrets.yaml b/riftbit/jupyterhub/templates/hub/externaldb-secrets.yaml similarity index 100% rename from bitnami/jupyterhub/templates/hub/externaldb-secrets.yaml rename to riftbit/jupyterhub/templates/hub/externaldb-secrets.yaml diff --git a/bitnami/jupyterhub/templates/hub/networkpolicy.yaml b/riftbit/jupyterhub/templates/hub/networkpolicy.yaml similarity index 100% rename from bitnami/jupyterhub/templates/hub/networkpolicy.yaml rename to riftbit/jupyterhub/templates/hub/networkpolicy.yaml diff --git a/bitnami/jupyterhub/templates/hub/pdb.yaml b/riftbit/jupyterhub/templates/hub/pdb.yaml similarity index 100% rename from bitnami/jupyterhub/templates/hub/pdb.yaml rename to riftbit/jupyterhub/templates/hub/pdb.yaml diff --git a/bitnami/jupyterhub/templates/hub/role.yaml b/riftbit/jupyterhub/templates/hub/role.yaml similarity index 100% rename from bitnami/jupyterhub/templates/hub/role.yaml rename to riftbit/jupyterhub/templates/hub/role.yaml diff --git a/bitnami/jupyterhub/templates/hub/rolebinding.yaml b/riftbit/jupyterhub/templates/hub/rolebinding.yaml similarity index 100% rename from bitnami/jupyterhub/templates/hub/rolebinding.yaml rename to riftbit/jupyterhub/templates/hub/rolebinding.yaml diff --git a/bitnami/jupyterhub/templates/hub/secret.yaml b/riftbit/jupyterhub/templates/hub/secret.yaml similarity index 100% rename from bitnami/jupyterhub/templates/hub/secret.yaml rename to riftbit/jupyterhub/templates/hub/secret.yaml diff --git a/bitnami/jupyterhub/templates/hub/service-account.yaml b/riftbit/jupyterhub/templates/hub/service-account.yaml similarity index 100% rename from bitnami/jupyterhub/templates/hub/service-account.yaml rename to riftbit/jupyterhub/templates/hub/service-account.yaml diff --git a/bitnami/jupyterhub/templates/hub/service.yaml b/riftbit/jupyterhub/templates/hub/service.yaml similarity index 100% rename from bitnami/jupyterhub/templates/hub/service.yaml rename to riftbit/jupyterhub/templates/hub/service.yaml diff --git a/bitnami/jupyterhub/templates/image-puller/daemonset.yaml b/riftbit/jupyterhub/templates/image-puller/daemonset.yaml similarity index 100% rename from bitnami/jupyterhub/templates/image-puller/daemonset.yaml rename to riftbit/jupyterhub/templates/image-puller/daemonset.yaml diff --git a/bitnami/jupyterhub/templates/proxy/deployment.yaml b/riftbit/jupyterhub/templates/proxy/deployment.yaml similarity index 100% rename from bitnami/jupyterhub/templates/proxy/deployment.yaml rename to riftbit/jupyterhub/templates/proxy/deployment.yaml diff --git a/bitnami/jupyterhub/templates/proxy/ingress.yaml b/riftbit/jupyterhub/templates/proxy/ingress.yaml similarity index 100% rename from bitnami/jupyterhub/templates/proxy/ingress.yaml rename to riftbit/jupyterhub/templates/proxy/ingress.yaml diff --git a/bitnami/jupyterhub/templates/proxy/networkpolicy.yaml b/riftbit/jupyterhub/templates/proxy/networkpolicy.yaml similarity index 100% rename from bitnami/jupyterhub/templates/proxy/networkpolicy.yaml rename to riftbit/jupyterhub/templates/proxy/networkpolicy.yaml diff --git a/bitnami/jupyterhub/templates/proxy/service-api.yaml b/riftbit/jupyterhub/templates/proxy/service-api.yaml similarity index 100% rename from bitnami/jupyterhub/templates/proxy/service-api.yaml rename to riftbit/jupyterhub/templates/proxy/service-api.yaml diff --git a/bitnami/jupyterhub/templates/proxy/service-public.yaml b/riftbit/jupyterhub/templates/proxy/service-public.yaml similarity index 100% rename from bitnami/jupyterhub/templates/proxy/service-public.yaml rename to riftbit/jupyterhub/templates/proxy/service-public.yaml diff --git a/bitnami/jupyterhub/templates/proxy/tls-secret.yaml b/riftbit/jupyterhub/templates/proxy/tls-secret.yaml similarity index 100% rename from bitnami/jupyterhub/templates/proxy/tls-secret.yaml rename to riftbit/jupyterhub/templates/proxy/tls-secret.yaml diff --git a/bitnami/jupyterhub/templates/singleuser/networkpolicy.yaml b/riftbit/jupyterhub/templates/singleuser/networkpolicy.yaml similarity index 100% rename from bitnami/jupyterhub/templates/singleuser/networkpolicy.yaml rename to riftbit/jupyterhub/templates/singleuser/networkpolicy.yaml diff --git a/bitnami/jupyterhub/templates/singleuser/service-account.yaml b/riftbit/jupyterhub/templates/singleuser/service-account.yaml similarity index 100% rename from bitnami/jupyterhub/templates/singleuser/service-account.yaml rename to riftbit/jupyterhub/templates/singleuser/service-account.yaml diff --git a/bitnami/jupyterhub/values.yaml b/riftbit/jupyterhub/values.yaml similarity index 100% rename from bitnami/jupyterhub/values.yaml rename to riftbit/jupyterhub/values.yaml diff --git a/bitnami/fluentd/.helmignore b/riftbit/kafka/.helmignore similarity index 100% rename from bitnami/fluentd/.helmignore rename to riftbit/kafka/.helmignore diff --git a/bitnami/kafka/Chart.lock b/riftbit/kafka/Chart.lock similarity index 100% rename from bitnami/kafka/Chart.lock rename to riftbit/kafka/Chart.lock diff --git a/bitnami/kafka/Chart.yaml b/riftbit/kafka/Chart.yaml similarity index 100% rename from bitnami/kafka/Chart.yaml rename to riftbit/kafka/Chart.yaml diff --git a/bitnami/kafka/README.md b/riftbit/kafka/README.md similarity index 100% rename from bitnami/kafka/README.md rename to riftbit/kafka/README.md diff --git a/bitnami/kafka/files/tls/README.md b/riftbit/kafka/files/tls/README.md similarity index 100% rename from bitnami/kafka/files/tls/README.md rename to riftbit/kafka/files/tls/README.md diff --git a/bitnami/kafka/templates/NOTES.txt b/riftbit/kafka/templates/NOTES.txt similarity index 100% rename from bitnami/kafka/templates/NOTES.txt rename to riftbit/kafka/templates/NOTES.txt diff --git a/bitnami/kafka/templates/_helpers.tpl b/riftbit/kafka/templates/_helpers.tpl similarity index 100% rename from bitnami/kafka/templates/_helpers.tpl rename to riftbit/kafka/templates/_helpers.tpl diff --git a/bitnami/kafka/templates/configmap.yaml b/riftbit/kafka/templates/configmap.yaml similarity index 100% rename from bitnami/kafka/templates/configmap.yaml rename to riftbit/kafka/templates/configmap.yaml diff --git a/bitnami/grafana-operator/templates/extra-list.yaml b/riftbit/kafka/templates/extra-list.yaml similarity index 100% rename from bitnami/grafana-operator/templates/extra-list.yaml rename to riftbit/kafka/templates/extra-list.yaml diff --git a/bitnami/kafka/templates/jaas-secret.yaml b/riftbit/kafka/templates/jaas-secret.yaml similarity index 100% rename from bitnami/kafka/templates/jaas-secret.yaml rename to riftbit/kafka/templates/jaas-secret.yaml diff --git a/bitnami/kafka/templates/jmx-configmap.yaml b/riftbit/kafka/templates/jmx-configmap.yaml similarity index 100% rename from bitnami/kafka/templates/jmx-configmap.yaml rename to riftbit/kafka/templates/jmx-configmap.yaml diff --git a/bitnami/kafka/templates/jmx-metrics-svc.yaml b/riftbit/kafka/templates/jmx-metrics-svc.yaml similarity index 100% rename from bitnami/kafka/templates/jmx-metrics-svc.yaml rename to riftbit/kafka/templates/jmx-metrics-svc.yaml diff --git a/bitnami/kafka/templates/kafka-metrics-deployment.yaml b/riftbit/kafka/templates/kafka-metrics-deployment.yaml similarity index 100% rename from bitnami/kafka/templates/kafka-metrics-deployment.yaml rename to riftbit/kafka/templates/kafka-metrics-deployment.yaml diff --git a/bitnami/kafka/templates/kafka-metrics-svc.yaml b/riftbit/kafka/templates/kafka-metrics-svc.yaml similarity index 100% rename from bitnami/kafka/templates/kafka-metrics-svc.yaml rename to riftbit/kafka/templates/kafka-metrics-svc.yaml diff --git a/bitnami/kafka/templates/kafka-provisioning.yaml b/riftbit/kafka/templates/kafka-provisioning.yaml similarity index 100% rename from bitnami/kafka/templates/kafka-provisioning.yaml rename to riftbit/kafka/templates/kafka-provisioning.yaml diff --git a/bitnami/kafka/templates/log4j-configmap.yaml b/riftbit/kafka/templates/log4j-configmap.yaml similarity index 100% rename from bitnami/kafka/templates/log4j-configmap.yaml rename to riftbit/kafka/templates/log4j-configmap.yaml diff --git a/bitnami/kafka/templates/poddisruptionbudget.yaml b/riftbit/kafka/templates/poddisruptionbudget.yaml similarity index 100% rename from bitnami/kafka/templates/poddisruptionbudget.yaml rename to riftbit/kafka/templates/poddisruptionbudget.yaml diff --git a/bitnami/kafka/templates/role.yaml b/riftbit/kafka/templates/role.yaml similarity index 100% rename from bitnami/kafka/templates/role.yaml rename to riftbit/kafka/templates/role.yaml diff --git a/bitnami/kafka/templates/rolebinding.yaml b/riftbit/kafka/templates/rolebinding.yaml similarity index 100% rename from bitnami/kafka/templates/rolebinding.yaml rename to riftbit/kafka/templates/rolebinding.yaml diff --git a/bitnami/kafka/templates/scripts-configmap.yaml b/riftbit/kafka/templates/scripts-configmap.yaml similarity index 100% rename from bitnami/kafka/templates/scripts-configmap.yaml rename to riftbit/kafka/templates/scripts-configmap.yaml diff --git a/bitnami/kafka/templates/serviceaccount.yaml b/riftbit/kafka/templates/serviceaccount.yaml similarity index 100% rename from bitnami/kafka/templates/serviceaccount.yaml rename to riftbit/kafka/templates/serviceaccount.yaml diff --git a/bitnami/kafka/templates/servicemonitor-jmx-metrics.yaml b/riftbit/kafka/templates/servicemonitor-jmx-metrics.yaml similarity index 100% rename from bitnami/kafka/templates/servicemonitor-jmx-metrics.yaml rename to riftbit/kafka/templates/servicemonitor-jmx-metrics.yaml diff --git a/bitnami/kafka/templates/servicemonitor-metrics.yaml b/riftbit/kafka/templates/servicemonitor-metrics.yaml similarity index 100% rename from bitnami/kafka/templates/servicemonitor-metrics.yaml rename to riftbit/kafka/templates/servicemonitor-metrics.yaml diff --git a/bitnami/kafka/templates/statefulset.yaml b/riftbit/kafka/templates/statefulset.yaml similarity index 100% rename from bitnami/kafka/templates/statefulset.yaml rename to riftbit/kafka/templates/statefulset.yaml diff --git a/bitnami/kafka/templates/svc-external-access.yaml b/riftbit/kafka/templates/svc-external-access.yaml similarity index 100% rename from bitnami/kafka/templates/svc-external-access.yaml rename to riftbit/kafka/templates/svc-external-access.yaml diff --git a/bitnami/kafka/templates/svc-headless.yaml b/riftbit/kafka/templates/svc-headless.yaml similarity index 100% rename from bitnami/kafka/templates/svc-headless.yaml rename to riftbit/kafka/templates/svc-headless.yaml diff --git a/bitnami/kafka/templates/svc.yaml b/riftbit/kafka/templates/svc.yaml similarity index 100% rename from bitnami/kafka/templates/svc.yaml rename to riftbit/kafka/templates/svc.yaml diff --git a/bitnami/kafka/templates/tls-secret.yaml b/riftbit/kafka/templates/tls-secret.yaml similarity index 100% rename from bitnami/kafka/templates/tls-secret.yaml rename to riftbit/kafka/templates/tls-secret.yaml diff --git a/bitnami/kafka/values.yaml b/riftbit/kafka/values.yaml similarity index 100% rename from bitnami/kafka/values.yaml rename to riftbit/kafka/values.yaml diff --git a/bitnami/keycloak/Chart.lock b/riftbit/keycloak/Chart.lock similarity index 100% rename from bitnami/keycloak/Chart.lock rename to riftbit/keycloak/Chart.lock diff --git a/bitnami/keycloak/Chart.yaml b/riftbit/keycloak/Chart.yaml similarity index 100% rename from bitnami/keycloak/Chart.yaml rename to riftbit/keycloak/Chart.yaml diff --git a/bitnami/keycloak/README.md b/riftbit/keycloak/README.md similarity index 100% rename from bitnami/keycloak/README.md rename to riftbit/keycloak/README.md diff --git a/bitnami/ghost/ci/ct-values.yaml b/riftbit/keycloak/ci/ct-values.yaml similarity index 100% rename from bitnami/ghost/ci/ct-values.yaml rename to riftbit/keycloak/ci/ct-values.yaml diff --git a/bitnami/keycloak/ci/values-ha.yaml b/riftbit/keycloak/ci/values-ha.yaml similarity index 100% rename from bitnami/keycloak/ci/values-ha.yaml rename to riftbit/keycloak/ci/values-ha.yaml diff --git a/bitnami/aspnet-core/ci/values-hpa-pdb.yaml b/riftbit/keycloak/ci/values-hpa-pdb.yaml similarity index 100% rename from bitnami/aspnet-core/ci/values-hpa-pdb.yaml rename to riftbit/keycloak/ci/values-hpa-pdb.yaml diff --git a/bitnami/keycloak/ci/values-init-scripts.yaml b/riftbit/keycloak/ci/values-init-scripts.yaml similarity index 100% rename from bitnami/keycloak/ci/values-init-scripts.yaml rename to riftbit/keycloak/ci/values-init-scripts.yaml diff --git a/bitnami/keycloak/ci/values-metrics-and-ingress.yaml b/riftbit/keycloak/ci/values-metrics-and-ingress.yaml similarity index 100% rename from bitnami/keycloak/ci/values-metrics-and-ingress.yaml rename to riftbit/keycloak/ci/values-metrics-and-ingress.yaml diff --git a/bitnami/keycloak/templates/NOTES.txt b/riftbit/keycloak/templates/NOTES.txt similarity index 100% rename from bitnami/keycloak/templates/NOTES.txt rename to riftbit/keycloak/templates/NOTES.txt diff --git a/bitnami/keycloak/templates/_helpers.tpl b/riftbit/keycloak/templates/_helpers.tpl similarity index 100% rename from bitnami/keycloak/templates/_helpers.tpl rename to riftbit/keycloak/templates/_helpers.tpl diff --git a/bitnami/keycloak/templates/configmap-env-vars.yaml b/riftbit/keycloak/templates/configmap-env-vars.yaml similarity index 100% rename from bitnami/keycloak/templates/configmap-env-vars.yaml rename to riftbit/keycloak/templates/configmap-env-vars.yaml diff --git a/bitnami/keycloak/templates/configmap.yaml b/riftbit/keycloak/templates/configmap.yaml similarity index 100% rename from bitnami/keycloak/templates/configmap.yaml rename to riftbit/keycloak/templates/configmap.yaml diff --git a/bitnami/grafana-tempo/templates/extra-list.yaml b/riftbit/keycloak/templates/extra-list.yaml similarity index 100% rename from bitnami/grafana-tempo/templates/extra-list.yaml rename to riftbit/keycloak/templates/extra-list.yaml diff --git a/bitnami/keycloak/templates/headless-service.yaml b/riftbit/keycloak/templates/headless-service.yaml similarity index 100% rename from bitnami/keycloak/templates/headless-service.yaml rename to riftbit/keycloak/templates/headless-service.yaml diff --git a/bitnami/keycloak/templates/hpa.yaml b/riftbit/keycloak/templates/hpa.yaml similarity index 100% rename from bitnami/keycloak/templates/hpa.yaml rename to riftbit/keycloak/templates/hpa.yaml diff --git a/bitnami/keycloak/templates/ingress.yaml b/riftbit/keycloak/templates/ingress.yaml similarity index 100% rename from bitnami/keycloak/templates/ingress.yaml rename to riftbit/keycloak/templates/ingress.yaml diff --git a/bitnami/keycloak/templates/init-scripts-configmap.yaml b/riftbit/keycloak/templates/init-scripts-configmap.yaml similarity index 100% rename from bitnami/keycloak/templates/init-scripts-configmap.yaml rename to riftbit/keycloak/templates/init-scripts-configmap.yaml diff --git a/bitnami/keycloak/templates/keycloak-config-cli-configmap.yaml b/riftbit/keycloak/templates/keycloak-config-cli-configmap.yaml similarity index 100% rename from bitnami/keycloak/templates/keycloak-config-cli-configmap.yaml rename to riftbit/keycloak/templates/keycloak-config-cli-configmap.yaml diff --git a/bitnami/keycloak/templates/keycloak-config-cli-job.yaml b/riftbit/keycloak/templates/keycloak-config-cli-job.yaml similarity index 100% rename from bitnami/keycloak/templates/keycloak-config-cli-job.yaml rename to riftbit/keycloak/templates/keycloak-config-cli-job.yaml diff --git a/bitnami/keycloak/templates/metrics-service.yaml b/riftbit/keycloak/templates/metrics-service.yaml similarity index 100% rename from bitnami/keycloak/templates/metrics-service.yaml rename to riftbit/keycloak/templates/metrics-service.yaml diff --git a/bitnami/keycloak/templates/networkpolicy.yaml b/riftbit/keycloak/templates/networkpolicy.yaml similarity index 100% rename from bitnami/keycloak/templates/networkpolicy.yaml rename to riftbit/keycloak/templates/networkpolicy.yaml diff --git a/bitnami/keycloak/templates/pdb.yaml b/riftbit/keycloak/templates/pdb.yaml similarity index 100% rename from bitnami/keycloak/templates/pdb.yaml rename to riftbit/keycloak/templates/pdb.yaml diff --git a/bitnami/keycloak/templates/role.yaml b/riftbit/keycloak/templates/role.yaml similarity index 100% rename from bitnami/keycloak/templates/role.yaml rename to riftbit/keycloak/templates/role.yaml diff --git a/bitnami/keycloak/templates/rolebinding.yaml b/riftbit/keycloak/templates/rolebinding.yaml similarity index 100% rename from bitnami/keycloak/templates/rolebinding.yaml rename to riftbit/keycloak/templates/rolebinding.yaml diff --git a/bitnami/keycloak/templates/secrets.yaml b/riftbit/keycloak/templates/secrets.yaml similarity index 100% rename from bitnami/keycloak/templates/secrets.yaml rename to riftbit/keycloak/templates/secrets.yaml diff --git a/bitnami/keycloak/templates/service.yaml b/riftbit/keycloak/templates/service.yaml similarity index 100% rename from bitnami/keycloak/templates/service.yaml rename to riftbit/keycloak/templates/service.yaml diff --git a/bitnami/keycloak/templates/serviceaccount.yaml b/riftbit/keycloak/templates/serviceaccount.yaml similarity index 100% rename from bitnami/keycloak/templates/serviceaccount.yaml rename to riftbit/keycloak/templates/serviceaccount.yaml diff --git a/bitnami/keycloak/templates/servicemonitor.yaml b/riftbit/keycloak/templates/servicemonitor.yaml similarity index 100% rename from bitnami/keycloak/templates/servicemonitor.yaml rename to riftbit/keycloak/templates/servicemonitor.yaml diff --git a/bitnami/keycloak/templates/statefulset.yaml b/riftbit/keycloak/templates/statefulset.yaml similarity index 100% rename from bitnami/keycloak/templates/statefulset.yaml rename to riftbit/keycloak/templates/statefulset.yaml diff --git a/bitnami/keycloak/templates/tls-secret.yaml b/riftbit/keycloak/templates/tls-secret.yaml similarity index 100% rename from bitnami/keycloak/templates/tls-secret.yaml rename to riftbit/keycloak/templates/tls-secret.yaml diff --git a/bitnami/keycloak/values.yaml b/riftbit/keycloak/values.yaml similarity index 100% rename from bitnami/keycloak/values.yaml rename to riftbit/keycloak/values.yaml diff --git a/riftbit/kroki/Chart.yaml b/riftbit/kroki/Chart.yaml index 2f64c06..818f67c 100644 --- a/riftbit/kroki/Chart.yaml +++ b/riftbit/kroki/Chart.yaml @@ -12,5 +12,7 @@ sources: version: 1.1.0 dependencies: - name: common - version: 1.7.1 - repository: https://charts.bitnami.com/bitnami/ + repository: https://charts.riftbit.com/ + # tags: + # - riftbit-common + version: 1.x.x diff --git a/riftbit/kubebox/Chart.yaml b/riftbit/kubebox/Chart.yaml index 8d7242a..df8e0a7 100644 --- a/riftbit/kubebox/Chart.yaml +++ b/riftbit/kubebox/Chart.yaml @@ -9,5 +9,7 @@ name: kubebox version: 2.7.0 dependencies: - name: common - version: 1.7.1 - repository: https://charts.bitnami.com/bitnami/ + repository: https://charts.riftbit.com/ + # tags: + # - riftbit-common + version: 1.x.x diff --git a/bitnami/contour/.helmignore b/riftbit/kubernetes-event-exporter/.helmignore similarity index 100% rename from bitnami/contour/.helmignore rename to riftbit/kubernetes-event-exporter/.helmignore diff --git a/bitnami/kubernetes-event-exporter/Chart.lock b/riftbit/kubernetes-event-exporter/Chart.lock similarity index 100% rename from bitnami/kubernetes-event-exporter/Chart.lock rename to riftbit/kubernetes-event-exporter/Chart.lock diff --git a/bitnami/kubernetes-event-exporter/Chart.yaml b/riftbit/kubernetes-event-exporter/Chart.yaml similarity index 100% rename from bitnami/kubernetes-event-exporter/Chart.yaml rename to riftbit/kubernetes-event-exporter/Chart.yaml diff --git a/bitnami/kubernetes-event-exporter/README.md b/riftbit/kubernetes-event-exporter/README.md similarity index 100% rename from bitnami/kubernetes-event-exporter/README.md rename to riftbit/kubernetes-event-exporter/README.md diff --git a/bitnami/kubernetes-event-exporter/templates/_helpers.tpl b/riftbit/kubernetes-event-exporter/templates/_helpers.tpl similarity index 100% rename from bitnami/kubernetes-event-exporter/templates/_helpers.tpl rename to riftbit/kubernetes-event-exporter/templates/_helpers.tpl diff --git a/bitnami/kubernetes-event-exporter/templates/configmap.yaml b/riftbit/kubernetes-event-exporter/templates/configmap.yaml similarity index 100% rename from bitnami/kubernetes-event-exporter/templates/configmap.yaml rename to riftbit/kubernetes-event-exporter/templates/configmap.yaml diff --git a/bitnami/kubernetes-event-exporter/templates/deployment.yaml b/riftbit/kubernetes-event-exporter/templates/deployment.yaml similarity index 100% rename from bitnami/kubernetes-event-exporter/templates/deployment.yaml rename to riftbit/kubernetes-event-exporter/templates/deployment.yaml diff --git a/bitnami/grafana/templates/extra-list.yaml b/riftbit/kubernetes-event-exporter/templates/extra-list.yaml similarity index 100% rename from bitnami/grafana/templates/extra-list.yaml rename to riftbit/kubernetes-event-exporter/templates/extra-list.yaml diff --git a/bitnami/kubernetes-event-exporter/templates/rbac.yaml b/riftbit/kubernetes-event-exporter/templates/rbac.yaml similarity index 100% rename from bitnami/kubernetes-event-exporter/templates/rbac.yaml rename to riftbit/kubernetes-event-exporter/templates/rbac.yaml diff --git a/bitnami/kubernetes-event-exporter/templates/serviceaccount.yaml b/riftbit/kubernetes-event-exporter/templates/serviceaccount.yaml similarity index 100% rename from bitnami/kubernetes-event-exporter/templates/serviceaccount.yaml rename to riftbit/kubernetes-event-exporter/templates/serviceaccount.yaml diff --git a/bitnami/kubernetes-event-exporter/values.yaml b/riftbit/kubernetes-event-exporter/values.yaml similarity index 100% rename from bitnami/kubernetes-event-exporter/values.yaml rename to riftbit/kubernetes-event-exporter/values.yaml diff --git a/riftbit/kubeview/Chart.yaml b/riftbit/kubeview/Chart.yaml index b11a061..58a4786 100644 --- a/riftbit/kubeview/Chart.yaml +++ b/riftbit/kubeview/Chart.yaml @@ -10,5 +10,7 @@ name: kubeview version: 2.6.0 dependencies: - name: common - version: 1.7.1 - repository: https://charts.bitnami.com/bitnami/ + repository: https://charts.riftbit.com/ + # tags: + # - riftbit-common + version: 1.x.x diff --git a/bitnami/ghost/.helmignore b/riftbit/kubewatch/.helmignore similarity index 100% rename from bitnami/ghost/.helmignore rename to riftbit/kubewatch/.helmignore diff --git a/bitnami/kubewatch/Chart.lock b/riftbit/kubewatch/Chart.lock similarity index 100% rename from bitnami/kubewatch/Chart.lock rename to riftbit/kubewatch/Chart.lock diff --git a/bitnami/kubewatch/Chart.yaml b/riftbit/kubewatch/Chart.yaml similarity index 100% rename from bitnami/kubewatch/Chart.yaml rename to riftbit/kubewatch/Chart.yaml diff --git a/bitnami/kubewatch/README.md b/riftbit/kubewatch/README.md similarity index 100% rename from bitnami/kubewatch/README.md rename to riftbit/kubewatch/README.md diff --git a/bitnami/kubewatch/templates/NOTES.txt b/riftbit/kubewatch/templates/NOTES.txt similarity index 100% rename from bitnami/kubewatch/templates/NOTES.txt rename to riftbit/kubewatch/templates/NOTES.txt diff --git a/bitnami/kubewatch/templates/_helpers.tpl b/riftbit/kubewatch/templates/_helpers.tpl similarity index 100% rename from bitnami/kubewatch/templates/_helpers.tpl rename to riftbit/kubewatch/templates/_helpers.tpl diff --git a/bitnami/kubewatch/templates/clusterrole.yaml b/riftbit/kubewatch/templates/clusterrole.yaml similarity index 100% rename from bitnami/kubewatch/templates/clusterrole.yaml rename to riftbit/kubewatch/templates/clusterrole.yaml diff --git a/bitnami/kubewatch/templates/clusterrolebinding.yaml b/riftbit/kubewatch/templates/clusterrolebinding.yaml similarity index 100% rename from bitnami/kubewatch/templates/clusterrolebinding.yaml rename to riftbit/kubewatch/templates/clusterrolebinding.yaml diff --git a/bitnami/kubewatch/templates/configmap.yaml b/riftbit/kubewatch/templates/configmap.yaml similarity index 100% rename from bitnami/kubewatch/templates/configmap.yaml rename to riftbit/kubewatch/templates/configmap.yaml diff --git a/bitnami/kubewatch/templates/deployment.yaml b/riftbit/kubewatch/templates/deployment.yaml similarity index 100% rename from bitnami/kubewatch/templates/deployment.yaml rename to riftbit/kubewatch/templates/deployment.yaml diff --git a/bitnami/haproxy/templates/extra-list.yaml b/riftbit/kubewatch/templates/extra-list.yaml similarity index 100% rename from bitnami/haproxy/templates/extra-list.yaml rename to riftbit/kubewatch/templates/extra-list.yaml diff --git a/bitnami/kubewatch/templates/serviceaccount.yaml b/riftbit/kubewatch/templates/serviceaccount.yaml similarity index 100% rename from bitnami/kubewatch/templates/serviceaccount.yaml rename to riftbit/kubewatch/templates/serviceaccount.yaml diff --git a/bitnami/kubewatch/values.yaml b/riftbit/kubewatch/values.yaml similarity index 100% rename from bitnami/kubewatch/values.yaml rename to riftbit/kubewatch/values.yaml diff --git a/bitnami/grafana-operator/.helmignore b/riftbit/mariadb-galera/.helmignore similarity index 100% rename from bitnami/grafana-operator/.helmignore rename to riftbit/mariadb-galera/.helmignore diff --git a/bitnami/mariadb-galera/Chart.lock b/riftbit/mariadb-galera/Chart.lock similarity index 100% rename from bitnami/mariadb-galera/Chart.lock rename to riftbit/mariadb-galera/Chart.lock diff --git a/bitnami/mariadb-galera/Chart.yaml b/riftbit/mariadb-galera/Chart.yaml similarity index 100% rename from bitnami/mariadb-galera/Chart.yaml rename to riftbit/mariadb-galera/Chart.yaml diff --git a/bitnami/mariadb-galera/README.md b/riftbit/mariadb-galera/README.md similarity index 100% rename from bitnami/mariadb-galera/README.md rename to riftbit/mariadb-galera/README.md diff --git a/bitnami/mariadb-galera/ci/values-production-with-rbac.yaml b/riftbit/mariadb-galera/ci/values-production-with-rbac.yaml similarity index 100% rename from bitnami/mariadb-galera/ci/values-production-with-rbac.yaml rename to riftbit/mariadb-galera/ci/values-production-with-rbac.yaml diff --git a/bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md b/riftbit/mariadb-galera/files/docker-entrypoint-initdb.d/README.md similarity index 100% rename from bitnami/mariadb-galera/files/docker-entrypoint-initdb.d/README.md rename to riftbit/mariadb-galera/files/docker-entrypoint-initdb.d/README.md diff --git a/bitnami/mariadb-galera/templates/NOTES.txt b/riftbit/mariadb-galera/templates/NOTES.txt similarity index 100% rename from bitnami/mariadb-galera/templates/NOTES.txt rename to riftbit/mariadb-galera/templates/NOTES.txt diff --git a/bitnami/mariadb-galera/templates/_helpers.tpl b/riftbit/mariadb-galera/templates/_helpers.tpl similarity index 100% rename from bitnami/mariadb-galera/templates/_helpers.tpl rename to riftbit/mariadb-galera/templates/_helpers.tpl diff --git a/bitnami/mariadb-galera/templates/configmap.yaml b/riftbit/mariadb-galera/templates/configmap.