From 5aacd18c2fbdba8d1c1897ab6e357df365c37f27 Mon Sep 17 00:00:00 2001 From: Hritik Batra Date: Mon, 14 Oct 2024 11:53:01 +0530 Subject: [PATCH 01/10] Add commit since 4.0.0 tag to CHANGELOG.md --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e85823067..03defb4e8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # Changelog All releases and the changes included in them (pulled from git commits added since last release) will be detailed in this file. +### Improvements +- d289c927 Making CAPI Cluster App's default values file compatible with the optional customerid feature +- 64f72b7b Make customerid optional in CAPI Cluster Helm values +- 9d18cb83 add/renamed the references and links to kubeaid +- 618f0bf3 Add support for storage blob network rules +- 261f66a1 enable azure policy + ## 4.0.0 ### Major Version Upgrades - Updated redmine from version 29.0.6 to 30.0.0 From 6cc2d67bf6729e23ccfbf1c9b8cef47c0d779ff9 Mon Sep 17 00:00:00 2001 From: Hritik Batra Date: Mon, 14 Oct 2024 11:55:59 +0530 Subject: [PATCH 02/10] [CI] Helm Chart Update cert-manager --- CHANGELOG.md | 8 +++++ argocd-helm-charts/cert-manager/Chart.lock | 6 ++-- argocd-helm-charts/cert-manager/Chart.yaml | 2 +- .../charts/cert-manager/Chart.yaml | 4 +-- .../charts/cert-manager/README.md | 28 +++++++++------ .../charts/cert-manager/values.schema.json | 34 +++++++++---------- .../charts/cert-manager/values.yaml | 18 ++++++++-- 7 files changed, 63 insertions(+), 37 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 03defb4e8..82799818a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,14 @@ # Changelog All releases and the changes included in them (pulled from git commits added since last release) will be detailed in this file. +## 2024-10-14 +### Major Version Upgrades %%^^ + +### Minor Version Upgrades %%^^ + +### Patch Version Upgrades %%^^ +- Updated cert-manager from version v1.16.0 to v1.16.1 + ### Improvements - d289c927 Making CAPI Cluster App's default values file compatible with the optional customerid feature - 64f72b7b Make customerid optional in CAPI Cluster Helm values diff --git a/argocd-helm-charts/cert-manager/Chart.lock b/argocd-helm-charts/cert-manager/Chart.lock index 6c2c21db9..3ffaa4f5d 100644 --- a/argocd-helm-charts/cert-manager/Chart.lock +++ b/argocd-helm-charts/cert-manager/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: cert-manager repository: https://charts.jetstack.io - version: v1.16.0 -digest: sha256:59590787a7a7a4b4e15c20af04b03933ad00feff48bc38a8cdbf17a5f058e020 -generated: "2024-10-07T12:44:46.13298375+05:30" + version: v1.16.1 +digest: sha256:acc54fab005ee9c02db144f1c4e91a248365095beed99bd4b1f07f8fcebec562 +generated: "2024-10-14T11:55:26.738972182+05:30" diff --git a/argocd-helm-charts/cert-manager/Chart.yaml b/argocd-helm-charts/cert-manager/Chart.yaml index c1969e746..5cd007e1e 100644 --- a/argocd-helm-charts/cert-manager/Chart.yaml +++ b/argocd-helm-charts/cert-manager/Chart.yaml @@ -4,5 +4,5 @@ version: 1.6.1 # see latest chart here: https://artifacthub.io/packages/search?org=cert-manager dependencies: - name: cert-manager - version: v1.16.0 + version: v1.16.1 repository: https://charts.jetstack.io diff --git a/argocd-helm-charts/cert-manager/charts/cert-manager/Chart.yaml b/argocd-helm-charts/cert-manager/charts/cert-manager/Chart.yaml index 57faae977..01d0c1d30 100644 --- a/argocd-helm-charts/cert-manager/charts/cert-manager/Chart.yaml +++ b/argocd-helm-charts/cert-manager/charts/cert-manager/Chart.yaml @@ -6,7 +6,7 @@ annotations: fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg apiVersion: v2 -appVersion: v1.16.0 +appVersion: v1.16.1 description: A Helm chart for cert-manager home: https://cert-manager.io icon: https://raw.githubusercontent.com/cert-manager/community/4d35a69437d21b76322157e6284be4cd64e6d2b7/logo/logo-small.png @@ -23,4 +23,4 @@ maintainers: name: cert-manager sources: - https://github.com/cert-manager/cert-manager -version: v1.16.0 +version: v1.16.1 diff --git a/argocd-helm-charts/cert-manager/charts/cert-manager/README.md b/argocd-helm-charts/cert-manager/charts/cert-manager/README.md index 23572846b..4064f9e04 100644 --- a/argocd-helm-charts/cert-manager/charts/cert-manager/README.md +++ b/argocd-helm-charts/cert-manager/charts/cert-manager/README.md @@ -19,7 +19,7 @@ Before installing the chart, you must first install the cert-manager CustomResou This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources. ```bash -$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.0/cert-manager.crds.yaml +$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.crds.yaml ``` To install the chart with the release name `cert-manager`: @@ -29,7 +29,7 @@ To install the chart with the release name `cert-manager`: $ helm repo add jetstack https://charts.jetstack.io --force-update ## Install the cert-manager helm chart -$ helm install cert-manager --namespace cert-manager --version v1.16.0 jetstack/cert-manager +$ helm install cert-manager --namespace cert-manager --version v1.16.1 jetstack/cert-manager ``` In order to begin issuing certificates, you will need to set up a ClusterIssuer @@ -65,7 +65,7 @@ If you want to completely uninstall cert-manager from your cluster, you will als delete the previously installed CustomResourceDefinition resources: ```console -$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.0/cert-manager.crds.yaml +$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.crds.yaml ``` ## Configuration @@ -228,15 +228,17 @@ Enable or disable the PodDisruptionBudget resource. This prevents downtime during voluntary disruptions such as during a Node upgrade. For example, the PodDisruptionBudget will block `kubectl drain` if it is used on the Node where the only remaining cert-manager Pod is currently running. -#### **podDisruptionBudget.minAvailable** ~ `number` +#### **podDisruptionBudget.minAvailable** ~ `unknown` This configures the minimum available pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). It cannot be used if `maxUnavailable` is set. -#### **podDisruptionBudget.maxUnavailable** ~ `number` + +#### **podDisruptionBudget.maxUnavailable** ~ `unknown` This configures the maximum unavailable pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). it cannot be used if `minAvailable` is set. + #### **featureGates** ~ `string` > Default value: > ```yaml @@ -952,16 +954,18 @@ Enable or disable the PodDisruptionBudget resource. This prevents downtime during voluntary disruptions such as during a Node upgrade. For example, the PodDisruptionBudget will block `kubectl drain` if it is used on the Node where the only remaining cert-manager Pod is currently running. -#### **webhook.podDisruptionBudget.minAvailable** ~ `number` +#### **webhook.podDisruptionBudget.minAvailable** ~ `unknown` This property configures the minimum available pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). It cannot be used if `maxUnavailable` is set. -#### **webhook.podDisruptionBudget.maxUnavailable** ~ `number` + +#### **webhook.podDisruptionBudget.maxUnavailable** ~ `unknown` This property configures the maximum unavailable pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). It cannot be used if `minAvailable` is set. + #### **webhook.deploymentAnnotations** ~ `object` Optional additional annotations to add to the webhook Deployment. @@ -1210,7 +1214,7 @@ If not set and create is true, a name is generated using the fullname template. #### **webhook.serviceAccount.annotations** ~ `object` -Optional additional annotations to add to the controller's Service Account. +Optional additional annotations to add to the webhook's Service Account. #### **webhook.serviceAccount.labels** ~ `object` @@ -1422,18 +1426,20 @@ Enable or disable the PodDisruptionBudget resource. This prevents downtime during voluntary disruptions such as during a Node upgrade. For example, the PodDisruptionBudget will block `kubectl drain` if it is used on the Node where the only remaining cert-manager Pod is currently running. -#### **cainjector.podDisruptionBudget.minAvailable** ~ `number` +#### **cainjector.podDisruptionBudget.minAvailable** ~ `unknown` `minAvailable` configures the minimum available pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). Cannot be used if `maxUnavailable` is set. -#### **cainjector.podDisruptionBudget.maxUnavailable** ~ `number` + +#### **cainjector.podDisruptionBudget.maxUnavailable** ~ `unknown` `maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). Cannot be used if `minAvailable` is set. + #### **cainjector.deploymentAnnotations** ~ `object` Optional additional annotations to add to the cainjector Deployment. @@ -1614,7 +1620,7 @@ If not set and create is true, a name is generated using the fullname template #### **cainjector.serviceAccount.annotations** ~ `object` -Optional additional annotations to add to the controller's Service Account. +Optional additional annotations to add to the cainjector's Service Account. #### **cainjector.serviceAccount.labels** ~ `object` diff --git a/argocd-helm-charts/cert-manager/charts/cert-manager/values.schema.json b/argocd-helm-charts/cert-manager/charts/cert-manager/values.schema.json index 312eccf4a..d04da90c2 100644 --- a/argocd-helm-charts/cert-manager/charts/cert-manager/values.schema.json +++ b/argocd-helm-charts/cert-manager/charts/cert-manager/values.schema.json @@ -51,6 +51,9 @@ "enableServiceLinks": { "$ref": "#/$defs/helm-values.enableServiceLinks" }, + "enabled": { + "$ref": "#/$defs/helm-values.enabled" + }, "extraArgs": { "$ref": "#/$defs/helm-values.extraArgs" }, @@ -458,12 +461,10 @@ "type": "boolean" }, "helm-values.cainjector.podDisruptionBudget.maxUnavailable": { - "description": "`maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to\nan integer (e.g. 1) or a percentage value (e.g. 25%).\nCannot be used if `minAvailable` is set.", - "type": "number" + "description": "`maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to\nan integer (e.g. 1) or a percentage value (e.g. 25%).\nCannot be used if `minAvailable` is set." }, "helm-values.cainjector.podDisruptionBudget.minAvailable": { - "description": "`minAvailable` configures the minimum available pods for disruptions. It can either be set to\nan integer (e.g. 1) or a percentage value (e.g. 25%).\nCannot be used if `maxUnavailable` is set.", - "type": "number" + "description": "`minAvailable` configures the minimum available pods for disruptions. It can either be set to\nan integer (e.g. 1) or a percentage value (e.g. 25%).