diff --git a/charts/argocd/Chart.lock b/charts/argocd/Chart.lock index f8b65043..43a98b32 100644 --- a/charts/argocd/Chart.lock +++ b/charts/argocd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: argo-cd repository: https://argoproj.github.io/argo-helm - version: 8.0.1 -digest: sha256:ba6c49d64851ea12a80e5c30e96ce38ebff712aa90678955595479f613e12089 -generated: "2025-05-14T10:23:53.65818767Z" + version: 8.2.4 +digest: sha256:7c1eddec508a5624a48978fc2c64f06419ce798924837926b7bf7d9def3f3400 +generated: "2025-07-30T10:27:02.727303582Z" diff --git a/charts/argocd/Chart.yaml b/charts/argocd/Chart.yaml index b29e4f01..a9013cf8 100644 --- a/charts/argocd/Chart.yaml +++ b/charts/argocd/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: argocd description: A Helm chart for Kubernetes type: application -version: 0.1.3 +version: 0.1.4 appVersion: "2.14.4" dependencies: - name: argo-cd - version: 8.0.1 + version: 8.2.4 repository: "https://argoproj.github.io/argo-helm" alias: argocd maintainers: diff --git a/charts/argocd/README.md b/charts/argocd/README.md index c88faadb..49c77100 100644 --- a/charts/argocd/README.md +++ b/charts/argocd/README.md @@ -1,6 +1,6 @@ # argocd -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.14.4](https://img.shields.io/badge/AppVersion-2.14.4-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.14.4](https://img.shields.io/badge/AppVersion-2.14.4-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://argoproj.github.io/argo-helm | argocd(argo-cd) | 8.0.1 | +| https://argoproj.github.io/argo-helm | argocd(argo-cd) | 8.2.4 | ## Maintainers @@ -49,6 +49,7 @@ A Helm chart for Kubernetes | argocd.applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | | argocd.applicationSet.containerSecurityContext | object | See [values.yaml] | ApplicationSet controller container-level security context | | argocd.applicationSet.deploymentAnnotations | object | `{}` | Annotations to be added to ApplicationSet controller Deployment | +| argocd.applicationSet.deploymentLabels | object | `{}` | Labels for the ApplicationSet controller Deployment | | argocd.applicationSet.deploymentStrategy | object | `{}` | Deployment strategy to be added to the ApplicationSet controller Deployment | | argocd.applicationSet.dnsConfig | object | `{}` | [DNS configuration] | | argocd.applicationSet.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for ApplicationSet controller pods | @@ -102,6 +103,7 @@ A Helm chart for Kubernetes | argocd.applicationSet.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | argocd.applicationSet.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | argocd.applicationSet.name | string | `"applicationset-controller"` | ApplicationSet controller name string | +| argocd.applicationSet.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by ApplicationSet controller | | argocd.applicationSet.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | argocd.applicationSet.pdb.annotations | object | `{}` | Annotations to be added to ApplicationSet controller pdb | | argocd.applicationSet.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the ApplicationSet controller | @@ -137,6 +139,7 @@ A Helm chart for Kubernetes | argocd.commitServer.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account into the pod. | | argocd.commitServer.containerSecurityContext | object | See [values.yaml] | commit server container-level security context | | argocd.commitServer.deploymentAnnotations | object | `{}` | Annotations to be added to commit server Deployment | +| argocd.commitServer.deploymentLabels | object | `{}` | Labels for the commit server Deployment | | argocd.commitServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the commit server Deployment | | argocd.commitServer.dnsConfig | object | `{}` | [DNS configuration] | | argocd.commitServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for commit server pods | @@ -162,6 +165,7 @@ A Helm chart for Kubernetes | argocd.commitServer.metrics.service.servicePort | int | `8087` | Metrics service port | | argocd.commitServer.metrics.service.type | string | `"ClusterIP"` | Metrics service type | | argocd.commitServer.name | string | `"commit-server"` | Commit server name | +| argocd.commitServer.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by commit server | | argocd.commitServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | argocd.commitServer.podAnnotations | object | `{}` | Annotations for the commit server pods | | argocd.commitServer.podLabels | object | `{}` | Labels for the commit server pods | @@ -175,6 +179,8 @@ A Helm chart for Kubernetes | argocd.commitServer.runtimeClassName | string | `""` (defaults to global.runtimeClassName) | Runtime class name for the commit server | | argocd.commitServer.service.annotations | object | `{}` | commit server service annotations | | argocd.commitServer.service.labels | object | `{}` | commit server service labels | +| argocd.commitServer.service.port | int | `8086` | commit server service port | +| argocd.commitServer.service.portName | string | `"server"` | commit server service port name | | argocd.commitServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | argocd.commitServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | argocd.commitServer.serviceAccount.create | bool | `true` | Create commit server service account | @@ -220,6 +226,7 @@ A Helm chart for Kubernetes | argocd.configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | | argocd.configs.params."controller.status.processors" | int | `20` | Number of application status processors | | argocd.configs.params."controller.sync.timeout.seconds" | int | `0` | Specifies the timeout after which a sync would be terminated. 0 means no timeout | +| argocd.configs.params."hydrator.enabled" | bool | `false` | Enable the hydrator feature (hydrator is in Alpha phase) | | argocd.configs.params."otlp.address" | string | `""` | Open-Telemetry collector address: (e.g. "otel-collector:4317") | | argocd.configs.params."reposerver.parallelism.limit" | int | `0` | Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. | | argocd.configs.params."server.basehref" | string | `"/"` | Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / | @@ -268,6 +275,7 @@ A Helm chart for Kubernetes | argocd.controller.containerPorts.metrics | int | `8082` | Metrics container port | | argocd.controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | | argocd.controller.deploymentAnnotations | object | `{}` | Annotations for the application controller Deployment | +| argocd.controller.deploymentLabels | object | `{}` | Labels for the application controller Deployment | | argocd.controller.dnsConfig | object | `{}` | [DNS configuration] | | argocd.controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | | argocd.controller.dynamicClusterDistribution | bool | `false` | Enable dynamic cluster distribution (alpha) Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution # This is done using a deployment instead of a statefulSet # When replicas are added or removed, the sharding algorithm is re-run to ensure that the # clusters are distributed according to the algorithm. If the algorithm is well-balanced, # like round-robin, then the shards will be well-balanced. | @@ -311,6 +319,7 @@ A Helm chart for Kubernetes | argocd.controller.