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/configmap.yaml rename to riftbit/mariadb-galera/templates/configmap.yaml diff --git a/bitnami/harbor/templates/extra-list.yaml b/riftbit/mariadb-galera/templates/extra-list.yaml similarity index 100% rename from bitnami/harbor/templates/extra-list.yaml rename to riftbit/mariadb-galera/templates/extra-list.yaml diff --git a/bitnami/mariadb-galera/templates/headless-svc.yaml b/riftbit/mariadb-galera/templates/headless-svc.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/headless-svc.yaml rename to riftbit/mariadb-galera/templates/headless-svc.yaml diff --git a/bitnami/mariadb-galera/templates/initialization-configmap.yaml b/riftbit/mariadb-galera/templates/initialization-configmap.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/initialization-configmap.yaml rename to riftbit/mariadb-galera/templates/initialization-configmap.yaml diff --git a/bitnami/mariadb-galera/templates/metrics-svc.yaml b/riftbit/mariadb-galera/templates/metrics-svc.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/metrics-svc.yaml rename to riftbit/mariadb-galera/templates/metrics-svc.yaml diff --git a/bitnami/mariadb-galera/templates/pdb.yaml b/riftbit/mariadb-galera/templates/pdb.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/pdb.yaml rename to riftbit/mariadb-galera/templates/pdb.yaml diff --git a/bitnami/mariadb-galera/templates/prometheusrules.yaml b/riftbit/mariadb-galera/templates/prometheusrules.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/prometheusrules.yaml rename to riftbit/mariadb-galera/templates/prometheusrules.yaml diff --git a/bitnami/mariadb-galera/templates/role.yaml b/riftbit/mariadb-galera/templates/role.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/role.yaml rename to riftbit/mariadb-galera/templates/role.yaml diff --git a/bitnami/mariadb-galera/templates/rolebinding.yaml b/riftbit/mariadb-galera/templates/rolebinding.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/rolebinding.yaml rename to riftbit/mariadb-galera/templates/rolebinding.yaml diff --git a/bitnami/mariadb-galera/templates/secrets.yaml b/riftbit/mariadb-galera/templates/secrets.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/secrets.yaml rename to riftbit/mariadb-galera/templates/secrets.yaml diff --git a/bitnami/mariadb-galera/templates/serviceaccount.yaml b/riftbit/mariadb-galera/templates/serviceaccount.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/serviceaccount.yaml rename to riftbit/mariadb-galera/templates/serviceaccount.yaml diff --git a/bitnami/mariadb-galera/templates/servicemonitor.yaml b/riftbit/mariadb-galera/templates/servicemonitor.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/servicemonitor.yaml rename to riftbit/mariadb-galera/templates/servicemonitor.yaml diff --git a/bitnami/mariadb-galera/templates/statefulset.yaml b/riftbit/mariadb-galera/templates/statefulset.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/statefulset.yaml rename to riftbit/mariadb-galera/templates/statefulset.yaml diff --git a/bitnami/mariadb-galera/templates/svc.yaml b/riftbit/mariadb-galera/templates/svc.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/svc.yaml rename to riftbit/mariadb-galera/templates/svc.yaml diff --git a/bitnami/mariadb-galera/templates/tls-secrets.yaml b/riftbit/mariadb-galera/templates/tls-secrets.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/tls-secrets.yaml rename to riftbit/mariadb-galera/templates/tls-secrets.yaml diff --git a/bitnami/mariadb-galera/values.schema.json b/riftbit/mariadb-galera/values.schema.json similarity index 100% rename from bitnami/mariadb-galera/values.schema.json rename to riftbit/mariadb-galera/values.schema.json diff --git a/bitnami/mariadb-galera/values.yaml b/riftbit/mariadb-galera/values.yaml similarity index 100% rename from bitnami/mariadb-galera/values.yaml rename to riftbit/mariadb-galera/values.yaml diff --git a/bitnami/grafana-tempo/.helmignore b/riftbit/mariadb/.helmignore similarity index 100% rename from bitnami/grafana-tempo/.helmignore rename to riftbit/mariadb/.helmignore diff --git a/bitnami/mariadb/Chart.lock b/riftbit/mariadb/Chart.lock similarity index 100% rename from bitnami/mariadb/Chart.lock rename to riftbit/mariadb/Chart.lock diff --git a/bitnami/mariadb/Chart.yaml b/riftbit/mariadb/Chart.yaml similarity index 100% rename from bitnami/mariadb/Chart.yaml rename to riftbit/mariadb/Chart.yaml diff --git a/bitnami/mariadb/README.md b/riftbit/mariadb/README.md similarity index 100% rename from bitnami/mariadb/README.md rename to riftbit/mariadb/README.md diff --git a/bitnami/mariadb/ci/values-production-with-rbac-and-metrics.yaml b/riftbit/mariadb/ci/values-production-with-rbac-and-metrics.yaml similarity index 100% rename from bitnami/mariadb/ci/values-production-with-rbac-and-metrics.yaml rename to riftbit/mariadb/ci/values-production-with-rbac-and-metrics.yaml diff --git a/bitnami/mariadb/templates/NOTES.txt b/riftbit/mariadb/templates/NOTES.txt similarity index 100% rename from bitnami/mariadb/templates/NOTES.txt rename to riftbit/mariadb/templates/NOTES.txt diff --git a/bitnami/mariadb/templates/_helpers.tpl b/riftbit/mariadb/templates/_helpers.tpl similarity index 100% rename from bitnami/mariadb/templates/_helpers.tpl rename to riftbit/mariadb/templates/_helpers.tpl diff --git a/bitnami/jasperreports/templates/extra-list.yaml b/riftbit/mariadb/templates/extra-list.yaml similarity index 100% rename from bitnami/jasperreports/templates/extra-list.yaml rename to riftbit/mariadb/templates/extra-list.yaml diff --git a/bitnami/mariadb/templates/primary/configmap.yaml b/riftbit/mariadb/templates/primary/configmap.yaml similarity index 100% rename from bitnami/mariadb/templates/primary/configmap.yaml rename to riftbit/mariadb/templates/primary/configmap.yaml diff --git a/bitnami/mariadb/templates/primary/initialization-configmap.yaml b/riftbit/mariadb/templates/primary/initialization-configmap.yaml similarity index 100% rename from bitnami/mariadb/templates/primary/initialization-configmap.yaml rename to riftbit/mariadb/templates/primary/initialization-configmap.yaml diff --git a/bitnami/mariadb/templates/primary/pdb.yaml b/riftbit/mariadb/templates/primary/pdb.yaml similarity index 100% rename from bitnami/mariadb/templates/primary/pdb.yaml rename to riftbit/mariadb/templates/primary/pdb.yaml diff --git a/bitnami/mariadb/templates/primary/statefulset.yaml b/riftbit/mariadb/templates/primary/statefulset.yaml similarity index 100% rename from bitnami/mariadb/templates/primary/statefulset.yaml rename to riftbit/mariadb/templates/primary/statefulset.yaml diff --git a/bitnami/mariadb/templates/primary/svc.yaml b/riftbit/mariadb/templates/primary/svc.yaml similarity index 100% rename from bitnami/mariadb/templates/primary/svc.yaml rename to riftbit/mariadb/templates/primary/svc.yaml diff --git a/bitnami/mariadb/templates/role.yaml b/riftbit/mariadb/templates/role.yaml similarity index 100% rename from bitnami/mariadb/templates/role.yaml rename to riftbit/mariadb/templates/role.yaml diff --git a/bitnami/mariadb/templates/rolebinding.yaml b/riftbit/mariadb/templates/rolebinding.yaml similarity index 100% rename from bitnami/mariadb/templates/rolebinding.yaml rename to riftbit/mariadb/templates/rolebinding.yaml diff --git a/bitnami/mariadb/templates/secondary/configmap.yaml b/riftbit/mariadb/templates/secondary/configmap.yaml similarity index 100% rename from bitnami/mariadb/templates/secondary/configmap.yaml rename to riftbit/mariadb/templates/secondary/configmap.yaml diff --git a/bitnami/mariadb/templates/secondary/pdb.yaml b/riftbit/mariadb/templates/secondary/pdb.yaml similarity index 100% rename from bitnami/mariadb/templates/secondary/pdb.yaml rename to riftbit/mariadb/templates/secondary/pdb.yaml diff --git a/bitnami/mariadb/templates/secondary/statefulset.yaml b/riftbit/mariadb/templates/secondary/statefulset.yaml similarity index 100% rename from bitnami/mariadb/templates/secondary/statefulset.yaml rename to riftbit/mariadb/templates/secondary/statefulset.yaml diff --git a/bitnami/mariadb/templates/secondary/svc.yaml b/riftbit/mariadb/templates/secondary/svc.yaml similarity index 100% rename from bitnami/mariadb/templates/secondary/svc.yaml rename to riftbit/mariadb/templates/secondary/svc.yaml diff --git a/bitnami/mariadb/templates/secrets.yaml b/riftbit/mariadb/templates/secrets.yaml similarity index 100% rename from bitnami/mariadb/templates/secrets.yaml rename to riftbit/mariadb/templates/secrets.yaml diff --git a/bitnami/mariadb/templates/serviceaccount.yaml b/riftbit/mariadb/templates/serviceaccount.yaml similarity index 100% rename from bitnami/mariadb/templates/serviceaccount.yaml rename to riftbit/mariadb/templates/serviceaccount.yaml diff --git a/bitnami/mariadb/templates/servicemonitor.yaml b/riftbit/mariadb/templates/servicemonitor.yaml similarity index 100% rename from bitnami/mariadb/templates/servicemonitor.yaml rename to riftbit/mariadb/templates/servicemonitor.yaml diff --git a/bitnami/mariadb/values.schema.json b/riftbit/mariadb/values.schema.json similarity index 100% rename from bitnami/mariadb/values.schema.json rename to riftbit/mariadb/values.schema.json diff --git a/bitnami/mariadb/values.yaml b/riftbit/mariadb/values.yaml similarity index 100% rename from bitnami/mariadb/values.yaml rename to riftbit/mariadb/values.yaml diff --git a/bitnami/grafana/.helmignore b/riftbit/mediawiki/.helmignore similarity index 100% rename from bitnami/grafana/.helmignore rename to riftbit/mediawiki/.helmignore diff --git a/bitnami/mediawiki/Chart.lock b/riftbit/mediawiki/Chart.lock similarity index 100% rename from bitnami/mediawiki/Chart.lock rename to riftbit/mediawiki/Chart.lock diff --git a/bitnami/mediawiki/Chart.yaml b/riftbit/mediawiki/Chart.yaml similarity index 100% rename from bitnami/mediawiki/Chart.yaml rename to riftbit/mediawiki/Chart.yaml diff --git a/bitnami/mediawiki/README.md b/riftbit/mediawiki/README.md similarity index 100% rename from bitnami/mediawiki/README.md rename to riftbit/mediawiki/README.md diff --git a/bitnami/mediawiki/ci/ct-values.yaml b/riftbit/mediawiki/ci/ct-values.yaml similarity index 100% rename from bitnami/mediawiki/ci/ct-values.yaml rename to riftbit/mediawiki/ci/ct-values.yaml diff --git a/bitnami/mediawiki/ci/values-with-host-and-ingress.yaml b/riftbit/mediawiki/ci/values-with-host-and-ingress.yaml similarity index 100% rename from bitnami/mediawiki/ci/values-with-host-and-ingress.yaml rename to riftbit/mediawiki/ci/values-with-host-and-ingress.yaml diff --git a/bitnami/mediawiki/templates/NOTES.txt b/riftbit/mediawiki/templates/NOTES.txt similarity index 100% rename from bitnami/mediawiki/templates/NOTES.txt rename to riftbit/mediawiki/templates/NOTES.txt diff --git a/bitnami/mediawiki/templates/_helpers.tpl b/riftbit/mediawiki/templates/_helpers.tpl similarity index 100% rename from bitnami/mediawiki/templates/_helpers.tpl rename to riftbit/mediawiki/templates/_helpers.tpl diff --git a/bitnami/mediawiki/templates/deployment.yaml b/riftbit/mediawiki/templates/deployment.yaml similarity index 100% rename from bitnami/mediawiki/templates/deployment.yaml rename to riftbit/mediawiki/templates/deployment.yaml diff --git a/bitnami/mediawiki/templates/externaldb-secrets.yaml b/riftbit/mediawiki/templates/externaldb-secrets.yaml similarity index 100% rename from bitnami/mediawiki/templates/externaldb-secrets.yaml rename to riftbit/mediawiki/templates/externaldb-secrets.yaml diff --git a/bitnami/mediawiki/templates/extra-list.yaml b/riftbit/mediawiki/templates/extra-list.yaml similarity index 100% rename from bitnami/mediawiki/templates/extra-list.yaml rename to riftbit/mediawiki/templates/extra-list.yaml diff --git a/bitnami/mediawiki/templates/ingress.yaml b/riftbit/mediawiki/templates/ingress.yaml similarity index 100% rename from bitnami/mediawiki/templates/ingress.yaml rename to riftbit/mediawiki/templates/ingress.yaml diff --git a/bitnami/mediawiki/templates/mediawiki-pvc.yaml b/riftbit/mediawiki/templates/mediawiki-pvc.yaml similarity index 100% rename from bitnami/mediawiki/templates/mediawiki-pvc.yaml rename to riftbit/mediawiki/templates/mediawiki-pvc.yaml diff --git a/bitnami/mediawiki/templates/metrics-svc.yaml b/riftbit/mediawiki/templates/metrics-svc.yaml similarity index 100% rename from bitnami/mediawiki/templates/metrics-svc.yaml rename to riftbit/mediawiki/templates/metrics-svc.yaml diff --git a/bitnami/mediawiki/templates/secrets.yaml b/riftbit/mediawiki/templates/secrets.yaml similarity index 100% rename from bitnami/mediawiki/templates/secrets.yaml rename to riftbit/mediawiki/templates/secrets.yaml diff --git a/bitnami/mediawiki/templates/servicemonitor.yaml b/riftbit/mediawiki/templates/servicemonitor.yaml similarity index 100% rename from bitnami/mediawiki/templates/servicemonitor.yaml rename to riftbit/mediawiki/templates/servicemonitor.yaml diff --git a/bitnami/mediawiki/templates/svc.yaml b/riftbit/mediawiki/templates/svc.yaml similarity index 100% rename from bitnami/mediawiki/templates/svc.yaml rename to riftbit/mediawiki/templates/svc.yaml diff --git a/bitnami/mediawiki/templates/tls-secrets.yaml b/riftbit/mediawiki/templates/tls-secrets.yaml similarity index 100% rename from bitnami/mediawiki/templates/tls-secrets.yaml rename to riftbit/mediawiki/templates/tls-secrets.yaml diff --git a/bitnami/mediawiki/values.yaml b/riftbit/mediawiki/values.yaml similarity index 100% rename from bitnami/mediawiki/values.yaml rename to riftbit/mediawiki/values.yaml diff --git a/bitnami/harbor/.helmignore b/riftbit/memcached/.helmignore similarity index 100% rename from bitnami/harbor/.helmignore rename to riftbit/memcached/.helmignore diff --git a/bitnami/memcached/Chart.lock b/riftbit/memcached/Chart.lock similarity index 100% rename from bitnami/memcached/Chart.lock rename to riftbit/memcached/Chart.lock diff --git a/bitnami/memcached/Chart.yaml b/riftbit/memcached/Chart.yaml similarity index 100% rename from bitnami/memcached/Chart.yaml rename to riftbit/memcached/Chart.yaml diff --git a/bitnami/memcached/README.md b/riftbit/memcached/README.md similarity index 100% rename from bitnami/memcached/README.md rename to riftbit/memcached/README.md diff --git a/bitnami/memcached/ci/values-production.yaml b/riftbit/memcached/ci/values-production.yaml similarity index 100% rename from bitnami/memcached/ci/values-production.yaml rename to riftbit/memcached/ci/values-production.yaml diff --git a/bitnami/memcached/templates/NOTES.txt b/riftbit/memcached/templates/NOTES.txt similarity index 100% rename from bitnami/memcached/templates/NOTES.txt rename to riftbit/memcached/templates/NOTES.txt diff --git a/bitnami/memcached/templates/_helpers.tpl b/riftbit/memcached/templates/_helpers.tpl similarity index 100% rename from bitnami/memcached/templates/_helpers.tpl rename to riftbit/memcached/templates/_helpers.tpl diff --git a/bitnami/memcached/templates/deployment.yaml b/riftbit/memcached/templates/deployment.yaml similarity index 100% rename from bitnami/memcached/templates/deployment.yaml rename to riftbit/memcached/templates/deployment.yaml diff --git a/bitnami/jenkins/templates/extra-list.yaml b/riftbit/memcached/templates/extra-list.yaml similarity index 100% rename from bitnami/jenkins/templates/extra-list.yaml rename to riftbit/memcached/templates/extra-list.yaml diff --git a/bitnami/memcached/templates/hpa.yaml b/riftbit/memcached/templates/hpa.yaml similarity index 100% rename from bitnami/memcached/templates/hpa.yaml rename to riftbit/memcached/templates/hpa.yaml diff --git a/bitnami/memcached/templates/pdb.yaml b/riftbit/memcached/templates/pdb.yaml similarity index 100% rename from bitnami/memcached/templates/pdb.yaml rename to riftbit/memcached/templates/pdb.yaml diff --git a/bitnami/memcached/templates/secrets.yaml b/riftbit/memcached/templates/secrets.yaml similarity index 100% rename from bitnami/memcached/templates/secrets.yaml rename to riftbit/memcached/templates/secrets.yaml diff --git a/bitnami/memcached/templates/service.yaml b/riftbit/memcached/templates/service.yaml similarity index 100% rename from bitnami/memcached/templates/service.yaml rename to riftbit/memcached/templates/service.yaml diff --git a/bitnami/memcached/templates/serviceaccount.yaml b/riftbit/memcached/templates/serviceaccount.yaml similarity index 100% rename from bitnami/memcached/templates/serviceaccount.yaml rename to riftbit/memcached/templates/serviceaccount.yaml diff --git a/bitnami/memcached/templates/servicemonitor.yaml b/riftbit/memcached/templates/servicemonitor.yaml similarity index 100% rename from bitnami/memcached/templates/servicemonitor.yaml rename to riftbit/memcached/templates/servicemonitor.yaml diff --git a/bitnami/memcached/templates/statefulset.yaml b/riftbit/memcached/templates/statefulset.yaml similarity index 100% rename from bitnami/memcached/templates/statefulset.yaml rename to riftbit/memcached/templates/statefulset.yaml diff --git a/bitnami/memcached/templates/svc-metrics.yaml b/riftbit/memcached/templates/svc-metrics.yaml similarity index 100% rename from bitnami/memcached/templates/svc-metrics.yaml rename to riftbit/memcached/templates/svc-metrics.yaml diff --git a/bitnami/memcached/values.yaml b/riftbit/memcached/values.yaml similarity index 100% rename from bitnami/memcached/values.yaml rename to riftbit/memcached/values.yaml diff --git a/bitnami/influxdb/.helmignore b/riftbit/minio/.helmignore similarity index 100% rename from bitnami/influxdb/.helmignore rename to riftbit/minio/.helmignore diff --git a/bitnami/minio/Chart.lock b/riftbit/minio/Chart.lock similarity index 100% rename from bitnami/minio/Chart.lock rename to riftbit/minio/Chart.lock diff --git a/bitnami/minio/Chart.yaml b/riftbit/minio/Chart.yaml similarity index 100% rename from bitnami/minio/Chart.yaml rename to riftbit/minio/Chart.yaml diff --git a/bitnami/minio/README.md b/riftbit/minio/README.md similarity index 100% rename from bitnami/minio/README.md rename to riftbit/minio/README.md diff --git a/bitnami/minio/ci/values-gateway.yaml b/riftbit/minio/ci/values-gateway.yaml similarity index 100% rename from bitnami/minio/ci/values-gateway.yaml rename to riftbit/minio/ci/values-gateway.yaml diff --git a/bitnami/minio/ci/values-production.yaml b/riftbit/minio/ci/values-production.yaml similarity index 100% rename from bitnami/minio/ci/values-production.yaml rename to riftbit/minio/ci/values-production.yaml diff --git a/bitnami/minio/templates/NOTES.txt b/riftbit/minio/templates/NOTES.txt similarity index 100% rename from bitnami/minio/templates/NOTES.txt rename to riftbit/minio/templates/NOTES.txt diff --git a/bitnami/minio/templates/_helpers.tpl b/riftbit/minio/templates/_helpers.tpl similarity index 100% rename from bitnami/minio/templates/_helpers.tpl rename to riftbit/minio/templates/_helpers.tpl diff --git a/bitnami/minio/templates/api-ingress.yaml b/riftbit/minio/templates/api-ingress.yaml similarity index 100% rename from bitnami/minio/templates/api-ingress.yaml rename to riftbit/minio/templates/api-ingress.yaml diff --git a/bitnami/minio/templates/distributed/headless-svc.yaml b/riftbit/minio/templates/distributed/headless-svc.yaml similarity index 100% rename from bitnami/minio/templates/distributed/headless-svc.yaml rename to riftbit/minio/templates/distributed/headless-svc.yaml diff --git a/bitnami/minio/templates/distributed/pdb.yaml b/riftbit/minio/templates/distributed/pdb.yaml similarity index 100% rename from bitnami/minio/templates/distributed/pdb.yaml rename to riftbit/minio/templates/distributed/pdb.yaml diff --git a/bitnami/minio/templates/distributed/statefulset.yaml b/riftbit/minio/templates/distributed/statefulset.yaml similarity index 100% rename from bitnami/minio/templates/distributed/statefulset.yaml rename to riftbit/minio/templates/distributed/statefulset.yaml diff --git a/bitnami/joomla/templates/extra-list.yaml b/riftbit/minio/templates/extra-list.yaml similarity index 100% rename from bitnami/joomla/templates/extra-list.yaml rename to riftbit/minio/templates/extra-list.yaml diff --git a/bitnami/minio/templates/gateway/deployment.yaml b/riftbit/minio/templates/gateway/deployment.yaml similarity index 100% rename from bitnami/minio/templates/gateway/deployment.yaml rename to riftbit/minio/templates/gateway/deployment.yaml diff --git a/bitnami/minio/templates/gateway/hpa.yaml b/riftbit/minio/templates/gateway/hpa.yaml similarity index 100% rename from bitnami/minio/templates/gateway/hpa.yaml rename to riftbit/minio/templates/gateway/hpa.yaml diff --git a/bitnami/minio/templates/gateway/pdb.yaml b/riftbit/minio/templates/gateway/pdb.yaml similarity index 100% rename from bitnami/minio/templates/gateway/pdb.yaml rename to riftbit/minio/templates/gateway/pdb.yaml diff --git a/bitnami/minio/templates/ingress.yaml b/riftbit/minio/templates/ingress.yaml similarity index 100% rename from bitnami/minio/templates/ingress.yaml rename to riftbit/minio/templates/ingress.yaml diff --git a/bitnami/minio/templates/networkpolicy.yaml b/riftbit/minio/templates/networkpolicy.yaml similarity index 100% rename from bitnami/minio/templates/networkpolicy.yaml rename to riftbit/minio/templates/networkpolicy.yaml diff --git a/bitnami/minio/templates/pvc.yaml b/riftbit/minio/templates/pvc.yaml similarity index 100% rename from bitnami/minio/templates/pvc.yaml rename to riftbit/minio/templates/pvc.yaml diff --git a/bitnami/minio/templates/secrets.yaml b/riftbit/minio/templates/secrets.yaml similarity index 100% rename from bitnami/minio/templates/secrets.yaml rename to riftbit/minio/templates/secrets.yaml diff --git a/bitnami/minio/templates/service.yaml b/riftbit/minio/templates/service.yaml similarity index 100% rename from bitnami/minio/templates/service.yaml rename to riftbit/minio/templates/service.yaml diff --git a/bitnami/minio/templates/serviceaccount.yaml b/riftbit/minio/templates/serviceaccount.yaml similarity index 100% rename from bitnami/minio/templates/serviceaccount.yaml rename to riftbit/minio/templates/serviceaccount.yaml diff --git a/bitnami/minio/templates/servicemonitor.yaml b/riftbit/minio/templates/servicemonitor.yaml similarity index 100% rename from bitnami/minio/templates/servicemonitor.yaml rename to riftbit/minio/templates/servicemonitor.yaml diff --git a/bitnami/minio/templates/standalone/deployment.yaml b/riftbit/minio/templates/standalone/deployment.yaml similarity index 100% rename from bitnami/minio/templates/standalone/deployment.yaml rename to riftbit/minio/templates/standalone/deployment.yaml diff --git a/bitnami/minio/templates/tls-secrets.yaml b/riftbit/minio/templates/tls-secrets.yaml similarity index 100% rename from bitnami/minio/templates/tls-secrets.yaml rename to riftbit/minio/templates/tls-secrets.yaml diff --git a/bitnami/minio/values.yaml b/riftbit/minio/values.yaml similarity index 100% rename from bitnami/minio/values.yaml rename to riftbit/minio/values.yaml diff --git a/bitnami/jasperreports/.helmignore b/riftbit/mongodb-sharded/.helmignore similarity index 100% rename from bitnami/jasperreports/.helmignore rename to riftbit/mongodb-sharded/.helmignore diff --git a/bitnami/mongodb-sharded/Chart.lock b/riftbit/mongodb-sharded/Chart.lock similarity index 100% rename from bitnami/mongodb-sharded/Chart.lock rename to riftbit/mongodb-sharded/Chart.lock diff --git a/bitnami/mongodb-sharded/Chart.yaml b/riftbit/mongodb-sharded/Chart.yaml similarity index 100% rename from bitnami/mongodb-sharded/Chart.yaml rename to riftbit/mongodb-sharded/Chart.yaml diff --git a/bitnami/mongodb-sharded/README.md b/riftbit/mongodb-sharded/README.md similarity index 100% rename from bitnami/mongodb-sharded/README.md rename to riftbit/mongodb-sharded/README.md diff --git a/bitnami/mongodb-sharded/templates/NOTES.txt b/riftbit/mongodb-sharded/templates/NOTES.txt similarity index 100% rename from bitnami/mongodb-sharded/templates/NOTES.txt rename to riftbit/mongodb-sharded/templates/NOTES.txt diff --git a/bitnami/mongodb-sharded/templates/_helpers.tpl b/riftbit/mongodb-sharded/templates/_helpers.tpl similarity index 100% rename from bitnami/mongodb-sharded/templates/_helpers.tpl rename to riftbit/mongodb-sharded/templates/_helpers.tpl diff --git a/bitnami/mongodb-sharded/templates/config-server/config-server-configmap.yaml b/riftbit/mongodb-sharded/templates/config-server/config-server-configmap.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/config-server/config-server-configmap.yaml rename to riftbit/mongodb-sharded/templates/config-server/config-server-configmap.yaml diff --git a/bitnami/mongodb-sharded/templates/config-server/config-server-poddisruptionbudget.yaml b/riftbit/mongodb-sharded/templates/config-server/config-server-poddisruptionbudget.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/config-server/config-server-poddisruptionbudget.yaml rename to riftbit/mongodb-sharded/templates/config-server/config-server-poddisruptionbudget.yaml diff --git a/bitnami/mongodb-sharded/templates/config-server/config-server-podmonitor.yaml b/riftbit/mongodb-sharded/templates/config-server/config-server-podmonitor.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/config-server/config-server-podmonitor.yaml rename to riftbit/mongodb-sharded/templates/config-server/config-server-podmonitor.yaml diff --git a/bitnami/mongodb-sharded/templates/config-server/config-server-statefulset.yaml b/riftbit/mongodb-sharded/templates/config-server/config-server-statefulset.