\nCannot be used if `maxUnavailable` is set." }, "helm-values.cainjector.podLabels": { "default": {}, @@ -512,7 +513,7 @@ "type": "object" }, "helm-values.cainjector.serviceAccount.annotations": { - "description": "Optional additional annotations to add to the controller's Service Account.", + "description": "Optional additional annotations to add to the cainjector's Service Account.", "type": "object" }, "helm-values.cainjector.serviceAccount.automountServiceAccountToken": { @@ -650,6 +651,11 @@ "description": "enableServiceLinks indicates whether information about services should be injected into the pod's environment variables, matching the syntax of Docker links.", "type": "boolean" }, + "helm-values.enabled": { + "default": true, + "description": "Field that can be used as a condition when cert-manager is a dependency. This definition is only here as a placeholder such that it is included in the json schema. See https://helm.sh/docs/chart_best_practices/dependencies/#conditions-and-tags for more info.", + "type": "boolean" + }, "helm-values.extraArgs": { "default": [], "description": "Additional command line flags to pass to cert-manager controller binary. To see all available flags run `docker run quay.io/jetstack/cert-manager-controller: --help`.\n\nUse this flag to enable or disable arbitrary controllers. For example, to disable the CertificateRequests approver.\n\nFor example:\nextraArgs:\n - --controllers=*,-certificaterequests-approver", @@ -678,7 +684,6 @@ "type": "string" }, "helm-values.global": { - "additionalProperties": false, "description": "Global values shared across all (sub)charts", "properties": { "commonLabels": { @@ -720,7 +725,6 @@ "type": "array" }, "helm-values.global.leaderElection": { - "additionalProperties": false, "properties": { "leaseDuration": { "$ref": "#/$defs/helm-values.global.leaderElection.leaseDuration" @@ -760,7 +764,6 @@ "type": "number" }, "helm-values.global.podSecurityPolicy": { - "additionalProperties": false, "properties": { "enabled": { "$ref": "#/$defs/helm-values.global.podSecurityPolicy.enabled" @@ -787,7 +790,6 @@ "type": "string" }, "helm-values.global.rbac": { - "additionalProperties": false, "properties": { "aggregateClusterRoles": { "$ref": "#/$defs/helm-values.global.rbac.aggregateClusterRoles" @@ -963,12 +965,10 @@ "type": "boolean" }, "helm-values.podDisruptionBudget.maxUnavailable": { - "description": "This configures the maximum unavailable pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). it cannot be used if `minAvailable` is set.", - "type": "number" + "description": "This configures the maximum unavailable pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%). it cannot be used if `minAvailable` is set." }, "helm-values.podDisruptionBudget.minAvailable": { - "description": "This configures the minimum available pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).\nIt cannot be used if `maxUnavailable` is set.", - "type": "number" + "description": "This configures the minimum available pods for disruptions. It can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).\nIt cannot be used if `maxUnavailable` is set." }, "helm-values.podDnsConfig": { "description": "Pod DNS configuration. The podDnsConfig field is optional and can work with any podDnsPolicy settings. However, when a Pod's dnsPolicy is set to \"None\", the dnsConfig field has to be specified. For more information, see [Pod's DNS Config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config).", @@ -1948,12 +1948,10 @@ "type": "boolean" }, "helm-values.webhook.podDisruptionBudget.maxUnavailable": { - "description": "This property configures the maximum unavailable pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).\nIt cannot be used if `minAvailable` is set.", - "type": "number" + "description": "This property configures the maximum unavailable pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).\nIt cannot be used if `minAvailable` is set." }, "helm-values.webhook.podDisruptionBudget.minAvailable": { - "description": "This property configures the minimum available pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).\nIt cannot be used if `maxUnavailable` is set.", - "type": "number" + "description": "This property configures the minimum available pods for disruptions. Can either be set to an integer (e.g. 1) or a percentage value (e.g. 25%).\nIt cannot be used if `maxUnavailable` is set." }, "helm-values.webhook.podLabels": { "default": {}, @@ -2018,7 +2016,7 @@ "type": "object" }, "helm-values.webhook.serviceAccount.annotations": { - "description": "Optional additional annotations to add to the controller's Service Account.", + "description": "Optional additional annotations to add to the webhook's Service Account.", "type": "object" }, "helm-values.webhook.serviceAccount.automountServiceAccountToken": { diff --git a/argocd-helm-charts/cert-manager/charts/cert-manager/values.yaml b/argocd-helm-charts/cert-manager/charts/cert-manager/values.yaml index 3aae36713..7a1c29530 100644 --- a/argocd-helm-charts/cert-manager/charts/cert-manager/values.yaml +++ b/argocd-helm-charts/cert-manager/charts/cert-manager/values.yaml @@ -120,12 +120,14 @@ podDisruptionBudget: # an integer (e.g. 1) or a percentage value (e.g. 25%). # It cannot be used if `maxUnavailable` is set. # +docs:property + # +docs:type=unknown # minAvailable: 1 # This configures the maximum unavailable pods for disruptions. It can either be set to # an integer (e.g. 1) or a percentage value (e.g. 25%). # it cannot be used if `minAvailable` is set. # +docs:property + # +docs:type=unknown # maxUnavailable: 1 # A comma-separated list of feature gates that should be enabled on the @@ -697,12 +699,14 @@ webhook: # an integer (e.g. 1) or a percentage value (e.g. 25%). # It cannot be used if `maxUnavailable` is set. # +docs:property + # +docs:type=unknown # minAvailable: 1 # This property configures the maximum unavailable pods for disruptions. Can either be set to # an integer (e.g. 1) or a percentage value (e.g. 25%). # It cannot be used if `minAvailable` is set. # +docs:property + # +docs:type=unknown # maxUnavailable: 1 # Optional additional annotations to add to the webhook Deployment. @@ -886,7 +890,7 @@ webhook: # +docs:property # name: "" - # Optional additional annotations to add to the controller's Service Account. + # Optional additional annotations to add to the webhook's Service Account. # +docs:property # annotations: {} @@ -1062,12 +1066,14 @@ cainjector: # an integer (e.g. 1) or a percentage value (e.g. 25%). # Cannot be used if `maxUnavailable` is set. # +docs:property + # +docs:type=unknown # minAvailable: 1 # `maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to # an integer (e.g. 1) or a percentage value (e.g. 25%). # Cannot be used if `minAvailable` is set. # +docs:property + # +docs:type=unknown # maxUnavailable: 1 # Optional additional annotations to add to the cainjector Deployment. @@ -1193,7 +1199,7 @@ cainjector: # +docs:property # name: "" - # Optional additional annotations to add to the controller's Service Account. + # Optional additional annotations to add to the cainjector's Service Account. # +docs:property # annotations: {} @@ -1439,3 +1445,11 @@ extraObjects: [] # the static YAML manifests. # +docs:hidden creator: "helm" + +# Field that can be used as a condition when cert-manager is a dependency. +# This definition is only here as a placeholder such that it is included in +# the json schema. +# See https://helm.sh/docs/chart_best_practices/dependencies/#conditions-and-tags +# for more info. +# +docs:hidden +enabled: true From c4bc0ea1b08e042ff9d755c68473241bdb438cd1 Mon Sep 17 00:00:00 2001 From: Hritik Batra Date: Mon, 14 Oct 2024 11:57:49 +0530 Subject: [PATCH 03/10] [CI] Helm Chart Update cluster-api --- CHANGELOG.md | 1 + argocd-helm-charts/cluster-api/Chart.lock | 6 +++--- argocd-helm-charts/cluster-api/Chart.yaml | 2 +- .../cluster-api/charts/cluster-api-operator/Chart.yaml | 4 ++-- .../charts/cluster-api-operator/templates/addon.yaml | 4 ++-- .../charts/cluster-api-operator/templates/bootstrap.yaml | 4 ++-- .../cluster-api-operator/templates/control-plane.yaml | 4 ++-- .../cluster-api-operator/templates/core-conditions.yaml | 4 ++-- .../charts/cluster-api-operator/templates/core.yaml | 4 ++-- .../charts/cluster-api-operator/templates/deployment.yaml | 3 +++ .../cluster-api-operator/templates/infra-conditions.yaml | 8 ++++---- .../charts/cluster-api-operator/templates/infra.yaml | 4 ++-- .../templates/operator-components.yaml | 7 ------- .../cluster-api/charts/cluster-api-operator/values.yaml | 3 ++- 14 files changed, 28 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 82799818a..846099747 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ All releases and the changes included in them (pulled from git commits added sin ### Major Version Upgrades %%^^ ### Minor Version Upgrades %%^^ +- Updated cluster-api-operator from version 0.13.0 to 0.14.0 ### Patch Version Upgrades %%^^ - Updated cert-manager from version v1.16.0 to v1.16.1 diff --git a/argocd-helm-charts/cluster-api/Chart.lock b/argocd-helm-charts/cluster-api/Chart.lock index 8593aba02..bcbc31147 100644 --- a/argocd-helm-charts/cluster-api/Chart.lock +++ b/argocd-helm-charts/cluster-api/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: cluster-api-operator repository: https://kubernetes-sigs.github.io/cluster-api-operator - version: 0.13.0 -digest: sha256:20f8790067f1d193cde769f65ec1bb2fe483568489b8bbd6764fa017e55734d4 -generated: "2024-09-09T13:53:01.734340698+05:30" + version: 0.14.0 +digest: sha256:6676fd5d872f9fade692fb142096059a78fca059a5478b94c8045124dba74d29 +generated: "2024-10-14T11:57:32.949792972+05:30" diff --git a/argocd-helm-charts/cluster-api/Chart.yaml b/argocd-helm-charts/cluster-api/Chart.yaml index 2a5640ddf..a2297e935 100644 --- a/argocd-helm-charts/cluster-api/Chart.yaml +++ b/argocd-helm-charts/cluster-api/Chart.yaml @@ -3,5 +3,5 @@ name: cluster-api version: 1.0.0 dependencies: - name: cluster-api-operator - version: 0.13.0 + version: 0.14.0 repository: https://kubernetes-sigs.github.io/cluster-api-operator diff --git a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/Chart.yaml b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/Chart.yaml index bf8208804..e37968c61 100644 --- a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/Chart.yaml +++ b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 0.13.0 +appVersion: 0.14.0 description: Cluster API Operator name: cluster-api-operator type: application -version: 0.13.0 +version: 0.14.0 diff --git a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/addon.yaml b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/addon.yaml index 9095368cd..c571b60aa 100644 --- a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/addon.yaml +++ b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/addon.yaml @@ -26,7 +26,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" "argocd.argoproj.io/sync-wave": "1" name: {{ $addonNamespace }} @@ -37,7 +37,7 @@ metadata: name: {{ $addonName }} namespace: {{ $addonNamespace }} annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" "argocd.argoproj.io/sync-wave": "2" {{- if or $addonVersion $.Values.secretName }} diff --git a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/bootstrap.yaml b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/bootstrap.yaml index a1634ee89..69a930f2a 100644 --- a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/bootstrap.yaml +++ b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/bootstrap.yaml @@ -26,7 +26,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" name: {{ $bootstrapNamespace }} --- @@ -36,7 +36,7 @@ metadata: name: {{ $bootstrapName }} namespace: {{ $bootstrapNamespace }} annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" {{- if or $bootstrapVersion $.Values.configSecret.name }} spec: diff --git a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/control-plane.yaml b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/control-plane.yaml index b7cec76d5..d48e0c269 100644 --- a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/control-plane.yaml +++ b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/control-plane.yaml @@ -26,7 +26,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" name: {{ $controlPlaneNamespace }} --- @@ -36,7 +36,7 @@ metadata: name: {{ $controlPlaneName }} namespace: {{ $controlPlaneNamespace }} annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" {{- if or $controlPlaneVersion $.Values.configSecret.name }} spec: diff --git a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/core-conditions.yaml b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/core-conditions.yaml index 7bba5953f..bb396a24b 100644 --- a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/core-conditions.yaml +++ b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/core-conditions.yaml @@ -6,7 +6,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" name: capi-system --- @@ -16,7 +16,7 @@ metadata: name: cluster-api namespace: capi-system annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" {{- with .Values.configSecret }} spec: diff --git a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/core.yaml b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/core.yaml index 013a2ef0b..2d0d8b76c 100644 --- a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/core.yaml +++ b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/core.yaml @@ -25,7 +25,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" name: {{ $coreNamespace }} --- @@ -35,7 +35,7 @@ metadata: name: {{ $coreName }} namespace: {{ $coreNamespace }} annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" "argocd.argoproj.io/sync-wave": "2" {{- if or $coreVersion $.Values.configSecret.name }} diff --git a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/deployment.yaml b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/deployment.yaml index 312693ea7..7e6939365 100644 --- a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/deployment.yaml +++ b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/deployment.yaml @@ -74,6 +74,9 @@ spec: {{- if .Values.insecureDiagnostics }} - --insecure-diagnostics={{ .Values.insecureDiagnostics }} {{- end }} + {{- if .Values.watchConfigSecret }} + - --watch-configsecret + {{- end }} {{- with .Values.leaderElection }} - --leader-elect={{ .enabled }} {{- if .leaseDuration }} diff --git a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/infra-conditions.yaml b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/infra-conditions.yaml index 3c3a8a753..cede0bbc6 100644 --- a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/infra-conditions.yaml +++ b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/infra-conditions.yaml @@ -7,7 +7,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" "argocd.argoproj.io/sync-wave": "1" name: capi-kubeadm-bootstrap-system @@ -18,7 +18,7 @@ metadata: name: kubeadm namespace: capi-kubeadm-bootstrap-system annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" "argocd.argoproj.io/sync-wave": "2" {{- with .Values.configSecret }} @@ -37,7 +37,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" "argocd.argoproj.io/sync-wave": "1" name: capi-kubeadm-control-plane-system @@ -48,7 +48,7 @@ metadata: name: kubeadm namespace: capi-kubeadm-control-plane-system annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" "argocd.argoproj.io/sync-wave": "2" {{- with .Values.configSecret }} diff --git a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/infra.yaml b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/infra.yaml index 4b4621e21..269bffd13 100644 --- a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/infra.yaml +++ b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/infra.yaml @@ -26,7 +26,7 @@ apiVersion: v1 kind: Namespace metadata: annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" "argocd.argoproj.io/sync-wave": "1" name: {{ $infrastructureNamespace }} @@ -37,7 +37,7 @@ metadata: name: {{ $infrastructureName }} namespace: {{ $infrastructureNamespace }} annotations: - "helm.sh/hook": "post-install" + "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" "argocd.argoproj.io/sync-wave": "2" {{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} diff --git a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/operator-components.yaml b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/operator-components.yaml index c5ccd2e74..e3a4f165e 100644 --- a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/operator-components.yaml +++ b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/templates/operator-components.yaml @@ -13,7 +13,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -3023,7 +3022,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -7618,7 +7616,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -12216,7 +12213,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -16811,7 +16807,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -21409,7 +21404,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' @@ -24419,7 +24413,6 @@ spec: strategy: Webhook webhook: clientConfig: - caBundle: Cg== service: name: capi-operator-webhook-service namespace: '{{ .Release.Namespace }}' diff --git a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/values.yaml b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/values.yaml index 847d65c63..99721f142 100644 --- a/argocd-helm-charts/cluster-api/charts/cluster-api-operator/values.yaml +++ b/argocd-helm-charts/cluster-api/charts/cluster-api-operator/values.yaml @@ -19,7 +19,7 @@ leaderElection: image: manager: repository: registry.k8s.io/capi-operator/cluster-api-operator - tag: v0.13.0 + tag: v0.14.0 pullPolicy: IfNotPresent env: manager: [] @@ -27,6 +27,7 @@ healthAddr: ":8081" metricsBindAddr: "127.0.0.1:8080" diagnosticsAddress: "8443" insecureDiagnostics: false +watchConfigSecret: false imagePullSecrets: {} resources: manager: From d3faf82322110edf84572e8cdf910f4871237222 Mon Sep 17 00:00:00 2001 From: Hritik Batra Date: Mon, 14 Oct 2024 12:02:11 +0530 Subject: [PATCH 04/10] [CI] Helm Chart Update k8s-event-logger --- CHANGELOG.md | 1 + argocd-helm-charts/k8s-event-logger/Chart.lock | 6 +++--- argocd-helm-charts/k8s-event-logger/Chart.yaml | 2 +- .../k8s-event-logger/charts/k8s-event-logger/Chart.yaml | 2 +- .../k8s-event-logger/charts/k8s-event-logger/README.md | 3 ++- .../charts/k8s-event-logger/templates/deployment.yaml | 4 ++++ .../k8s-event-logger/charts/k8s-event-logger/values.yaml | 1 + 7 files changed, 13 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 846099747..ebaf50911 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ All releases and the changes included in them (pulled from git commits added sin - Updated cluster-api-operator from version 0.13.0 to 0.14.0 ### Patch Version Upgrades %%^^ +- Updated k8s-event-logger from version 1.1.7 to 1.1.8 - Updated cert-manager from version v1.16.0 to v1.16.1 ### Improvements diff --git a/argocd-helm-charts/k8s-event-logger/Chart.lock b/argocd-helm-charts/k8s-event-logger/Chart.lock index dd443809a..d6ce71f16 100644 --- a/argocd-helm-charts/k8s-event-logger/Chart.lock +++ b/argocd-helm-charts/k8s-event-logger/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: k8s-event-logger repository: https://charts.deliveryhero.io/ - version: 1.1.7 -digest: sha256:7e4a88244ec3e5fe68fe79769f8cbd6c98ee4a20517b4ccbb9af5ccd96acf5a6 -generated: "2024-09-30T20:29:51.961764611+05:30" + version: 1.1.8 +digest: sha256:53608860c3bdc96ba60b0e7ea1743b1d0a8fb135c310a29ca23255e16609a986 +generated: "2024-10-14T12:01:38.294741736+05:30" diff --git a/argocd-helm-charts/k8s-event-logger/Chart.yaml b/argocd-helm-charts/k8s-event-logger/Chart.yaml index 6dccbbb48..f63539412 100644 --- a/argocd-helm-charts/k8s-event-logger/Chart.yaml +++ b/argocd-helm-charts/k8s-event-logger/Chart.yaml @@ -3,5 +3,5 @@ name: k8s-event-logger version: 1.0.0 dependencies: - name: k8s-event-logger - version: "1.1.7" + version: "1.1.8" repository: https://charts.deliveryhero.io/ diff --git a/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/Chart.yaml b/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/Chart.yaml index 532f3c3ed..3de7a176f 100644 --- a/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/Chart.yaml +++ b/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/Chart.yaml @@ -23,4 +23,4 @@ maintainers: name: k8s-event-logger sources: - https://github.com/max-rocket-internet/k8s-event-logger -version: 1.1.7 +version: 1.1.8 diff --git a/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/README.md b/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/README.md index a09fab466..ff8f6663e 100644 --- a/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/README.md +++ b/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/README.md @@ -1,6 +1,6 @@ # k8s-event-logger -![Version: 1.1.7](https://img.shields.io/badge/Version-1.1.7-informational?style=flat-square) ![AppVersion: 2.1](https://img.shields.io/badge/AppVersion-2.1-informational?style=flat-square) +![Version: 1.1.8](https://img.shields.io/badge/Version-1.1.8-informational?style=flat-square) ![AppVersion: 2.1](https://img.shields.io/badge/AppVersion-2.1-informational?style=flat-square) This chart runs a pod that simply watches Kubernetes Events and logs them to stdout in JSON to be collected and stored by your logging solution, e.g. [fluentd](https://github.com/helm/charts/tree/master/stable/fluentd) or [fluent-bit](https://github.com/helm/charts/tree/master/stable/fluent-bit). @@ -59,6 +59,7 @@ helm install my-release deliveryhero/k8s-event-logger -f values.yaml |-----|------|---------|-------------| | affinity | object | `{}` | | | annotations | object | `{}` | | +| args | list | `[]` | | | containerName | string | `"k8s-event-logger"` | | | env | object | `{}` | A map of environment variables | | fullnameOverride | string | `""` | | diff --git a/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/templates/deployment.yaml b/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/templates/deployment.yaml index f0133002a..8e6204d98 100644 --- a/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/templates/deployment.yaml +++ b/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/templates/deployment.yaml @@ -48,6 +48,10 @@ spec: - name: {{ $key }} value: {{ $value | quote }} {{- end }} + {{- with .Values.args }} + args: + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} diff --git a/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/values.yaml