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | argocd.controller.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | argocd.controller.name | string | `"application-controller"` | Application controller name string | +| argocd.controller.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by application controller | | argocd.controller.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | argocd.controller.pdb.annotations | object | `{}` | Annotations to be added to application controller pdb | | argocd.controller.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the application controller | @@ -340,7 +349,7 @@ A Helm chart for Kubernetes | argocd.controller.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to the application controller # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment | | argocd.controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container | | argocd.controller.volumes | list | `[]` | Additional volumes to the application controller pod | -| argocd.crds.additionalLabels | object | `{}` | Addtional labels to be added to all CRDs | +| argocd.crds.additionalLabels | object | `{}` | Additional labels to be added to all CRDs | | argocd.crds.annotations | object | `{}` | Annotations to be added to all CRDs | | argocd.crds.install | bool | `true` | Install and upgrade CRDs | | argocd.crds.keep | bool | `true` | Keep CRDs on chart uninstall | @@ -359,6 +368,7 @@ A Helm chart for Kubernetes | argocd.dex.containerPorts.metrics | int | `5558` | Metrics container port | | argocd.dex.containerSecurityContext | object | See [values.yaml] | Dex container-level security context | | argocd.dex.deploymentAnnotations | object | `{}` | Annotations to be added to the Dex server Deployment | +| argocd.dex.deploymentLabels | object | `{}` | Labels for the Dex server Deployment | | argocd.dex.deploymentStrategy | object | `{}` | Deployment strategy to be added to the Dex server Deployment | | argocd.dex.dnsConfig | object | `{}` | [DNS configuration] | | argocd.dex.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Dex server pods | @@ -370,7 +380,7 @@ A Helm chart for Kubernetes | argocd.dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod # Note: Supports use of custom Helm templates | | argocd.dex.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Dex imagePullPolicy | | argocd.dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | -| argocd.dex.image.tag | string | `"v2.42.1"` | Dex image tag | +| argocd.dex.image.tag | string | `"v2.43.1"` | Dex image tag | | argocd.dex.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | argocd.dex.initContainers | list | `[]` | Init containers to add to the dex pod # Note: Supports use of custom Helm templates | | argocd.dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | @@ -402,6 +412,7 @@ A Helm chart for Kubernetes | argocd.dex.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | argocd.dex.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | argocd.dex.name | string | `"dex-server"` | Dex name | +| argocd.dex.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by Dex server | | argocd.dex.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | argocd.dex.pdb.annotations | object | `{}` | Annotations to be added to Dex server pdb | | argocd.dex.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Dex server | @@ -436,7 +447,7 @@ A Helm chart for Kubernetes | argocd.dex.topologySpreadConstraints | list | `[]` (defaults to global.topologySpreadConstraints) | Assign custom [TopologySpreadConstraints] rules to dex # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ # If labelSelector is left out, it will default to the labelSelector configuration of the deployment | | argocd.dex.volumeMounts | list | `[]` | Additional volumeMounts to the dex main container | | argocd.dex.volumes | list | `[]` | Additional volumes to the dex pod | -| argocd.externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. When it's set, the `externalRedis.password` parameter is ignored | +| argocd.externalRedis.existingSecret | string | `""` | The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials. When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored | | argocd.externalRedis.host | string | `""` | External Redis server host | | argocd.externalRedis.password | string | `""` | External Redis password | | argocd.externalRedis.port | int | `6379` | External Redis server port | @@ -451,6 +462,7 @@ A Helm chart for Kubernetes | argocd.global.affinity.podAntiAffinity | string | `"soft"` | Default pod anti-affinity rules. Either: `none`, `soft` or `hard` | | argocd.global.certificateAnnotations | object | `{}` | Annotations for the all deployed Certificates | | argocd.global.deploymentAnnotations | object | `{}` | Annotations for the all deployed Deployments | +| argocd.global.deploymentLabels | object | `{}` | Labels for the all deployed Deployments | | argocd.global.deploymentStrategy | object | `{}` | Deployment strategy for the all deployed Deployments | | argocd.global.domain | string | `"argocd.example.com"` | Default domain used by all components # Used for ingresses, certificates, SSO, notifications, etc. | | argocd.global.dualStack.ipFamilies | list | `[]` | IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. | @@ -487,6 +499,7 @@ A Helm chart for Kubernetes | argocd.notifications.containerSecurityContext | object | See [values.yaml] | Notification controller container-level security Context | | argocd.notifications.context | object | `{}` | Define user-defined context # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context | | argocd.notifications.deploymentAnnotations | object | `{}` | Annotations to be applied to the notifications controller Deployment | +| argocd.notifications.deploymentLabels | object | `{}` | Labels for the notifications controller Deployment | | argocd.notifications.deploymentStrategy | object | `{"type":"Recreate"}` | Deployment strategy to be added to the notifications controller Deployment | | argocd.notifications.dnsConfig | object | `{}` | [DNS configuration] | | argocd.notifications.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for notifications controller Pods | @@ -525,6 +538,7 @@ A Helm chart for Kubernetes | argocd.notifications.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | argocd.notifications.