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/config-server/config-server-statefulset.yaml rename to riftbit/mongodb-sharded/templates/config-server/config-server-statefulset.yaml diff --git a/bitnami/mongodb-sharded/templates/headless-service.yaml b/riftbit/mongodb-sharded/templates/headless-service.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/headless-service.yaml rename to riftbit/mongodb-sharded/templates/headless-service.yaml diff --git a/bitnami/mongodb-sharded/templates/mongos/mongos-configmap.yaml b/riftbit/mongodb-sharded/templates/mongos/mongos-configmap.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/mongos/mongos-configmap.yaml rename to riftbit/mongodb-sharded/templates/mongos/mongos-configmap.yaml diff --git a/bitnami/mongodb-sharded/templates/mongos/mongos-dep-sts.yaml b/riftbit/mongodb-sharded/templates/mongos/mongos-dep-sts.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/mongos/mongos-dep-sts.yaml rename to riftbit/mongodb-sharded/templates/mongos/mongos-dep-sts.yaml diff --git a/bitnami/mongodb-sharded/templates/mongos/mongos-poddisruptionbudget.yaml b/riftbit/mongodb-sharded/templates/mongos/mongos-poddisruptionbudget.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/mongos/mongos-poddisruptionbudget.yaml rename to riftbit/mongodb-sharded/templates/mongos/mongos-poddisruptionbudget.yaml diff --git a/bitnami/mongodb-sharded/templates/mongos/mongos-podmonitor.yaml b/riftbit/mongodb-sharded/templates/mongos/mongos-podmonitor.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/mongos/mongos-podmonitor.yaml rename to riftbit/mongodb-sharded/templates/mongos/mongos-podmonitor.yaml diff --git a/bitnami/mongodb-sharded/templates/mongos/mongos-service-per-replica.yaml b/riftbit/mongodb-sharded/templates/mongos/mongos-service-per-replica.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/mongos/mongos-service-per-replica.yaml rename to riftbit/mongodb-sharded/templates/mongos/mongos-service-per-replica.yaml diff --git a/bitnami/mongodb-sharded/templates/mongos/mongos-service.yaml b/riftbit/mongodb-sharded/templates/mongos/mongos-service.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/mongos/mongos-service.yaml rename to riftbit/mongodb-sharded/templates/mongos/mongos-service.yaml diff --git a/bitnami/mongodb-sharded/templates/replicaset-entrypoint-configmap.yaml b/riftbit/mongodb-sharded/templates/replicaset-entrypoint-configmap.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/replicaset-entrypoint-configmap.yaml rename to riftbit/mongodb-sharded/templates/replicaset-entrypoint-configmap.yaml diff --git a/bitnami/mongodb-sharded/templates/secrets.yaml b/riftbit/mongodb-sharded/templates/secrets.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/secrets.yaml rename to riftbit/mongodb-sharded/templates/secrets.yaml diff --git a/bitnami/mongodb-sharded/templates/serviceaccount.yaml b/riftbit/mongodb-sharded/templates/serviceaccount.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/serviceaccount.yaml rename to riftbit/mongodb-sharded/templates/serviceaccount.yaml diff --git a/bitnami/mongodb-sharded/templates/shard/shard-arbiter-configmap.yaml b/riftbit/mongodb-sharded/templates/shard/shard-arbiter-configmap.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/shard/shard-arbiter-configmap.yaml rename to riftbit/mongodb-sharded/templates/shard/shard-arbiter-configmap.yaml diff --git a/bitnami/mongodb-sharded/templates/shard/shard-arbiter-statefulset.yaml b/riftbit/mongodb-sharded/templates/shard/shard-arbiter-statefulset.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/shard/shard-arbiter-statefulset.yaml rename to riftbit/mongodb-sharded/templates/shard/shard-arbiter-statefulset.yaml diff --git a/bitnami/mongodb-sharded/templates/shard/shard-data-configmap.yaml b/riftbit/mongodb-sharded/templates/shard/shard-data-configmap.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/shard/shard-data-configmap.yaml rename to riftbit/mongodb-sharded/templates/shard/shard-data-configmap.yaml diff --git a/bitnami/mongodb-sharded/templates/shard/shard-data-poddisruptionbudget.yaml b/riftbit/mongodb-sharded/templates/shard/shard-data-poddisruptionbudget.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/shard/shard-data-poddisruptionbudget.yaml rename to riftbit/mongodb-sharded/templates/shard/shard-data-poddisruptionbudget.yaml diff --git a/bitnami/mongodb-sharded/templates/shard/shard-data-podmonitor.yaml b/riftbit/mongodb-sharded/templates/shard/shard-data-podmonitor.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/shard/shard-data-podmonitor.yaml rename to riftbit/mongodb-sharded/templates/shard/shard-data-podmonitor.yaml diff --git a/bitnami/mongodb-sharded/templates/shard/shard-data-statefulset.yaml b/riftbit/mongodb-sharded/templates/shard/shard-data-statefulset.yaml similarity index 100% rename from bitnami/mongodb-sharded/templates/shard/shard-data-statefulset.yaml rename to riftbit/mongodb-sharded/templates/shard/shard-data-statefulset.yaml diff --git a/bitnami/mongodb-sharded/values.yaml b/riftbit/mongodb-sharded/values.yaml similarity index 100% rename from bitnami/mongodb-sharded/values.yaml rename to riftbit/mongodb-sharded/values.yaml diff --git a/bitnami/jenkins/.helmignore b/riftbit/mongodb/.helmignore similarity index 100% rename from bitnami/jenkins/.helmignore rename to riftbit/mongodb/.helmignore diff --git a/bitnami/mongodb/Chart.lock b/riftbit/mongodb/Chart.lock similarity index 100% rename from bitnami/mongodb/Chart.lock rename to riftbit/mongodb/Chart.lock diff --git a/bitnami/mongodb/Chart.yaml b/riftbit/mongodb/Chart.yaml similarity index 100% rename from bitnami/mongodb/Chart.yaml rename to riftbit/mongodb/Chart.yaml diff --git a/bitnami/mongodb/README.md b/riftbit/mongodb/README.md similarity index 100% rename from bitnami/mongodb/README.md rename to riftbit/mongodb/README.md diff --git a/bitnami/mongodb/ci/values-replicaset-with-rbac.yaml b/riftbit/mongodb/ci/values-replicaset-with-rbac.yaml similarity index 100% rename from bitnami/mongodb/ci/values-replicaset-with-rbac.yaml rename to riftbit/mongodb/ci/values-replicaset-with-rbac.yaml diff --git a/bitnami/mongodb/templates/NOTES.txt b/riftbit/mongodb/templates/NOTES.txt similarity index 100% rename from bitnami/mongodb/templates/NOTES.txt rename to riftbit/mongodb/templates/NOTES.txt diff --git a/bitnami/mongodb/templates/_helpers.tpl b/riftbit/mongodb/templates/_helpers.tpl similarity index 100% rename from bitnami/mongodb/templates/_helpers.tpl rename to riftbit/mongodb/templates/_helpers.tpl diff --git a/bitnami/mongodb/templates/arbiter/configmap.yaml b/riftbit/mongodb/templates/arbiter/configmap.yaml similarity index 100% rename from bitnami/mongodb/templates/arbiter/configmap.yaml rename to riftbit/mongodb/templates/arbiter/configmap.yaml diff --git a/bitnami/mongodb/templates/arbiter/headless-svc.yaml b/riftbit/mongodb/templates/arbiter/headless-svc.yaml similarity index 100% rename from bitnami/mongodb/templates/arbiter/headless-svc.yaml rename to riftbit/mongodb/templates/arbiter/headless-svc.yaml diff --git a/bitnami/mongodb/templates/arbiter/pdb.yaml b/riftbit/mongodb/templates/arbiter/pdb.yaml similarity index 100% rename from bitnami/mongodb/templates/arbiter/pdb.yaml rename to riftbit/mongodb/templates/arbiter/pdb.yaml diff --git a/bitnami/mongodb/templates/arbiter/statefulset.yaml b/riftbit/mongodb/templates/arbiter/statefulset.yaml similarity index 100% rename from bitnami/mongodb/templates/arbiter/statefulset.yaml rename to riftbit/mongodb/templates/arbiter/statefulset.yaml diff --git a/bitnami/mongodb/templates/configmap.yaml b/riftbit/mongodb/templates/configmap.yaml similarity index 100% rename from bitnami/mongodb/templates/configmap.yaml rename to riftbit/mongodb/templates/configmap.yaml diff --git a/bitnami/jupyterhub/templates/extra-list.yaml b/riftbit/mongodb/templates/extra-list.yaml similarity index 100% rename from bitnami/jupyterhub/templates/extra-list.yaml rename to riftbit/mongodb/templates/extra-list.yaml diff --git a/bitnami/mongodb/templates/hidden/configmap.yaml b/riftbit/mongodb/templates/hidden/configmap.yaml similarity index 100% rename from bitnami/mongodb/templates/hidden/configmap.yaml rename to riftbit/mongodb/templates/hidden/configmap.yaml diff --git a/bitnami/mongodb/templates/hidden/external-access-svc.yaml b/riftbit/mongodb/templates/hidden/external-access-svc.yaml similarity index 100% rename from bitnami/mongodb/templates/hidden/external-access-svc.yaml rename to riftbit/mongodb/templates/hidden/external-access-svc.yaml diff --git a/bitnami/mongodb/templates/hidden/headless-svc.yaml b/riftbit/mongodb/templates/hidden/headless-svc.yaml similarity index 100% rename from bitnami/mongodb/templates/hidden/headless-svc.yaml rename to riftbit/mongodb/templates/hidden/headless-svc.yaml diff --git a/bitnami/mongodb/templates/hidden/pdb.yaml b/riftbit/mongodb/templates/hidden/pdb.yaml similarity index 100% rename from bitnami/mongodb/templates/hidden/pdb.yaml rename to riftbit/mongodb/templates/hidden/pdb.yaml diff --git a/bitnami/mongodb/templates/hidden/statefulset.yaml b/riftbit/mongodb/templates/hidden/statefulset.yaml similarity index 100% rename from bitnami/mongodb/templates/hidden/statefulset.yaml rename to riftbit/mongodb/templates/hidden/statefulset.yaml diff --git a/bitnami/mongodb/templates/initialization-configmap.yaml b/riftbit/mongodb/templates/initialization-configmap.yaml similarity index 100% rename from bitnami/mongodb/templates/initialization-configmap.yaml rename to riftbit/mongodb/templates/initialization-configmap.yaml diff --git a/bitnami/mongodb/templates/metrics-svc.yaml b/riftbit/mongodb/templates/metrics-svc.yaml similarity index 100% rename from bitnami/mongodb/templates/metrics-svc.yaml rename to riftbit/mongodb/templates/metrics-svc.yaml diff --git a/bitnami/mongodb/templates/prometheusrule.yaml b/riftbit/mongodb/templates/prometheusrule.yaml similarity index 100% rename from bitnami/mongodb/templates/prometheusrule.yaml rename to riftbit/mongodb/templates/prometheusrule.yaml diff --git a/bitnami/mongodb/templates/psp.yaml b/riftbit/mongodb/templates/psp.yaml similarity index 100% rename from bitnami/mongodb/templates/psp.yaml rename to riftbit/mongodb/templates/psp.yaml diff --git a/bitnami/mongodb/templates/replicaset/external-access-svc.yaml b/riftbit/mongodb/templates/replicaset/external-access-svc.yaml similarity index 100% rename from bitnami/mongodb/templates/replicaset/external-access-svc.yaml rename to riftbit/mongodb/templates/replicaset/external-access-svc.yaml diff --git a/bitnami/mongodb/templates/replicaset/headless-svc.yaml b/riftbit/mongodb/templates/replicaset/headless-svc.yaml similarity index 100% rename from bitnami/mongodb/templates/replicaset/headless-svc.yaml rename to riftbit/mongodb/templates/replicaset/headless-svc.yaml diff --git a/bitnami/mongodb/templates/replicaset/pdb.yaml b/riftbit/mongodb/templates/replicaset/pdb.yaml similarity index 100% rename from bitnami/mongodb/templates/replicaset/pdb.yaml rename to riftbit/mongodb/templates/replicaset/pdb.yaml diff --git a/bitnami/mongodb/templates/replicaset/scripts-configmap.yaml b/riftbit/mongodb/templates/replicaset/scripts-configmap.yaml similarity index 100% rename from bitnami/mongodb/templates/replicaset/scripts-configmap.yaml rename to riftbit/mongodb/templates/replicaset/scripts-configmap.yaml diff --git a/bitnami/mongodb/templates/replicaset/statefulset.yaml b/riftbit/mongodb/templates/replicaset/statefulset.yaml similarity index 100% rename from bitnami/mongodb/templates/replicaset/statefulset.yaml rename to riftbit/mongodb/templates/replicaset/statefulset.yaml diff --git a/bitnami/mongodb/templates/replicaset/svc.yaml b/riftbit/mongodb/templates/replicaset/svc.yaml similarity index 100% rename from bitnami/mongodb/templates/replicaset/svc.yaml rename to riftbit/mongodb/templates/replicaset/svc.yaml diff --git a/bitnami/mongodb/templates/role.yaml b/riftbit/mongodb/templates/role.yaml similarity index 100% rename from bitnami/mongodb/templates/role.yaml rename to riftbit/mongodb/templates/role.yaml diff --git a/bitnami/mongodb/templates/rolebinding.yaml b/riftbit/mongodb/templates/rolebinding.yaml similarity index 100% rename from bitnami/mongodb/templates/rolebinding.yaml rename to riftbit/mongodb/templates/rolebinding.yaml diff --git a/bitnami/mongodb/templates/secrets-ca.yaml b/riftbit/mongodb/templates/secrets-ca.yaml similarity index 100% rename from bitnami/mongodb/templates/secrets-ca.yaml rename to riftbit/mongodb/templates/secrets-ca.yaml diff --git a/bitnami/mongodb/templates/secrets.yaml b/riftbit/mongodb/templates/secrets.yaml similarity index 100% rename from bitnami/mongodb/templates/secrets.yaml rename to riftbit/mongodb/templates/secrets.yaml diff --git a/bitnami/mongodb/templates/serviceaccount.yaml b/riftbit/mongodb/templates/serviceaccount.yaml similarity index 100% rename from bitnami/mongodb/templates/serviceaccount.yaml rename to riftbit/mongodb/templates/serviceaccount.yaml diff --git a/bitnami/mongodb/templates/servicemonitor.yaml b/riftbit/mongodb/templates/servicemonitor.yaml similarity index 100% rename from bitnami/mongodb/templates/servicemonitor.yaml rename to riftbit/mongodb/templates/servicemonitor.yaml diff --git a/bitnami/mongodb/templates/standalone/dep-sts.yaml b/riftbit/mongodb/templates/standalone/dep-sts.yaml similarity index 100% rename from bitnami/mongodb/templates/standalone/dep-sts.yaml rename to riftbit/mongodb/templates/standalone/dep-sts.yaml diff --git a/bitnami/mongodb/templates/standalone/pvc.yaml b/riftbit/mongodb/templates/standalone/pvc.yaml similarity index 100% rename from bitnami/mongodb/templates/standalone/pvc.yaml rename to riftbit/mongodb/templates/standalone/pvc.yaml diff --git a/bitnami/mongodb/templates/standalone/svc.yaml b/riftbit/mongodb/templates/standalone/svc.yaml similarity index 100% rename from bitnami/mongodb/templates/standalone/svc.yaml rename to riftbit/mongodb/templates/standalone/svc.yaml diff --git a/bitnami/mongodb/values.schema.json b/riftbit/mongodb/values.schema.json similarity index 100% rename from bitnami/mongodb/values.schema.json rename to riftbit/mongodb/values.schema.json diff --git a/bitnami/mongodb/values.yaml b/riftbit/mongodb/values.yaml similarity index 100% rename from bitnami/mongodb/values.yaml rename to riftbit/mongodb/values.yaml diff --git a/bitnami/joomla/.helmignore b/riftbit/nats/.helmignore similarity index 100% rename from bitnami/joomla/.helmignore rename to riftbit/nats/.helmignore diff --git a/bitnami/nats/Chart.lock b/riftbit/nats/Chart.lock similarity index 100% rename from bitnami/nats/Chart.lock rename to riftbit/nats/Chart.lock diff --git a/bitnami/nats/Chart.yaml b/riftbit/nats/Chart.yaml similarity index 100% rename from bitnami/nats/Chart.yaml rename to riftbit/nats/Chart.yaml diff --git a/bitnami/nats/README.md b/riftbit/nats/README.md similarity index 100% rename from bitnami/nats/README.md rename to riftbit/nats/README.md diff --git a/bitnami/nats/templates/NOTES.txt b/riftbit/nats/templates/NOTES.txt similarity index 100% rename from bitnami/nats/templates/NOTES.txt rename to riftbit/nats/templates/NOTES.txt diff --git a/bitnami/nats/templates/_helpers.tpl b/riftbit/nats/templates/_helpers.tpl similarity index 100% rename from bitnami/nats/templates/_helpers.tpl rename to riftbit/nats/templates/_helpers.tpl diff --git a/bitnami/nats/templates/client-svc.yaml b/riftbit/nats/templates/client-svc.yaml similarity index 100% rename from bitnami/nats/templates/client-svc.yaml rename to riftbit/nats/templates/client-svc.yaml diff --git a/bitnami/nats/templates/cluster-svc.yaml b/riftbit/nats/templates/cluster-svc.yaml similarity index 100% rename from bitnami/nats/templates/cluster-svc.yaml rename to riftbit/nats/templates/cluster-svc.yaml diff --git a/bitnami/nats/templates/configmap.yaml b/riftbit/nats/templates/configmap.yaml similarity index 100% rename from bitnami/nats/templates/configmap.yaml rename to riftbit/nats/templates/configmap.yaml diff --git a/bitnami/nats/templates/deployment.yaml b/riftbit/nats/templates/deployment.yaml similarity index 100% rename from bitnami/nats/templates/deployment.yaml rename to riftbit/nats/templates/deployment.yaml diff --git a/bitnami/kafka/templates/extra-list.yaml b/riftbit/nats/templates/extra-list.yaml similarity index 100% rename from bitnami/kafka/templates/extra-list.yaml rename to riftbit/nats/templates/extra-list.yaml diff --git a/bitnami/nats/templates/headless-svc.yaml b/riftbit/nats/templates/headless-svc.yaml similarity index 100% rename from bitnami/nats/templates/headless-svc.yaml rename to riftbit/nats/templates/headless-svc.yaml diff --git a/bitnami/nats/templates/ingress.yaml b/riftbit/nats/templates/ingress.yaml similarity index 100% rename from bitnami/nats/templates/ingress.yaml rename to riftbit/nats/templates/ingress.yaml diff --git a/bitnami/nats/templates/metrics-svc.yaml b/riftbit/nats/templates/metrics-svc.yaml similarity index 100% rename from bitnami/nats/templates/metrics-svc.yaml rename to riftbit/nats/templates/metrics-svc.yaml diff --git a/bitnami/nats/templates/monitoring-svc.yaml b/riftbit/nats/templates/monitoring-svc.yaml similarity index 100% rename from bitnami/nats/templates/monitoring-svc.yaml rename to riftbit/nats/templates/monitoring-svc.yaml diff --git a/bitnami/nats/templates/networkpolicy.yaml b/riftbit/nats/templates/networkpolicy.yaml similarity index 100% rename from bitnami/nats/templates/networkpolicy.yaml rename to riftbit/nats/templates/networkpolicy.yaml diff --git a/bitnami/nats/templates/poddisruptionbudget.yaml b/riftbit/nats/templates/poddisruptionbudget.yaml similarity index 100% rename from bitnami/nats/templates/poddisruptionbudget.yaml rename to riftbit/nats/templates/poddisruptionbudget.yaml diff --git a/bitnami/nats/templates/servicemonitor.yaml b/riftbit/nats/templates/servicemonitor.yaml similarity index 100% rename from bitnami/nats/templates/servicemonitor.yaml rename to riftbit/nats/templates/servicemonitor.yaml diff --git a/bitnami/nats/templates/statefulset.yaml b/riftbit/nats/templates/statefulset.yaml similarity index 100% rename from bitnami/nats/templates/statefulset.yaml rename to riftbit/nats/templates/statefulset.yaml diff --git a/bitnami/nats/templates/tls-secret.yaml b/riftbit/nats/templates/tls-secret.yaml similarity index 100% rename from bitnami/nats/templates/tls-secret.yaml rename to riftbit/nats/templates/tls-secret.yaml diff --git a/bitnami/nats/values.yaml b/riftbit/nats/values.yaml similarity index 100% rename from bitnami/nats/values.yaml rename to riftbit/nats/values.yaml diff --git a/bitnami/kafka/.helmignore b/riftbit/nginx/.helmignore similarity index 100% rename from bitnami/kafka/.helmignore rename to riftbit/nginx/.helmignore diff --git a/bitnami/nginx/Chart.lock b/riftbit/nginx/Chart.lock similarity index 100% rename from bitnami/nginx/Chart.lock rename to riftbit/nginx/Chart.lock diff --git a/bitnami/nginx/README.md b/riftbit/nginx/README.md similarity index 100% rename from bitnami/nginx/README.md rename to riftbit/nginx/README.md diff --git a/bitnami/jasperreports/ci/ct-values.yaml b/riftbit/nginx/ci/ct-values.yaml similarity index 100% rename from bitnami/jasperreports/ci/ct-values.yaml rename to riftbit/nginx/ci/ct-values.yaml diff --git a/bitnami/nginx/ci/values-with-ingress-metrics-and-serverblock.yaml b/riftbit/nginx/ci/values-with-ingress-metrics-and-serverblock.yaml similarity index 100% rename from bitnami/nginx/ci/values-with-ingress-metrics-and-serverblock.yaml rename to riftbit/nginx/ci/values-with-ingress-metrics-and-serverblock.yaml diff --git a/bitnami/nginx/templates/NOTES.txt b/riftbit/nginx/templates/NOTES.txt similarity index 100% rename from bitnami/nginx/templates/NOTES.txt rename to riftbit/nginx/templates/NOTES.txt diff --git a/bitnami/nginx/templates/_helpers.tpl b/riftbit/nginx/templates/_helpers.tpl similarity index 100% rename from bitnami/nginx/templates/_helpers.tpl rename to riftbit/nginx/templates/_helpers.tpl diff --git a/bitnami/nginx/templates/deployment.yaml b/riftbit/nginx/templates/deployment.yaml similarity index 100% rename from bitnami/nginx/templates/deployment.yaml rename to riftbit/nginx/templates/deployment.yaml diff --git a/bitnami/keycloak/templates/extra-list.yaml b/riftbit/nginx/templates/extra-list.yaml similarity index 100% rename from bitnami/keycloak/templates/extra-list.yaml rename to riftbit/nginx/templates/extra-list.yaml diff --git a/bitnami/nginx/templates/health-ingress.yaml b/riftbit/nginx/templates/health-ingress.yaml similarity index 100% rename from bitnami/nginx/templates/health-ingress.yaml rename to riftbit/nginx/templates/health-ingress.yaml diff --git a/bitnami/nginx/templates/hpa.yaml b/riftbit/nginx/templates/hpa.yaml similarity index 100% rename from bitnami/nginx/templates/hpa.yaml rename to riftbit/nginx/templates/hpa.yaml diff --git a/bitnami/nginx/templates/ingress.yaml b/riftbit/nginx/templates/ingress.yaml similarity index 100% rename from bitnami/nginx/templates/ingress.yaml rename to riftbit/nginx/templates/ingress.yaml diff --git a/bitnami/nginx/templates/ldap-daemon-secrets.yaml b/riftbit/nginx/templates/ldap-daemon-secrets.yaml similarity index 100% rename from bitnami/nginx/templates/ldap-daemon-secrets.yaml rename to riftbit/nginx/templates/ldap-daemon-secrets.yaml diff --git a/bitnami/nginx/templates/pdb.yaml b/riftbit/nginx/templates/pdb.yaml similarity index 100% rename from bitnami/nginx/templates/pdb.yaml rename to riftbit/nginx/templates/pdb.yaml diff --git a/bitnami/nginx/templates/server-block-configmap.yaml b/riftbit/nginx/templates/server-block-configmap.yaml similarity index 100% rename from bitnami/nginx/templates/server-block-configmap.yaml rename to riftbit/nginx/templates/server-block-configmap.yaml diff --git a/bitnami/nginx/templates/serviceaccount.yaml b/riftbit/nginx/templates/serviceaccount.yaml similarity index 100% rename from bitnami/nginx/templates/serviceaccount.yaml rename to riftbit/nginx/templates/serviceaccount.yaml diff --git a/bitnami/nginx/templates/servicemonitor.yaml b/riftbit/nginx/templates/servicemonitor.yaml similarity index 100% rename from bitnami/nginx/templates/servicemonitor.yaml rename to riftbit/nginx/templates/servicemonitor.yaml diff --git a/bitnami/nginx/templates/svc.yaml b/riftbit/nginx/templates/svc.yaml similarity index 100% rename from bitnami/nginx/templates/svc.yaml rename to riftbit/nginx/templates/svc.yaml diff --git a/bitnami/nginx/templates/tls-secrets.yaml b/riftbit/nginx/templates/tls-secrets.yaml similarity index 100% rename from bitnami/nginx/templates/tls-secrets.yaml rename to riftbit/nginx/templates/tls-secrets.yaml diff --git a/bitnami/nginx/values.schema.json b/riftbit/nginx/values.schema.json similarity index 100% rename from bitnami/nginx/values.schema.json rename to riftbit/nginx/values.schema.json diff --git a/bitnami/nginx/values.yaml b/riftbit/nginx/values.yaml similarity index 100% rename from bitnami/nginx/values.yaml rename to riftbit/nginx/values.yaml diff --git a/bitnami/kiam/.helmignore b/riftbit/node-exporter/.helmignore similarity index 100% rename from bitnami/kiam/.helmignore rename to riftbit/node-exporter/.helmignore diff --git a/bitnami/node-exporter/Chart.lock b/riftbit/node-exporter/Chart.lock similarity index 100% rename from bitnami/node-exporter/Chart.lock rename to riftbit/node-exporter/Chart.lock diff --git a/bitnami/node-exporter/Chart.yaml b/riftbit/node-exporter/Chart.yaml similarity index 100% rename from bitnami/node-exporter/Chart.yaml rename to riftbit/node-exporter/Chart.yaml diff --git a/bitnami/node-exporter/README.md b/riftbit/node-exporter/README.md similarity index 100% rename from bitnami/node-exporter/README.md rename to riftbit/node-exporter/README.md diff --git a/bitnami/node-exporter/templates/NOTES.txt b/riftbit/node-exporter/templates/NOTES.txt similarity index 100% rename from bitnami/node-exporter/templates/NOTES.txt rename to riftbit/node-exporter/templates/NOTES.txt diff --git a/bitnami/node-exporter/templates/_helpers.tpl b/riftbit/node-exporter/templates/_helpers.tpl similarity index 100% rename from bitnami/node-exporter/templates/_helpers.tpl rename to riftbit/node-exporter/templates/_helpers.tpl diff --git a/bitnami/node-exporter/templates/daemonset.yaml b/riftbit/node-exporter/templates/daemonset.yaml similarity index 100% rename from bitnami/node-exporter/templates/daemonset.yaml rename to riftbit/node-exporter/templates/daemonset.yaml diff --git a/bitnami/node-exporter/templates/psp-clusterrole.yaml b/riftbit/node-exporter/templates/psp-clusterrole.yaml similarity index 100% rename from bitnami/node-exporter/templates/psp-clusterrole.yaml rename to riftbit/node-exporter/templates/psp-clusterrole.yaml diff --git a/bitnami/node-exporter/templates/psp-clusterrolebinding.yaml b/riftbit/node-exporter/templates/psp-clusterrolebinding.yaml similarity index 100% rename from bitnami/node-exporter/templates/psp-clusterrolebinding.yaml rename to riftbit/node-exporter/templates/psp-clusterrolebinding.yaml diff --git a/bitnami/node-exporter/templates/psp.yaml b/riftbit/node-exporter/templates/psp.yaml similarity index 100% rename from bitnami/node-exporter/templates/psp.yaml rename to riftbit/node-exporter/templates/psp.yaml diff --git a/bitnami/node-exporter/templates/service.yaml b/riftbit/node-exporter/templates/service.yaml similarity index 100% rename from bitnami/node-exporter/templates/service.yaml rename to riftbit/node-exporter/templates/service.yaml diff --git a/bitnami/node-exporter/templates/serviceaccount.yaml b/riftbit/node-exporter/templates/serviceaccount.yaml similarity index 100% rename from bitnami/node-exporter/templates/serviceaccount.yaml rename to riftbit/node-exporter/templates/serviceaccount.yaml diff --git a/bitnami/node-exporter/templates/servicemonitor.yaml