b/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/values.yaml index 416162b47..ee09f7ace 100644 --- a/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/values.yaml +++ b/argocd-helm-charts/k8s-event-logger/charts/k8s-event-logger/values.yaml @@ -15,6 +15,7 @@ resources: # env -- A map of environment variables env: {} +args: [] securityContext: {} From 4a15c2d74729b073b38fdd75a18f0b91e324844b Mon Sep 17 00:00:00 2001 From: Hritik Batra Date: Mon, 14 Oct 2024 12:04:16 +0530 Subject: [PATCH 05/10] [CI] Helm Chart Update kubernetes-dashboard --- CHANGELOG.md | 1 + argocd-helm-charts/kubernetes-dashboard/Chart.lock | 6 +++--- argocd-helm-charts/kubernetes-dashboard/Chart.yaml | 2 +- .../charts/kubernetes-dashboard/Chart.yaml | 2 +- .../charts/kubernetes-dashboard/templates/_helpers.tpl | 2 +- .../charts/kubernetes-dashboard/values.yaml | 8 ++++---- 6 files changed, 11 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ebaf50911..c07dfbe58 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ All releases and the changes included in them (pulled from git commits added sin ### Major Version Upgrades %%^^ ### Minor Version Upgrades %%^^ +- Updated kubernetes-dashboard from version 7.7.0 to 7.8.0 - Updated cluster-api-operator from version 0.13.0 to 0.14.0 ### Patch Version Upgrades %%^^ diff --git a/argocd-helm-charts/kubernetes-dashboard/Chart.lock b/argocd-helm-charts/kubernetes-dashboard/Chart.lock index 7f1620eb8..fc99f429d 100644 --- a/argocd-helm-charts/kubernetes-dashboard/Chart.lock +++ b/argocd-helm-charts/kubernetes-dashboard/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kubernetes-dashboard repository: https://kubernetes.github.io/dashboard/ - version: 7.7.0 -digest: sha256:a0482aa4c730990a61bbec2feb5f2c1ac5020880847426ba050b4a1315335847 -generated: "2024-10-07T12:52:40.855265233+05:30" + version: 7.8.0 +digest: sha256:b8eb397e1ebcafaa812a9af8e58bc3138c06c357303d420fb4bcec79e81c6978 +generated: "2024-10-14T12:03:55.164682297+05:30" diff --git a/argocd-helm-charts/kubernetes-dashboard/Chart.yaml b/argocd-helm-charts/kubernetes-dashboard/Chart.yaml index d32eac1ed..8737cb512 100644 --- a/argocd-helm-charts/kubernetes-dashboard/Chart.yaml +++ b/argocd-helm-charts/kubernetes-dashboard/Chart.yaml @@ -5,6 +5,6 @@ appVersion: "1.0.0" version: 1.0.0 dependencies: - name: kubernetes-dashboard - version: 7.7.0 + version: 7.8.0 repository: https://kubernetes.github.io/dashboard/ #repository: "oci://ghcr.io/Obmondo" diff --git a/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/Chart.yaml b/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/Chart.yaml index 56fc0cd79..c1375b051 100644 --- a/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/Chart.yaml +++ b/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/Chart.yaml @@ -32,4 +32,4 @@ maintainers: name: kubernetes-dashboard sources: - https://github.com/kubernetes/dashboard -version: 7.7.0 +version: 7.8.0 diff --git a/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/templates/_helpers.tpl b/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/templates/_helpers.tpl index 08b07baaa..6b365721f 100644 --- a/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/templates/_helpers.tpl +++ b/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/templates/_helpers.tpl @@ -54,7 +54,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: {{ include "kubernetes-dashboard.name" . }} {{- with .Values.app.labels }} -{{- toYaml . }} +{{ toYaml . }} {{- end }} {{- end -}} diff --git a/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/values.yaml b/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/values.yaml index e07eeb121..8b63ba903 100644 --- a/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/values.yaml +++ b/argocd-helm-charts/kubernetes-dashboard/charts/kubernetes-dashboard/values.yaml @@ -143,7 +143,7 @@ auth: role: auth image: repository: docker.io/kubernetesui/dashboard-auth - tag: 1.1.3 + tag: 1.2.0 scaling: replicas: 1 revisionHistoryLimit: 10 @@ -182,7 +182,7 @@ api: role: api image: repository: docker.io/kubernetesui/dashboard-api - tag: 1.8.1 + tag: 1.9.0 scaling: replicas: 1 revisionHistoryLimit: 10 @@ -239,7 +239,7 @@ web: role: web image: repository: docker.io/kubernetesui/dashboard-web - tag: 1.4.0 + tag: 1.5.0 scaling: replicas: 1 revisionHistoryLimit: 10 @@ -299,7 +299,7 @@ metricsScraper: role: metrics-scraper image: repository: docker.io/kubernetesui/dashboard-metrics-scraper - tag: 1.1.1 + tag: 1.2.0 scaling: replicas: 1 revisionHistoryLimit: 10 From 6c01016eb0766c881dd01b586fe87fed4906d0ff Mon Sep 17 00:00:00 2001 From: Hritik Batra Date: Mon, 14 Oct 2024 12:05:29 +0530 Subject: [PATCH 06/10] [CI] Helm Chart Update mariadb-operator --- CHANGELOG.md | 1 + .../mariadb-operator/Chart.lock | 6 +- .../mariadb-operator/Chart.yaml | 2 +- .../charts/mariadb-operator/Chart.lock | 6 +- .../charts/mariadb-operator/Chart.yaml | 6 +- .../charts/mariadb-operator/README.md | 6 +- .../charts/mariadb-operator-crds/Chart.yaml | 2 +- .../mariadb-operator-crds/templates/NOTES.txt | 2 +- .../mariadb-operator-crds/templates/crds.yaml | 1201 ++++------------- .../mariadb-operator/templates/configmap.yaml | 2 +- .../mariadb-operator/templates/pdb.yaml | 14 + .../templates/rbac-namespace.yaml | 1 + .../mariadb-operator/templates/rbac.yaml | 1 + .../charts/mariadb-operator/values.yaml | 24 +- 14 files changed, 284 insertions(+), 990 deletions(-) create mode 100644 argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/pdb.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index c07dfbe58..4f7b42e33 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ All releases and the changes included in them (pulled from git commits added sin ### Major Version Upgrades %%^^ ### Minor Version Upgrades %%^^ +- Updated mariadb-operator from version 0.33.0 to 0.34.0 - Updated kubernetes-dashboard from version 7.7.0 to 7.8.0 - Updated cluster-api-operator from version 0.13.0 to 0.14.0 diff --git a/argocd-helm-charts/mariadb-operator/Chart.lock b/argocd-helm-charts/mariadb-operator/Chart.lock index 1e38abc47..9282f59da 100644 --- a/argocd-helm-charts/mariadb-operator/Chart.lock +++ b/argocd-helm-charts/mariadb-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb-operator repository: https://mariadb-operator.github.io/mariadb-operator - version: 0.33.0 -digest: sha256:3b47e08370b13c3e4d0c866af3a565c0181bcf6c5832acfb5e998db005f22b4d -generated: "2024-09-30T20:31:52.81490896+05:30" + version: 0.34.0 +digest: sha256:0686523e2dafba2e54f93e76da4a4ffc2cbc70b28ff1dbf9b621df37731ed57b +generated: "2024-10-14T12:05:08.077209673+05:30" diff --git a/argocd-helm-charts/mariadb-operator/Chart.yaml b/argocd-helm-charts/mariadb-operator/Chart.yaml index 4004a1151..ef554d4df 100644 --- a/argocd-helm-charts/mariadb-operator/Chart.yaml +++ b/argocd-helm-charts/mariadb-operator/Chart.yaml @@ -3,5 +3,5 @@ name: mariadb-operator version: 0.19.0 dependencies: - name: mariadb-operator - version: 0.33.0 + version: 0.34.0 repository: https://mariadb-operator.github.io/mariadb-operator diff --git a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/Chart.lock b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/Chart.lock index 40cce8cb0..d3724bcd1 100644 --- a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/Chart.lock +++ b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb-operator-crds repository: file://../mariadb-operator-crds - version: 0.0.33 -digest: sha256:04e1f2d49ad3cddd409634ecbde1fd9efa8439a93b517a1615c000efb187540b -generated: "2024-09-27T15:49:44.642851367Z" + version: 0.34.0 +digest: sha256:198d58218ad047e777691d445761753db238f0fb02adf74fac07973f726fd76d +generated: "2024-10-07T14:19:26.930249985Z" diff --git a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/Chart.yaml b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/Chart.yaml index e6fe07485..db97ce7bd 100644 --- a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/Chart.yaml +++ b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/Chart.yaml @@ -1,10 +1,10 @@ apiVersion: v2 -appVersion: v0.0.33 +appVersion: 0.34.0 dependencies: - condition: crds.enabled name: mariadb-operator-crds repository: file://../mariadb-operator-crds - version: 0.0.33 + version: 0.34.0 description: Run and operate MariaDB in a cloud native way home: https://github.com/mariadb-operator/mariadb-operator icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg @@ -23,4 +23,4 @@ maintainers: name: mariadb-pieterhumphrey name: mariadb-operator type: application -version: 0.33.0 +version: 0.34.0 diff --git a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/README.md b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/README.md index 4e4dee4ce..530c65add 100644 --- a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/README.md +++ b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/README.md @@ -2,7 +2,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.33.0](https://img.shields.io/badge/Version-0.33.0-informational?style=flat-square) ![AppVersion: v0.0.33](https://img.shields.io/badge/AppVersion-v0.0.33-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.34.0](https://img.shields.io/badge/Version-0.34.0-informational?style=flat-square) ![AppVersion: 0.34.0](https://img.shields.io/badge/AppVersion-0.34.0-informational?style=flat-square) Run and operate MariaDB in a cloud native way @@ -63,7 +63,7 @@ Refer to the [helm documentation](https://github.com/mariadb-operator/mariadb-op | extraVolumeMounts | list | `[]` | Extra volumes to mount to the container. | | extraVolumes | list | `[]` | Extra volumes to pass to pod. | | fullnameOverride | string | `""` | | -| ha.enabled | bool | `false` | Enable high availability | +| ha.enabled | bool | `false` | Enable high availability of the controller. If you enable it we recommend to set `affinity` and `pdb` | | ha.replicas | int | `3` | Number of replicas | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"docker-registry3.mariadb.com/mariadb-operator/mariadb-operator"` | | @@ -77,6 +77,8 @@ Refer to the [helm documentation](https://github.com/mariadb-operator/mariadb-op | metrics.serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval | | nameOverride | string | `""` | | | nodeSelector | object | `{}` | Node selectors to add to controller Pod | +| pdb.enabled | bool | `false` | Enable PodDisruptionBudget for the controller. | +| pdb.maxUnavailable | int | `1` | Maximum number of unavailable Pods. You may also give a percentage, like `50%` | | podAnnotations | object | `{}` | Annotations to add to controller Pod | | podSecurityContext | object | `{}` | Security context to add to controller Pod | | rbac.aggregation.enabled | bool | `true` | Specifies whether the cluster roles aggrate to view and edit predefinied roles | diff --git a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/Chart.yaml b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/Chart.yaml index 4e082e226..8127faead 100644 --- a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/Chart.yaml +++ b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/Chart.yaml @@ -18,4 +18,4 @@ maintainers: name: mariadb-pieterhumphrey name: mariadb-operator-crds type: application -version: 0.0.33 +version: 0.34.0 diff --git a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/templates/NOTES.txt b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/templates/NOTES.txt index 4b859ff55..ff7456b9c 100644 --- a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/templates/NOTES.txt +++ b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/templates/NOTES.txt @@ -2,4 +2,4 @@ mariadb-operator CRDs have been successfully installed! 