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | argocd.notifications.name | string | `"notifications-controller"` | Notifications controller name string | +| argocd.notifications.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by notifications controller | | argocd.notifications.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | argocd.notifications.notifiers | object | See [values.yaml] | Configures notification services such as slack, email or custom webhook # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ | | argocd.notifications.pdb.annotations | object | `{}` | Annotations to be added to notifications controller pdb | @@ -574,11 +588,12 @@ A Helm chart for Kubernetes | argocd.redis-ha.haproxy.containerSecurityContext | object | See [values.yaml] | HAProxy container-level security context | | argocd.redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | argocd.redis-ha.haproxy.hardAntiAffinity | bool | `true` | Whether the haproxy pods should be forced to run on separate nodes. | +| argocd.redis-ha.haproxy.image.repository | string | `"ecr-public.aws.com/docker/library/haproxy"` | HAProxy Image Repository | | argocd.redis-ha.haproxy.labels | object | `{"app.kubernetes.io/name":"argocd-redis-ha-haproxy"}` | Custom labels for the haproxy pod. This is relevant for Argo CD CLI. | | argocd.redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | | argocd.redis-ha.haproxy.tolerations | list | `[]` | [Tolerations] for use with node taints for haproxy pods. | | argocd.redis-ha.hardAntiAffinity | bool | `true` | Whether the Redis server pods should be forced to run on separate nodes. | -| argocd.redis-ha.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| argocd.redis-ha.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | argocd.redis-ha.image.tag | string | `"7.2.8-alpine"` | Redis tag # Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis | | argocd.redis-ha.persistentVolume.enabled | bool | `false` | Configures persistence on Redis nodes | | argocd.redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | @@ -596,6 +611,7 @@ A Helm chart for Kubernetes | argocd.redis.containerPorts.redis | int | `6379` | Redis container port | | argocd.redis.containerSecurityContext | object | See [values.yaml] | Redis container-level security context | | argocd.redis.deploymentAnnotations | object | `{}` | Annotations to be added to the Redis server Deployment | +| argocd.redis.deploymentLabels | object | `{}` | Labels for the Redis server Deployment | | argocd.redis.dnsConfig | object | `{}` | [DNS configuration] | | argocd.redis.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Redis server pods | | argocd.redis.enabled | bool | `true` | Enable redis | @@ -606,7 +622,7 @@ A Helm chart for Kubernetes | argocd.redis.exporter.env | list | `[]` | Environment variables to pass to the Redis exporter | | argocd.redis.exporter.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the redis-exporter | | argocd.redis.exporter.image.repository | string | `"ghcr.io/oliver006/redis_exporter"` | Repository to use for the redis-exporter | -| argocd.redis.exporter.image.tag | string | `"v1.71.0"` | Tag to use for the redis-exporter | +| argocd.redis.exporter.image.tag | string | `"v1.74.0"` | Tag to use for the redis-exporter | | argocd.redis.exporter.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Redis exporter | | argocd.redis.exporter.livenessProbe.failureThreshold | int | `5` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | | argocd.redis.exporter.livenessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before [probe] is initiated | @@ -623,7 +639,7 @@ A Helm chart for Kubernetes | argocd.redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | | argocd.redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod # Note: Supports use of custom Helm templates | | argocd.redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | -| argocd.redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | +| argocd.redis.image.repository | string | `"ecr-public.aws.com/docker/library/redis"` | Redis repository | | argocd.redis.image.tag | string | `"7.2.8-alpine"` | Redis tag # Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis | | argocd.redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | argocd.redis.initContainers | list | `[]` | Init containers to add to the redis pod # Note: Supports use of custom Helm templates | @@ -652,6 +668,7 @@ A Helm chart for Kubernetes | argocd.redis.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | argocd.redis.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | argocd.redis.name | string | `"redis"` | Redis name | +| argocd.redis.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by redis | | argocd.redis.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | argocd.redis.pdb.annotations | object | `{}` | Annotations to be added to Redis pdb | | argocd.redis.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Redis | @@ -723,6 +740,7 @@ A Helm chart for Kubernetes | argocd.repoServer.containerPorts.server | int | `8081` | Repo server container port | | argocd.repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | | argocd.repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | +| argocd.repoServer.deploymentLabels | object | `{}` | Labels for the repo server Deployment | | argocd.repoServer.deploymentStrategy | object | `{}` | Deployment strategy to be added to the repo server Deployment | | argocd.repoServer.dnsConfig | object | `{}` | [DNS configuration] | | argocd.repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | @@ -764,6 +782,7 @@ A Helm chart for Kubernetes | argocd.repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | argocd.repoServer.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | argocd.repoServer.name | string | `"repo-server"` | Repo server name | +| argocd.repoServer.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by repo server | | argocd.repoServer.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | argocd.repoServer.pdb.annotations | object | `{}` | Annotations to be added to repo server pdb | | argocd.repoServer.