b/riftbit/node-exporter/templates/servicemonitor.yaml similarity index 100% rename from bitnami/node-exporter/templates/servicemonitor.yaml rename to riftbit/node-exporter/templates/servicemonitor.yaml diff --git a/bitnami/node-exporter/values.yaml b/riftbit/node-exporter/values.yaml similarity index 100% rename from bitnami/node-exporter/values.yaml rename to riftbit/node-exporter/values.yaml diff --git a/bitnami/kibana/.helmignore b/riftbit/oauth2-proxy/.helmignore similarity index 100% rename from bitnami/kibana/.helmignore rename to riftbit/oauth2-proxy/.helmignore diff --git a/bitnami/oauth2-proxy/Chart.lock b/riftbit/oauth2-proxy/Chart.lock similarity index 100% rename from bitnami/oauth2-proxy/Chart.lock rename to riftbit/oauth2-proxy/Chart.lock diff --git a/bitnami/oauth2-proxy/Chart.yaml b/riftbit/oauth2-proxy/Chart.yaml similarity index 100% rename from bitnami/oauth2-proxy/Chart.yaml rename to riftbit/oauth2-proxy/Chart.yaml diff --git a/bitnami/oauth2-proxy/README.md b/riftbit/oauth2-proxy/README.md similarity index 100% rename from bitnami/oauth2-proxy/README.md rename to riftbit/oauth2-proxy/README.md diff --git a/bitnami/oauth2-proxy/templates/NOTES.txt b/riftbit/oauth2-proxy/templates/NOTES.txt similarity index 100% rename from bitnami/oauth2-proxy/templates/NOTES.txt rename to riftbit/oauth2-proxy/templates/NOTES.txt diff --git a/bitnami/oauth2-proxy/templates/_helpers.tpl b/riftbit/oauth2-proxy/templates/_helpers.tpl similarity index 100% rename from bitnami/oauth2-proxy/templates/_helpers.tpl rename to riftbit/oauth2-proxy/templates/_helpers.tpl diff --git a/bitnami/oauth2-proxy/templates/configmap.yaml b/riftbit/oauth2-proxy/templates/configmap.yaml similarity index 100% rename from bitnami/oauth2-proxy/templates/configmap.yaml rename to riftbit/oauth2-proxy/templates/configmap.yaml diff --git a/bitnami/oauth2-proxy/templates/deployment.yaml b/riftbit/oauth2-proxy/templates/deployment.yaml similarity index 100% rename from bitnami/oauth2-proxy/templates/deployment.yaml rename to riftbit/oauth2-proxy/templates/deployment.yaml diff --git a/bitnami/kiam/templates/extra-list.yaml b/riftbit/oauth2-proxy/templates/extra-list.yaml similarity index 100% rename from bitnami/kiam/templates/extra-list.yaml rename to riftbit/oauth2-proxy/templates/extra-list.yaml diff --git a/bitnami/oauth2-proxy/templates/ingress.yaml b/riftbit/oauth2-proxy/templates/ingress.yaml similarity index 100% rename from bitnami/oauth2-proxy/templates/ingress.yaml rename to riftbit/oauth2-proxy/templates/ingress.yaml diff --git a/bitnami/oauth2-proxy/templates/pdb.yaml b/riftbit/oauth2-proxy/templates/pdb.yaml similarity index 100% rename from bitnami/oauth2-proxy/templates/pdb.yaml rename to riftbit/oauth2-proxy/templates/pdb.yaml diff --git a/bitnami/oauth2-proxy/templates/secret-authenticated-emails-file.yaml b/riftbit/oauth2-proxy/templates/secret-authenticated-emails-file.yaml similarity index 100% rename from bitnami/oauth2-proxy/templates/secret-authenticated-emails-file.yaml rename to riftbit/oauth2-proxy/templates/secret-authenticated-emails-file.yaml diff --git a/bitnami/oauth2-proxy/templates/secret-google.yaml b/riftbit/oauth2-proxy/templates/secret-google.yaml similarity index 100% rename from bitnami/oauth2-proxy/templates/secret-google.yaml rename to riftbit/oauth2-proxy/templates/secret-google.yaml diff --git a/bitnami/oauth2-proxy/templates/secret-htpasswd-file.yaml b/riftbit/oauth2-proxy/templates/secret-htpasswd-file.yaml similarity index 100% rename from bitnami/oauth2-proxy/templates/secret-htpasswd-file.yaml rename to riftbit/oauth2-proxy/templates/secret-htpasswd-file.yaml diff --git a/bitnami/oauth2-proxy/templates/secret.yaml b/riftbit/oauth2-proxy/templates/secret.yaml similarity index 100% rename from bitnami/oauth2-proxy/templates/secret.yaml rename to riftbit/oauth2-proxy/templates/secret.yaml diff --git a/bitnami/oauth2-proxy/templates/service-account.yaml b/riftbit/oauth2-proxy/templates/service-account.yaml similarity index 100% rename from bitnami/oauth2-proxy/templates/service-account.yaml rename to riftbit/oauth2-proxy/templates/service-account.yaml diff --git a/bitnami/oauth2-proxy/templates/service.yaml b/riftbit/oauth2-proxy/templates/service.yaml similarity index 100% rename from bitnami/oauth2-proxy/templates/service.yaml rename to riftbit/oauth2-proxy/templates/service.yaml diff --git a/bitnami/oauth2-proxy/values.yaml b/riftbit/oauth2-proxy/values.yaml similarity index 100% rename from bitnami/oauth2-proxy/values.yaml rename to riftbit/oauth2-proxy/values.yaml diff --git a/bitnami/kong/.helmignore b/riftbit/owncloud/.helmignore similarity index 100% rename from bitnami/kong/.helmignore rename to riftbit/owncloud/.helmignore diff --git a/bitnami/owncloud/Chart.lock b/riftbit/owncloud/Chart.lock similarity index 100% rename from bitnami/owncloud/Chart.lock rename to riftbit/owncloud/Chart.lock diff --git a/bitnami/owncloud/Chart.yaml b/riftbit/owncloud/Chart.yaml similarity index 100% rename from bitnami/owncloud/Chart.yaml rename to riftbit/owncloud/Chart.yaml diff --git a/bitnami/owncloud/README.md b/riftbit/owncloud/README.md similarity index 100% rename from bitnami/owncloud/README.md rename to riftbit/owncloud/README.md diff --git a/bitnami/magento/ci/ct-values.yaml b/riftbit/owncloud/ci/ct-values.yaml similarity index 100% rename from bitnami/magento/ci/ct-values.yaml rename to riftbit/owncloud/ci/ct-values.yaml diff --git a/bitnami/owncloud/ci/values-with-host-and-ingress.yaml b/riftbit/owncloud/ci/values-with-host-and-ingress.yaml similarity index 100% rename from bitnami/owncloud/ci/values-with-host-and-ingress.yaml rename to riftbit/owncloud/ci/values-with-host-and-ingress.yaml diff --git a/bitnami/owncloud/templates/NOTES.txt b/riftbit/owncloud/templates/NOTES.txt similarity index 100% rename from bitnami/owncloud/templates/NOTES.txt rename to riftbit/owncloud/templates/NOTES.txt diff --git a/bitnami/magento/templates/_certificates.tpl b/riftbit/owncloud/templates/_certificates.tpl similarity index 100% rename from bitnami/magento/templates/_certificates.tpl rename to riftbit/owncloud/templates/_certificates.tpl diff --git a/bitnami/owncloud/templates/_helpers.tpl b/riftbit/owncloud/templates/_helpers.tpl similarity index 100% rename from bitnami/owncloud/templates/_helpers.tpl rename to riftbit/owncloud/templates/_helpers.tpl diff --git a/bitnami/owncloud/templates/deployment.yaml b/riftbit/owncloud/templates/deployment.yaml similarity index 100% rename from bitnami/owncloud/templates/deployment.yaml rename to riftbit/owncloud/templates/deployment.yaml diff --git a/bitnami/magento/templates/externaldb-secrets.yaml b/riftbit/owncloud/templates/externaldb-secrets.yaml similarity index 100% rename from bitnami/magento/templates/externaldb-secrets.yaml rename to riftbit/owncloud/templates/externaldb-secrets.yaml diff --git a/bitnami/kong/templates/extra-list.yaml b/riftbit/owncloud/templates/extra-list.yaml similarity index 100% rename from bitnami/kong/templates/extra-list.yaml rename to riftbit/owncloud/templates/extra-list.yaml diff --git a/bitnami/owncloud/templates/ingress.yaml b/riftbit/owncloud/templates/ingress.yaml similarity index 100% rename from bitnami/owncloud/templates/ingress.yaml rename to riftbit/owncloud/templates/ingress.yaml diff --git a/bitnami/magento/templates/metrics-svc.yaml b/riftbit/owncloud/templates/metrics-svc.yaml similarity index 100% rename from bitnami/magento/templates/metrics-svc.yaml rename to riftbit/owncloud/templates/metrics-svc.yaml diff --git a/bitnami/owncloud/templates/pv.yaml b/riftbit/owncloud/templates/pv.yaml similarity index 100% rename from bitnami/owncloud/templates/pv.yaml rename to riftbit/owncloud/templates/pv.yaml diff --git a/bitnami/owncloud/templates/pvc.yaml b/riftbit/owncloud/templates/pvc.yaml similarity index 100% rename from bitnami/owncloud/templates/pvc.yaml rename to riftbit/owncloud/templates/pvc.yaml diff --git a/bitnami/owncloud/templates/secrets.yaml b/riftbit/owncloud/templates/secrets.yaml similarity index 100% rename from bitnami/owncloud/templates/secrets.yaml rename to riftbit/owncloud/templates/secrets.yaml diff --git a/bitnami/magento/templates/svc.yaml b/riftbit/owncloud/templates/svc.yaml similarity index 100% rename from bitnami/magento/templates/svc.yaml rename to riftbit/owncloud/templates/svc.yaml diff --git a/bitnami/owncloud/templates/tls-secrets.yaml b/riftbit/owncloud/templates/tls-secrets.yaml similarity index 100% rename from bitnami/owncloud/templates/tls-secrets.yaml rename to riftbit/owncloud/templates/tls-secrets.yaml diff --git a/bitnami/owncloud/values.yaml b/riftbit/owncloud/values.yaml similarity index 100% rename from bitnami/owncloud/values.yaml rename to riftbit/owncloud/values.yaml diff --git a/bitnami/kube-prometheus/.helmignore b/riftbit/parse/.helmignore similarity index 100% rename from bitnami/kube-prometheus/.helmignore rename to riftbit/parse/.helmignore diff --git a/bitnami/parse/Chart.lock b/riftbit/parse/Chart.lock similarity index 100% rename from bitnami/parse/Chart.lock rename to riftbit/parse/Chart.lock diff --git a/bitnami/parse/Chart.yaml b/riftbit/parse/Chart.yaml similarity index 100% rename from bitnami/parse/Chart.yaml rename to riftbit/parse/Chart.yaml diff --git a/bitnami/parse/README.md b/riftbit/parse/README.md similarity index 100% rename from bitnami/parse/README.md rename to riftbit/parse/README.md diff --git a/bitnami/jenkins/ci/ct-values.yaml b/riftbit/parse/ci/ct-values.yaml similarity index 100% rename from bitnami/jenkins/ci/ct-values.yaml rename to riftbit/parse/ci/ct-values.yaml diff --git a/bitnami/parse/files/cloud/README.md b/riftbit/parse/files/cloud/README.md similarity index 100% rename from bitnami/parse/files/cloud/README.md rename to riftbit/parse/files/cloud/README.md diff --git a/bitnami/parse/templates/NOTES.txt b/riftbit/parse/templates/NOTES.txt similarity index 100% rename from bitnami/parse/templates/NOTES.txt rename to riftbit/parse/templates/NOTES.txt diff --git a/bitnami/parse/templates/_helpers.tpl b/riftbit/parse/templates/_helpers.tpl similarity index 100% rename from bitnami/parse/templates/_helpers.tpl rename to riftbit/parse/templates/_helpers.tpl diff --git a/bitnami/parse/templates/cloud-code-configmap.yaml b/riftbit/parse/templates/cloud-code-configmap.yaml similarity index 100% rename from bitnami/parse/templates/cloud-code-configmap.yaml rename to riftbit/parse/templates/cloud-code-configmap.yaml diff --git a/bitnami/parse/templates/dashboard-deployment.yaml b/riftbit/parse/templates/dashboard-deployment.yaml similarity index 100% rename from bitnami/parse/templates/dashboard-deployment.yaml rename to riftbit/parse/templates/dashboard-deployment.yaml diff --git a/bitnami/kubeapps/templates/extra-list.yaml b/riftbit/parse/templates/extra-list.yaml similarity index 100% rename from bitnami/kubeapps/templates/extra-list.yaml rename to riftbit/parse/templates/extra-list.yaml diff --git a/bitnami/parse/templates/ingress.yaml b/riftbit/parse/templates/ingress.yaml similarity index 100% rename from bitnami/parse/templates/ingress.yaml rename to riftbit/parse/templates/ingress.yaml diff --git a/bitnami/parse/templates/pvc.yaml b/riftbit/parse/templates/pvc.yaml similarity index 100% rename from bitnami/parse/templates/pvc.yaml rename to riftbit/parse/templates/pvc.yaml diff --git a/bitnami/parse/templates/secrets.yaml b/riftbit/parse/templates/secrets.yaml similarity index 100% rename from bitnami/parse/templates/secrets.yaml rename to riftbit/parse/templates/secrets.yaml diff --git a/bitnami/parse/templates/server-deployment.yaml b/riftbit/parse/templates/server-deployment.yaml similarity index 100% rename from bitnami/parse/templates/server-deployment.yaml rename to riftbit/parse/templates/server-deployment.yaml diff --git a/bitnami/parse/templates/svc.yaml b/riftbit/parse/templates/svc.yaml similarity index 100% rename from bitnami/parse/templates/svc.yaml rename to riftbit/parse/templates/svc.yaml diff --git a/bitnami/parse/values.yaml b/riftbit/parse/values.yaml similarity index 100% rename from bitnami/parse/values.yaml rename to riftbit/parse/values.yaml diff --git a/bitnami/kube-state-metrics/.helmignore b/riftbit/phabricator/.helmignore similarity index 100% rename from bitnami/kube-state-metrics/.helmignore rename to riftbit/phabricator/.helmignore diff --git a/bitnami/phabricator/Chart.lock b/riftbit/phabricator/Chart.lock similarity index 100% rename from bitnami/phabricator/Chart.lock rename to riftbit/phabricator/Chart.lock diff --git a/bitnami/phabricator/Chart.yaml b/riftbit/phabricator/Chart.yaml similarity index 100% rename from bitnami/phabricator/Chart.yaml rename to riftbit/phabricator/Chart.yaml diff --git a/bitnami/phabricator/README.md b/riftbit/phabricator/README.md similarity index 100% rename from bitnami/phabricator/README.md rename to riftbit/phabricator/README.md diff --git a/bitnami/osclass/ci/ct-values.yaml b/riftbit/phabricator/ci/ct-values.yaml similarity index 100% rename from bitnami/osclass/ci/ct-values.yaml rename to riftbit/phabricator/ci/ct-values.yaml diff --git a/bitnami/phabricator/ci/values-with-host-and-ingress.yaml b/riftbit/phabricator/ci/values-with-host-and-ingress.yaml similarity index 100% rename from bitnami/phabricator/ci/values-with-host-and-ingress.yaml rename to riftbit/phabricator/ci/values-with-host-and-ingress.yaml diff --git a/bitnami/phabricator/templates/NOTES.txt b/riftbit/phabricator/templates/NOTES.txt similarity index 100% rename from bitnami/phabricator/templates/NOTES.txt rename to riftbit/phabricator/templates/NOTES.txt diff --git a/bitnami/phabricator/templates/_helpers.tpl b/riftbit/phabricator/templates/_helpers.tpl similarity index 100% rename from bitnami/phabricator/templates/_helpers.tpl rename to riftbit/phabricator/templates/_helpers.tpl diff --git a/bitnami/phabricator/templates/deployment.yaml b/riftbit/phabricator/templates/deployment.yaml similarity index 100% rename from bitnami/phabricator/templates/deployment.yaml rename to riftbit/phabricator/templates/deployment.yaml diff --git a/bitnami/phabricator/templates/externaldb-secrets.yaml b/riftbit/phabricator/templates/externaldb-secrets.yaml similarity index 100% rename from bitnami/phabricator/templates/externaldb-secrets.yaml rename to riftbit/phabricator/templates/externaldb-secrets.yaml diff --git a/bitnami/kubernetes-event-exporter/templates/extra-list.yaml b/riftbit/phabricator/templates/extra-list.yaml similarity index 100% rename from bitnami/kubernetes-event-exporter/templates/extra-list.yaml rename to riftbit/phabricator/templates/extra-list.yaml diff --git a/bitnami/jasperreports/templates/ingress.yaml b/riftbit/phabricator/templates/ingress.yaml similarity index 100% rename from bitnami/jasperreports/templates/ingress.yaml rename to riftbit/phabricator/templates/ingress.yaml diff --git a/bitnami/phabricator/templates/pv.yaml b/riftbit/phabricator/templates/pv.yaml similarity index 100% rename from bitnami/phabricator/templates/pv.yaml rename to riftbit/phabricator/templates/pv.yaml diff --git a/bitnami/phabricator/templates/pvc.yaml b/riftbit/phabricator/templates/pvc.yaml similarity index 100% rename from bitnami/phabricator/templates/pvc.yaml rename to riftbit/phabricator/templates/pvc.yaml diff --git a/bitnami/phabricator/templates/secrets.yaml b/riftbit/phabricator/templates/secrets.yaml similarity index 100% rename from bitnami/phabricator/templates/secrets.yaml rename to riftbit/phabricator/templates/secrets.yaml diff --git a/bitnami/phabricator/templates/svc.yaml b/riftbit/phabricator/templates/svc.yaml similarity index 100% rename from bitnami/phabricator/templates/svc.yaml rename to riftbit/phabricator/templates/svc.yaml diff --git a/bitnami/phabricator/templates/tls-secrets.yaml b/riftbit/phabricator/templates/tls-secrets.yaml similarity index 100% rename from bitnami/phabricator/templates/tls-secrets.yaml rename to riftbit/phabricator/templates/tls-secrets.yaml diff --git a/bitnami/phabricator/values.yaml b/riftbit/phabricator/values.yaml similarity index 100% rename from bitnami/phabricator/values.yaml rename to riftbit/phabricator/values.yaml diff --git a/bitnami/kubeapps/.helmignore b/riftbit/postgresql-ha/.helmignore similarity index 100% rename from bitnami/kubeapps/.helmignore rename to riftbit/postgresql-ha/.helmignore diff --git a/bitnami/postgresql-ha/Chart.lock b/riftbit/postgresql-ha/Chart.lock similarity index 100% rename from bitnami/postgresql-ha/Chart.lock rename to riftbit/postgresql-ha/Chart.lock diff --git a/bitnami/postgresql-ha/Chart.yaml b/riftbit/postgresql-ha/Chart.yaml similarity index 100% rename from bitnami/postgresql-ha/Chart.yaml rename to riftbit/postgresql-ha/Chart.yaml diff --git a/bitnami/postgresql-ha/README.md b/riftbit/postgresql-ha/README.md similarity index 100% rename from bitnami/postgresql-ha/README.md rename to riftbit/postgresql-ha/README.md diff --git a/bitnami/postgresql-ha/ci/ct-values.yaml b/riftbit/postgresql-ha/ci/ct-values.yaml similarity index 100% rename from bitnami/postgresql-ha/ci/ct-values.yaml rename to riftbit/postgresql-ha/ci/ct-values.yaml diff --git a/bitnami/postgresql-ha/ci/values-production-with-pdb.yaml b/riftbit/postgresql-ha/ci/values-production-with-pdb.yaml similarity index 100% rename from bitnami/postgresql-ha/ci/values-production-with-pdb.yaml rename to riftbit/postgresql-ha/ci/values-production-with-pdb.yaml diff --git a/bitnami/postgresql-ha/templates/NOTES.txt b/riftbit/postgresql-ha/templates/NOTES.txt similarity index 100% rename from bitnami/postgresql-ha/templates/NOTES.txt rename to riftbit/postgresql-ha/templates/NOTES.txt diff --git a/bitnami/postgresql-ha/templates/_helpers.tpl b/riftbit/postgresql-ha/templates/_helpers.tpl similarity index 100% rename from bitnami/postgresql-ha/templates/_helpers.tpl rename to riftbit/postgresql-ha/templates/_helpers.tpl diff --git a/bitnami/kubewatch/templates/extra-list.yaml b/riftbit/postgresql-ha/templates/extra-list.yaml similarity index 100% rename from bitnami/kubewatch/templates/extra-list.yaml rename to riftbit/postgresql-ha/templates/extra-list.yaml diff --git a/bitnami/postgresql-ha/templates/ldap-secrets.yaml b/riftbit/postgresql-ha/templates/ldap-secrets.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/ldap-secrets.yaml rename to riftbit/postgresql-ha/templates/ldap-secrets.yaml diff --git a/bitnami/postgresql-ha/templates/metrics-configmap.yaml b/riftbit/postgresql-ha/templates/metrics-configmap.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/metrics-configmap.yaml rename to riftbit/postgresql-ha/templates/metrics-configmap.yaml diff --git a/bitnami/postgresql-ha/templates/networkpolicy.yaml b/riftbit/postgresql-ha/templates/networkpolicy.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/networkpolicy.yaml rename to riftbit/postgresql-ha/templates/networkpolicy.yaml diff --git a/bitnami/postgresql-ha/templates/pgpool/configmap.yaml b/riftbit/postgresql-ha/templates/pgpool/configmap.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/pgpool/configmap.yaml rename to riftbit/postgresql-ha/templates/pgpool/configmap.yaml diff --git a/bitnami/postgresql-ha/templates/pgpool/custom-users-secrets.yaml b/riftbit/postgresql-ha/templates/pgpool/custom-users-secrets.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/pgpool/custom-users-secrets.yaml rename to riftbit/postgresql-ha/templates/pgpool/custom-users-secrets.yaml diff --git a/bitnami/postgresql-ha/templates/pgpool/deployment.yaml b/riftbit/postgresql-ha/templates/pgpool/deployment.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/pgpool/deployment.yaml rename to riftbit/postgresql-ha/templates/pgpool/deployment.yaml diff --git a/bitnami/postgresql-ha/templates/pgpool/initdb-scripts-configmap.yaml b/riftbit/postgresql-ha/templates/pgpool/initdb-scripts-configmap.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/pgpool/initdb-scripts-configmap.yaml rename to riftbit/postgresql-ha/templates/pgpool/initdb-scripts-configmap.yaml diff --git a/bitnami/postgresql-ha/templates/pgpool/pdb.yaml b/riftbit/postgresql-ha/templates/pgpool/pdb.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/pgpool/pdb.yaml rename to riftbit/postgresql-ha/templates/pgpool/pdb.yaml diff --git a/bitnami/postgresql-ha/templates/pgpool/secrets.yaml b/riftbit/postgresql-ha/templates/pgpool/secrets.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/pgpool/secrets.yaml rename to riftbit/postgresql-ha/templates/pgpool/secrets.yaml diff --git a/bitnami/postgresql-ha/templates/pgpool/service.yaml b/riftbit/postgresql-ha/templates/pgpool/service.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/pgpool/service.yaml rename to riftbit/postgresql-ha/templates/pgpool/service.yaml diff --git a/bitnami/postgresql-ha/templates/postgresql/configmap.yaml b/riftbit/postgresql-ha/templates/postgresql/configmap.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/postgresql/configmap.yaml rename to riftbit/postgresql-ha/templates/postgresql/configmap.yaml diff --git a/bitnami/postgresql-ha/templates/postgresql/extended-configmap.yaml b/riftbit/postgresql-ha/templates/postgresql/extended-configmap.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/postgresql/extended-configmap.yaml rename to riftbit/postgresql-ha/templates/postgresql/extended-configmap.yaml diff --git a/bitnami/postgresql-ha/templates/postgresql/hooks-scripts-configmap.yaml b/riftbit/postgresql-ha/templates/postgresql/hooks-scripts-configmap.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/postgresql/hooks-scripts-configmap.yaml rename to riftbit/postgresql-ha/templates/postgresql/hooks-scripts-configmap.yaml diff --git a/bitnami/postgresql-ha/templates/postgresql/initdb-scripts-configmap.yaml b/riftbit/postgresql-ha/templates/postgresql/initdb-scripts-configmap.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/postgresql/initdb-scripts-configmap.yaml rename to riftbit/postgresql-ha/templates/postgresql/initdb-scripts-configmap.yaml diff --git a/bitnami/postgresql-ha/templates/postgresql/metrics-service.yaml b/riftbit/postgresql-ha/templates/postgresql/metrics-service.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/postgresql/metrics-service.yaml rename to riftbit/postgresql-ha/templates/postgresql/metrics-service.yaml diff --git a/bitnami/postgresql-ha/templates/postgresql/pdb.yaml b/riftbit/postgresql-ha/templates/postgresql/pdb.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/postgresql/pdb.yaml rename to riftbit/postgresql-ha/templates/postgresql/pdb.yaml diff --git a/bitnami/postgresql-ha/templates/postgresql/secrets.yaml b/riftbit/postgresql-ha/templates/postgresql/secrets.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/postgresql/secrets.yaml rename to riftbit/postgresql-ha/templates/postgresql/secrets.yaml diff --git a/bitnami/postgresql-ha/templates/postgresql/service-headless.yaml b/riftbit/postgresql-ha/templates/postgresql/service-headless.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/postgresql/service-headless.yaml rename to riftbit/postgresql-ha/templates/postgresql/service-headless.yaml diff --git a/bitnami/postgresql-ha/templates/postgresql/service.yaml b/riftbit/postgresql-ha/templates/postgresql/service.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/postgresql/service.yaml rename to riftbit/postgresql-ha/templates/postgresql/service.yaml diff --git a/bitnami/postgresql-ha/templates/postgresql/servicemonitor.yaml b/riftbit/postgresql-ha/templates/postgresql/servicemonitor.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/postgresql/servicemonitor.yaml rename to riftbit/postgresql-ha/templates/postgresql/servicemonitor.yaml diff --git a/bitnami/postgresql-ha/templates/postgresql/statefulset.yaml b/riftbit/postgresql-ha/templates/postgresql/statefulset.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/postgresql/statefulset.yaml rename to riftbit/postgresql-ha/templates/postgresql/statefulset.yaml diff --git a/bitnami/postgresql-ha/templates/serviceaccount.yaml b/riftbit/postgresql-ha/templates/serviceaccount.