🦭 To complete the mariadb-operator installation, please now proceed to install the mariadb-operator chart: -https://github.com/mariadb-operator/mariadb-operator?tab=readme-ov-file#bare-minimum-installation \ No newline at end of file +https://github.com/mariadb-operator/mariadb-operator?tab=readme-ov-file#helm-installation \ No newline at end of file diff --git a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/templates/crds.yaml b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/templates/crds.yaml index 4ac145568..6caf59dcd 100644 --- a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/templates/crds.yaml +++ b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/charts/mariadb-operator-crds/templates/crds.yaml @@ -208,6 +208,13 @@ spec: successfully take a Backup. format: int32 type: integer + compression: + description: Compression algorithm to be used in the Backup. + enum: + - none + - bzip2 + - gzip + type: string databases: description: Databases defines the logical databases to be backed up. If not provided, all databases are backed up. @@ -299,9 +306,8 @@ spec: common container settings. properties: appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + description: AppArmorProfile defines a pod or container's AppArmor + settings. properties: localhostProfile: description: |- @@ -322,66 +328,24 @@ spec: - type type: object fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. + PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume + when volume is mounted. type: string runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. + description: SELinuxOptions are the labels to be applied to the + container properties: level: description: Level is SELinux level label that applies to @@ -402,8 +366,8 @@ spec: type: object seccompProfile: description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + SeccompProfile defines a pod/container's seccomp profile settings. + Only one profile source may be set. properties: localhostProfile: description: |- @@ -425,81 +389,11 @@ spec: - type type: object supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object type: object priorityClassName: description: PriorityClassName to be used in the Pod. @@ -3240,6 +3134,11 @@ spec: ClusterBootstrapTimeout is the time limit for bootstrapping a cluster. Once this timeout is reached, the Galera recovery state is reset and a new cluster bootstrap will be attempted. type: string + clusterDownscaleTimeout: + description: ClusterDownscaleTimeout represents the maximum + duration for downscaling the cluster's StatefulSet during + the recovery process. + type: string clusterHealthyTimeout: description: |- ClusterHealthyTimeout represents the duration at which a Galera cluster, that consistently failed health checks, @@ -3249,6 +3148,11 @@ spec: description: ClusterMonitorInterval represents the interval used to monitor the Galera cluster health. type: string + clusterUpscaleTimeout: + description: ClusterUpscaleTimeout represents the maximum + duration for upscaling the cluster's StatefulSet during + the recovery process. + type: string enabled: description: Enabled is a flag to enable GaleraRecovery. type: boolean @@ -3314,7 +3218,8 @@ spec: description: |- MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (1) or a percentage (50%). If Galera consistently reports less replicas than this value for the given 'ClusterHealthyTimeout' interval, a cluster recovery is iniated. - It defaults to '1' replica. + It defaults to '1' replica, and it is highly recommendeded to keep this value at '1' in most cases. + If set to more than one replica, the cluster recovery process may restart the healthy replicas as well. x-kubernetes-int-or-string: true podRecoveryTimeout: description: PodRecoveryTimeout is the time limit for recevorying @@ -3408,6 +3313,9 @@ spec: - Never - IfNotPresent type: string + name: + description: Name to be given to the container. + type: string resources: description: Resouces describes the compute resource requirements. properties: @@ -4229,9 +4137,8 @@ spec: attributes and common container settings. properties: appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + description: AppArmorProfile defines a pod or container's + AppArmor settings. properties: localhostProfile: description: |- @@ -4252,66 +4159,24 @@ spec: - type type: object fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. + PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume + when volume is mounted. type: string runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. + description: SELinuxOptions are the labels to be applied + to the container properties: level: description: Level is SELinux level label that @@ -4332,8 +4197,8 @@ spec: type: object seccompProfile: description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + SeccompProfile defines a pod/container's seccomp profile settings. + Only one profile source may be set. properties: localhostProfile: description: |- @@ -4355,82 +4220,11 @@ spec: - type type: object supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to - be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object type: object port: description: Port where the exporter will be listening @@ -4464,6 +4258,46 @@ spec: quantity) pairs. type: object type: object + securityContext: + description: SecurityContext holds container-level security + attributes. + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + description: Adds and removes POSIX capabilities from + running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object tolerations: description: Tolerations to be used in the Pod. items: @@ -4916,9 +4750,8 @@ spec: and common container settings. properties: appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + description: AppArmorProfile defines a pod or container's + AppArmor settings. properties: localhostProfile: description: |- @@ -4939,66 +4772,24 @@ spec: - type type: object fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. + PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume + when volume is mounted. type: string runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. + description: SELinuxOptions are the labels to be applied + to the container properties: level: description: Level is SELinux level label that applies @@ -5019,8 +4810,8 @@ spec: type: object seccompProfile: description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + SeccompProfile defines a pod/container's seccomp profile settings. + Only one profile source may be set. properties: localhostProfile: description: |- @@ -5042,82 +4833,11 @@ spec: - type type: object supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be - set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of - the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object type: object port: description: Port where the exporter will be listening for @@ -5151,6 +4871,46 @@ spec: quantity) pairs. type: object type: object + securityContext: + description: SecurityContext holds container-level security + attributes. + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + description: Adds and removes POSIX capabilities from + running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object tolerations: description: Tolerations to be used in the Pod. items: @@ -5361,9 +5121,8 @@ spec: common container settings. properties: appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + description: AppArmorProfile defines a pod or container's AppArmor + settings. properties: localhostProfile: description: |- @@ -5384,66 +5143,24 @@ spec: - type type: object fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. + PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume + when volume is mounted. type: string runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. + description: SELinuxOptions are the labels to be applied to the + container properties: level: description: Level is SELinux level label that applies to @@ -5464,8 +5181,8 @@ spec: type: object seccompProfile: description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + SeccompProfile defines a pod/container's seccomp profile settings. + Only one profile source may be set. properties: localhostProfile: description: |- @@ -5487,81 +5204,11 @@ spec: - type type: object supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object type: object port: default: 3306 @@ -6087,6 +5734,22 @@ spec: description: ServiceAccountName is the name of the ServiceAccount to be used by the Pods. type: string + servicePorts: + description: ServicePorts is the list of additional named ports to + be added to the Services created by the operator. + items: + description: 'Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#serviceport-v1-core' + properties: + name: + type: string + port: + format: int32 + type: integer + required: + - name + - port + type: object + type: array sidecarContainers: description: SidecarContainers to be used in the Pod. items: @@ -6115,6 +5778,9 @@ spec: - Never - IfNotPresent type: string + name: + description: Name to be given to the container. + type: string resources: description: Resouces describes the compute resource requirements. properties: @@ -7861,9 +7527,8 @@ spec: and common container settings. properties: appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + description: AppArmorProfile defines a pod or container's + AppArmor settings. properties: localhostProfile: description: |- @@ -7884,66 +7549,24 @@ spec: - type type: object fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. + PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume + when volume is mounted. type: string runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. + description: SELinuxOptions are the labels to be applied + to the container properties: level: description: Level is SELinux level label that applies @@ -7964,8 +7587,8 @@ spec: type: object seccompProfile: description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + SeccompProfile defines a pod/container's seccomp profile settings. + Only one profile source may be set. properties: localhostProfile: description: |- @@ -7987,82 +7610,11 @@ spec: - type type: object supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be - set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of - the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object type: object port: description: Port where the exporter will be listening for @@ -8096,6 +7648,46 @@ spec: quantity) pairs. type: object type: object + securityContext: + description: SecurityContext holds container-level security + attributes. + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + description: Adds and removes POSIX capabilities from + running containers. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + x-kubernetes-list-type: atomic + type: object + privileged: + type: boolean + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + type: object tolerations: description: Tolerations to be used in the Pod. items: @@ -8239,9 +7831,8 @@ spec: common container settings. properties: appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + description: AppArmorProfile defines a pod or container's AppArmor + settings. properties: localhostProfile: description: |- @@ -8262,66 +7853,24 @@ spec: - type type: object fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. + PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume + when volume is mounted. type: string runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. + description: SELinuxOptions are the labels to be applied to the + container properties: level: description: Level is SELinux level label that applies to @@ -8342,8 +7891,8 @@ spec: type: object seccompProfile: description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + SeccompProfile defines a pod/container's seccomp profile settings. + Only one profile source may be set. properties: localhostProfile: description: |- @@ -8365,81 +7914,11 @@ spec: - type type: object supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object type: object priorityClassName: description: PriorityClassName to be used in the Pod. @@ -9301,9 +8780,8 @@ spec: common container settings. properties: appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + description: AppArmorProfile defines a pod or container's AppArmor + settings. properties: localhostProfile: description: |- @@ -9324,66 +8802,24 @@ spec: - type type: object fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. + PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume + when volume is mounted. type: string runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. + description: SELinuxOptions are the labels to be applied to the + container properties: level: description: Level is SELinux level label that applies to @@ -9404,8 +8840,8 @@ spec: type: object seccompProfile: description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + SeccompProfile defines a pod/container's seccomp profile settings. + Only one profile source may be set. properties: localhostProfile: description: |- @@ -9427,81 +8863,11 @@ spec: - type type: object supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object type: object priorityClassName: description: PriorityClassName to be used in the Pod. @@ -10211,9 +9577,8 @@ spec: common container settings. properties: appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + description: AppArmorProfile defines a pod or container's AppArmor + settings. properties: localhostProfile: description: |- @@ -10234,66 +9599,24 @@ spec: - type type: object fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. + PodFSGroupChangePolicy holds policies that will be used for applying fsGroup to a volume + when volume is mounted. type: string runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. + description: SELinuxOptions are the labels to be applied to the + container properties: level: description: Level is SELinux level label that applies to @@ -10314,8 +9637,8 @@ spec: type: object seccompProfile: description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. + SeccompProfile defines a pod/container's seccomp profile settings. + Only one profile source may be set. properties: localhostProfile: description: |- @@ -10337,81 +9660,11 @@ spec: - type type: object supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in - addition to the container's primary GID and fsGroup (if specified). If - the SupplementalGroupsPolicy feature is enabled, the - supplementalGroupsPolicy field determines whether these are in addition - to or instead of any group memberships defined in the container image. - If unspecified, no additional groups are added, though group memberships - defined in the container image may still be used, depending on the - supplementalGroupsPolicy field. - Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array x-kubernetes-list-type: atomic - supplementalGroupsPolicy: - description: |- - Defines how supplemental groups of the first container processes are calculated. - Valid values are "Merge" and "Strict". If not specified, "Merge" is used. - (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled - and the container runtime must implement support for this feature. - Note that this field cannot be set when spec.os.name is windows. - type: string - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - x-kubernetes-list-type: atomic - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object type: object priorityClassName: description: PriorityClassName to be used in the Pod. @@ -10730,8 +9983,8 @@ spec: type: object maxUserConnections: default: 10 - description: MaxUserConnections defines the maximum number of connections - that the User can establish. + description: MaxUserConnections defines the maximum number of simultaneous + connections that the User can establish. format: int32 type: integer name: diff --git a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/configmap.yaml b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/configmap.yaml index cc918fffe..25af56f55 100644 --- a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/configmap.yaml +++ b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/configmap.yaml @@ -2,7 +2,7 @@ apiVersion: v1 data: MARIADB_ENTRYPOINT_VERSION: "11.4" MARIADB_GALERA_LIB_PATH: /usr/lib/galera/libgalera_smm.so - MARIADB_OPERATOR_IMAGE: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator:v0.0.33 + MARIADB_OPERATOR_IMAGE: docker-registry3.mariadb.com/mariadb-operator/mariadb-operator:0.34.0 RELATED_IMAGE_EXPORTER: prom/mysqld-exporter:v0.15.1 RELATED_IMAGE_EXPORTER_MAXSCALE: docker-registry2.mariadb.com/mariadb/maxscale-prometheus-exporter-ubi:v0.0.1 RELATED_IMAGE_MARIADB: docker-registry1.mariadb.com/library/mariadb:11.4.3 diff --git a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/pdb.yaml b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/pdb.yaml new file mode 100644 index 000000000..de160b202 --- /dev/null +++ b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/pdb.yaml @@ -0,0 +1,14 @@ + +{{ if .Values.pdb.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "mariadb-operator.fullname" . }} + labels: + {{ include "mariadb-operator.labels" . | nindent 4 }} +spec: + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + selector: + matchLabels: + {{ include "mariadb-operator.selectorLabels" . | nindent 6 }} +{{ end }} diff --git a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/rbac-namespace.yaml b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/rbac-namespace.yaml index 0ad261ed8..786efc487 100644 --- a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/rbac-namespace.yaml +++ b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/rbac-namespace.yaml @@ -78,6 +78,7 @@ rules: - get - list - watch + - patch - apiGroups: - "" resources: diff --git a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/rbac.yaml b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/rbac.yaml index 719282694..7178bf2fe 100644 --- a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/rbac.yaml +++ b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/templates/rbac.yaml @@ -95,6 +95,7 @@ rules: - get - list - watch + - patch - apiGroups: - "" resources: diff --git a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/values.yaml b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/values.yaml index c8d65b0e4..6aafb7537 100644 --- a/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/values.yaml +++ b/argocd-helm-charts/mariadb-operator/charts/mariadb-operator/values.yaml @@ -26,7 +26,8 @@ clusterName: cluster.local currentNamespaceOnly: false ha: - # -- Enable high availability + # -- Enable high availability of the controller. + # If you enable it we recommend to set `affinity` and `pdb` enabled: false # -- Number of replicas replicas: 3 @@ -105,6 +106,27 @@ tolerations: [] # -- Affinity to add to controller Pod affinity: {} + # Sample on how to create an antiAffinity rule that place + # the pods on different nodes, to be used together with `ha.enabled: true` + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app.kubernetes.io/name + # operator: In + # values: + # - mariadb-operator + # - key: app.kubernetes.io/instance + # operator: In + # values: + # - mariadb-operator + # topologyKey: kubernetes.io/hostname + +pdb: + # -- Enable PodDisruptionBudget for the controller. + enabled: false + # -- Maximum number of unavailable Pods. You may also give a percentage, like `50%` + maxUnavailable: 1 webhook: # -- Specifies whether the webhook should be created. From a2af3a4b5bcf7703090cc65cbb749af24a65509e Mon Sep 17 00:00:00 2001 From: Hritik Batra Date: Mon, 14 Oct 2024 12:07:13 +0530 Subject: [PATCH 07/10] [CI] Helm Chart Update metrics-server --- CHANGELOG.md | 1 + argocd-helm-charts/metrics-server/Chart.lock | 6 +++--- argocd-helm-charts/metrics-server/Chart.yaml | 2 +- .../charts/metrics-server/CHANGELOG.md | 21 ++++++++++++++++++- .../charts/metrics-server/Chart.yaml | 12 ++++++++--- .../charts/metrics-server/README.md | 4 ++-- .../metrics-server/templates/deployment.yaml | 8 ++++--- .../charts/metrics-server/templates/psp.yaml | 2 +- .../templates/rolebinding-nanny.yaml | 2 +- .../metrics-server/templates/service.yaml | 1 + .../templates/servicemonitor.yaml | 2 +- .../charts/metrics-server/values.yaml | 3 ++- 12 files changed, 47 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4f7b42e33..350d8432a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ All releases and the changes included in them (pulled from git commits added sin - Updated cluster-api-operator from version 0.13.0 to 0.14.0 ### Patch Version Upgrades %%^^ +- Updated metrics-server from version 3.12.1 to 3.12.2 - Updated k8s-event-logger from version 1.1.7 to 1.1.8 - Updated cert-manager from version v1.16.0 to v1.16.1 diff --git a/argocd-helm-charts/metrics-server/Chart.lock b/argocd-helm-charts/metrics-server/Chart.lock index edca2e2ae..3d031f1e1 100644 --- a/argocd-helm-charts/metrics-server/Chart.lock +++ b/argocd-helm-charts/metrics-server/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: metrics-server repository: https://kubernetes-sigs.github.io/metrics-server/ - version: 3.12.1 -digest: sha256:04f4717d4eda38b5cc8dac20ec1f82d7fa878eb56dfd2f2df6a383d19dde969b -generated: "2024-05-17T13:35:47.683462808+02:00" + version: 3.12.2 +digest: sha256:9be099fcb7bb171b96598c6135df06c9feb60535737dd4adfdc601d44e23d6bf +generated: "2024-10-14T12:06:54.202207899+05:30" diff --git a/argocd-helm-charts/metrics-server/Chart.yaml b/argocd-helm-charts/metrics-server/Chart.yaml index 9bdee0995..cce7a016f 100644 --- a/argocd-helm-charts/metrics-server/Chart.yaml +++ b/argocd-helm-charts/metrics-server/Chart.yaml @@ -3,7 +3,7 @@ name: metrics-server version: 0.5.0 dependencies: - name: metrics-server - version: 3.12.1 + version: 3.12.2 repository: https://kubernetes-sigs.github.io/metrics-server/ #repository: "oci://ghcr.io/Obmondo" # NB. This needs to be changed to pull from new location once this issue is resolved/merged: https://github.com/kubernetes-sigs/metrics-server/pull/670 diff --git a/argocd-helm-charts/metrics-server/charts/metrics-server/CHANGELOG.md b/argocd-helm-charts/metrics-server/charts/metrics-server/CHANGELOG.md index 735a0e369..bc073ebb7 100644 --- a/argocd-helm-charts/metrics-server/charts/metrics-server/CHANGELOG.md +++ b/argocd-helm-charts/metrics-server/charts/metrics-server/CHANGELOG.md @@ -14,7 +14,25 @@ ## [UNRELEASED] -## [3.12.1] - TBC +## [3.12.2] - TBC + +### Added + +- Explicitly added the app protocol to the service. ([#1540](https://github.com/kubernetes-sigs/metrics-server/pull/1540)) _@seankhliao_ + +### Changed + +- Updated the _Metrics Server_ OCI image to [v0.7.