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the repo server | @@ -786,6 +805,7 @@ A Helm chart for Kubernetes | argocd.repoServer.service.labels | object | `{}` | Repo server service labels | | argocd.repoServer.service.port | int | `8081` | Repo server service port | | argocd.repoServer.service.portName | string | `"tcp-repo-server"` | Repo server service port name | +| argocd.repoServer.service.trafficDistribution | string | `""` | Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy. | | argocd.repoServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | | argocd.repoServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | | argocd.repoServer.serviceAccount.create | bool | `true` | Create repo server service account | @@ -832,6 +852,7 @@ A Helm chart for Kubernetes | argocd.server.containerPorts.server | int | `8080` | Server container port | | argocd.server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | | argocd.server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | +| argocd.server.deploymentLabels | object | `{}` | Labels for the server Deployment | | argocd.server.deploymentStrategy | object | `{}` | Deployment strategy to be added to the server Deployment | | argocd.server.dnsConfig | object | `{}` | [DNS configuration] | | argocd.server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | @@ -910,6 +931,7 @@ A Helm chart for Kubernetes | argocd.server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | | argocd.server.metrics.serviceMonitor.tlsConfig | object | `{}` | Prometheus ServiceMonitor tlsConfig | | argocd.server.name | string | `"server"` | Argo CD server name | +| argocd.server.networkPolicy.create | bool | `false` (defaults to global.networkPolicy.create) | Default network policy rules used by ArgoCD Server | | argocd.server.nodeSelector | object | `{}` (defaults to global.nodeSelector) | [Node selector] | | argocd.server.pdb.annotations | object | `{}` | Annotations to be added to Argo CD server pdb | | argocd.server.pdb.enabled | bool | `false` | Deploy a [PodDisruptionBudget] for the Argo CD server | @@ -989,7 +1011,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.3" + targetRevision: "0.1.4" chart: argocd path: '' helm: diff --git a/charts/argocd/charts/argo-cd-8.0.1.tgz b/charts/argocd/charts/argo-cd-8.0.1.tgz deleted file mode 100644 index cd15af30..00000000 Binary files a/charts/argocd/charts/argo-cd-8.0.1.tgz and /dev/null differ diff --git a/charts/argocd/charts/argo-cd-8.2.4.tgz b/charts/argocd/charts/argo-cd-8.2.4.tgz new file mode 100644 index 00000000..1cd12d1b Binary files /dev/null and b/charts/argocd/charts/argo-cd-8.2.4.tgz differ diff --git a/charts/argocd/values.yaml b/charts/argocd/values.yaml index 25e7fd2f..92e561b2 100644 --- a/charts/argocd/values.yaml +++ b/charts/argocd/values.yaml @@ -54,7 +54,7 @@ argocd: keep: true # -- Annotations to be added to all CRDs annotations: {} - # -- Addtional labels to be added to all CRDs + # -- Additional labels to be added to all CRDs additionalLabels: {} ## Globally shared configuration @@ -98,6 +98,9 @@ argocd: # -- Annotations for the all deployed Deployments deploymentAnnotations: {} + # -- Labels for the all deployed Deployments + deploymentLabels: {} + # -- Annotations for the all deployed pods podAnnotations: {} @@ -438,6 +441,8 @@ argocd: server.enable.gzip: true # -- Enable proxy extension feature. (proxy extension is in Alpha phase) server.enable.proxy.extension: false + # -- Enable the hydrator feature (hydrator is in Alpha phase) + hydrator.enabled: false # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". server.x.frame.options: sameorigin @@ -906,6 +911,9 @@ argocd: # -- Annotations for the application controller Deployment deploymentAnnotations: {} + # -- Labels for the application controller Deployment + deploymentLabels: {} + # -- Annotations to be added to application controller pods podAnnotations: {} @@ -1101,6 +1109,12 @@ argocd: # -- List of custom rules for the application controller's ClusterRole resource rules: [] + # Default application controller's network policy + networkPolicy: + # -- Default network policy rules used by application controller + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + ## Dex dex: # -- Enable dex @@ -1172,7 +1186,7 @@ argocd: # -- Dex image repository repository: ghcr.io/dexidp/dex # -- Dex image tag - tag: v2.42.1 + tag: v2.43.1 # -- Dex imagePullPolicy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1254,6 +1268,9 @@ argocd: # -- Annotations to be added to the Dex server Deployment deploymentAnnotations: {} + # -- Labels for the Dex server Deployment + deploymentLabels: {} + # -- Annotations to be added to the Dex server pods podAnnotations: {} @@ -1397,6 +1414,12 @@ argocd: # maxSurge: 25% # maxUnavailable: 25% + # Default Dex server's network policy + networkPolicy: + # -- Default network policy rules used by Dex server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + # DEPRECATED - Use configs.params to override # -- Dex log format. Either `text` or `json` # @default -- `""` (defaults to global.logging.format) @@ -1435,7 +1458,7 @@ argocd: ## Redis image image: # -- Redis repository - repository: public.ecr.aws/docker/library/redis + repository: ecr-public.aws.com/docker/library/redis # -- Redis tag ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis tag: 7.2.8-alpine @@ -1454,7 +1477,7 @@ argocd: # -- Repository to use for the redis-exporter repository: ghcr.io/oliver006/redis_exporter # -- Tag to use for the redis-exporter - tag: v1.71.0 + tag: v1.74.0 # -- Image pull policy for the redis-exporter # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1575,6 +1598,9 @@ argocd: # -- Annotations to be added to the Redis server Deployment deploymentAnnotations: {} + # -- Labels for the Redis server Deployment + deploymentLabels: {} + # -- Annotations to be added to the Redis server pods podAnnotations: {} @@ -1714,6 +1740,12 @@ argocd: # -- Prometheus ServiceMonitor annotations annotations: {} + # Default redis's network policy + networkPolicy: + # -- Default network policy rules used by redis + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + ## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true` # Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml redis-ha: @@ -1722,7 +1754,7 @@ argocd: ## Redis image image: # -- Redis repository - repository: public.ecr.aws/docker/library/redis + repository: ecr-public.aws.com/docker/library/redis # -- Redis tag ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis tag: 7.2.8-alpine @@ -1754,6 +1786,9 @@ argocd: # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI. labels: app.kubernetes.io/name: argocd-redis-ha-haproxy + image: + # -- HAProxy Image Repository + repository: ecr-public.aws.com/docker/library/haproxy metrics: # -- HAProxy enable prometheus metric scraping enabled: true @@ -1818,8 +1853,8 @@ argocd: password: "" # -- External Redis server port port: 6379 - # -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials. - # When it's set, the `externalRedis.password` parameter is ignored + # -- The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials. + # When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored existingSecret: "" # -- External Redis Secret annotations secretAnnotations: {} @@ -2107,6 +2142,9 @@ argocd: # -- Annotations to be added to server Deployment deploymentAnnotations: {} + # -- Labels for the server Deployment + deploymentLabels: {} + # -- Annotations to be added to server pods podAnnotations: {} @@ -2574,6 +2612,12 @@ argocd: # -- List of custom rules for the server's ClusterRole resource rules: [] + # Default ArgoCD Server's network policy + networkPolicy: + # -- Default network policy rules used by ArgoCD Server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + ## Repo Server repoServer: # -- Repo server name @@ -2755,6 +2799,9 @@ argocd: # -- Annotations to be added to repo server Deployment deploymentAnnotations: {} + # -- Labels for the repo server Deployment + deploymentLabels: {} + # -- Annotations to be added to repo server pods podAnnotations: {} @@ -2885,6 +2932,8 @@ argocd: port: 8081 # -- Repo server service port name portName: tcp-repo-server + # -- Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy. + trafficDistribution: "" ## Repo server metrics service configuration metrics: @@ -2968,6 +3017,12 @@ argocd: # - list # - watch + # Default repo server's network policy + networkPolicy: + # -- Default network policy rules used by repo server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + ## ApplicationSet controller applicationSet: # -- ApplicationSet controller name string @@ -3125,6 +3180,9 @@ argocd: # -- Annotations to be added to ApplicationSet controller Deployment deploymentAnnotations: {} + # -- Labels for the ApplicationSet controller Deployment + deploymentLabels: {} + # -- Annotations for the ApplicationSet controller pods podAnnotations: {} @@ -3337,6 +3395,13 @@ argocd: # - argocd-applicationset.example.com # -- Enable ApplicationSet in any namespace feature allowAnyNamespace: false + + # Default ApplicationSet controller's network policy + networkPolicy: + # -- Default network policy rules used by ApplicationSet controller + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + ## Notifications controller notifications: # -- Enable notifications controller @@ -3507,6 +3572,9 @@ argocd: # -- Annotations to be applied to the notifications controller Deployment deploymentAnnotations: {} + # -- Labels for the notifications controller Deployment + deploymentLabels: {} + # -- Annotations to be applied to the notifications controller Pods podAnnotations: {} @@ -3903,6 +3971,12 @@ argocd: # defaultTriggers: | # - on-sync-status-unknown + # Default notifications controller's network policy + networkPolicy: + # -- Default network policy rules used by notifications controller + # @default -- `false` (defaults to global.networkPolicy.create) + create: false + commitServer: # -- Enable commit server enabled: false @@ -3971,6 +4045,10 @@ argocd: annotations: {} # -- commit server service labels labels: {} + # -- commit server service port + port: 8086 + # -- commit server service port name + portName: server # -- Automount API credentials for the Service Account into the pod. automountServiceAccountToken: false @@ -3990,6 +4068,9 @@ argocd: # -- Annotations to be added to commit server Deployment deploymentAnnotations: {} + # -- Labels for the commit server Deployment + deploymentLabels: {} + # -- Annotations for the commit server pods podAnnotations: {} @@ -4082,3 +4163,9 @@ argocd: # -- Priority class for the commit server pods # @default -- `""` (defaults to global.priorityClassName) priorityClassName: "" + + # Default commit server's network policy + networkPolicy: + # -- Default network policy rules used by commit server + # @default -- `false` (defaults to global.networkPolicy.create) + create: false diff --git a/charts/cert-manager/Chart.lock b/charts/cert-manager/Chart.lock index ba361324..7342706e 100644 --- a/charts/cert-manager/Chart.lock +++ b/charts/cert-manager/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: cert-manager repository: https://charts.jetstack.io - version: v1.17.2 + version: v1.18.2 - name: gcp-workload-identity repository: https://edixos.github.io/ekp-helm version: 0.1.1 - name: gcp-iam-policy-members repository: https://edixos.github.io/ekp-helm version: 0.1.2 -digest: sha256:332d9476ee0ae270e6ab49c0a8474c4a9ded472b0198920ab2f457119509c2f8 -generated: "2025-05-07T10:23:12.154607043Z" +digest: sha256:5b9e199c6d408c50b7c9c75a3190622da366f47070192f6bade462ea79400e8a +generated: "2025-07-30T10:27:53.271641326Z" diff --git a/charts/cert-manager/Chart.yaml b/charts/cert-manager/Chart.yaml index e45f8d04..565e51ec 100644 --- a/charts/cert-manager/Chart.yaml +++ b/charts/cert-manager/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: cert-manager description: A Helm chart for cert-manager type: application -version: 0.1.3 +version: 0.1.4 appVersion: "1.17.1" maintainers: - name: wiemaouadi @@ -13,7 +13,7 @@ maintainers: url: https://github.com/smileisak dependencies: - name: cert-manager - version: "v1.17.2" + version: "v1.18.2" repository: "https://charts.jetstack.io" alias: certmanager - name: gcp-workload-identity diff --git a/charts/cert-manager/README.md b/charts/cert-manager/README.md index 3e99aee1..bc3e6065 100644 --- a/charts/cert-manager/README.md +++ b/charts/cert-manager/README.md @@ -1,6 +1,6 @@ # cert-manager -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.17.1](https://img.shields.io/badge/AppVersion-1.17.1-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.17.1](https://img.shields.io/badge/AppVersion-1.17.1-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://charts.jetstack.io | certmanager(cert-manager) | v1.17.2 | +| https://charts.jetstack.io | certmanager(cert-manager) | v1.18.2 | | https://edixos.github.io/ekp-helm | iamPolicyMembers(gcp-iam-policy-members) | 0.1.2 | | https://edixos.github.io/ekp-helm | workloadIdentity(gcp-workload-identity) | 0.1.1 | @@ -124,7 +124,7 @@ A Helm chart for cert-manager | certmanager.prometheus.servicemonitor.path | string | `"/metrics"` | | | certmanager.prometheus.servicemonitor.prometheusInstance | string | `"default"` | | | certmanager.prometheus.servicemonitor.scrapeTimeout | string | `"30s"` | | -| certmanager.prometheus.servicemonitor.targetPort | int | `9402` | | +| certmanager.prometheus.servicemonitor.targetPort | string | `"http-metrics"` | | | certmanager.replicaCount | int | `1` | | | certmanager.resources | object | `{}` | | | certmanager.securityContext.runAsNonRoot | bool | `true` | | @@ -273,7 +273,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.3" + targetRevision: "0.1.4" chart: cert-manager path: '' helm: diff --git a/charts/cert-manager/charts/cert-manager-v1.17.2.tgz b/charts/cert-manager/charts/cert-manager-v1.17.2.tgz deleted file mode 100644 index 770113d1..00000000 Binary files a/charts/cert-manager/charts/cert-manager-v1.17.2.tgz and /dev/null differ diff --git a/charts/cert-manager/charts/cert-manager-v1.18.2.tgz b/charts/cert-manager/charts/cert-manager-v1.18.2.tgz new file mode 100644 index 00000000..6560ee51 Binary files /dev/null and b/charts/cert-manager/charts/cert-manager-v1.18.2.tgz differ diff --git a/charts/cert-manager/values.yaml