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/serviceaccount.yaml rename to riftbit/postgresql-ha/templates/serviceaccount.yaml diff --git a/bitnami/postgresql-ha/templates/tls-secrets.yaml b/riftbit/postgresql-ha/templates/tls-secrets.yaml similarity index 100% rename from bitnami/postgresql-ha/templates/tls-secrets.yaml rename to riftbit/postgresql-ha/templates/tls-secrets.yaml diff --git a/bitnami/postgresql-ha/values.yaml b/riftbit/postgresql-ha/values.yaml similarity index 100% rename from bitnami/postgresql-ha/values.yaml rename to riftbit/postgresql-ha/values.yaml diff --git a/bitnami/kubewatch/.helmignore b/riftbit/postgresql/.helmignore similarity index 100% rename from bitnami/kubewatch/.helmignore rename to riftbit/postgresql/.helmignore diff --git a/bitnami/postgresql/Chart.lock b/riftbit/postgresql/Chart.lock similarity index 100% rename from bitnami/postgresql/Chart.lock rename to riftbit/postgresql/Chart.lock diff --git a/bitnami/postgresql/Chart.yaml b/riftbit/postgresql/Chart.yaml similarity index 100% rename from bitnami/postgresql/Chart.yaml rename to riftbit/postgresql/Chart.yaml diff --git a/bitnami/postgresql/README.md b/riftbit/postgresql/README.md similarity index 100% rename from bitnami/postgresql/README.md rename to riftbit/postgresql/README.md diff --git a/bitnami/postgresql/ci/commonAnnotations.yaml b/riftbit/postgresql/ci/commonAnnotations.yaml similarity index 100% rename from bitnami/postgresql/ci/commonAnnotations.yaml rename to riftbit/postgresql/ci/commonAnnotations.yaml diff --git a/bitnami/postgresql/ci/default-values.yaml b/riftbit/postgresql/ci/default-values.yaml similarity index 100% rename from bitnami/postgresql/ci/default-values.yaml rename to riftbit/postgresql/ci/default-values.yaml diff --git a/bitnami/postgresql/ci/shmvolume-disabled-values.yaml b/riftbit/postgresql/ci/shmvolume-disabled-values.yaml similarity index 100% rename from bitnami/postgresql/ci/shmvolume-disabled-values.yaml rename to riftbit/postgresql/ci/shmvolume-disabled-values.yaml diff --git a/bitnami/postgresql/files/README.md b/riftbit/postgresql/files/README.md similarity index 100% rename from bitnami/postgresql/files/README.md rename to riftbit/postgresql/files/README.md diff --git a/bitnami/postgresql/files/conf.d/README.md b/riftbit/postgresql/files/conf.d/README.md similarity index 100% rename from bitnami/postgresql/files/conf.d/README.md rename to riftbit/postgresql/files/conf.d/README.md diff --git a/bitnami/postgresql/files/docker-entrypoint-initdb.d/README.md b/riftbit/postgresql/files/docker-entrypoint-initdb.d/README.md similarity index 100% rename from bitnami/postgresql/files/docker-entrypoint-initdb.d/README.md rename to riftbit/postgresql/files/docker-entrypoint-initdb.d/README.md diff --git a/bitnami/postgresql/templates/NOTES.txt b/riftbit/postgresql/templates/NOTES.txt similarity index 100% rename from bitnami/postgresql/templates/NOTES.txt rename to riftbit/postgresql/templates/NOTES.txt diff --git a/bitnami/postgresql/templates/_helpers.tpl b/riftbit/postgresql/templates/_helpers.tpl similarity index 100% rename from bitnami/postgresql/templates/_helpers.tpl rename to riftbit/postgresql/templates/_helpers.tpl diff --git a/bitnami/postgresql/templates/configmap.yaml b/riftbit/postgresql/templates/configmap.yaml similarity index 100% rename from bitnami/postgresql/templates/configmap.yaml rename to riftbit/postgresql/templates/configmap.yaml diff --git a/bitnami/postgresql/templates/extended-config-configmap.yaml b/riftbit/postgresql/templates/extended-config-configmap.yaml similarity index 100% rename from bitnami/postgresql/templates/extended-config-configmap.yaml rename to riftbit/postgresql/templates/extended-config-configmap.yaml diff --git a/bitnami/logstash/templates/extra-list.yaml b/riftbit/postgresql/templates/extra-list.yaml similarity index 100% rename from bitnami/logstash/templates/extra-list.yaml rename to riftbit/postgresql/templates/extra-list.yaml diff --git a/bitnami/postgresql/templates/initialization-configmap.yaml b/riftbit/postgresql/templates/initialization-configmap.yaml similarity index 100% rename from bitnami/postgresql/templates/initialization-configmap.yaml rename to riftbit/postgresql/templates/initialization-configmap.yaml diff --git a/bitnami/postgresql/templates/metrics-configmap.yaml b/riftbit/postgresql/templates/metrics-configmap.yaml similarity index 100% rename from bitnami/postgresql/templates/metrics-configmap.yaml rename to riftbit/postgresql/templates/metrics-configmap.yaml diff --git a/bitnami/postgresql/templates/metrics-svc.yaml b/riftbit/postgresql/templates/metrics-svc.yaml similarity index 100% rename from bitnami/postgresql/templates/metrics-svc.yaml rename to riftbit/postgresql/templates/metrics-svc.yaml diff --git a/bitnami/postgresql/templates/networkpolicy.yaml b/riftbit/postgresql/templates/networkpolicy.yaml similarity index 100% rename from bitnami/postgresql/templates/networkpolicy.yaml rename to riftbit/postgresql/templates/networkpolicy.yaml diff --git a/bitnami/postgresql/templates/podsecuritypolicy.yaml b/riftbit/postgresql/templates/podsecuritypolicy.yaml similarity index 100% rename from bitnami/postgresql/templates/podsecuritypolicy.yaml rename to riftbit/postgresql/templates/podsecuritypolicy.yaml diff --git a/bitnami/postgresql/templates/prometheusrule.yaml b/riftbit/postgresql/templates/prometheusrule.yaml similarity index 100% rename from bitnami/postgresql/templates/prometheusrule.yaml rename to riftbit/postgresql/templates/prometheusrule.yaml diff --git a/bitnami/postgresql/templates/role.yaml b/riftbit/postgresql/templates/role.yaml similarity index 100% rename from bitnami/postgresql/templates/role.yaml rename to riftbit/postgresql/templates/role.yaml diff --git a/bitnami/postgresql/templates/rolebinding.yaml b/riftbit/postgresql/templates/rolebinding.yaml similarity index 100% rename from bitnami/postgresql/templates/rolebinding.yaml rename to riftbit/postgresql/templates/rolebinding.yaml diff --git a/bitnami/postgresql/templates/secrets.yaml b/riftbit/postgresql/templates/secrets.yaml similarity index 100% rename from bitnami/postgresql/templates/secrets.yaml rename to riftbit/postgresql/templates/secrets.yaml diff --git a/bitnami/postgresql/templates/serviceaccount.yaml b/riftbit/postgresql/templates/serviceaccount.yaml similarity index 100% rename from bitnami/postgresql/templates/serviceaccount.yaml rename to riftbit/postgresql/templates/serviceaccount.yaml diff --git a/bitnami/postgresql/templates/servicemonitor.yaml b/riftbit/postgresql/templates/servicemonitor.yaml similarity index 100% rename from bitnami/postgresql/templates/servicemonitor.yaml rename to riftbit/postgresql/templates/servicemonitor.yaml diff --git a/bitnami/postgresql/templates/statefulset-readreplicas.yaml b/riftbit/postgresql/templates/statefulset-readreplicas.yaml similarity index 100% rename from bitnami/postgresql/templates/statefulset-readreplicas.yaml rename to riftbit/postgresql/templates/statefulset-readreplicas.yaml diff --git a/bitnami/postgresql/templates/statefulset.yaml b/riftbit/postgresql/templates/statefulset.yaml similarity index 100% rename from bitnami/postgresql/templates/statefulset.yaml rename to riftbit/postgresql/templates/statefulset.yaml diff --git a/bitnami/postgresql/templates/svc-headless.yaml b/riftbit/postgresql/templates/svc-headless.yaml similarity index 100% rename from bitnami/postgresql/templates/svc-headless.yaml rename to riftbit/postgresql/templates/svc-headless.yaml diff --git a/bitnami/postgresql/templates/svc-read-set.yaml b/riftbit/postgresql/templates/svc-read-set.yaml similarity index 100% rename from bitnami/postgresql/templates/svc-read-set.yaml rename to riftbit/postgresql/templates/svc-read-set.yaml diff --git a/bitnami/postgresql/templates/svc-read.yaml b/riftbit/postgresql/templates/svc-read.yaml similarity index 100% rename from bitnami/postgresql/templates/svc-read.yaml rename to riftbit/postgresql/templates/svc-read.yaml diff --git a/bitnami/postgresql/templates/svc.yaml b/riftbit/postgresql/templates/svc.yaml similarity index 100% rename from bitnami/postgresql/templates/svc.yaml rename to riftbit/postgresql/templates/svc.yaml diff --git a/bitnami/postgresql/templates/tls-secrets.yaml b/riftbit/postgresql/templates/tls-secrets.yaml similarity index 100% rename from bitnami/postgresql/templates/tls-secrets.yaml rename to riftbit/postgresql/templates/tls-secrets.yaml diff --git a/bitnami/postgresql/values.schema.json b/riftbit/postgresql/values.schema.json similarity index 100% rename from bitnami/postgresql/values.schema.json rename to riftbit/postgresql/values.schema.json diff --git a/bitnami/postgresql/values.yaml b/riftbit/postgresql/values.yaml similarity index 100% rename from bitnami/postgresql/values.yaml rename to riftbit/postgresql/values.yaml diff --git a/riftbit/quickchart/Chart.yaml b/riftbit/quickchart/Chart.yaml index a9ff4a1..48c4254 100644 --- a/riftbit/quickchart/Chart.yaml +++ b/riftbit/quickchart/Chart.yaml @@ -11,5 +11,7 @@ sources: version: 1.1.0 dependencies: - name: common - version: 1.7.1 - repository: https://charts.bitnami.com/bitnami/ + repository: https://charts.riftbit.com/ + # tags: + # - riftbit-common + version: 1.x.x diff --git a/bitnami/magento/.helmignore b/riftbit/rabbitmq-cluster-operator/.helmignore similarity index 100% rename from bitnami/magento/.helmignore rename to riftbit/rabbitmq-cluster-operator/.helmignore diff --git a/bitnami/rabbitmq-cluster-operator/Chart.lock b/riftbit/rabbitmq-cluster-operator/Chart.lock similarity index 100% rename from bitnami/rabbitmq-cluster-operator/Chart.lock rename to riftbit/rabbitmq-cluster-operator/Chart.lock diff --git a/bitnami/rabbitmq-cluster-operator/Chart.yaml b/riftbit/rabbitmq-cluster-operator/Chart.yaml similarity index 100% rename from bitnami/rabbitmq-cluster-operator/Chart.yaml rename to riftbit/rabbitmq-cluster-operator/Chart.yaml diff --git a/bitnami/rabbitmq-cluster-operator/README.md b/riftbit/rabbitmq-cluster-operator/README.md similarity index 100% rename from bitnami/rabbitmq-cluster-operator/README.md rename to riftbit/rabbitmq-cluster-operator/README.md diff --git a/bitnami/rabbitmq-cluster-operator/templates/NOTES.txt b/riftbit/rabbitmq-cluster-operator/templates/NOTES.txt similarity index 100% rename from bitnami/rabbitmq-cluster-operator/templates/NOTES.txt rename to riftbit/rabbitmq-cluster-operator/templates/NOTES.txt diff --git a/bitnami/rabbitmq-cluster-operator/templates/_helpers.tpl b/riftbit/rabbitmq-cluster-operator/templates/_helpers.tpl similarity index 100% rename from bitnami/rabbitmq-cluster-operator/templates/_helpers.tpl rename to riftbit/rabbitmq-cluster-operator/templates/_helpers.tpl diff --git a/bitnami/rabbitmq-cluster-operator/templates/clusterrole.yaml b/riftbit/rabbitmq-cluster-operator/templates/clusterrole.yaml similarity index 100% rename from bitnami/rabbitmq-cluster-operator/templates/clusterrole.yaml rename to riftbit/rabbitmq-cluster-operator/templates/clusterrole.yaml diff --git a/bitnami/rabbitmq-cluster-operator/templates/clusterrolebinding.yaml b/riftbit/rabbitmq-cluster-operator/templates/clusterrolebinding.yaml similarity index 100% rename from bitnami/rabbitmq-cluster-operator/templates/clusterrolebinding.yaml rename to riftbit/rabbitmq-cluster-operator/templates/clusterrolebinding.yaml diff --git a/bitnami/rabbitmq-cluster-operator/templates/crd-rabbitmq-cluster.yaml b/riftbit/rabbitmq-cluster-operator/templates/crd-rabbitmq-cluster.yaml similarity index 100% rename from bitnami/rabbitmq-cluster-operator/templates/crd-rabbitmq-cluster.yaml rename to riftbit/rabbitmq-cluster-operator/templates/crd-rabbitmq-cluster.yaml diff --git a/bitnami/rabbitmq-cluster-operator/templates/deployment.yaml b/riftbit/rabbitmq-cluster-operator/templates/deployment.yaml similarity index 100% rename from bitnami/rabbitmq-cluster-operator/templates/deployment.yaml rename to riftbit/rabbitmq-cluster-operator/templates/deployment.yaml diff --git a/bitnami/magento/templates/extra-list.yaml b/riftbit/rabbitmq-cluster-operator/templates/extra-list.yaml similarity index 100% rename from bitnami/magento/templates/extra-list.yaml rename to riftbit/rabbitmq-cluster-operator/templates/extra-list.yaml diff --git a/bitnami/rabbitmq-cluster-operator/templates/metrics-service.yaml b/riftbit/rabbitmq-cluster-operator/templates/metrics-service.yaml similarity index 100% rename from bitnami/rabbitmq-cluster-operator/templates/metrics-service.yaml rename to riftbit/rabbitmq-cluster-operator/templates/metrics-service.yaml diff --git a/bitnami/rabbitmq-cluster-operator/templates/role.yaml b/riftbit/rabbitmq-cluster-operator/templates/role.yaml similarity index 100% rename from bitnami/rabbitmq-cluster-operator/templates/role.yaml rename to riftbit/rabbitmq-cluster-operator/templates/role.yaml diff --git a/bitnami/rabbitmq-cluster-operator/templates/rolebinding.yaml b/riftbit/rabbitmq-cluster-operator/templates/rolebinding.yaml similarity index 100% rename from bitnami/rabbitmq-cluster-operator/templates/rolebinding.yaml rename to riftbit/rabbitmq-cluster-operator/templates/rolebinding.yaml diff --git a/bitnami/rabbitmq-cluster-operator/templates/service-account.yaml b/riftbit/rabbitmq-cluster-operator/templates/service-account.yaml similarity index 100% rename from bitnami/rabbitmq-cluster-operator/templates/service-account.yaml rename to riftbit/rabbitmq-cluster-operator/templates/service-account.yaml diff --git a/bitnami/rabbitmq-cluster-operator/templates/servicemonitor.yaml b/riftbit/rabbitmq-cluster-operator/templates/servicemonitor.yaml similarity index 100% rename from bitnami/rabbitmq-cluster-operator/templates/servicemonitor.yaml rename to riftbit/rabbitmq-cluster-operator/templates/servicemonitor.yaml diff --git a/bitnami/rabbitmq-cluster-operator/values.yaml b/riftbit/rabbitmq-cluster-operator/values.yaml similarity index 100% rename from bitnami/rabbitmq-cluster-operator/values.yaml rename to riftbit/rabbitmq-cluster-operator/values.yaml diff --git a/bitnami/mariadb-galera/.helmignore b/riftbit/rabbitmq/.helmignore similarity index 100% rename from bitnami/mariadb-galera/.helmignore rename to riftbit/rabbitmq/.helmignore diff --git a/bitnami/rabbitmq/Chart.lock b/riftbit/rabbitmq/Chart.lock similarity index 100% rename from bitnami/rabbitmq/Chart.lock rename to riftbit/rabbitmq/Chart.lock diff --git a/bitnami/rabbitmq/Chart.yaml b/riftbit/rabbitmq/Chart.yaml similarity index 100% rename from bitnami/rabbitmq/Chart.yaml rename to riftbit/rabbitmq/Chart.yaml diff --git a/bitnami/rabbitmq/README.md b/riftbit/rabbitmq/README.md similarity index 100% rename from bitnami/rabbitmq/README.md rename to riftbit/rabbitmq/README.md diff --git a/bitnami/rabbitmq/ci/default-values.yaml b/riftbit/rabbitmq/ci/default-values.yaml similarity index 100% rename from bitnami/rabbitmq/ci/default-values.yaml rename to riftbit/rabbitmq/ci/default-values.yaml diff --git a/bitnami/rabbitmq/ci/tolerations-values.yaml b/riftbit/rabbitmq/ci/tolerations-values.yaml similarity index 100% rename from bitnami/rabbitmq/ci/tolerations-values.yaml rename to riftbit/rabbitmq/ci/tolerations-values.yaml diff --git a/bitnami/rabbitmq/templates/NOTES.txt b/riftbit/rabbitmq/templates/NOTES.txt similarity index 100% rename from bitnami/rabbitmq/templates/NOTES.txt rename to riftbit/rabbitmq/templates/NOTES.txt diff --git a/bitnami/rabbitmq/templates/_helpers.tpl b/riftbit/rabbitmq/templates/_helpers.tpl similarity index 100% rename from bitnami/rabbitmq/templates/_helpers.tpl rename to riftbit/rabbitmq/templates/_helpers.tpl diff --git a/bitnami/rabbitmq/templates/configuration.yaml b/riftbit/rabbitmq/templates/configuration.yaml similarity index 100% rename from bitnami/rabbitmq/templates/configuration.yaml rename to riftbit/rabbitmq/templates/configuration.yaml diff --git a/bitnami/mariadb-galera/templates/extra-list.yaml b/riftbit/rabbitmq/templates/extra-list.yaml similarity index 100% rename from bitnami/mariadb-galera/templates/extra-list.yaml rename to riftbit/rabbitmq/templates/extra-list.yaml diff --git a/bitnami/rabbitmq/templates/ingress.yaml b/riftbit/rabbitmq/templates/ingress.yaml similarity index 100% rename from bitnami/rabbitmq/templates/ingress.yaml rename to riftbit/rabbitmq/templates/ingress.yaml diff --git a/bitnami/rabbitmq/templates/networkpolicy.yaml b/riftbit/rabbitmq/templates/networkpolicy.yaml similarity index 100% rename from bitnami/rabbitmq/templates/networkpolicy.yaml rename to riftbit/rabbitmq/templates/networkpolicy.yaml diff --git a/bitnami/rabbitmq/templates/pdb.yaml b/riftbit/rabbitmq/templates/pdb.yaml similarity index 100% rename from bitnami/rabbitmq/templates/pdb.yaml rename to riftbit/rabbitmq/templates/pdb.yaml diff --git a/bitnami/rabbitmq/templates/prometheusrule.yaml b/riftbit/rabbitmq/templates/prometheusrule.yaml similarity index 100% rename from bitnami/rabbitmq/templates/prometheusrule.yaml rename to riftbit/rabbitmq/templates/prometheusrule.yaml diff --git a/bitnami/rabbitmq/templates/role.yaml b/riftbit/rabbitmq/templates/role.yaml similarity index 100% rename from bitnami/rabbitmq/templates/role.yaml rename to riftbit/rabbitmq/templates/role.yaml diff --git a/bitnami/rabbitmq/templates/rolebinding.yaml b/riftbit/rabbitmq/templates/rolebinding.yaml similarity index 100% rename from bitnami/rabbitmq/templates/rolebinding.yaml rename to riftbit/rabbitmq/templates/rolebinding.yaml diff --git a/bitnami/rabbitmq/templates/secrets.yaml b/riftbit/rabbitmq/templates/secrets.yaml similarity index 100% rename from bitnami/rabbitmq/templates/secrets.yaml rename to riftbit/rabbitmq/templates/secrets.yaml diff --git a/bitnami/rabbitmq/templates/serviceaccount.yaml b/riftbit/rabbitmq/templates/serviceaccount.yaml similarity index 100% rename from bitnami/rabbitmq/templates/serviceaccount.yaml rename to riftbit/rabbitmq/templates/serviceaccount.yaml diff --git a/bitnami/rabbitmq/templates/servicemonitor.yaml b/riftbit/rabbitmq/templates/servicemonitor.yaml similarity index 100% rename from bitnami/rabbitmq/templates/servicemonitor.yaml rename to riftbit/rabbitmq/templates/servicemonitor.yaml diff --git a/bitnami/rabbitmq/templates/statefulset.yaml b/riftbit/rabbitmq/templates/statefulset.yaml similarity index 100% rename from bitnami/rabbitmq/templates/statefulset.yaml rename to riftbit/rabbitmq/templates/statefulset.yaml diff --git a/bitnami/rabbitmq/templates/svc-headless.yaml b/riftbit/rabbitmq/templates/svc-headless.yaml similarity index 100% rename from bitnami/rabbitmq/templates/svc-headless.yaml rename to riftbit/rabbitmq/templates/svc-headless.yaml diff --git a/bitnami/rabbitmq/templates/svc.yaml b/riftbit/rabbitmq/templates/svc.yaml similarity index 100% rename from bitnami/rabbitmq/templates/svc.yaml rename to riftbit/rabbitmq/templates/svc.yaml diff --git a/bitnami/rabbitmq/templates/tls-secrets.yaml b/riftbit/rabbitmq/templates/tls-secrets.yaml similarity index 100% rename from bitnami/rabbitmq/templates/tls-secrets.yaml rename to riftbit/rabbitmq/templates/tls-secrets.yaml diff --git a/bitnami/rabbitmq/values.schema.json b/riftbit/rabbitmq/values.schema.json similarity index 100% rename from bitnami/rabbitmq/values.schema.json rename to riftbit/rabbitmq/values.schema.json diff --git a/bitnami/rabbitmq/values.yaml b/riftbit/rabbitmq/values.yaml similarity index 100% rename from bitnami/rabbitmq/values.yaml rename to riftbit/rabbitmq/values.yaml diff --git a/bitnami/mariadb/.helmignore b/riftbit/redis-cluster/.helmignore similarity index 100% rename from bitnami/mariadb/.helmignore rename to riftbit/redis-cluster/.helmignore diff --git a/bitnami/redis-cluster/Chart.lock b/riftbit/redis-cluster/Chart.lock similarity index 100% rename from bitnami/redis-cluster/Chart.lock rename to riftbit/redis-cluster/Chart.lock diff --git a/bitnami/redis-cluster/Chart.yaml b/riftbit/redis-cluster/Chart.yaml similarity index 100% rename from bitnami/redis-cluster/Chart.yaml rename to riftbit/redis-cluster/Chart.yaml diff --git a/bitnami/redis-cluster/README.md b/riftbit/redis-cluster/README.md similarity index 100% rename from bitnami/redis-cluster/README.md rename to riftbit/redis-cluster/README.md diff --git a/bitnami/redis-cluster/img/redis-cluster-topology.png b/riftbit/redis-cluster/img/redis-cluster-topology.png similarity index 100% rename from bitnami/redis-cluster/img/redis-cluster-topology.png rename to riftbit/redis-cluster/img/redis-cluster-topology.png diff --git a/bitnami/redis-cluster/img/redis-topology.png b/riftbit/redis-cluster/img/redis-topology.png similarity index 100% rename from bitnami/redis-cluster/img/redis-topology.png rename to riftbit/redis-cluster/img/redis-topology.png diff --git a/bitnami/redis-cluster/templates/NOTES.txt b/riftbit/redis-cluster/templates/NOTES.txt similarity index 100% rename from bitnami/redis-cluster/templates/NOTES.txt rename to riftbit/redis-cluster/templates/NOTES.txt diff --git a/bitnami/redis-cluster/templates/_helpers.tpl b/riftbit/redis-cluster/templates/_helpers.tpl similarity index 100% rename from bitnami/redis-cluster/templates/_helpers.tpl rename to riftbit/redis-cluster/templates/_helpers.tpl diff --git a/bitnami/redis-cluster/templates/configmap.yaml b/riftbit/redis-cluster/templates/configmap.yaml similarity index 100% rename from bitnami/redis-cluster/templates/configmap.yaml rename to riftbit/redis-cluster/templates/configmap.yaml diff --git a/bitnami/mariadb/templates/extra-list.yaml b/riftbit/redis-cluster/templates/extra-list.yaml similarity index 100% rename from bitnami/mariadb/templates/extra-list.yaml rename to riftbit/redis-cluster/templates/extra-list.yaml diff --git a/bitnami/redis-cluster/templates/headless-svc.yaml b/riftbit/redis-cluster/templates/headless-svc.yaml similarity index 100% rename from bitnami/redis-cluster/templates/headless-svc.yaml rename to riftbit/redis-cluster/templates/headless-svc.yaml diff --git a/bitnami/redis-cluster/templates/metrics-prometheus.yaml b/riftbit/redis-cluster/templates/metrics-prometheus.yaml similarity index 100% rename from bitnami/redis-cluster/templates/metrics-prometheus.yaml rename to riftbit/redis-cluster/templates/metrics-prometheus.yaml diff --git a/bitnami/redis-cluster/templates/metrics-svc.yaml b/riftbit/redis-cluster/templates/metrics-svc.yaml similarity index 100% rename from bitnami/redis-cluster/templates/metrics-svc.yaml rename to riftbit/redis-cluster/templates/metrics-svc.yaml diff --git a/bitnami/redis-cluster/templates/networkpolicy.yaml b/riftbit/redis-cluster/templates/networkpolicy.yaml similarity index 100% rename from bitnami/redis-cluster/templates/networkpolicy.yaml rename to riftbit/redis-cluster/templates/networkpolicy.yaml diff --git a/bitnami/redis-cluster/templates/poddisruptionbudget.yaml b/riftbit/redis-cluster/templates/poddisruptionbudget.yaml similarity index 100% rename from bitnami/redis-cluster/templates/poddisruptionbudget.yaml rename to riftbit/redis-cluster/templates/poddisruptionbudget.yaml diff --git a/bitnami/redis-cluster/templates/prometheusrule.yaml b/riftbit/redis-cluster/templates/prometheusrule.yaml similarity index 100% rename from bitnami/redis-cluster/templates/prometheusrule.yaml rename to riftbit/redis-cluster/templates/prometheusrule.yaml diff --git a/bitnami/redis-cluster/templates/psp.yaml b/riftbit/redis-cluster/templates/psp.yaml similarity index 100% rename from bitnami/redis-cluster/templates/psp.yaml rename to riftbit/redis-cluster/templates/psp.yaml diff --git a/bitnami/redis-cluster/templates/redis-role.yaml b/riftbit/redis-cluster/templates/redis-role.yaml similarity index 100% rename from bitnami/redis-cluster/templates/redis-role.yaml rename to riftbit/redis-cluster/templates/redis-role.yaml diff --git a/bitnami/redis-cluster/templates/redis-rolebinding.yaml b/riftbit/redis-cluster/templates/redis-rolebinding.yaml similarity index 100% rename from bitnami/redis-cluster/templates/redis-rolebinding.yaml rename to riftbit/redis-cluster/templates/redis-rolebinding.yaml diff --git a/bitnami/redis-cluster/templates/redis-serviceaccount.yaml b/riftbit/redis-cluster/templates/redis-serviceaccount.yaml similarity index 100% rename from bitnami/redis-cluster/templates/redis-serviceaccount.yaml rename to riftbit/redis-cluster/templates/redis-serviceaccount.yaml diff --git a/bitnami/redis-cluster/templates/redis-statefulset.yaml b/riftbit/redis-cluster/templates/redis-statefulset.yaml similarity index 100% rename from bitnami/redis-cluster/templates/redis-statefulset.yaml rename to riftbit/redis-cluster/templates/redis-statefulset.yaml diff --git a/bitnami/redis-cluster/templates/redis-svc.yaml b/riftbit/redis-cluster/templates/redis-svc.yaml similarity index 100% rename from bitnami/redis-cluster/templates/redis-svc.yaml rename to riftbit/redis-cluster/templates/redis-svc.yaml diff --git a/bitnami/redis-cluster/templates/scripts-configmap.yaml b/riftbit/redis-cluster/templates/scripts-configmap.yaml similarity index 100% rename from bitnami/redis-cluster/templates/scripts-configmap.yaml rename to riftbit/redis-cluster/templates/scripts-configmap.yaml diff --git a/bitnami/redis-cluster/templates/secret.yaml b/riftbit/redis-cluster/templates/secret.yaml similarity index 100% rename from bitnami/redis-cluster/templates/secret.yaml rename to riftbit/redis-cluster/templates/secret.yaml diff --git a/bitnami/redis-cluster/templates/svc-cluster-external-access.yaml b/riftbit/redis-cluster/templates/svc-cluster-external-access.yaml similarity index 100% rename from bitnami/redis-cluster/templates/svc-cluster-external-access.yaml rename to riftbit/redis-cluster/templates/svc-cluster-external-access.yaml diff --git a/bitnami/redis-cluster/templates/tls-secret.yaml b/riftbit/redis-cluster/templates/tls-secret.yaml similarity index 100% rename from bitnami/redis-cluster/templates/tls-secret.yaml rename to riftbit/redis-cluster/templates/tls-secret.yaml diff --git a/bitnami/redis-cluster/templates/update-cluster.yaml b/riftbit/redis-cluster/templates/update-cluster.yaml similarity index 100% rename from bitnami/redis-cluster/templates/update-cluster.yaml rename to riftbit/redis-cluster/templates/update-cluster.yaml diff --git a/bitnami/redis-cluster/values.yaml b/riftbit/redis-cluster/values.yaml similarity index 100% rename from bitnami/redis-cluster/values.yaml rename to riftbit/redis-cluster/values.yaml diff --git a/bitnami/mediawiki/.helmignore b/riftbit/redis/.helmignore similarity index 100% rename from bitnami/mediawiki/.helmignore rename to riftbit/redis/.helmignore diff --git a/bitnami/redis/Chart.lock b/riftbit/redis/Chart.lock similarity index 100% rename from bitnami/redis/Chart.lock rename to riftbit/redis/Chart.lock diff --git a/bitnami/redis/Chart.yaml b/riftbit/redis/Chart.yaml similarity index 100% rename from bitnami/redis/Chart.yaml rename to riftbit/redis/Chart.yaml diff --git a/bitnami/redis/README.md b/riftbit/redis/README.md similarity index 100% rename from bitnami/redis/README.md rename to riftbit/redis/README.md diff --git a/bitnami/redis/ci/extra-flags-values.yaml b/riftbit/redis/ci/extra-flags-values.yaml similarity index 100% rename from bitnami/redis/ci/extra-flags-values.yaml rename to riftbit/redis/ci/extra-flags-values.yaml diff --git a/bitnami/redis/ci/sentinel-values.yaml b/riftbit/redis/ci/sentinel-values.yaml similarity index 100% rename from bitnami/redis/ci/sentinel-values.yaml rename to riftbit/redis/ci/sentinel-values.yaml diff --git a/bitnami/redis/ci/standalone-values.yaml b/riftbit/redis/ci/standalone-values.yaml similarity index 100% rename from bitnami/redis/ci/standalone-values.yaml rename to riftbit/redis/ci/standalone-values.yaml diff --git a/bitnami/redis/img/redis-cluster-topology.png b/riftbit/redis/img/redis-cluster-topology.png similarity index 100% rename from bitnami/redis/img/redis-cluster-topology.png rename to riftbit/redis/img/redis-cluster-topology.png diff --git a/bitnami/redis/templates/NOTES.txt b/riftbit/redis/templates/NOTES.txt similarity index 