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.2). ([#1568](https://github.com/kubernetes-sigs/metrics-server/pull/1568)) _@stevehipwell_ +- Updated the _addonResizer_ OCI image to [1.8.21](https://github.com/kubernetes/autoscaler/releases/tag/addon-resizer-1.8.21). ([#1504](https://github.com/kubernetes-sigs/metrics-server/pull/1504)) _@jimmy-ungerman_ +- Changed `Deployment` templating to ignore `schedulerName` when value is empty. ([#1475](https://github.com/kubernetes-sigs/metrics-server/pull/1475)) _@senges_ + +### Fixed + +- Fixed PSPs to only be templated for supported K8s versions. ([#1471](https://github.com/kubernetes-sigs/metrics-server/pull/1471)) _@treksler_ +- Fixed nanny's RoleBinding which contained a hard-coded namespace instead of the Helm's release namespace. ([#1479](https://github.com/kubernetes-sigs/metrics-server/pull/1479)) _@the-technat_ +- Fixed the `ServiceMonitor` job label. ([#1568](https://github.com/kubernetes-sigs/metrics-server/pull/1568)) _@stevehipwell_ + +## [3.12.1] - 2024-04-05 ### Changed @@ -134,6 +152,7 @@ RELEASE LINKS --> [UNRELEASED]: https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server +[3.12.2]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.12.2 [3.12.1]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.12.1 [3.12.0]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.12.0 [3.11.0]: https://github.com/kubernetes-sigs/metrics-server/releases/tag/metrics-server-helm-chart-3.11.0 diff --git a/argocd-helm-charts/metrics-server/charts/metrics-server/Chart.yaml b/argocd-helm-charts/metrics-server/charts/metrics-server/Chart.yaml index cc782e57e..3bff39941 100644 --- a/argocd-helm-charts/metrics-server/charts/metrics-server/Chart.yaml +++ b/argocd-helm-charts/metrics-server/charts/metrics-server/Chart.yaml @@ -1,9 +1,15 @@ annotations: artifacthub.io/changes: | + - kind: added + description: "Explicitly added the app protocol to the service." - kind: changed - description: "Updated the _Metrics Server_ OCI image to [v0.7.1](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.1)." + description: "Updated the _Metrics Server_ OCI image to [v0.7.2](https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.7.2)." + - kind: changed + description: "Updated the _addonResizer_ OCI image to [1.8.21](https://github.com/kubernetes/autoscaler/releases/tag/addon-resizer-1.8.21)" + - kind: fixed + description: "Fixed nanny's RoleBinding which contained a hard-coded namespace instead of the Helm's release namespace." apiVersion: v2 -appVersion: 0.7.1 +appVersion: 0.7.2 description: Metrics Server is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. home: https://github.com/kubernetes-sigs/metrics-server @@ -23,4 +29,4 @@ name: metrics-server sources: - https://github.com/kubernetes-sigs/metrics-server type: application -version: 3.12.1 +version: 3.12.2 diff --git a/argocd-helm-charts/metrics-server/charts/metrics-server/README.md b/argocd-helm-charts/metrics-server/charts/metrics-server/README.md index 0cbffc49e..4b6ce652b 100644 --- a/argocd-helm-charts/metrics-server/charts/metrics-server/README.md +++ b/argocd-helm-charts/metrics-server/charts/metrics-server/README.md @@ -33,7 +33,7 @@ The following table lists the configurable parameters of the _Metrics Server_ ch | `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the full name template. | `nil` | | `serviceAccount.secrets` | The list of secrets mountable by this service account. See | `[]` | | `rbac.create` | If `true`, create the RBAC resources. | `true` | -| `rbac.pspEnabled` | If `true`, create a pod security policy resource. | `false` | +| `rbac.pspEnabled` | If `true`, create a pod security policy resource, unless Kubernetes version is 1.25 or later. | `false` | | `apiService.create` | If `true`, create the `v1beta1.metrics.k8s.io` API service. You typically want this enabled! If you disable API service creation you have to manage it outside of this chart for e.g horizontal pod autoscaling to work with this release. | `true` | | `apiService.annotations` | Annotations to add to the API service | `{}` | | `apiService.insecureSkipTLSVerify` | Specifies whether to skip TLS verification (NOTE: this setting is not a proxy for the `--kubelet-insecure-tls` metrics-server flag) | `true` | @@ -63,7 +63,7 @@ The following table lists the configurable parameters of the _Metrics Server_ ch | `addonResizer.enabled` | If `true`, run the addon-resizer as a sidecar to automatically scale resource requests with cluster size. | `false` | | `addonResizer.securityContext` | Security context for the _metrics_server_container. | _See values.yaml | | `addonResizer.image.repository` | addon-resizer image repository | `registry.k8s.io/autoscaling/addon-resizer` | -| `addonResizer.image.tag` | addon-resizer image tag | `1.8.19` | +| `addonResizer.image.tag` | addon-resizer image tag | `1.8.21` | | `addonResizer.resources` | Resource requests and limits for the _nanny_ container. | `{ requests: { cpu: 40m, memory: 25Mi }, limits: { cpu: 40m, memory: 25Mi } }` | | `addonResizer.nanny.cpu` | The base CPU requirement. | `0m` | | `addonResizer.nanny.extraCPU` | The amount of CPU to add per node. | `1m` | diff --git a/argocd-helm-charts/metrics-server/charts/metrics-server/templates/deployment.yaml b/argocd-helm-charts/metrics-server/charts/metrics-server/templates/deployment.yaml index 48cda7feb..37e7f953b 100644 --- a/argocd-helm-charts/metrics-server/charts/metrics-server/templates/deployment.yaml +++ b/argocd-helm-charts/metrics-server/charts/metrics-server/templates/deployment.yaml @@ -11,8 +11,8 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicas }} - {{- if or (kindIs "float64" .Values.revisionHistoryLimit) (kindIs "int64" .Values.revisionHistoryLimit) }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit | int64 }} + {{- if not (has (quote .Values.revisionHistoryLimit) (list "" (quote ""))) }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- end }} {{- with .Values.updateStrategy }} strategy: @@ -33,7 +33,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: - schedulerName: {{ .Values.schedulerName }} + {{- with .Values.schedulerName }} + schedulerName: {{ . }} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/argocd-helm-charts/metrics-server/charts/metrics-server/templates/psp.yaml b/argocd-helm-charts/metrics-server/charts/metrics-server/templates/psp.yaml index bf8ace1ae..d5710de0b 100644 --- a/argocd-helm-charts/metrics-server/charts/metrics-server/templates/psp.yaml +++ b/argocd-helm-charts/metrics-server/charts/metrics-server/templates/psp.yaml @@ -1,4 +1,4 @@ -{{- if .Values.rbac.pspEnabled }} +{{- if and (.Values.rbac.pspEnabled) (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/argocd-helm-charts/metrics-server/charts/metrics-server/templates/rolebinding-nanny.yaml b/argocd-helm-charts/metrics-server/charts/metrics-server/templates/rolebinding-nanny.yaml index 73bfaaffe..228c0cfec 100644 --- a/argocd-helm-charts/metrics-server/charts/metrics-server/templates/rolebinding-nanny.yaml +++ b/argocd-helm-charts/metrics-server/charts/metrics-server/templates/rolebinding-nanny.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ printf "%s-nanny" (include "metrics-server.fullname" .) }} - namespace: kube-system + namespace: {{ .Release.Namespace }} labels: {{- include "metrics-server.labels" . | nindent 4 }} roleRef: diff --git a/argocd-helm-charts/metrics-server/charts/metrics-server/templates/service.yaml b/argocd-helm-charts/metrics-server/charts/metrics-server/templates/service.yaml index d45bcf36a..35318a48b 100644 --- a/argocd-helm-charts/metrics-server/charts/metrics-server/templates/service.yaml +++ b/argocd-helm-charts/metrics-server/charts/metrics-server/templates/service.yaml @@ -19,5 +19,6 @@ spec: port: {{ .Values.service.port }} protocol: TCP targetPort: https + appProtocol: https selector: {{- include "metrics-server.selectorLabels" . | nindent 4 }} diff --git a/argocd-helm-charts/metrics-server/charts/metrics-server/templates/servicemonitor.yaml b/argocd-helm-charts/metrics-server/charts/metrics-server/templates/servicemonitor.yaml index 5c1c5b775..079318d20 100644 --- a/argocd-helm-charts/metrics-server/charts/metrics-server/templates/servicemonitor.yaml +++ b/argocd-helm-charts/metrics-server/charts/metrics-server/templates/servicemonitor.yaml @@ -10,7 +10,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: - jobLabel: {{ .Release.Name }} + jobLabel: app.kubernetes.io/instance namespaceSelector: matchNames: - {{ .Release.Namespace }} diff --git a/argocd-helm-charts/metrics-server/charts/metrics-server/values.yaml b/argocd-helm-charts/metrics-server/charts/metrics-server/values.yaml index 4f6b9219b..be843db41 100644 --- a/argocd-helm-charts/metrics-server/charts/metrics-server/values.yaml +++ b/argocd-helm-charts/metrics-server/charts/metrics-server/values.yaml @@ -29,6 +29,7 @@ serviceAccount: rbac: # Specifies whether RBAC resources should be created create: true + # Note: PodSecurityPolicy will not be created when Kubernetes version is 1.25 or later. pspEnabled: false apiService: @@ -129,7 +130,7 @@ addonResizer: enabled: false image: repository: registry.k8s.io/autoscaling/addon-resizer - tag: 1.8.20 + tag: 1.8.21 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true From 6afce58f05d53111edf9ebad9853aeeacf33cbdc Mon Sep 17 00:00:00 2001 From: Hritik Batra Date: Mon, 14 Oct 2024 12:08:39 +0530 Subject: [PATCH 08/10] [CI] Helm Chart Update oncall --- CHANGELOG.md | 1 + argocd-helm-charts/oncall/Chart.lock | 6 +++--- argocd-helm-charts/oncall/Chart.yaml | 2 +- argocd-helm-charts/oncall/charts/oncall/Chart.lock | 2 +- argocd-helm-charts/oncall/charts/oncall/Chart.yaml | 4 ++-- 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 350d8432a..4e8fbf766 