100% rename from bitnami/redis/templates/NOTES.txt rename to riftbit/redis/templates/NOTES.txt diff --git a/bitnami/redis/templates/_helpers.tpl b/riftbit/redis/templates/_helpers.tpl similarity index 100% rename from bitnami/redis/templates/_helpers.tpl rename to riftbit/redis/templates/_helpers.tpl diff --git a/bitnami/redis/templates/configmap.yaml b/riftbit/redis/templates/configmap.yaml similarity index 100% rename from bitnami/redis/templates/configmap.yaml rename to riftbit/redis/templates/configmap.yaml diff --git a/bitnami/memcached/templates/extra-list.yaml b/riftbit/redis/templates/extra-list.yaml similarity index 100% rename from bitnami/memcached/templates/extra-list.yaml rename to riftbit/redis/templates/extra-list.yaml diff --git a/bitnami/redis/templates/headless-svc.yaml b/riftbit/redis/templates/headless-svc.yaml similarity index 100% rename from bitnami/redis/templates/headless-svc.yaml rename to riftbit/redis/templates/headless-svc.yaml diff --git a/bitnami/redis/templates/health-configmap.yaml b/riftbit/redis/templates/health-configmap.yaml similarity index 100% rename from bitnami/redis/templates/health-configmap.yaml rename to riftbit/redis/templates/health-configmap.yaml diff --git a/bitnami/redis/templates/master/psp.yaml b/riftbit/redis/templates/master/psp.yaml similarity index 100% rename from bitnami/redis/templates/master/psp.yaml rename to riftbit/redis/templates/master/psp.yaml diff --git a/bitnami/redis/templates/master/service.yaml b/riftbit/redis/templates/master/service.yaml similarity index 100% rename from bitnami/redis/templates/master/service.yaml rename to riftbit/redis/templates/master/service.yaml diff --git a/bitnami/redis/templates/master/statefulset.yaml b/riftbit/redis/templates/master/statefulset.yaml similarity index 100% rename from bitnami/redis/templates/master/statefulset.yaml rename to riftbit/redis/templates/master/statefulset.yaml diff --git a/bitnami/redis/templates/metrics-svc.yaml b/riftbit/redis/templates/metrics-svc.yaml similarity index 100% rename from bitnami/redis/templates/metrics-svc.yaml rename to riftbit/redis/templates/metrics-svc.yaml diff --git a/bitnami/redis/templates/networkpolicy.yaml b/riftbit/redis/templates/networkpolicy.yaml similarity index 100% rename from bitnami/redis/templates/networkpolicy.yaml rename to riftbit/redis/templates/networkpolicy.yaml diff --git a/bitnami/redis/templates/pdb.yaml b/riftbit/redis/templates/pdb.yaml similarity index 100% rename from bitnami/redis/templates/pdb.yaml rename to riftbit/redis/templates/pdb.yaml diff --git a/bitnami/redis/templates/prometheusrule.yaml b/riftbit/redis/templates/prometheusrule.yaml similarity index 100% rename from bitnami/redis/templates/prometheusrule.yaml rename to riftbit/redis/templates/prometheusrule.yaml diff --git a/bitnami/redis/templates/replicas/hpa.yaml b/riftbit/redis/templates/replicas/hpa.yaml similarity index 100% rename from bitnami/redis/templates/replicas/hpa.yaml rename to riftbit/redis/templates/replicas/hpa.yaml diff --git a/bitnami/redis/templates/replicas/service.yaml b/riftbit/redis/templates/replicas/service.yaml similarity index 100% rename from bitnami/redis/templates/replicas/service.yaml rename to riftbit/redis/templates/replicas/service.yaml diff --git a/bitnami/redis/templates/replicas/statefulset.yaml b/riftbit/redis/templates/replicas/statefulset.yaml similarity index 100% rename from bitnami/redis/templates/replicas/statefulset.yaml rename to riftbit/redis/templates/replicas/statefulset.yaml diff --git a/bitnami/redis/templates/role.yaml b/riftbit/redis/templates/role.yaml similarity index 100% rename from bitnami/redis/templates/role.yaml rename to riftbit/redis/templates/role.yaml diff --git a/bitnami/redis/templates/rolebinding.yaml b/riftbit/redis/templates/rolebinding.yaml similarity index 100% rename from bitnami/redis/templates/rolebinding.yaml rename to riftbit/redis/templates/rolebinding.yaml diff --git a/bitnami/redis/templates/scripts-configmap.yaml b/riftbit/redis/templates/scripts-configmap.yaml similarity index 100% rename from bitnami/redis/templates/scripts-configmap.yaml rename to riftbit/redis/templates/scripts-configmap.yaml diff --git a/bitnami/redis/templates/secret.yaml b/riftbit/redis/templates/secret.yaml similarity index 100% rename from bitnami/redis/templates/secret.yaml rename to riftbit/redis/templates/secret.yaml diff --git a/bitnami/redis/templates/sentinel/hpa.yaml b/riftbit/redis/templates/sentinel/hpa.yaml similarity index 100% rename from bitnami/redis/templates/sentinel/hpa.yaml rename to riftbit/redis/templates/sentinel/hpa.yaml diff --git a/bitnami/redis/templates/sentinel/node-services.yaml b/riftbit/redis/templates/sentinel/node-services.yaml similarity index 100% rename from bitnami/redis/templates/sentinel/node-services.yaml rename to riftbit/redis/templates/sentinel/node-services.yaml diff --git a/bitnami/redis/templates/sentinel/ports-configmap.yaml b/riftbit/redis/templates/sentinel/ports-configmap.yaml similarity index 100% rename from bitnami/redis/templates/sentinel/ports-configmap.yaml rename to riftbit/redis/templates/sentinel/ports-configmap.yaml diff --git a/bitnami/redis/templates/sentinel/service.yaml b/riftbit/redis/templates/sentinel/service.yaml similarity index 100% rename from bitnami/redis/templates/sentinel/service.yaml rename to riftbit/redis/templates/sentinel/service.yaml diff --git a/bitnami/redis/templates/sentinel/statefulset.yaml b/riftbit/redis/templates/sentinel/statefulset.yaml similarity index 100% rename from bitnami/redis/templates/sentinel/statefulset.yaml rename to riftbit/redis/templates/sentinel/statefulset.yaml diff --git a/bitnami/redis/templates/serviceaccount.yaml b/riftbit/redis/templates/serviceaccount.yaml similarity index 100% rename from bitnami/redis/templates/serviceaccount.yaml rename to riftbit/redis/templates/serviceaccount.yaml diff --git a/bitnami/redis/templates/servicemonitor.yaml b/riftbit/redis/templates/servicemonitor.yaml similarity index 100% rename from bitnami/redis/templates/servicemonitor.yaml rename to riftbit/redis/templates/servicemonitor.yaml diff --git a/bitnami/redis/templates/tls-secret.yaml b/riftbit/redis/templates/tls-secret.yaml similarity index 100% rename from bitnami/redis/templates/tls-secret.yaml rename to riftbit/redis/templates/tls-secret.yaml diff --git a/bitnami/redis/values.schema.json b/riftbit/redis/values.schema.json similarity index 100% rename from bitnami/redis/values.schema.json rename to riftbit/redis/values.schema.json diff --git a/bitnami/redis/values.yaml b/riftbit/redis/values.yaml similarity index 100% rename from bitnami/redis/values.yaml rename to riftbit/redis/values.yaml diff --git a/bitnami/memcached/.helmignore b/riftbit/redmine/.helmignore similarity index 100% rename from bitnami/memcached/.helmignore rename to riftbit/redmine/.helmignore diff --git a/bitnami/redmine/Chart.lock b/riftbit/redmine/Chart.lock similarity index 100% rename from bitnami/redmine/Chart.lock rename to riftbit/redmine/Chart.lock diff --git a/bitnami/redmine/Chart.yaml b/riftbit/redmine/Chart.yaml similarity index 100% rename from bitnami/redmine/Chart.yaml rename to riftbit/redmine/Chart.yaml diff --git a/bitnami/redmine/README.md b/riftbit/redmine/README.md similarity index 100% rename from bitnami/redmine/README.md rename to riftbit/redmine/README.md diff --git a/bitnami/joomla/ci/ct-values.yaml b/riftbit/redmine/ci/ct-values.yaml similarity index 100% rename from bitnami/joomla/ci/ct-values.yaml rename to riftbit/redmine/ci/ct-values.yaml diff --git a/bitnami/redmine/templates/NOTES.txt b/riftbit/redmine/templates/NOTES.txt similarity index 100% rename from bitnami/redmine/templates/NOTES.txt rename to riftbit/redmine/templates/NOTES.txt diff --git a/bitnami/redmine/templates/_certificates.tpl b/riftbit/redmine/templates/_certificates.tpl similarity index 100% rename from bitnami/redmine/templates/_certificates.tpl rename to riftbit/redmine/templates/_certificates.tpl diff --git a/bitnami/redmine/templates/_helpers.tpl b/riftbit/redmine/templates/_helpers.tpl similarity index 100% rename from bitnami/redmine/templates/_helpers.tpl rename to riftbit/redmine/templates/_helpers.tpl diff --git a/bitnami/redmine/templates/cronjob.yaml b/riftbit/redmine/templates/cronjob.yaml similarity index 100% rename from bitnami/redmine/templates/cronjob.yaml rename to riftbit/redmine/templates/cronjob.yaml diff --git a/bitnami/redmine/templates/deployment.yaml b/riftbit/redmine/templates/deployment.yaml similarity index 100% rename from bitnami/redmine/templates/deployment.yaml rename to riftbit/redmine/templates/deployment.yaml diff --git a/bitnami/redmine/templates/externaldb-secret.yaml b/riftbit/redmine/templates/externaldb-secret.yaml similarity index 100% rename from bitnami/redmine/templates/externaldb-secret.yaml rename to riftbit/redmine/templates/externaldb-secret.yaml diff --git a/bitnami/minio/templates/extra-list.yaml b/riftbit/redmine/templates/extra-list.yaml similarity index 100% rename from bitnami/minio/templates/extra-list.yaml rename to riftbit/redmine/templates/extra-list.yaml diff --git a/bitnami/redmine/templates/ingress.yaml b/riftbit/redmine/templates/ingress.yaml similarity index 100% rename from bitnami/redmine/templates/ingress.yaml rename to riftbit/redmine/templates/ingress.yaml diff --git a/bitnami/redmine/templates/mail-receiver-configmap.yaml b/riftbit/redmine/templates/mail-receiver-configmap.yaml similarity index 100% rename from bitnami/redmine/templates/mail-receiver-configmap.yaml rename to riftbit/redmine/templates/mail-receiver-configmap.yaml diff --git a/bitnami/redmine/templates/pdb.yaml b/riftbit/redmine/templates/pdb.yaml similarity index 100% rename from bitnami/redmine/templates/pdb.yaml rename to riftbit/redmine/templates/pdb.yaml diff --git a/bitnami/odoo/templates/postinit-configmap.yaml b/riftbit/redmine/templates/postinit-configmap.yaml similarity index 100% rename from bitnami/odoo/templates/postinit-configmap.yaml rename to riftbit/redmine/templates/postinit-configmap.yaml diff --git a/bitnami/redmine/templates/pvc.yaml b/riftbit/redmine/templates/pvc.yaml similarity index 100% rename from bitnami/redmine/templates/pvc.yaml rename to riftbit/redmine/templates/pvc.yaml diff --git a/bitnami/redmine/templates/secrets.yaml b/riftbit/redmine/templates/secrets.yaml similarity index 100% rename from bitnami/redmine/templates/secrets.yaml rename to riftbit/redmine/templates/secrets.yaml diff --git a/bitnami/redmine/templates/serviceaccount.yaml b/riftbit/redmine/templates/serviceaccount.yaml similarity index 100% rename from bitnami/redmine/templates/serviceaccount.yaml rename to riftbit/redmine/templates/serviceaccount.yaml diff --git a/bitnami/redmine/templates/svc.yaml b/riftbit/redmine/templates/svc.yaml similarity index 100% rename from bitnami/redmine/templates/svc.yaml rename to riftbit/redmine/templates/svc.yaml diff --git a/bitnami/redmine/templates/tls-secrets.yaml b/riftbit/redmine/templates/tls-secrets.yaml similarity index 100% rename from bitnami/redmine/templates/tls-secrets.yaml rename to riftbit/redmine/templates/tls-secrets.yaml diff --git a/bitnami/redmine/values.schema.json b/riftbit/redmine/values.schema.json similarity index 100% rename from bitnami/redmine/values.schema.json rename to riftbit/redmine/values.schema.json diff --git a/bitnami/redmine/values.yaml b/riftbit/redmine/values.yaml similarity index 100% rename from bitnami/redmine/values.yaml rename to riftbit/redmine/values.yaml diff --git a/bitnami/solr/Chart.lock b/riftbit/solr/Chart.lock similarity index 100% rename from bitnami/solr/Chart.lock rename to riftbit/solr/Chart.lock diff --git a/bitnami/solr/Chart.yaml b/riftbit/solr/Chart.yaml similarity index 100% rename from bitnami/solr/Chart.yaml rename to riftbit/solr/Chart.yaml diff --git a/bitnami/solr/README.md b/riftbit/solr/README.md similarity index 100% rename from bitnami/solr/README.md rename to riftbit/solr/README.md diff --git a/bitnami/solr/templates/NOTES.txt b/riftbit/solr/templates/NOTES.txt similarity index 100% rename from bitnami/solr/templates/NOTES.txt rename to riftbit/solr/templates/NOTES.txt diff --git a/bitnami/solr/templates/_helpers.tpl b/riftbit/solr/templates/_helpers.tpl similarity index 100% rename from bitnami/solr/templates/_helpers.tpl rename to riftbit/solr/templates/_helpers.tpl diff --git a/bitnami/solr/templates/exporter-deployment.yaml b/riftbit/solr/templates/exporter-deployment.yaml similarity index 100% rename from bitnami/solr/templates/exporter-deployment.yaml rename to riftbit/solr/templates/exporter-deployment.yaml diff --git a/bitnami/solr/templates/exporter-svc.yaml b/riftbit/solr/templates/exporter-svc.yaml similarity index 100% rename from bitnami/solr/templates/exporter-svc.yaml rename to riftbit/solr/templates/exporter-svc.yaml diff --git a/bitnami/solr/templates/extra-list.yaml b/riftbit/solr/templates/extra-list.yaml similarity index 100% rename from bitnami/solr/templates/extra-list.yaml rename to riftbit/solr/templates/extra-list.yaml diff --git a/bitnami/solr/templates/ingress.yaml b/riftbit/solr/templates/ingress.yaml similarity index 100% rename from bitnami/solr/templates/ingress.yaml rename to riftbit/solr/templates/ingress.yaml diff --git a/bitnami/solr/templates/secret.yaml b/riftbit/solr/templates/secret.yaml similarity index 100% rename from bitnami/solr/templates/secret.yaml rename to riftbit/solr/templates/secret.yaml diff --git a/bitnami/solr/templates/service-account.yaml b/riftbit/solr/templates/service-account.yaml similarity index 100% rename from bitnami/solr/templates/service-account.yaml rename to riftbit/solr/templates/service-account.yaml diff --git a/bitnami/solr/templates/statefulset.yaml b/riftbit/solr/templates/statefulset.yaml similarity index 100% rename from bitnami/solr/templates/statefulset.yaml rename to riftbit/solr/templates/statefulset.yaml diff --git a/bitnami/solr/templates/svc-headless.yaml b/riftbit/solr/templates/svc-headless.yaml similarity index 100% rename from bitnami/solr/templates/svc-headless.yaml rename to riftbit/solr/templates/svc-headless.yaml diff --git a/bitnami/solr/templates/svc.yaml b/riftbit/solr/templates/svc.yaml similarity index 100% rename from bitnami/solr/templates/svc.yaml rename to riftbit/solr/templates/svc.yaml diff --git a/bitnami/solr/templates/tls-auto-secrets.yaml b/riftbit/solr/templates/tls-auto-secrets.yaml similarity index 100% rename from bitnami/solr/templates/tls-auto-secrets.yaml rename to riftbit/solr/templates/tls-auto-secrets.yaml diff --git a/bitnami/solr/templates/tls-secrets.yaml b/riftbit/solr/templates/tls-secrets.yaml similarity index 100% rename from bitnami/solr/templates/tls-secrets.yaml rename to riftbit/solr/templates/tls-secrets.yaml diff --git a/bitnami/solr/values.yaml b/riftbit/solr/values.yaml similarity index 100% rename from bitnami/solr/values.yaml rename to riftbit/solr/values.yaml diff --git a/bitnami/metrics-server/.helmignore b/riftbit/spark/.helmignore similarity index 100% rename from bitnami/metrics-server/.helmignore rename to riftbit/spark/.helmignore diff --git a/bitnami/spark/Chart.lock b/riftbit/spark/Chart.lock similarity index 100% rename from bitnami/spark/Chart.lock rename to riftbit/spark/Chart.lock diff --git a/bitnami/spark/Chart.yaml b/riftbit/spark/Chart.yaml similarity index 100% rename from bitnami/spark/Chart.yaml rename to riftbit/spark/Chart.yaml diff --git a/bitnami/spark/README.md b/riftbit/spark/README.md similarity index 100% rename from bitnami/spark/README.md rename to riftbit/spark/README.md diff --git a/bitnami/spark/ci/values-with-ingress-and-autoscaling.yaml b/riftbit/spark/ci/values-with-ingress-and-autoscaling.yaml similarity index 100% rename from bitnami/spark/ci/values-with-ingress-and-autoscaling.yaml rename to riftbit/spark/ci/values-with-ingress-and-autoscaling.yaml diff --git a/bitnami/spark/templates/NOTES.txt b/riftbit/spark/templates/NOTES.txt similarity index 100% rename from bitnami/spark/templates/NOTES.txt rename to riftbit/spark/templates/NOTES.txt diff --git a/bitnami/spark/templates/_helpers.tpl b/riftbit/spark/templates/_helpers.tpl similarity index 100% rename from bitnami/spark/templates/_helpers.tpl rename to riftbit/spark/templates/_helpers.tpl diff --git a/bitnami/mongodb/templates/extra-list.yaml b/riftbit/spark/templates/extra-list.yaml similarity index 100% rename from bitnami/mongodb/templates/extra-list.yaml rename to riftbit/spark/templates/extra-list.yaml diff --git a/bitnami/spark/templates/headless-svc.yaml b/riftbit/spark/templates/headless-svc.yaml similarity index 100% rename from bitnami/spark/templates/headless-svc.yaml rename to riftbit/spark/templates/headless-svc.yaml diff --git a/bitnami/spark/templates/hpa-worker.yaml b/riftbit/spark/templates/hpa-worker.yaml similarity index 100% rename from bitnami/spark/templates/hpa-worker.yaml rename to riftbit/spark/templates/hpa-worker.yaml diff --git a/bitnami/spark/templates/ingress.yaml b/riftbit/spark/templates/ingress.yaml similarity index 100% rename from bitnami/spark/templates/ingress.yaml rename to riftbit/spark/templates/ingress.yaml diff --git a/bitnami/spark/templates/podmonitor.yaml b/riftbit/spark/templates/podmonitor.yaml similarity index 100% rename from bitnami/spark/templates/podmonitor.yaml rename to riftbit/spark/templates/podmonitor.yaml diff --git a/bitnami/spark/templates/prometheusrule.yaml b/riftbit/spark/templates/prometheusrule.yaml similarity index 100% rename from bitnami/spark/templates/prometheusrule.yaml rename to riftbit/spark/templates/prometheusrule.yaml diff --git a/bitnami/spark/templates/secret.yaml b/riftbit/spark/templates/secret.yaml similarity index 100% rename from bitnami/spark/templates/secret.yaml rename to riftbit/spark/templates/secret.yaml diff --git a/bitnami/spark/templates/statefulset-master.yaml b/riftbit/spark/templates/statefulset-master.yaml similarity index 100% rename from bitnami/spark/templates/statefulset-master.yaml rename to riftbit/spark/templates/statefulset-master.yaml diff --git a/bitnami/spark/templates/statefulset-worker.yaml b/riftbit/spark/templates/statefulset-worker.yaml similarity index 100% rename from bitnami/spark/templates/statefulset-worker.yaml rename to riftbit/spark/templates/statefulset-worker.yaml diff --git a/bitnami/spark/templates/svc-master.yaml b/riftbit/spark/templates/svc-master.yaml similarity index 100% rename from bitnami/spark/templates/svc-master.yaml rename to riftbit/spark/templates/svc-master.yaml diff --git a/bitnami/spark/templates/tls-secrets.yaml b/riftbit/spark/templates/tls-secrets.yaml similarity index 100% rename from bitnami/spark/templates/tls-secrets.yaml rename to riftbit/spark/templates/tls-secrets.yaml diff --git a/bitnami/spark/values.yaml b/riftbit/spark/values.yaml similarity index 100% rename from bitnami/spark/values.yaml rename to riftbit/spark/values.yaml diff --git a/bitnami/minio/.helmignore b/riftbit/testlink/.helmignore similarity index 100% rename from bitnami/minio/.helmignore rename to riftbit/testlink/.helmignore diff --git a/bitnami/testlink/Chart.lock b/riftbit/testlink/Chart.lock similarity index 100% rename from bitnami/testlink/Chart.lock rename to riftbit/testlink/Chart.lock diff --git a/bitnami/testlink/Chart.yaml b/riftbit/testlink/Chart.yaml similarity index 100% rename from bitnami/testlink/Chart.yaml rename to riftbit/testlink/Chart.yaml diff --git a/bitnami/testlink/README.md b/riftbit/testlink/README.md similarity index 100% rename from bitnami/testlink/README.md rename to riftbit/testlink/README.md diff --git a/bitnami/keycloak/ci/ct-values.yaml b/riftbit/testlink/ci/ct-values.yaml similarity index 100% rename from bitnami/keycloak/ci/ct-values.yaml rename to riftbit/testlink/ci/ct-values.yaml diff --git a/bitnami/testlink/templates/NOTES.txt b/riftbit/testlink/templates/NOTES.txt similarity index 100% rename from bitnami/testlink/templates/NOTES.txt rename to riftbit/testlink/templates/NOTES.txt diff --git a/bitnami/testlink/templates/_helpers.tpl b/riftbit/testlink/templates/_helpers.tpl similarity index 100% rename from bitnami/testlink/templates/_helpers.tpl rename to riftbit/testlink/templates/_helpers.tpl diff --git a/bitnami/testlink/templates/deployment.yaml b/riftbit/testlink/templates/deployment.yaml similarity index 100% rename from bitnami/testlink/templates/deployment.yaml rename to riftbit/testlink/templates/deployment.yaml diff --git a/bitnami/moodle/templates/externaldb-secrets.yaml b/riftbit/testlink/templates/externaldb-secrets.yaml similarity index 100% rename from bitnami/moodle/templates/externaldb-secrets.yaml rename to riftbit/testlink/templates/externaldb-secrets.yaml diff --git a/bitnami/moodle/templates/extra-list.yaml b/riftbit/testlink/templates/extra-list.yaml similarity index 100% rename from bitnami/moodle/templates/extra-list.yaml rename to riftbit/testlink/templates/extra-list.yaml diff --git a/bitnami/suitecrm/templates/ingress.yaml b/riftbit/testlink/templates/ingress.yaml similarity index 100% rename from bitnami/suitecrm/templates/ingress.yaml rename to riftbit/testlink/templates/ingress.yaml diff --git a/bitnami/testlink/templates/pv.yaml b/riftbit/testlink/templates/pv.yaml similarity index 100% rename from bitnami/testlink/templates/pv.yaml rename to riftbit/testlink/templates/pv.yaml diff --git a/bitnami/testlink/templates/pvc.yaml b/riftbit/testlink/templates/pvc.yaml similarity index 100% rename from bitnami/testlink/templates/pvc.yaml rename to riftbit/testlink/templates/pvc.yaml diff --git a/bitnami/testlink/templates/secrets.yaml b/riftbit/testlink/templates/secrets.yaml similarity index 100% rename from bitnami/testlink/templates/secrets.yaml rename to riftbit/testlink/templates/secrets.yaml diff --git a/bitnami/drupal/templates/svc.yaml b/riftbit/testlink/templates/svc.yaml similarity index 100% rename from bitnami/drupal/templates/svc.yaml rename to riftbit/testlink/templates/svc.yaml diff --git a/bitnami/drupal/templates/tls-secrets.yaml b/riftbit/testlink/templates/tls-secrets.yaml similarity index 100% rename from bitnami/drupal/templates/tls-secrets.yaml rename to riftbit/testlink/templates/tls-secrets.yaml diff --git a/bitnami/testlink/values.yaml b/riftbit/testlink/values.yaml similarity index 100% rename from bitnami/testlink/values.yaml rename to riftbit/testlink/values.yaml diff --git a/riftbit/vertical-pod-autoscaler/Chart.yaml b/riftbit/vertical-pod-autoscaler/Chart.yaml index 9b5b437..b1d49a9 100644 --- a/riftbit/vertical-pod-autoscaler/Chart.yaml +++ b/riftbit/vertical-pod-autoscaler/Chart.yaml @@ -9,5 +9,7 @@ name: vertical-pod-autoscaler version: 3.6.0 dependencies: - name: common - version: 1.7.1 - repository: https://charts.bitnami.com/bitnami/ + repository: https://charts.riftbit.com/ + # tags: + # - riftbit-common + version: 1.x.x diff --git a/riftbit/whoami/Chart.yaml b/riftbit/whoami/Chart.yaml index 2595482..510e86c 100644 --- a/riftbit/whoami/Chart.yaml +++ b/riftbit/whoami/Chart.yaml @@ -7,7 +7,18 @@ maintainers: email: sebastien.prudhomme@gmail.com name: whoami version: 2.6.0 +keywords: + - apache + - airflow + - workflow + - dag dependencies: - name: common - version: 1.7.1 - repository: https://charts.bitnami.com/bitnami/ + repository: https://charts.riftbit.com/ + # tags: + # - riftbit-common + version: 1.x.x + # - condition: redis.enabled + # name: redis + # repository: https://charts.bitnami.com/bitnami + # version: 15.x.x \ No newline at end of file diff --git a/bitnami/mongodb-sharded/.helmignore b/riftbit/wordpress/.helmignore similarity index 100% rename from bitnami/mongodb-sharded/.helmignore rename to riftbit/wordpress/.helmignore diff --git a/bitnami/wordpress/Chart.lock b/riftbit/wordpress/Chart.lock similarity index 100% rename from bitnami/wordpress/Chart.lock rename to riftbit/wordpress/Chart.lock diff --git a/bitnami/wordpress/Chart.yaml b/riftbit/wordpress/Chart.yaml similarity index 100% rename from bitnami/wordpress/Chart.yaml rename to riftbit/wordpress/Chart.yaml diff --git a/bitnami/wordpress/README.md b/riftbit/wordpress/README.md similarity index 100% rename from bitnami/wordpress/README.md rename to riftbit/wordpress/README.md diff --git a/bitnami/moodle/ci/ct-values.yaml b/riftbit/wordpress/ci/ct-values.yaml similarity index 100% rename from bitnami/moodle/ci/ct-values.yaml rename to riftbit/wordpress/ci/ct-values.yaml diff --git a/bitnami/wordpress/ci/ingress-wildcard-values.yaml b/riftbit/wordpress/ci/ingress-wildcard-values.yaml similarity index 100% rename from bitnami/wordpress/ci/ingress-wildcard-values.yaml rename to riftbit/wordpress/ci/ingress-wildcard-values.yaml diff --git a/bitnami/keycloak/ci/values-hpa-pdb.yaml b/riftbit/wordpress/ci/values-hpa-pdb.yaml similarity index 100% rename from bitnami/keycloak/ci/values-hpa-pdb.yaml rename to riftbit/wordpress/ci/values-hpa-pdb.yaml diff --git a/bitnami/wordpress/ci/values-memcached.yaml b/riftbit/wordpress/ci/values-memcached.yaml similarity index 100% rename from bitnami/wordpress/ci/values-memcached.yaml rename to riftbit/wordpress/ci/values-memcached.yaml diff --git a/bitnami/wordpress/ci/values-metrics-and-ingress.yaml b/riftbit/wordpress/ci/values-metrics-and-ingress.yaml similarity index 100% rename from bitnami/wordpress/ci/values-metrics-and-ingress.yaml rename to riftbit/wordpress/ci/values-metrics-and-ingress.yaml diff --git a/bitnami/wordpress/templates/NOTES.txt b/riftbit/wordpress/templates/NOTES.txt similarity index 100% rename from bitnami/wordpress/templates/NOTES.txt rename to riftbit/wordpress/templates/NOTES.txt diff --git a/bitnami/wordpress/templates/_helpers.tpl b/riftbit/wordpress/templates/_helpers.tpl similarity index 100% rename from bitnami/wordpress/templates/_helpers.tpl rename to riftbit/wordpress/templates/_helpers.tpl diff --git a/bitnami/wordpress/templates/config-secret.yaml b/riftbit/wordpress/templates/config-secret.yaml similarity index 100% rename from bitnami/wordpress/templates/config-secret.yaml rename to riftbit/wordpress/templates/config-secret.yaml diff --git a/bitnami/wordpress/templates/deployment.yaml b/riftbit/wordpress/templates/deployment.yaml similarity index 100% rename from bitnami/wordpress/templates/deployment.yaml rename to riftbit/wordpress/templates/deployment.yaml diff --git a/bitnami/wordpress/templates/externaldb-secrets.yaml b/riftbit/wordpress/templates/externaldb-secrets.yaml similarity index 100% rename from bitnami/wordpress/templates/externaldb-secrets.yaml rename to riftbit/wordpress/templates/externaldb-secrets.yaml diff --git a/bitnami/mysql/templates/extra-list.yaml b/riftbit/wordpress/templates/extra-list.yaml similarity index 100% rename from bitnami/mysql/templates/extra-list.yaml rename to riftbit/wordpress/templates/extra-list.yaml diff --git a/bitnami/odoo/templates/hpa.yaml b/riftbit/wordpress/templates/hpa.yaml similarity index 100% rename from bitnami/odoo/templates/hpa.yaml rename to riftbit/wordpress/templates/hpa.yaml diff --git a/bitnami/wordpress/templates/httpd-configmap.yaml b/riftbit/wordpress/templates/httpd-configmap.yaml similarity index 100% rename from bitnami/wordpress/templates/httpd-configmap.yaml rename to riftbit/wordpress/templates/httpd-configmap.yaml diff --git a/bitnami/wordpress/templates/ingress.yaml b/riftbit/wordpress/templates/ingress.yaml similarity index 100% rename from bitnami/wordpress/templates/ingress.yaml rename to riftbit/wordpress/templates/ingress.yaml diff --git a/bitnami/wordpress/templates/metrics-svc.yaml b/riftbit/wordpress/templates/metrics-svc.yaml similarity index 100% rename from bitnami/wordpress/templates/metrics-svc.yaml rename to riftbit/wordpress/templates/metrics-svc.yaml diff --git a/bitnami/odoo/templates/pdb.yaml b/riftbit/wordpress/templates/pdb.yaml similarity index 100% rename from bitnami/odoo/templates/pdb.yaml rename to riftbit/wordpress/templates/pdb.yaml diff --git a/bitnami/wordpress/templates/postinit-configmap.yaml b/riftbit/wordpress/templates/postinit-configmap.yaml similarity index 100% rename from bitnami/wordpress/templates/postinit-configmap.yaml rename to riftbit/wordpress/templates/postinit-configmap.yaml diff --git a/bitnami/wordpress/templates/pvc.yaml b/riftbit/wordpress/templates/pvc.yaml similarity index 100% rename from bitnami/wordpress/templates/pvc.yaml rename to riftbit/wordpress/templates/pvc.yaml diff --git a/bitnami/wordpress/templates/secrets.yaml b/riftbit/wordpress/templates/secrets.yaml similarity index 100% rename from bitnami/wordpress/templates/secrets.yaml rename to riftbit/wordpress/templates/secrets.yaml diff --git a/bitnami/osclass/templates/servicemonitor.yaml b/riftbit/wordpress/templates/servicemonitor.yaml similarity index 100% rename from bitnami/osclass/templates/servicemonitor.yaml rename to riftbit/wordpress/templates/servicemonitor.yaml diff --git a/bitnami/wordpress/templates/svc.yaml b/riftbit/wordpress/templates/svc.yaml similarity index 100% rename from bitnami/wordpress/templates/svc.yaml rename to riftbit/wordpress/templates/svc.yaml diff --git a/bitnami/wordpress/templates/tls-secrets.yaml b/riftbit/wordpress/templates/tls-secrets.yaml similarity index 100% rename from bitnami/wordpress/templates/tls-secrets.yaml rename to riftbit/wordpress/templates/tls-secrets.yaml diff --git a/bitnami/wordpress/values.schema.json b/riftbit/wordpress/values.schema.json similarity index 100% rename from bitnami/wordpress/values.schema.json rename to riftbit/wordpress/values.schema.json diff --git a/bitnami/wordpress/values.yaml b/riftbit/wordpress/values.yaml similarity index 100% rename from bitnami/wordpress/values.yaml rename to riftbit/wordpress/values.yaml diff --git a/bitnami/mongodb/.helmignore b/riftbit/zookeeper/.helmignore similarity index 100% rename from bitnami/mongodb/.helmignore rename to riftbit/zookeeper/.helmignore diff --git a/bitnami/zookeeper/Chart.lock b/riftbit/zookeeper/Chart.lock similarity index 100% rename from bitnami/zookeeper/Chart.lock rename to riftbit/zookeeper/Chart.lock diff --git a/bitnami/zookeeper/Chart.yaml b/riftbit/zookeeper/Chart.yaml similarity index 100% rename from bitnami/zookeeper/Chart.yaml rename to riftbit/zookeeper/Chart.yaml diff --git a/bitnami/zookeeper/README.md b/riftbit/zookeeper/README.md similarity index 100% rename from bitnami/zookeeper/README.md rename to riftbit/zookeeper/README.md diff --git a/bitnami/zookeeper/templates/NOTES.txt b/riftbit/zookeeper/templates/NOTES.txt similarity index 100% rename from bitnami/zookeeper/templates/NOTES.txt rename to riftbit/zookeeper/templates/NOTES.txt diff --git a/bitnami/zookeeper/templates/_helpers.tpl b/riftbit/zookeeper/templates/_helpers.tpl similarity index 100% rename from bitnami/zookeeper/templates/_helpers.tpl rename to riftbit/zookeeper/templates/_helpers.tpl diff --git a/bitnami/zookeeper/templates/configmap.yaml b/riftbit/zookeeper/templates/configmap.yaml similarity index 100% rename from bitnami/zookeeper/templates/configmap.yaml rename to riftbit/zookeeper/templates/configmap.yaml diff --git a/bitnami/nats/templates/extra-list.yaml b/riftbit/zookeeper/templates/extra-list.yaml similarity index 100% rename from bitnami/nats/templates/extra-list.yaml rename to riftbit/zookeeper/templates/extra-list.yaml diff --git a/bitnami/zookeeper/templates/metrics-svc.yaml b/riftbit/zookeeper/templates/metrics-svc.yaml similarity index 100% rename from bitnami/zookeeper/templates/metrics-svc.yaml rename to riftbit/zookeeper/templates/metrics-svc.yaml diff --git a/bitnami/zookeeper/templates/networkpolicy.yaml b/riftbit/zookeeper/templates/networkpolicy.yaml similarity index 100% rename from bitnami/zookeeper/templates/networkpolicy.yaml rename to riftbit/zookeeper/templates/networkpolicy.yaml diff --git a/bitnami/zookeeper/templates/poddisruptionbudget.yaml b/riftbit/zookeeper/templates/poddisruptionbudget.yaml similarity index 100% rename from bitnami/zookeeper/templates/poddisruptionbudget.yaml rename to riftbit/zookeeper/templates/poddisruptionbudget.yaml diff --git a/bitnami/zookeeper/templates/prometheusrules.yaml b/riftbit/zookeeper/templates/prometheusrules.yaml similarity index 100% rename from bitnami/zookeeper/templates/prometheusrules.yaml rename to riftbit/zookeeper/templates/prometheusrules.yaml diff --git a/bitnami/zookeeper/templates/secrets.yaml b/riftbit/zookeeper/templates/secrets.yaml similarity index 100% rename from bitnami/zookeeper/templates/secrets.yaml rename to riftbit/zookeeper/templates/secrets.yaml diff --git a/bitnami/zookeeper/templates/serviceaccount.yaml b/riftbit/zookeeper/templates/serviceaccount.yaml similarity index 100% rename from bitnami/zookeeper/templates/serviceaccount.yaml rename to riftbit/zookeeper/templates/serviceaccount.yaml diff --git a/bitnami/zookeeper/templates/servicemonitor.yaml b/riftbit/zookeeper/templates/servicemonitor.yaml similarity index 100% rename from bitnami/zookeeper/templates/servicemonitor.yaml rename to riftbit/zookeeper/templates/servicemonitor.yaml diff --git a/bitnami/zookeeper/templates/statefulset.yaml b/riftbit/zookeeper/templates/statefulset.yaml similarity index 100% rename from bitnami/zookeeper/templates/statefulset.yaml rename to riftbit/zookeeper/templates/statefulset.yaml diff --git a/bitnami/zookeeper/templates/svc-headless.yaml b/riftbit/zookeeper/templates/svc-headless.yaml similarity index 100% rename from bitnami/zookeeper/templates/svc-headless.yaml rename to riftbit/zookeeper/templates/svc-headless.yaml diff --git a/bitnami/zookeeper/templates/svc.yaml b/riftbit/zookeeper/templates/svc.yaml similarity index 100% rename from bitnami/zookeeper/templates/svc.yaml rename to riftbit/zookeeper/templates/svc.yaml diff --git a/bitnami/zookeeper/templates/tls-secret.yaml b/riftbit/zookeeper/templates/tls-secret.yaml similarity index 100% rename from bitnami/zookeeper/templates/tls-secret.yaml rename to riftbit/zookeeper/templates/tls-secret.yaml diff --git a/bitnami/zookeeper/values.yaml b/riftbit/zookeeper/values.yaml similarity index 100% rename from bitnami/zookeeper/values.yaml rename to riftbit/zookeeper/values.yaml From 60572eb76e4a23048cb3713417d442d186effe8d Mon Sep 17 00:00:00 2001 From: "[riftbit] ErgoZ" Date: Thu, 30 Sep 2021 11:15:04 +0300 Subject: [PATCH 3/9] update deps --- riftbit/common/.helmignore | 22 -- riftbit/common/Chart.yaml | 23 -- riftbit/common/README.md | 327 ------------------ riftbit/common/templates/_affinities.tpl | 102 ------ riftbit/common/templates/_capabilities.tpl | 117 ------- riftbit/common/templates/_errors.tpl | 23 -- riftbit/common/templates/_images.tpl | 75 ---- riftbit/common/templates/_ingress.tpl | 55 --- riftbit/common/templates/_labels.tpl | 18 - riftbit/common/templates/_names.tpl | 52 --- riftbit/common/templates/_secrets.tpl | 129 ------- riftbit/common/templates/_storage.tpl | 23 -- riftbit/common/templates/_tplvalues.tpl | 13 - riftbit/common/templates/_utils.tpl | 62 ---- riftbit/common/templates/_warnings.tpl | 14 - .../templates/validations/_cassandra.tpl | 72 ---- .../common/templates/validations/_mariadb.tpl | 103 ------ .../common/templates/validations/_mongodb.tpl | 108 ------ .../templates/validations/_postgresql.tpl | 131 ------- .../common/templates/validations/_redis.tpl | 76 ---- .../templates/validations/_validations.tpl | 46 --- riftbit/common/values.yaml | 5 - riftbit/kroki/Chart.lock | 8 +- riftbit/kroki/Chart.yaml | 6 +- riftbit/kubebox/Chart.lock | 8 +- riftbit/kubebox/Chart.yaml | 6 +- riftbit/kubeview/Chart.lock | 8 +- riftbit/kubeview/Chart.yaml | 6 +- riftbit/quickchart/Chart.lock | 8 +- riftbit/quickchart/Chart.yaml | 6 +- riftbit/vertical-pod-autoscaler/Chart.lock | 8 +- riftbit/vertical-pod-autoscaler/Chart.yaml | 6 +- riftbit/whoami/Chart.lock | 8 +- riftbit/whoami/Chart.yaml | 12 +- 34 files changed, 43 insertions(+), 1643 deletions(-) delete mode 100644 riftbit/common/.helmignore delete mode 100644 riftbit/common/Chart.yaml delete mode 100644 riftbit/common/README.md delete mode 100644 riftbit/common/templates/_affinities.tpl delete mode 100644 riftbit/common/templates/_capabilities.tpl delete mode 100644 riftbit/common/templates/_errors.tpl delete mode 100644 riftbit/common/templates/_images.tpl delete mode 100644 riftbit/common/templates/_ingress.tpl delete mode 100644 riftbit/common/templates/_labels.tpl delete mode 100644 riftbit/common/templates/_names.tpl delete mode 100644 riftbit/common/templates/_secrets.tpl delete mode 100644 riftbit/common/templates/_storage.tpl delete mode 100644 riftbit/common/templates/_tplvalues.tpl delete mode 100644 riftbit/common/templates/_utils.tpl delete mode 100644 riftbit/common/templates/_warnings.tpl delete mode 100644 riftbit/common/templates/validations/_cassandra.tpl delete mode 100644 riftbit/common/templates/validations/_mariadb.tpl delete mode 100644 riftbit/common/templates/validations/_mongodb.tpl delete mode 100644 riftbit/common/templates/validations/_postgresql.tpl delete mode 100644 riftbit/common/templates/validations/_redis.tpl delete mode 100644 riftbit/common/templates/validations/_validations.tpl delete mode 100644 riftbit/common/values.yaml diff --git a/riftbit/common/.helmignore b/riftbit/common/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/riftbit/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/riftbit/common/Chart.yaml b/riftbit/common/Chart.yaml deleted file mode 100644 index 27fbab8..0000000 --- a/riftbit/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -# Please make sure that version and appVersion are always the same. -appVersion: 1.8.0 -description: A Library Helm Chart for grouping common logic between riftbit charts. This chart is not deployable by itself. -home: https://github.com/riftbit/charts/tree/main/riftbit/common -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: - - common - - helper - - template - - function - - bitnami -maintainers: - - email: containers@bitnami.com - name: Bitnami -name: common -sources: - - https://github.com/riftbit/charts - - https://riftbit.com/ -type: library -version: 1.9.1 diff --git a/riftbit/common/README.md b/riftbit/common/README.md deleted file mode 100644 index d71ce6b..0000000 --- a/riftbit/common/README.md +++ /dev/null @@ -1,327 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 0.x.x - repository: https://charts.riftbit.com/ -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -### Affinities - -| Helper identifier | Description | Expected Input | -|-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | - -### Capabilities - -| Helper identifier | Description | Expected Input | -|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| -| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | -| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | -| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | -| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | -| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for policy | `.` Chart context | -| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | - -### Errors - -| Helper identifier | Description | Expected Input | -|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -### Images - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | -| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | - -### Ingress - -| Helper identifier | Description | Expected Input | -|-------------------------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | -| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | -| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | - -### Labels - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|-------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | - -### Names - -| Helper identifier | Description | Expected Input | -|-------------------------|------------------------------------------------------------|-------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -### Secrets - -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | - -### Storage - -| Helper identifier | Description | Expected Input | -|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -### TplValues - -| Helper identifier | Description | Expected Input | -|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | - -### Utils - -| Helper identifier | Description | Expected Input | -|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | -| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | -| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | - -### Validations - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | -| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | -| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | -| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | - -### Warnings - -| Helper identifier | Description | Expected Input | -|------------------------------|----------------------------------|------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /riftbit - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/riftbit/common/templates/_affinities.tpl b/riftbit/common/templates/_affinities.tpl deleted file mode 100644 index 189ea40..0000000 --- a/riftbit/common/templates/_affinities.tpl +++ /dev/null @@ -1,102 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/riftbit/common/templates/_capabilities.tpl b/riftbit/common/templates/_capabilities.tpl deleted file mode 100644 index ae45d5e..0000000 --- a/riftbit/common/templates/_capabilities.tpl +++ /dev/null @@ -1,117 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for policy. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/riftbit/common/templates/_errors.tpl b/riftbit/common/templates/_errors.tpl deleted file mode 100644 index a79cc2e..0000000 --- a/riftbit/common/templates/_errors.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/riftbit/common/templates/_images.tpl b/riftbit/common/templates/_images.tpl deleted file mode 100644 index 42ffbc7..0000000 --- a/riftbit/common/templates/_images.tpl +++ /dev/null @@ -1,75 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if $registryName }} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- else -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/riftbit/common/templates/_ingress.tpl b/riftbit/common/templates/_ingress.tpl deleted file mode 100644 index f905f20..0000000 --- a/riftbit/common/templates/_ingress.tpl +++ /dev/null @@ -1,55 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} diff --git a/riftbit/common/templates/_labels.tpl b/riftbit/common/templates/_labels.tpl deleted file mode 100644 index 252066c..0000000 --- a/riftbit/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/riftbit/common/templates/_names.tpl b/riftbit/common/templates/_names.tpl deleted file mode 100644 index cf03231..0000000 --- a/riftbit/common/templates/_names.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/riftbit/common/templates/_secrets.tpl b/riftbit/common/templates/_secrets.tpl deleted file mode 100644 index 60b84a7..0000000 --- a/riftbit/common/templates/_secrets.tpl +++ /dev/null @@ -1,129 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- if index $secret.data .key }} - {{- $password = index $secret.data .key }} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/riftbit/common/templates/_storage.tpl b/riftbit/common/templates/_storage.tpl deleted file mode 100644 index 60e2a84..0000000 --- a/riftbit/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/riftbit/common/templates/_tplvalues.tpl b/riftbit/common/templates/_tplvalues.tpl deleted file mode 100644 index 2db1668..0000000 --- a/riftbit/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/riftbit/common/templates/_utils.tpl b/riftbit/common/templates/_utils.tpl deleted file mode 100644 index ea083a2..0000000 --- a/riftbit/common/templates/_utils.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/riftbit/common/templates/_warnings.tpl b/riftbit/common/templates/_warnings.tpl deleted file mode 100644 index ae10fa4..0000000 --- a/riftbit/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/riftbit/common/templates/validations/_cassandra.tpl b/riftbit/common/templates/validations/_cassandra.tpl deleted file mode 100644 index 8679ddf..0000000 --- a/riftbit/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (not $existingSecret) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/riftbit/common/templates/validations/_mariadb.tpl b/riftbit/common/templates/validations/_mariadb.tpl deleted file mode 100644 index bb5ed72..0000000 --- a/riftbit/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (not $existingSecret) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/riftbit/common/templates/validations/_mongodb.tpl b/riftbit/common/templates/validations/_mongodb.tpl deleted file mode 100644 index 1e5bba9..0000000 --- a/riftbit/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/riftbit/common/templates/validations/_postgresql.tpl b/riftbit/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 992bcd3..0000000 --- a/riftbit/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,131 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - - {{- if and (not $existingSecret) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/riftbit/common/templates/validations/_redis.tpl b/riftbit/common/templates/validations/_redis.tpl deleted file mode 100644 index 18d9813..0000000 --- a/riftbit/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,76 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis™ required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (not $existingSecretValue) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/riftbit/common/templates/validations/_validations.tpl b/riftbit/common/templates/validations/_validations.tpl deleted file mode 100644 index 9a814cf..0000000 --- a/riftbit/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/riftbit/common/values.yaml b/riftbit/common/values.yaml deleted file mode 100644 index f2df68e..0000000 --- a/riftbit/common/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/riftbit/kroki/Chart.lock b/riftbit/kroki/Chart.lock index 843057d..d92eec9 100644 --- a/riftbit/kroki/Chart.lock +++ b/riftbit/kroki/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common - repository: https://charts.bitnami.com/bitnami/ - version: 1.7.1 -digest: sha256:40f9bf131e797c2ef880e51b4d481bf7bd1f79980fd288d627ac5be8f0563877 -generated: "2021-07-29T14:25:31.682418653+02:00" + repository: https://charts.bitnami.com/bitnami + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T10:54:54.9688668+03:00" diff --git a/riftbit/kroki/Chart.yaml b/riftbit/kroki/Chart.yaml index 818f67c..dcdecda 100644 --- a/riftbit/kroki/Chart.yaml +++ b/riftbit/kroki/Chart.yaml @@ -12,7 +12,7 @@ sources: version: 1.1.0 dependencies: - name: common - repository: https://charts.riftbit.com/ - # tags: - # - riftbit-common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common version: 1.x.x diff --git a/riftbit/kubebox/Chart.lock b/riftbit/kubebox/Chart.lock index 82584e4..f12a11c 100644 --- a/riftbit/kubebox/Chart.lock +++ b/riftbit/kubebox/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common - repository: https://charts.bitnami.com/bitnami/ - version: 1.7.1 -digest: sha256:40f9bf131e797c2ef880e51b4d481bf7bd1f79980fd288d627ac5be8f0563877 -generated: "2021-07-29T16:19:46.648366134+02:00" + repository: https://charts.bitnami.com/bitnami + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T10:55:34.0496345+03:00" diff --git a/riftbit/kubebox/Chart.yaml b/riftbit/kubebox/Chart.yaml index df8e0a7..0af7566 100644 --- a/riftbit/kubebox/Chart.yaml +++ b/riftbit/kubebox/Chart.yaml @@ -9,7 +9,7 @@ name: kubebox version: 2.7.0 dependencies: - name: common - repository: https://charts.riftbit.com/ - # tags: - # - riftbit-common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common version: 1.x.x diff --git a/riftbit/kubeview/Chart.lock b/riftbit/kubeview/Chart.lock index cff4b72..1dadbc5 100644 --- a/riftbit/kubeview/Chart.lock +++ b/riftbit/kubeview/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common - repository: https://charts.bitnami.com/bitnami/ - version: 1.7.1 -digest: sha256:40f9bf131e797c2ef880e51b4d481bf7bd1f79980fd288d627ac5be8f0563877 -generated: "2021-07-29T16:20:14.894515095+02:00" + repository: https://charts.bitnami.com/bitnami + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T10:55:59.4232092+03:00" diff --git a/riftbit/kubeview/Chart.yaml b/riftbit/kubeview/Chart.yaml index 58a4786..d6d93ce 100644 --- a/riftbit/kubeview/Chart.yaml +++ b/riftbit/kubeview/Chart.yaml @@ -10,7 +10,7 @@ name: kubeview version: 2.6.0 dependencies: - name: common - repository: https://charts.riftbit.com/ - # tags: - # - riftbit-common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common version: 1.x.x diff --git a/riftbit/quickchart/Chart.lock b/riftbit/quickchart/Chart.lock index 843057d..bc841a8 100644 --- a/riftbit/quickchart/Chart.lock +++ b/riftbit/quickchart/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common - repository: https://charts.bitnami.com/bitnami/ - version: 1.7.1 -digest: sha256:40f9bf131e797c2ef880e51b4d481bf7bd1f79980fd288d627ac5be8f0563877 -generated: "2021-07-29T14:25:31.682418653+02:00" + repository: https://charts.bitnami.com/bitnami + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T10:56:12.2011613+03:00" diff --git a/riftbit/quickchart/Chart.yaml b/riftbit/quickchart/Chart.yaml index 48c4254..9d88d76 100644 --- a/riftbit/quickchart/Chart.yaml +++ b/riftbit/quickchart/Chart.yaml @@ -11,7 +11,7 @@ sources: version: 1.1.0 dependencies: - name: common - repository: https://charts.riftbit.com/ - # tags: - # - riftbit-common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common version: 1.x.x diff --git a/riftbit/vertical-pod-autoscaler/Chart.lock b/riftbit/vertical-pod-autoscaler/Chart.lock index 1cff1b0..5d46662 100644 --- a/riftbit/vertical-pod-autoscaler/Chart.lock +++ b/riftbit/vertical-pod-autoscaler/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common - repository: https://charts.bitnami.com/bitnami/ - version: 1.7.1 -digest: sha256:40f9bf131e797c2ef880e51b4d481bf7bd1f79980fd288d627ac5be8f0563877 -generated: "2021-07-29T16:23:56.33242259+02:00" + repository: https://charts.bitnami.com/bitnami + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T10:56:34.2136454+03:00" diff --git a/riftbit/vertical-pod-autoscaler/Chart.yaml b/riftbit/vertical-pod-autoscaler/Chart.yaml index b1d49a9..f12095c 100644 --- a/riftbit/vertical-pod-autoscaler/Chart.yaml +++ b/riftbit/vertical-pod-autoscaler/Chart.yaml @@ -9,7 +9,7 @@ name: vertical-pod-autoscaler version: 3.6.0 dependencies: - name: common - repository: https://charts.riftbit.com/ - # tags: - # - riftbit-common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common version: 1.x.x diff --git a/riftbit/whoami/Chart.lock b/riftbit/whoami/Chart.lock index 843057d..9df3974 100644 --- a/riftbit/whoami/Chart.lock +++ b/riftbit/whoami/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common - repository: https://charts.bitnami.com/bitnami/ - version: 1.7.1 -digest: sha256:40f9bf131e797c2ef880e51b4d481bf7bd1f79980fd288d627ac5be8f0563877 -generated: "2021-07-29T14:25:31.682418653+02:00" + repository: https://charts.bitnami.com/bitnami + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T10:56:51.1162373+03:00" diff --git a/riftbit/whoami/Chart.yaml b/riftbit/whoami/Chart.yaml index 510e86c..49e2291 100644 --- a/riftbit/whoami/Chart.yaml +++ b/riftbit/whoami/Chart.yaml @@ -14,11 +14,7 @@ keywords: - dag dependencies: - name: common - repository: https://charts.riftbit.com/ - # tags: - # - riftbit-common - version: 1.x.x - # - condition: redis.enabled - # name: redis - # repository: https://charts.bitnami.com/bitnami - # version: 15.x.x \ No newline at end of file + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x \ No newline at end of file From 984824a29ed7d39100e44548751cfeec2a614ba6 Mon Sep 17 00:00:00 2001 From: "[riftbit] ErgoZ" Date: Thu, 30 Sep 2021 11:30:50 +0300 Subject: [PATCH 4/9] update deps --- riftbit/kroki/Chart.yaml | 6 +++--- riftbit/kubebox/Chart.yaml | 6 +++--- riftbit/kubeview/Chart.yaml | 4 ++-- riftbit/mongodb-sharded/Chart.yaml | 3 +-- riftbit/quickchart/Chart.yaml | 2 +- riftbit/vertical-pod-autoscaler/Chart.yaml | 2 +- riftbit/whoami/Chart.yaml | 2 +- 7 files changed, 12 insertions(+), 13 deletions(-) diff --git a/riftbit/kroki/Chart.yaml b/riftbit/kroki/Chart.yaml index dcdecda..8764cfe 100644 --- a/riftbit/kroki/Chart.yaml +++ b/riftbit/kroki/Chart.yaml @@ -9,10 +9,10 @@ maintainers: name: kroki sources: - https://github.com/yuzutech/kroki -version: 1.1.0 +version: 1.1.1 dependencies: - name: common repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common + # tags: + # - bitnami-common version: 1.x.x diff --git a/riftbit/kubebox/Chart.yaml b/riftbit/kubebox/Chart.yaml index 0af7566..831ff5e 100644 --- a/riftbit/kubebox/Chart.yaml +++ b/riftbit/kubebox/Chart.yaml @@ -6,10 +6,10 @@ maintainers: - name: sebastien-prudhomme email: sebastien.prudhomme@gmail.com name: kubebox -version: 2.7.0 +version: 2.7.1 dependencies: - name: common repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common + # tags: + # - bitnami-common version: 1.x.x diff --git a/riftbit/kubeview/Chart.yaml b/riftbit/kubeview/Chart.yaml index d6d93ce..ae23d46 100644 --- a/riftbit/kubeview/Chart.yaml +++ b/riftbit/kubeview/Chart.yaml @@ -11,6 +11,6 @@ version: 2.6.0 dependencies: - name: common repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common + # tags: + # - bitnami-common version: 1.x.x diff --git a/riftbit/mongodb-sharded/Chart.yaml b/riftbit/mongodb-sharded/Chart.yaml index 2983ce8..2fea0e8 100644 --- a/riftbit/mongodb-sharded/Chart.yaml +++ b/riftbit/mongodb-sharded/Chart.yaml @@ -26,5 +26,4 @@ name: mongodb-sharded sources: - https://github.com/bitnami/bitnami-docker-mongodb-sharded - https://mongodb.org -version: 3.9.7 - +version: 3.9.7 \ No newline at end of file diff --git a/riftbit/quickchart/Chart.yaml b/riftbit/quickchart/Chart.yaml index 9d88d76..1bb64a5 100644 --- a/riftbit/quickchart/Chart.yaml +++ b/riftbit/quickchart/Chart.yaml @@ -8,7 +8,7 @@ maintainers: name: quickchart sources: - https://github.com/typpo/quickchart -version: 1.1.0 +version: 1.1.1 dependencies: - name: common repository: https://charts.bitnami.com/bitnami diff --git a/riftbit/vertical-pod-autoscaler/Chart.yaml b/riftbit/vertical-pod-autoscaler/Chart.yaml index f12095c..43e68d2 100644 --- a/riftbit/vertical-pod-autoscaler/Chart.yaml +++ b/riftbit/vertical-pod-autoscaler/Chart.yaml @@ -6,7 +6,7 @@ maintainers: - name: sebastien-prudhomme email: sebastien.prudhomme@gmail.com name: vertical-pod-autoscaler -version: 3.6.0 +version: 3.6.1 dependencies: - name: common repository: https://charts.bitnami.com/bitnami diff --git a/riftbit/whoami/Chart.yaml b/riftbit/whoami/Chart.yaml index 49e2291..3f051cb 100644 --- a/riftbit/whoami/Chart.yaml +++ b/riftbit/whoami/Chart.yaml @@ -6,7 +6,7 @@ maintainers: - name: sebastien-prudhomme email: sebastien.prudhomme@gmail.com name: whoami -version: 2.6.0 +version: 2.6.1 keywords: - apache - airflow From 20923ccb8df4469dd5ecf238ba129ea2cceacd63 Mon Sep 17 00:00:00 2001 From: "[riftbit] ErgoZ" Date: Thu, 30 Sep 2021 11:32:49 +0300 Subject: [PATCH 5/9] update deps --- riftbit/quickchart/Chart.yaml | 4 ++-- riftbit/vertical-pod-autoscaler/Chart.yaml | 4 ++-- riftbit/whoami/Chart.yaml | 10 ++++------ 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/riftbit/quickchart/Chart.yaml b/riftbit/quickchart/Chart.yaml index 1bb64a5..ce454bd 100644 --- a/riftbit/quickchart/Chart.yaml +++ b/riftbit/quickchart/Chart.yaml @@ -12,6 +12,6 @@ version: 1.1.1 dependencies: - name: common repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common + # tags: + # - bitnami-common version: 1.x.x diff --git a/riftbit/vertical-pod-autoscaler/Chart.yaml b/riftbit/vertical-pod-autoscaler/Chart.yaml index 43e68d2..b79a689 100644 --- a/riftbit/vertical-pod-autoscaler/Chart.yaml +++ b/riftbit/vertical-pod-autoscaler/Chart.yaml @@ -10,6 +10,6 @@ version: 3.6.1 dependencies: - name: common repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common + # tags: + # - bitnami-common version: 1.x.x diff --git a/riftbit/whoami/Chart.yaml b/riftbit/whoami/Chart.yaml index 3f051cb..188ec66 100644 --- a/riftbit/whoami/Chart.yaml +++ b/riftbit/whoami/Chart.yaml @@ -8,13 +8,11 @@ maintainers: name: whoami version: 2.6.1 keywords: - - apache - - airflow - - workflow - - dag + - golang + - whoami dependencies: - name: common repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common + # tags: + # - bitnami-common version: 1.x.x \ No newline at end of file From f3f8ffb3143d2449139475c78d98a3749d714dc5 Mon Sep 17 00:00:00 2001 From: "[riftbit] ErgoZ" Date: Thu, 30 Sep 2021 12:11:55 +0300 Subject: [PATCH 6/9] update all deps --- riftbit/airflow/Chart.lock | 10 +++++----- riftbit/argo-cd/Chart.lock | 8 ++++---- riftbit/cassandra/Chart.lock | 6 +++--- riftbit/concourse/Chart.lock | 8 ++++---- riftbit/discourse/Chart.lock | 10 +++++----- riftbit/elasticsearch/Chart.lock | 6 +++--- riftbit/fluentd/Chart.lock | 6 +++--- riftbit/grafana-tempo/Chart.lock | 8 ++++---- riftbit/haproxy/Chart.lock | 6 +++--- riftbit/harbor/Chart.lock | 8 ++++---- riftbit/jupyterhub/Chart.lock | 6 +++--- riftbit/kafka/Chart.lock | 8 ++++---- riftbit/keycloak/Chart.lock | 8 ++++---- riftbit/kroki/Chart.lock | 4 ++-- riftbit/kubebox/Chart.lock | 4 ++-- riftbit/kubeview/Chart.lock | 4 ++-- riftbit/mariadb/Chart.lock | 6 +++--- riftbit/mediawiki/Chart.lock | 6 +++--- riftbit/mongodb-sharded/Chart.lock | 6 +++--- riftbit/mongodb/Chart.lock | 6 +++--- riftbit/oauth2-proxy/Chart.lock | 6 +++--- riftbit/owncloud/Chart.lock | 8 ++++---- riftbit/parse/Chart.lock | 8 ++++---- riftbit/postgresql-ha/Chart.lock | 6 +++--- riftbit/postgresql/Chart.lock | 6 +++--- riftbit/quickchart/Chart.lock | 4 ++-- riftbit/rabbitmq-cluster-operator/Chart.lock | 6 +++--- riftbit/redmine/Chart.lock | 6 +++--- riftbit/solr/Chart.lock | 6 +++--- riftbit/testlink/Chart.lock | 6 +++--- riftbit/vertical-pod-autoscaler/Chart.lock | 4 ++-- riftbit/whoami/Chart.lock | 4 ++-- riftbit/wordpress/Chart.lock | 6 +++--- update_helm_deps.sh | 3 +++ 34 files changed, 108 insertions(+), 105 deletions(-) create mode 100644 update_helm_deps.sh diff --git a/riftbit/airflow/Chart.lock b/riftbit/airflow/Chart.lock index ff1f79c..9663055 100644 --- a/riftbit/airflow/Chart.lock +++ b/riftbit/airflow/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 + version: 1.9.1 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.10.1 + version: 10.12.0 - name: redis repository: https://charts.bitnami.com/bitnami - version: 15.3.2 -digest: sha256:9f5ba58c8d1906903cac12a48a93a1febf1c4bb3d399171c67606fe80d3e24ae -generated: "2021-09-21T08:09:32.50609853Z" + version: 15.4.0 +digest: sha256:0f5afa0e3765ddf9e735eb279e5428527bb8e356a3239d0ee2d2c35cc57a5422 +generated: "2021-09-30T12:03:01.3638757+03:00" diff --git a/riftbit/argo-cd/Chart.lock b/riftbit/argo-cd/Chart.lock index 1eba5af..c2d21ca 100644 --- a/riftbit/argo-cd/Chart.lock +++ b/riftbit/argo-cd/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: redis repository: https://charts.bitnami.com/bitnami - version: 15.3.2 + version: 15.4.0 - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:92515e65ce24a2e89e7459be66746a4c826c45efa46b4932084aea6cf52bffcf -generated: "2021-09-21T08:08:58.821321755Z" + version: 1.9.1 +digest: sha256:0a678e2a9414540f17988b66a0391ae167032d2d6c180a6960ab3d352ee958ff +generated: "2021-09-30T12:03:11.2879845+03:00" diff --git a/riftbit/cassandra/Chart.lock b/riftbit/cassandra/Chart.lock index afc02f4..63cb72d 100644 --- a/riftbit/cassandra/Chart.lock +++ b/riftbit/cassandra/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.8.0 -digest: sha256:3e342a25057f87853e52d83e1d14e6d8727c15fd85aaae22e7594489cc129f15 -generated: "2021-08-06T18:58:14.307407912Z" + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T12:03:19.2793163+03:00" diff --git a/riftbit/concourse/Chart.lock b/riftbit/concourse/Chart.lock index 29c01c5..d938167 100644 --- a/riftbit/concourse/Chart.lock +++ b/riftbit/concourse/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.10.1 + version: 10.12.0 - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:d62c0a5d46e6495a7e965ad97397814bb6afd35e878eec0feca5803400750579 -generated: "2021-09-17T08:11:28.729750562Z" + version: 1.9.1 +digest: sha256:d78e32c5932203219d18551358c2caff1ca8e3201e6769e91d54860ad1fcd41c +generated: "2021-09-30T12:03:34.1806766+03:00" diff --git a/riftbit/discourse/Chart.lock b/riftbit/discourse/Chart.lock index 646b57f..21c6daf 100644 --- a/riftbit/discourse/Chart.lock +++ b/riftbit/discourse/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 + version: 1.9.1 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.9.5 + version: 10.12.0 - name: redis repository: https://charts.bitnami.com/bitnami - version: 15.3.2 -digest: sha256:d4fc883fdd4e28968b597ba75b8639f8d20d51f84bc4a78f1ee54492e1e01a4a -generated: "2021-09-14T16:28:51.355454292+02:00" + version: 15.4.0 +digest: sha256:015d0f28591a8e515a01fc393275bfb9605423fe90169e815548d9b593bd54f9 +generated: "2021-09-30T12:03:51.6665415+03:00" diff --git a/riftbit/elasticsearch/Chart.lock b/riftbit/elasticsearch/Chart.lock index ba16134..9b47c0b 100644 --- a/riftbit/elasticsearch/Chart.lock +++ b/riftbit/elasticsearch/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 + version: 1.9.1 - name: kibana repository: https://charts.bitnami.com/bitnami version: 9.0.4 -digest: sha256:34e997a627c890cc498cd59bd3c904a4694cb0220e5f3228a516b498e54b473d -generated: "2021-09-22T04:55:56.733843312Z" +digest: sha256:045a7911591b02d1d680bfce05bb4ce71ac333caecc2fc1d235d7323053287ad +generated: "2021-09-30T12:04:09.9302921+03:00" diff --git a/riftbit/fluentd/Chart.lock b/riftbit/fluentd/Chart.lock index b4b7d91..3de5a54 100644 --- a/riftbit/fluentd/Chart.lock +++ b/riftbit/fluentd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.8.0 -digest: sha256:3e342a25057f87853e52d83e1d14e6d8727c15fd85aaae22e7594489cc129f15 -generated: "2021-08-25T06:35:54.412994649Z" + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T12:04:24.7628067+03:00" diff --git a/riftbit/grafana-tempo/Chart.lock b/riftbit/grafana-tempo/Chart.lock index 301672b..541eb92 100644 --- a/riftbit/grafana-tempo/Chart.lock +++ b/riftbit/grafana-tempo/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 + version: 1.9.1 - name: memcached repository: https://charts.bitnami.com/bitnami - version: 5.14.2 -digest: sha256:00fa6d4cde065231c35332ea4c6d75a94c0a23858442b05bb804503d6a27e1c4 -generated: "2021-09-14T20:29:29.080042192Z" + version: 5.15.3 +digest: sha256:6d1da49792eb33e974e26a54febfc65da91e1ef6cbcf203964a9c874c5e2f15f +generated: "2021-09-30T12:04:43.1205117+03:00" diff --git a/riftbit/haproxy/Chart.lock b/riftbit/haproxy/Chart.lock index 6973f70..ec967a5 100644 --- a/riftbit/haproxy/Chart.lock +++ b/riftbit/haproxy/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.8.0 -digest: sha256:3e342a25057f87853e52d83e1d14e6d8727c15fd85aaae22e7594489cc129f15 -generated: "2021-08-24T08:53:27.44635875Z" + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T12:04:51.0128526+03:00" diff --git a/riftbit/harbor/Chart.lock b/riftbit/harbor/Chart.lock index 2b79ac8..280b331 100644 --- a/riftbit/harbor/Chart.lock +++ b/riftbit/harbor/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.10.2 + version: 10.12.0 - name: redis repository: https://charts.bitnami.com/bitnami - version: 15.3.2 + version: 15.4.0 - name: common repository: https://charts.bitnami.com/bitnami version: 1.9.1 -digest: sha256:f1075b43e79afb769a06a12c90f11e975ecbf4d463dbd236dcef4a83a1f5e85b -generated: "2021-09-24T08:47:20.392368581Z" +digest: sha256:62147034f6f9e9ad972ba40b27f44bf45a106e0a9056d9daa1145ca4e31bf157 +generated: "2021-09-30T12:04:59.5535102+03:00" diff --git a/riftbit/jupyterhub/Chart.lock b/riftbit/jupyterhub/Chart.lock index 4e731f0..ce19b3c 100644 --- a/riftbit/jupyterhub/Chart.lock +++ b/riftbit/jupyterhub/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 1.9.1 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.10.3 -digest: sha256:f9dcc8938476b08dcabcd286ac359ebae3ebf9f560d688fcd17e3ab4deed113d -generated: "2021-09-24T20:35:42.627329509Z" + version: 10.12.0 +digest: sha256:9af42cc669be67df36c6330603507ad6fa3448922aa3ad6c7bf1131f137bc112 +generated: "2021-09-30T12:05:16.9608547+03:00" diff --git a/riftbit/kafka/Chart.lock b/riftbit/kafka/Chart.lock index 07ce135..ad8f351 100644 --- a/riftbit/kafka/Chart.lock +++ b/riftbit/kafka/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 + version: 1.9.1 - name: zookeeper repository: https://charts.bitnami.com/bitnami - version: 7.4.3 -digest: sha256:04be6ad537edd9714c0ab4512d8f046b3c84f3b7fdf383911002784d8e4e4417 -generated: "2021-09-21T11:31:56.224966163Z" + version: 7.4.5 +digest: sha256:d506acc4fd1a7d187a200c4973fe72ab0be01e6913f757e888b5dc715dd83b3e +generated: "2021-09-30T12:05:25.7576246+03:00" diff --git a/riftbit/keycloak/Chart.lock b/riftbit/keycloak/Chart.lock index 8be5125..2c8fbf0 100644 --- a/riftbit/keycloak/Chart.lock +++ b/riftbit/keycloak/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.8.0 + version: 1.9.1 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.9.5 -digest: sha256:8bd7414347de5ca50108cb48c76ab4b2b3ba37103aa7863d7d3d6144a94393b8 -generated: "2021-09-10T16:53:34.527900169Z" + version: 10.12.0 +digest: sha256:9af42cc669be67df36c6330603507ad6fa3448922aa3ad6c7bf1131f137bc112 +generated: "2021-09-30T12:05:34.7676421+03:00" diff --git a/riftbit/kroki/Chart.lock b/riftbit/kroki/Chart.lock index d92eec9..c0c3c15 100644 --- a/riftbit/kroki/Chart.lock +++ b/riftbit/kroki/Chart.lock @@ -2,5 +2,5 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-30T10:54:54.9688668+03:00" +digest: sha256:8a8276a6b1caee47f6ecb4670f36c971608dd14eb92ef9e0ef6455000a5eb32f +generated: "2021-09-30T12:05:44.8296728+03:00" diff --git a/riftbit/kubebox/Chart.lock b/riftbit/kubebox/Chart.lock index f12a11c..7365d73 100644 --- a/riftbit/kubebox/Chart.lock +++ b/riftbit/kubebox/Chart.lock @@ -2,5 +2,5 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-30T10:55:34.0496345+03:00" +digest: sha256:8a8276a6b1caee47f6ecb4670f36c971608dd14eb92ef9e0ef6455000a5eb32f +generated: "2021-09-30T12:05:52.7171363+03:00" diff --git a/riftbit/kubeview/Chart.lock b/riftbit/kubeview/Chart.lock index 1dadbc5..84ba585 100644 --- a/riftbit/kubeview/Chart.lock +++ b/riftbit/kubeview/Chart.lock @@ -2,5 +2,5 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-30T10:55:59.4232092+03:00" +digest: sha256:8a8276a6b1caee47f6ecb4670f36c971608dd14eb92ef9e0ef6455000a5eb32f +generated: "2021-09-30T12:06:07.8350051+03:00" diff --git a/riftbit/mariadb/Chart.lock b/riftbit/mariadb/Chart.lock index f119e8a..750df97 100644 --- a/riftbit/mariadb/Chart.lock +++ b/riftbit/mariadb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.8.0 -digest: sha256:3e342a25057f87853e52d83e1d14e6d8727c15fd85aaae22e7594489cc129f15 -generated: "2021-08-06T19:32:50.791244428Z" + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T12:06:22.9145763+03:00" diff --git a/riftbit/mediawiki/Chart.lock b/riftbit/mediawiki/Chart.lock index 7b64fe7..603b786 100644 --- a/riftbit/mediawiki/Chart.lock +++ b/riftbit/mediawiki/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 + version: 1.9.1 - name: mariadb repository: https://charts.bitnami.com/bitnami version: 9.6.0 -digest: sha256:63bbe03c333e1efc5947c50e14587dd855f79e28a46f3c18c26f6cdc65c6a8c1 -generated: "2021-09-21T13:12:09.650108616Z" +digest: sha256:6ecb148d500188b64d8f93c72553b045285436e33bf149d5dfeb8a48ccd959cc +generated: "2021-09-30T12:06:38.1295278+03:00" diff --git a/riftbit/mongodb-sharded/Chart.lock b/riftbit/mongodb-sharded/Chart.lock index 5657af9..6e046ed 100644 --- a/riftbit/mongodb-sharded/Chart.lock +++ b/riftbit/mongodb-sharded/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:6d608d323ac01a7950ba64fa7caf4169a5d9d33e442c99e23e123caaf303b6b9 -generated: "2021-09-14T08:51:22.228078747Z" + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T12:07:07.5378403+03:00" diff --git a/riftbit/mongodb/Chart.lock b/riftbit/mongodb/Chart.lock index 99eb1f6..85cb842 100644 --- a/riftbit/mongodb/Chart.lock +++ b/riftbit/mongodb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:6d608d323ac01a7950ba64fa7caf4169a5d9d33e442c99e23e123caaf303b6b9 -generated: "2021-09-19T22:13:28.506841911Z" + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T12:07:00.6392643+03:00" diff --git a/riftbit/oauth2-proxy/Chart.lock b/riftbit/oauth2-proxy/Chart.lock index 46e07a1..b255ec2 100644 --- a/riftbit/oauth2-proxy/Chart.lock +++ b/riftbit/oauth2-proxy/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 1.9.1 - name: redis repository: https://charts.bitnami.com/bitnami - version: 15.3.2 -digest: sha256:39ce2804ab080171cc522e479376e52204e6a289c17811365ae4e92a41d59d91 -generated: "2021-09-24T08:09:45.160907084Z" + version: 15.4.0 +digest: sha256:be43a1c821fe081f5c15d740752d6d5b2160abe47289a0568891151a09ec0bb6 +generated: "2021-09-30T12:07:32.2444765+03:00" diff --git a/riftbit/owncloud/Chart.lock b/riftbit/owncloud/Chart.lock index 641ea05..39c06d0 100644 --- a/riftbit/owncloud/Chart.lock +++ b/riftbit/owncloud/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.8.0 + version: 1.9.1 - name: mariadb repository: https://charts.bitnami.com/bitnami - version: 9.5.1 -digest: sha256:d5874bb7c47e257d64cd80adac77306170ac2c6b1fb4433bbfe5612281298a24 -generated: "2021-09-10T07:24:25.576014111Z" + version: 9.6.0 +digest: sha256:d203c868eb6f9eccc0719e9ce3d4045453fb0ec0bb0bec6f7b696dde997fa166 +generated: "2021-09-30T12:07:41.3627748+03:00" diff --git a/riftbit/parse/Chart.lock b/riftbit/parse/Chart.lock index e34e1ec..a1bfff7 100644 --- a/riftbit/parse/Chart.lock +++ b/riftbit/parse/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mongodb repository: https://charts.bitnami.com/bitnami - version: 10.25.1 + version: 10.26.4 - name: common repository: https://charts.bitnami.com/bitnami - version: 1.8.0 -digest: sha256:b4008b8ee4426acc96150691a915738f968a4fc18cd3c66b783b26dd9048a26e -generated: "2021-09-02T14:07:36.942066685Z" + version: 1.9.1 +digest: sha256:3657f207a16da61a3cb65b1c29ca1baaba350d0d687ef25e81811d5a9d1f06a2 +generated: "2021-09-30T12:07:51.1268656+03:00" diff --git a/riftbit/postgresql-ha/Chart.lock b/riftbit/postgresql-ha/Chart.lock index 8aff910..b2efceb 100644 --- a/riftbit/postgresql-ha/Chart.lock +++ b/riftbit/postgresql-ha/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:2ab90797d3abadfe7fb488bbb56908fe1ab4b246efe60295f3c740394202211c -generated: "2021-09-15T23:14:01.005097262Z" + version: 1.9.1 +digest: sha256:8a8276a6b1caee47f6ecb4670f36c971608dd14eb92ef9e0ef6455000a5eb32f +generated: "2021-09-30T12:08:15.6239305+03:00" diff --git a/riftbit/postgresql/Chart.lock b/riftbit/postgresql/Chart.lock index ccbe0f0..9033d02 100644 --- a/riftbit/postgresql/Chart.lock +++ b/riftbit/postgresql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:2ab90797d3abadfe7fb488bbb56908fe1ab4b246efe60295f3c740394202211c -generated: "2021-09-15T22:46:34.401413473Z" + version: 1.9.1 +digest: sha256:8a8276a6b1caee47f6ecb4670f36c971608dd14eb92ef9e0ef6455000a5eb32f +generated: "2021-09-30T12:08:08.5354274+03:00" diff --git a/riftbit/quickchart/Chart.lock b/riftbit/quickchart/Chart.lock index bc841a8..29d2f9f 100644 --- a/riftbit/quickchart/Chart.lock +++ b/riftbit/quickchart/Chart.lock @@ -2,5 +2,5 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-30T10:56:12.2011613+03:00" +digest: sha256:8a8276a6b1caee47f6ecb4670f36c971608dd14eb92ef9e0ef6455000a5eb32f +generated: "2021-09-30T12:08:22.6168842+03:00" diff --git a/riftbit/rabbitmq-cluster-operator/Chart.lock b/riftbit/rabbitmq-cluster-operator/Chart.lock index 96a9dcf..2bf0ed7 100644 --- a/riftbit/rabbitmq-cluster-operator/Chart.lock +++ b/riftbit/rabbitmq-cluster-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami - version: 1.8.0 -digest: sha256:3e342a25057f87853e52d83e1d14e6d8727c15fd85aaae22e7594489cc129f15 -generated: "2021-08-19T14:57:54.74705+02:00" + version: 1.9.1 +digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f +generated: "2021-09-30T12:08:36.580413+03:00" diff --git a/riftbit/redmine/Chart.lock b/riftbit/redmine/Chart.lock index 1cb654e..82d2e8d 100644 --- a/riftbit/redmine/Chart.lock +++ b/riftbit/redmine/Chart.lock @@ -7,6 +7,6 @@ dependencies: version: 9.6.0 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 10.10.3 -digest: sha256:23c630fe65f498b7baa095c31a683f32a78f006f048a356a14590aa4bf7420a8 -generated: "2021-09-25T12:13:05.43671905Z" + version: 10.12.0 +digest: sha256:8ea5c31f0d73cb1b75a205328a72c44a4bd75766d46b9a91de833fa040e28800 +generated: "2021-09-30T12:08:58.9191866+03:00" diff --git a/riftbit/solr/Chart.lock b/riftbit/solr/Chart.lock index 661a13a..098a337 100644 --- a/riftbit/solr/Chart.lock +++ b/riftbit/solr/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: zookeeper repository: https://charts.bitnami.com/bitnami - version: 7.4.4 + version: 7.4.5 - name: common repository: https://charts.bitnami.com/bitnami version: 1.9.1 -digest: sha256:0c1dc78472a59f23f409397a9b2eeecc5f745840f0722d08392a0d100404f87f -generated: "2021-09-24T22:23:19.7964205Z" +digest: sha256:37e1615467de81a108bd4019362d35f033545232af849a943abc7f8a6da21a9b +generated: "2021-09-30T12:09:10.4248036+03:00" diff --git a/riftbit/testlink/Chart.lock b/riftbit/testlink/Chart.lock index 8d3b436..6564753 100644 --- a/riftbit/testlink/Chart.lock +++ b/riftbit/testlink/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 9.6.0 - name: common repository: https://charts.bitnami.com/bitnami - version: 1.9.0 -digest: sha256:5a71c7f947d927eb5575be42d8d44de25e82b3cd371d4b175b237767ef363e5f -generated: "2021-09-21T13:15:55.148904827Z" + version: 1.9.1 +digest: sha256:6d618e256ecb1deea43a6ed15deee9d170e1161e7f94f2b43e2c9da68cb9165d +generated: "2021-09-30T12:09:26.147631+03:00" diff --git a/riftbit/vertical-pod-autoscaler/Chart.lock b/riftbit/vertical-pod-autoscaler/Chart.lock index 5d46662..ff76e93 100644 --- a/riftbit/vertical-pod-autoscaler/Chart.lock +++ b/riftbit/vertical-pod-autoscaler/Chart.lock @@ -2,5 +2,5 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-30T10:56:34.2136454+03:00" +digest: sha256:8a8276a6b1caee47f6ecb4670f36c971608dd14eb92ef9e0ef6455000a5eb32f +generated: "2021-09-30T12:09:34.8142027+03:00" diff --git a/riftbit/whoami/Chart.lock b/riftbit/whoami/Chart.lock index 9df3974..ad8d2a6 100644 --- a/riftbit/whoami/Chart.lock +++ b/riftbit/whoami/Chart.lock @@ -2,5 +2,5 @@ dependencies: - name: common repository: https://charts.bitnami.com/bitnami version: 1.9.1 -digest: sha256:75c2f378a4570f47cbb3c98b6f1d29d1145e5a92bf2970a5d06c32575bfe266f -generated: "2021-09-30T10:56:51.1162373+03:00" +digest: sha256:8a8276a6b1caee47f6ecb4670f36c971608dd14eb92ef9e0ef6455000a5eb32f +generated: "2021-09-30T12:09:41.7859314+03:00" diff --git a/riftbit/wordpress/Chart.lock b/riftbit/wordpress/Chart.lock index 65fcb97..0e6dac6 100644 --- a/riftbit/wordpress/Chart.lock +++ b/riftbit/wordpress/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 9.6.0 - name: memcached repository: https://charts.bitnami.com/bitnami - version: 5.15.1 + version: 5.15.3 - name: common repository: https://charts.bitnami.com/bitnami version: 1.9.1 -digest: sha256:e4610a10040e335781fe14c9aa5f2955515da01856bc746ea2e9e0a3045a923f -generated: "2021-09-23T08:22:02.655023638Z" +digest: sha256:44060b33e026f1c2c8c83f53cdcb611bf7e5cd4566abde9d7d9446890b121cd9 +generated: "2021-09-30T12:09:50.5028699+03:00" diff --git a/update_helm_deps.sh b/update_helm_deps.sh new file mode 100644 index 0000000..cb788c0 --- /dev/null +++ b/update_helm_deps.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +for chartDir in `find ./riftbit -type d -maxdepth 1`; do helm dependency update "$chartDir"; done \ No newline at end of file From b4ffb72432613e84f85d81a861a358624038d427 Mon Sep 17 00:00:00 2001 From: "[riftbit] ErgoZ" Date: Thu, 30 Sep 2021 12:16:12 +0300 Subject: [PATCH 7/9] update all deps --- .github/workflows/checklist.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/checklist.yml b/.github/workflows/checklist.yml index e99b3b6..53c681f 100644 --- a/.github/workflows/checklist.yml +++ b/.github/workflows/checklist.yml @@ -9,6 +9,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v1 + - name: Checklist uses: wyozi/contextual-qa-checklist-action@master with: From 800eddd0f3534aa6af15cc4e8775e0326f351419 Mon Sep 17 00:00:00 2001 From: "[riftbit] ErgoZ" Date: Thu, 30 Sep 2021 12:16:54 +0300 Subject: [PATCH 8/9] update all deps --- riftbit/mongodb-sharded/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/riftbit/mongodb-sharded/Chart.yaml b/riftbit/mongodb-sharded/Chart.yaml index 2fea0e8..79cf78d 100644 --- a/riftbit/mongodb-sharded/Chart.yaml +++ b/riftbit/mongodb-sharded/Chart.yaml @@ -26,4 +26,4 @@ name: mongodb-sharded sources: - https://github.com/bitnami/bitnami-docker-mongodb-sharded - https://mongodb.org -version: 3.9.7 \ No newline at end of file +version: 3.9.7 From c3ecb1c8d31429ecd867a4a20db4155e38f9057d Mon Sep 17 00:00:00 2001 From: "[riftbit] ErgoZ" Date: Thu, 30 Sep 2021 13:01:42 +0300 Subject: [PATCH 9/9] update charts --- riftbit/kubeview/Chart.yaml | 2 +- riftbit/whoami/Chart.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/riftbit/kubeview/Chart.yaml b/riftbit/kubeview/Chart.yaml index ae23d46..c84847a 100644 --- a/riftbit/kubeview/Chart.yaml +++ b/riftbit/kubeview/Chart.yaml @@ -7,7 +7,7 @@ maintainers: - name: sebastien-prudhomme email: sebastien.prudhomme@gmail.com name: kubeview -version: 2.6.0 +version: 2.6.1 dependencies: - name: common repository: https://charts.bitnami.com/bitnami diff --git a/riftbit/whoami/Chart.yaml b/riftbit/whoami/Chart.yaml index 188ec66..3ae2313 100644 --- a/riftbit/whoami/Chart.yaml +++ b/riftbit/whoami/Chart.yaml @@ -6,7 +6,7 @@ maintainers: - name: sebastien-prudhomme email: sebastien.prudhomme@gmail.com name: whoami -version: 2.6.1 +version: 2.6.2 keywords: - golang - whoami @@ -15,4 +15,4 @@ dependencies: repository: https://charts.bitnami.com/bitnami # tags: # - bitnami-common - version: 1.x.x \ No newline at end of file + version: 1.x.x