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ All releases and the changes included in them (pulled from git commits added sin ### Major Version Upgrades %%^^ ### Minor Version Upgrades %%^^ +- Updated oncall from version 1.10.2 to 1.11.0 - Updated mariadb-operator from version 0.33.0 to 0.34.0 - Updated kubernetes-dashboard from version 7.7.0 to 7.8.0 - Updated cluster-api-operator from version 0.13.0 to 0.14.0 diff --git a/argocd-helm-charts/oncall/Chart.lock b/argocd-helm-charts/oncall/Chart.lock index 7a43ba81a..47d20d6b9 100644 --- a/argocd-helm-charts/oncall/Chart.lock +++ b/argocd-helm-charts/oncall/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: oncall repository: https://grafana.github.io/helm-charts - version: 1.10.2 -digest: sha256:6f0dd67bcf4fa74bcec310f578af1bf1ec56b5d6e032921c64d0583dfd633c3e -generated: "2024-10-07T12:56:16.532383614+05:30" + version: 1.11.0 +digest: sha256:3c82f031865140e9d0bcbbf026b1e569693aedba4d9a8f1df498394755fbd44f +generated: "2024-10-14T12:08:20.17025582+05:30" diff --git a/argocd-helm-charts/oncall/Chart.yaml b/argocd-helm-charts/oncall/Chart.yaml index 29cddd5f9..b57005b12 100644 --- a/argocd-helm-charts/oncall/Chart.yaml +++ b/argocd-helm-charts/oncall/Chart.yaml @@ -3,5 +3,5 @@ name: oncall version: 1.0.0 dependencies: - name: oncall - version: 1.10.2 + version: 1.11.0 repository: https://grafana.github.io/helm-charts diff --git a/argocd-helm-charts/oncall/charts/oncall/Chart.lock b/argocd-helm-charts/oncall/charts/oncall/Chart.lock index 44d7a59b6..b9c67a73c 100644 --- a/argocd-helm-charts/oncall/charts/oncall/Chart.lock +++ b/argocd-helm-charts/oncall/charts/oncall/Chart.lock @@ -24,4 +24,4 @@ dependencies: repository: https://prometheus-community.github.io/helm-charts version: 25.8.2 digest: sha256:89f2e8147fbae4743e0f3bbbd9e6aac20aaa54da018c89fc7e179fbafbcd970c -generated: "2024-10-04T18:06:03.043068274Z" +generated: "2024-10-10T19:43:43.692121413Z" diff --git a/argocd-helm-charts/oncall/charts/oncall/Chart.yaml b/argocd-helm-charts/oncall/charts/oncall/Chart.yaml index 52ac1dad8..699c4ccaf 100644 --- a/argocd-helm-charts/oncall/charts/oncall/Chart.yaml +++ b/argocd-helm-charts/oncall/charts/oncall/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: v1.10.2 +appVersion: v1.11.0 dependencies: - condition: cert-manager.enabled name: cert-manager @@ -36,4 +36,4 @@ dependencies: description: Developer-friendly incident response with brilliant Slack integration name: oncall type: application -version: 1.10.2 +version: 1.11.0 From ecfce135ba4f46ae1601b42848d1c035a1e25a28 Mon Sep 17 00:00:00 2001 From: Hritik Batra Date: Mon, 14 Oct 2024 12:14:50 +0530 Subject: [PATCH 09/10] [CI] Helm Chart Update traefik --- CHANGELOG.md | 1 + argocd-helm-charts/traefik/Chart.lock | 6 ++--- argocd-helm-charts/traefik/Chart.yaml | 2 +- .../traefik/charts/traefik/Changelog.md | 27 +++++++++++++++++++ .../traefik/charts/traefik/Chart.yaml | 11 ++++---- .../traefik/charts/traefik/VALUES.md | 2 +- .../traefik/charts/traefik/values.schema.json | 2 ++ .../traefik/charts/traefik/values.yaml | 6 ++--- 8 files changed, 43 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e8fbf766..209b71bf5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ All releases and the changes included in them (pulled from git commits added sin - Updated cluster-api-operator from version 0.13.0 to 0.14.0 ### Patch Version Upgrades %%^^ +- Updated traefik from version 32.1.0 to 32.1.1 - Updated metrics-server from version 3.12.1 to 3.12.2 - Updated k8s-event-logger from version 1.1.7 to 1.1.8 - Updated cert-manager from version v1.16.0 to v1.16.1 diff --git a/argocd-helm-charts/traefik/Chart.lock b/argocd-helm-charts/traefik/Chart.lock index c2010f628..97bb9f59c 100644 --- a/argocd-helm-charts/traefik/Chart.lock +++ b/argocd-helm-charts/traefik/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: traefik repository: https://helm.traefik.io/traefik - version: 32.1.0 -digest: sha256:6e73d5a7d5c951d104f64a331f61ee470e877df599370bde98081f66930b10ff -generated: "2024-10-07T13:10:37.099227633+05:30" + version: 32.1.1 +digest: sha256:fba300a50959c7936c18f283c17f478b438c3dd449353a24d65558253e02dd02 +generated: "2024-10-14T12:14:27.75437999+05:30" diff --git a/argocd-helm-charts/traefik/Chart.yaml b/argocd-helm-charts/traefik/Chart.yaml index 963a924a5..80f13489a 100644 --- a/argocd-helm-charts/traefik/Chart.yaml +++ b/argocd-helm-charts/traefik/Chart.yaml @@ -3,6 +3,6 @@ name: traefik version: 1.0.0 dependencies: - name: traefik - version: 32.1.0 + version: 32.1.1 repository: https://helm.traefik.io/traefik #repository: "oci://ghcr.io/Obmondo" diff --git a/argocd-helm-charts/traefik/charts/traefik/Changelog.md b/argocd-helm-charts/traefik/charts/traefik/Changelog.md index f3f028a65..46c26d7e1 100644 --- a/argocd-helm-charts/traefik/charts/traefik/Changelog.md +++ b/argocd-helm-charts/traefik/charts/traefik/Changelog.md @@ -1,5 +1,32 @@ # Change Log +## 32.1.1 ![AppVersion: v3.1.6](https://img.shields.io/static/v1?label=AppVersion&message=v3.1.6&color=success&logo=) ![Kubernetes: >=1.22.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.22.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) + +**Release date:** 2024-10-11 + +* fix(schema): 🐛 targetPort can also be a string +* feat(deps): update traefik docker tag to v3.1.6 +* chore(release): 🚀 publish v32.1.1 +* Update topology spread constraints comments + +### Default value changes + +```diff +diff --git a/traefik/values.yaml b/traefik/values.yaml +index 73371f3..d6731c3 100644 +--- a/traefik/values.yaml ++++ b/traefik/values.yaml +@@ -860,7 +860,7 @@ topologySpreadConstraints: [] + # on nodes where no other traefik pods are scheduled. + # - labelSelector: + # matchLabels: +-# app: '{{ template "traefik.name" . }}' ++# app.kubernetes.io/name: '{{ template "traefik.name" . }}' + # maxSkew: 1 + # topologyKey: kubernetes.io/hostname + # whenUnsatisfiable: DoNotSchedule +``` + ## 32.1.0 ![AppVersion: v3.1.5](https://img.shields.io/static/v1?label=AppVersion&message=v3.1.5&color=success&logo=) ![Kubernetes: >=1.22.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.22.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm) **Release date:** 2024-10-04 diff --git a/argocd-helm-charts/traefik/charts/traefik/Chart.yaml b/argocd-helm-charts/traefik/charts/traefik/Chart.yaml index e95c1dc1b..d89838893 100644 --- a/argocd-helm-charts/traefik/charts/traefik/Chart.yaml +++ b/argocd-helm-charts/traefik/charts/traefik/Chart.yaml @@ -1,10 +1,9 @@ annotations: - artifacthub.io/changes: "- \"fix: :bug: set disableIngressClassLookup until 3.1.4\"\n- - \"feat(deps): update traefik docker tag to v3.1.5\"\n- \"feat(Traefik Proxy): - update rbac following v3.2 migration guide\"\n- \"chore(release): \U0001F680 publish - v32.1.0\"\n" + artifacthub.io/changes: "- \"fix(schema): \U0001F41B targetPort can also be a string\"\n- + \"feat(deps): update traefik docker tag to v3.1.6\"\n- \"chore(release): \U0001F680 + publish v32.1.1\"\n- \"Update topology spread constraints comments\"\n" apiVersion: v2 -appVersion: v3.1.5 +appVersion: v3.1.6 description: A Traefik based Kubernetes ingress controller home: https://traefik.io/ icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png @@ -26,4 +25,4 @@ sources: - https://github.com/traefik/traefik - https://github.com/traefik/traefik-helm-chart type: application -version: 32.1.0 +version: 32.1.1 diff --git a/argocd-helm-charts/traefik/charts/traefik/VALUES.md b/argocd-helm-charts/traefik/charts/traefik/VALUES.md index f93694169..13f52d212 100644 --- a/argocd-helm-charts/traefik/charts/traefik/VALUES.md +++ b/argocd-helm-charts/traefik/charts/traefik/VALUES.md @@ -1,6 +1,6 @@ # traefik -![Version: 32.1.0](https://img.shields.io/badge/Version-32.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.1.5](https://img.shields.io/badge/AppVersion-v3.1.5-informational?style=flat-square) +![Version: 32.1.1](https://img.shields.io/badge/Version-32.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.1.6](https://img.shields.io/badge/AppVersion-v3.1.6-informational?style=flat-square) A Traefik based Kubernetes ingress controller diff --git a/argocd-helm-charts/traefik/charts/traefik/values.schema.json b/argocd-helm-charts/traefik/charts/traefik/values.schema.json index 9d5e3c0f6..8f76312c8 100644 --- a/argocd-helm-charts/traefik/charts/traefik/values.schema.json +++ b/argocd-helm-charts/traefik/charts/traefik/values.schema.json @@ -1052,6 +1052,7 @@ "targetPort": { "minimum": 0, "type": [ + "string", "integer", "null" ] @@ -1215,6 +1216,7 @@ "targetPort": { "minimum": 0, "type": [ + "string", "integer", "null" ] diff --git a/argocd-helm-charts/traefik/charts/traefik/values.yaml b/argocd-helm-charts/traefik/charts/traefik/values.yaml index 73371f365..c4ccb816e 100644 --- a/argocd-helm-charts/traefik/charts/traefik/values.yaml +++ b/argocd-helm-charts/traefik/charts/traefik/values.yaml @@ -614,7 +614,7 @@ ports: default: true exposedPort: 80 ## -- Different target traefik port on the cluster, useful for IP type LB - targetPort: # @schema type:[integer, null]; minimum:0 + targetPort: # @schema type:[string, integer, null]; minimum:0 # The port protocol (TCP/UDP) protocol: TCP # -- See [upstream documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) @@ -653,7 +653,7 @@ ports: default: true exposedPort: 443 ## -- Different target traefik port on the cluster, useful for IP type LB - targetPort: # @schema type:[integer, null]; minimum:0 + targetPort: # @schema type:[string, integer, null]; minimum:0 ## -- The port protocol (TCP/UDP) protocol: TCP # -- See [upstream documentation](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport) @@ -860,7 +860,7 @@ topologySpreadConstraints: [] # on nodes where no other traefik pods are scheduled. # - labelSelector: # matchLabels: -# app: '{{ template "traefik.name" . }}' +# app.kubernetes.io/name: '{{ template "traefik.name" . }}' # maxSkew: 1 # topologyKey: kubernetes.io/hostname # whenUnsatisfiable: DoNotSchedule From f28fef9a26504905f655c409522bf0493a0878e5 Mon Sep 17 00:00:00 2001 From: Hritik Batra Date: Mon, 14 Oct 2024 12:15:59 +0530 Subject: [PATCH 10/10] Update to new tag for Kubeaid --- CHANGELOG.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 209b71bf5..084a17d7b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,16 +1,14 @@ # Changelog All releases and the changes included in them (pulled from git commits added since last release) will be detailed in this file. -## 2024-10-14 -### Major Version Upgrades %%^^ - -### Minor Version Upgrades %%^^ +## 4.1.0 +### Minor Version Upgrades - Updated oncall from version 1.10.2 to 1.11.0 - Updated mariadb-operator from version 0.33.0 to 0.34.0 - Updated kubernetes-dashboard from version 7.7.0 to 7.8.0 - Updated cluster-api-operator from version 0.13.0 to 0.14.0 -### Patch Version Upgrades %%^^ +### Patch Version Upgrades - Updated traefik from version 32.1.0 to 32.1.1 - Updated metrics-server from version 3.12.1 to 3.12.2 - Updated k8s-event-logger from version 1.1.7 to 1.1.8