b/charts/cert-manager/values.yaml index 8d554e22..549c6dd0 100644 --- a/charts/cert-manager/values.yaml +++ b/charts/cert-manager/values.yaml @@ -134,14 +134,14 @@ certmanager: enabled: false # This configures the minimum available pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # It cannot be used if `maxUnavailable` is set. # +docs:property # +docs:type=unknown # minAvailable: 1 # This configures the maximum unavailable pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # it cannot be used if `minAvailable` is set. # +docs:property # +docs:type=unknown @@ -193,7 +193,7 @@ certmanager: # Override the "cert-manager.name" value, which is used to annotate some of # the resources that are created by this Chart (using "app.kubernetes.io/name"). # NOTE: There are some inconsistencies in the Helm chart when it comes to - # these annotations (some resources use eg. "cainjector.name" which resolves + # these annotations (some resources use, e.g., "cainjector.name" which resolves # to the value "cainjector"). # +docs:property # nameOverride: "my-cert-manager" @@ -248,10 +248,10 @@ certmanager: # kubernetesAPIBurst: 9000 # numberOfConcurrentWorkers: 200 # enableGatewayAPI: true - # # Feature gates as of v1.17.0. Listed with their default values. + # # Feature gates as of v1.18.1. Listed with their default values. # # See https://cert-manager.io/docs/cli/controller/ # featureGates: - # AdditionalCertificateOutputFormats: true # BETA - default=true + # AdditionalCertificateOutputFormats: true # GA - default=true # AllAlpha: false # ALPHA - default=false # AllBeta: false # BETA - default=false # ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false @@ -263,8 +263,10 @@ certmanager: # ServerSideApply: false # ALPHA - default=false # StableCertificateRequestName: true # BETA - default=true # UseCertificateRequestBasicConstraints: false # ALPHA - default=false - # UseDomainQualifiedFinalizer: true # BETA - default=false + # UseDomainQualifiedFinalizer: true # GA - default=true # ValidateCAA: false # ALPHA - default=false + # DefaultPrivateKeyRotationPolicyAlways: true # BETA - default=true + # ACMEHTTP01IngressPathTypeExact: true # BETA - default=true # # Configure the metrics server for TLS # # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls # metricsTLSConfig: @@ -295,7 +297,7 @@ certmanager: # referencing these signer names will be auto-approved by cert-manager. Defaults to just # approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty # array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, - # because eg. you are using approver-policy, you can enable 'disableAutoApproval'. + # because, e.g., you are using approver-policy, you can enable 'disableAutoApproval'. # ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval # +docs:property approveSignerNames: @@ -519,7 +521,7 @@ certmanager: # ServiceMonitor resource. # Otherwise, 'prometheus.io' annotations are added to the cert-manager and # cert-manager-webhook Deployments. - # Note that you can not enable both PodMonitor and ServiceMonitor as they are + # Note that you cannot enable both PodMonitor and ServiceMonitor as they are # mutually exclusive. Enabling both will result in an error. enabled: true @@ -539,7 +541,8 @@ certmanager: # The target port to set on the ServiceMonitor. This must match the port that the # cert-manager controller is listening on for metrics. - targetPort: 9402 + # +docs:type=string,integer + targetPort: http-metrics # The path to scrape for metrics. path: /metrics @@ -573,7 +576,7 @@ certmanager: # +docs:property endpointAdditionalProperties: {} - # Note that you can not enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in an error. + # Note that you cannot enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in an error. podmonitor: # Create a PodMonitor to add cert-manager to Prometheus. enabled: false @@ -723,14 +726,14 @@ certmanager: enabled: false # This property configures the minimum available pods for disruptions. Can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # It cannot be used if `maxUnavailable` is set. # +docs:property # +docs:type=unknown # minAvailable: 1 # This property configures the maximum unavailable pods for disruptions. Can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # It cannot be used if `minAvailable` is set. # +docs:property # +docs:type=unknown @@ -1090,14 +1093,14 @@ certmanager: enabled: false # `minAvailable` configures the minimum available pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # Cannot be used if `maxUnavailable` is set. # +docs:property # +docs:type=unknown # minAvailable: 1 # `maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). + # an integer (e.g., 1) or a percentage value (e.g., 25%). # Cannot be used if `minAvailable` is set. # +docs:property # +docs:type=unknown diff --git a/charts/eso/Chart.lock b/charts/eso/Chart.lock index 5be1b4bf..ef2cdf6d 100644 --- a/charts/eso/Chart.lock +++ b/charts/eso/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: external-secrets repository: https://charts.external-secrets.io - version: 0.16.2 -digest: sha256:94cbf896c19437687c2804fc14c7937cd9b12f6d70cc32b1a78aa323777580cb -generated: "2025-05-14T10:23:28.800416977Z" + version: 0.18.2 +digest: sha256:f097aac1c4afcfb03e1f6e59a7ca63f0452eadb553cfd3d9bda0d90c12d315a9 +generated: "2025-07-30T10:25:44.8842411Z" diff --git a/charts/eso/Chart.yaml b/charts/eso/Chart.yaml index 31b9c963..3ad3eecb 100644 --- a/charts/eso/Chart.yaml +++ b/charts/eso/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: eso description: A Helm chart ESO for Kubernetes type: application -version: 0.1.4 +version: 0.1.5 appVersion: "0.14.2" dependencies: - name: external-secrets - version: 0.16.2 + version: 0.18.2 repository: https://charts.external-secrets.io alias: eso maintainers: diff --git a/charts/eso/README.md b/charts/eso/README.md index fb6aba26..93d683d4 100644 --- a/charts/eso/README.md +++ b/charts/eso/README.md @@ -1,6 +1,6 @@ # eso -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.2](https://img.shields.io/badge/AppVersion-0.14.2-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.2](https://img.shields.io/badge/AppVersion-0.14.2-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://charts.external-secrets.io | eso(external-secrets) | 0.16.2 | +| https://charts.external-secrets.io | eso(external-secrets) | 0.18.2 | ## Maintainers @@ -30,6 +30,7 @@ A Helm chart ESO for Kubernetes |-----|------|---------|-------------| | eso.affinity | object | `{}` | | | eso.bitwarden-sdk-server.enabled | bool | `false` | | +| eso.bitwarden-sdk-server.namespaceOverride | string | `""` | | | eso.certController.affinity | object | `{}` | | | eso.certController.create | bool | `true` | Specifies whether a certificate controller deployment be created. | | eso.certController.deploymentAnnotations | object | `{}` | Annotations to add to Deployment | @@ -266,7 +267,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.4" + targetRevision: "0.1.5" chart: eso path: '' diff --git a/charts/eso/charts/external-secrets-0.16.2.tgz b/charts/eso/charts/external-secrets-0.16.2.tgz deleted file mode 100644 index 110c6b39..00000000 Binary files a/charts/eso/charts/external-secrets-0.16.2.tgz and /dev/null differ diff --git a/charts/eso/charts/external-secrets-0.18.2.tgz b/charts/eso/charts/external-secrets-0.18.2.tgz new file mode 100644 index 00000000..2aacf7ba Binary files /dev/null and b/charts/eso/charts/external-secrets-0.18.2.tgz differ diff --git a/charts/eso/values.yaml b/charts/eso/values.yaml index 328a4aa0..11e9c51e 100644 --- a/charts/eso/values.yaml +++ b/charts/eso/values.yaml @@ -33,6 +33,7 @@ eso: bitwarden-sdk-server: enabled: false + namespaceOverride: "" # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) revisionHistoryLimit: 10 @@ -281,8 +282,8 @@ eso: # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 + minAvailable: 1 # @schema type:[integer, string] + # maxUnavailable: "50%" # -- Run the controller on the host network hostNetwork: false @@ -389,8 +390,8 @@ eso: # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 + minAvailable: 1 # @schema type:[integer, string] + # maxUnavailable: "50%" metrics: @@ -525,8 +526,8 @@ eso: # -- Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ podDisruptionBudget: enabled: false - minAvailable: 1 - # maxUnavailable: 1 + minAvailable: 1 # @schema type:[integer, string] + # maxUnavailable: "50%" metrics: diff --git a/charts/ingress-nginx/Chart.lock b/charts/ingress-nginx/Chart.lock index 17b9b6c0..c79741be 100644 --- a/charts/ingress-nginx/Chart.lock +++ b/charts/ingress-nginx/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx - version: 4.12.2 -digest: sha256:b58107199720c48a5d00da482ca4cfef20f3971db28ac19aa2158d8f3ee70158 -generated: "2025-05-07T10:25:43.915827482Z" + version: 4.13.0 +digest: sha256:b321bb4104086ce58d364c2545191a26df2b234002b5bac7094e9f2790cbf1f8 +generated: "2025-07-30T10:26:32.7331545Z" diff --git a/charts/ingress-nginx/Chart.yaml b/charts/ingress-nginx/Chart.yaml index dd3bf33f..5863a132 100644 --- a/charts/ingress-nginx/Chart.yaml +++ b/charts/ingress-nginx/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ingress-nginx description: A Helm chart for Kubernetes type: application -version: 0.1.3 +version: 0.1.4 appVersion: "1.12.1" maintainers: - name: ilyasabdellaoui @@ -10,6 +10,6 @@ maintainers: url: https://github.com/ilyasabdellaoui dependencies: - name: ingress-nginx - version: 4.12.2 + version: 4.13.0 repository: "https://kubernetes.github.io/ingress-nginx" alias: ingressNginx diff --git a/charts/ingress-nginx/README.md b/charts/ingress-nginx/README.md index 8f5d6dbb..107eb9ef 100644 --- a/charts/ingress-nginx/README.md +++ b/charts/ingress-nginx/README.md @@ -1,6 +1,6 @@ # ingress-nginx -![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.1](https://img.shields.io/badge/AppVersion-1.12.1-informational?style=flat-square) +![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.1](https://img.shields.io/badge/AppVersion-1.12.1-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://kubernetes.github.io/ingress-nginx | ingressNginx(ingress-nginx) | 4.12.2 | +| https://kubernetes.github.io/ingress-nginx | ingressNginx(ingress-nginx) | 4.13.0 | ## Maintainers @@ -31,9 +31,12 @@ A Helm chart for Kubernetes | ingressNginx.controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers | | ingressNginx.controller.admissionWebhooks.annotations | object | `{}` | | | ingressNginx.controller.admissionWebhooks.certManager.admissionCert.duration | string | `""` | | +| ingressNginx.controller.admissionWebhooks.certManager.admissionCert.revisionHistoryLimit | int | `0` | Revision history limit of the webhook certificate. Ref.: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec | | ingressNginx.controller.admissionWebhooks.certManager.enabled | bool | `false` | | | ingressNginx.controller.admissionWebhooks.certManager.rootCert.duration | string | `""` | | +| ingressNginx.controller.admissionWebhooks.certManager.rootCert.revisionHistoryLimit | int | `0` | Revision history limit of the root certificate. Ref.: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec | | ingressNginx.controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | | +| ingressNginx.controller.admissionWebhooks.createSecretJob.activeDeadlineSeconds | int | `0` | Deadline in seconds for the job to complete. Must be greater than 0 to enforce. If unset or 0, no deadline is enforced. | | ingressNginx.controller.admissionWebhooks.createSecretJob.name | string | `"create"` | | | ingressNginx.controller.admissionWebhooks.createSecretJob.resources | object | `{}` | | | ingressNginx.controller.admissionWebhooks.createSecretJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for secret creation containers | @@ -46,10 +49,10 @@ A Helm chart for Kubernetes | ingressNginx.controller.admissionWebhooks.namespaceSelector | object | `{}` | | | ingressNginx.controller.admissionWebhooks.objectSelector | object | `{}` | | | ingressNginx.controller.admissionWebhooks.patch.enabled | bool | `true` | | -| ingressNginx.controller.admissionWebhooks.patch.image.digest | string | `"sha256:2cf4ebfa82a37c357455458f6dfc334aea1392d508270b2517795a9933a02524"` | | +| ingressNginx.controller.admissionWebhooks.patch.image.digest | string | `"sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb"` | | | ingressNginx.controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | ingressNginx.controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | -| ingressNginx.controller.admissionWebhooks.patch.image.tag | string | `"v1.5.3"` | | +| ingressNginx.controller.admissionWebhooks.patch.image.tag | string | `"v1.6.0"` | | | ingressNginx.controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | ingressNginx.controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | ingressNginx.controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | @@ -57,12 +60,14 @@ A Helm chart for Kubernetes | ingressNginx.controller.admissionWebhooks.patch.priorityClassName | string | `""` | Provide a priority class name to the webhook patching job # | | ingressNginx.controller.admissionWebhooks.patch.rbac | object | `{"create":true}` | Admission webhook patch job RBAC | | ingressNginx.controller.admissionWebhooks.patch.rbac.create | bool | `true` | Create RBAC or not | +| ingressNginx.controller.admissionWebhooks.patch.runtimeClassName | string | `""` | Instruct the kubelet to use the named RuntimeClass to run the pod | | ingressNginx.controller.admissionWebhooks.patch.securityContext | object | `{}` | Security context for secret creation & webhook patch pods | | ingressNginx.controller.admissionWebhooks.patch.serviceAccount | object | `{"automountServiceAccountToken":true,"create":true,"name":""}` | Admission webhook patch job service account | | ingressNginx.controller.admissionWebhooks.patch.serviceAccount.automountServiceAccountToken | bool | `true` | Auto-mount service account token or not | | ingressNginx.controller.admissionWebhooks.patch.serviceAccount.create | bool | `true` | Create a service account or not | | ingressNginx.controller.admissionWebhooks.patch.serviceAccount.name | string | `""` | Custom service account name | | ingressNginx.controller.admissionWebhooks.patch.tolerations | list | `[]` | | +| ingressNginx.controller.admissionWebhooks.patchWebhookJob.activeDeadlineSeconds | int | `0` | Deadline in seconds for the job to complete. Must be greater than 0 to enforce. If unset or 0, no deadline is enforced. | | ingressNginx.controller.admissionWebhooks.patchWebhookJob.name | string | `"patch"` | | | ingressNginx.controller.admissionWebhooks.patchWebhookJob.resources | object | `{}` | | | ingressNginx.controller.admissionWebhooks.patchWebhookJob.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for webhook patch containers | @@ -116,8 +121,8 @@ A Helm chart for Kubernetes | ingressNginx.controller.hostname | object | `{}` | Optionally customize the pod hostname. | | ingressNginx.controller.image.allowPrivilegeEscalation | bool | `false` | | | ingressNginx.controller.image.chroot | bool | `false` | | -| ingressNginx.controller.image.digest | string | `"sha256:03497ee984628e95eca9b2279e3f3a3c1685dd48635479e627d219f00c8eefa9"` | | -| ingressNginx.controller.image.digestChroot | string | `"sha256:a697e2bfa419768315250d079ccbbca45f6099c60057769702b912d20897a574"` | | +| ingressNginx.controller.image.digest | string | `"sha256:dc75a7baec7a3b827a5d7ab0acd10ab507904c7dad692365b3e3b596eca1afd2"` | | +| ingressNginx.controller.image.digestChroot | string | `"sha256:af6264394cfa61d21f644d87372823064804e64de737b0747e86c86348b29c9f"` | | | ingressNginx.controller.image.image | string | `"ingress-nginx/controller"` | | | ingressNginx.controller.image.pullPolicy | string | `"IfNotPresent"` | | | ingressNginx.controller.image.readOnlyRootFilesystem | bool | `false` | | @@ -125,7 +130,7 @@ A Helm chart for Kubernetes | ingressNginx.controller.image.runAsNonRoot | bool | `true` | | | ingressNginx.controller.image.runAsUser | int | `101` | This value must not be changed using the official image. uid=101(www-data) gid=82(www-data) groups=82(www-data) | | ingressNginx.controller.image.seccompProfile.type | string | `"RuntimeDefault"` | | -| ingressNginx.controller.image.tag | string | `"v1.12.2"` | | +| ingressNginx.controller.image.tag | string | `"v1.13.0"` | | | ingressNginx.controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | ingressNginx.controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | ingressNginx.controller.ingressClassResource | object | `{"aliases":[],"annotations":{},"controllerValue":"k8s.io/ingress-nginx","default":false,"enabled":true,"name":"nginx","parameters":{}}` | This section refers to the creation of the IngressClass resource. IngressClasses are immutable and cannot be changed after creation. We do not support namespaced IngressClasses, yet, so a ClusterRole and a ClusterRoleBinding is required. | @@ -175,12 +180,17 @@ A Helm chart for Kubernetes | ingressNginx.controller.metrics.serviceMonitor.additionalLabels | object | `{}` | | | ingressNginx.controller.metrics.serviceMonitor.annotations | object | `{}` | Annotations to be added to the ServiceMonitor. | | ingressNginx.controller.metrics.serviceMonitor.enabled | bool | `false` | | +| ingressNginx.controller.metrics.serviceMonitor.labelLimit | int | `0` | Per-scrape limit on number of labels that will be accepted for a sample. | +| ingressNginx.controller.metrics.serviceMonitor.labelNameLengthLimit | int | `0` | Per-scrape limit on length of labels name that will be accepted for a sample. | +| ingressNginx.controller.metrics.serviceMonitor.labelValueLengthLimit | int | `0` | Per-scrape limit on length of labels value that will be accepted for a sample. | | ingressNginx.controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | | | ingressNginx.controller.metrics.serviceMonitor.namespace | string | `""` | | | ingressNginx.controller.metrics.serviceMonitor.namespaceSelector | object | `{}` | | | ingressNginx.controller.metrics.serviceMonitor.relabelings | list | `[]` | | +| ingressNginx.controller.metrics.serviceMonitor.sampleLimit | int | `0` | Defines a per-scrape limit on the number of scraped samples that will be accepted. | | ingressNginx.controller.metrics.serviceMonitor.scrapeInterval | string | `"30s"` | | | ingressNginx.controller.metrics.serviceMonitor.targetLabels | list | `[]` | | +| ingressNginx.controller.metrics.serviceMonitor.targetLimit | int | `0` | Defines a limit on the number of scraped targets that will be accepted. | | ingressNginx.controller.minAvailable | int | `1` | Minimum available pods set in PodDisruptionBudget. Define either 'minAvailable' or 'maxUnavailable', never both. | | ingressNginx.controller.minReadySeconds | int | `0` | `minReadySeconds` to avoid killing pods before we are ready # | | ingressNginx.controller.name | string | `"controller"` | | @@ -207,26 +217,31 @@ A Helm chart for Kubernetes | ingressNginx.controller.reportNodeInternalIp | bool | `false` | Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply | | ingressNginx.controller.resources.requests.cpu | string | `"100m"` | | | ingressNginx.controller.resources.requests.memory | string | `"90Mi"` | | +| ingressNginx.controller.runtimeClassName | string | `""` | Instruct the kubelet to use the named RuntimeClass to run the pod | | ingressNginx.controller.scope.enabled | bool | `false` | Enable 'scope' or not | | ingressNginx.controller.scope.namespace | string | `""` | Namespace to limit the controller to; defaults to $(POD_NAMESPACE) | | ingressNginx.controller.scope.namespaceSelector | string | `""` | When scope.enabled == false, instead of watching all namespaces, we watching namespaces whose labels only match with namespaceSelector. Format like foo=bar. Defaults to empty, means watching all namespaces. | | ingressNginx.controller.service.annotations | object | `{}` | Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. | | ingressNginx.controller.service.appProtocol | bool | `true` | Declare the app protocol of the external HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol | | ingressNginx.controller.service.clusterIP | string | `""` | Pre-defined cluster internal IP address of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | +| ingressNginx.controller.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | | ingressNginx.controller.service.enableHttp | bool | `true` | Enable the HTTP listener on both controller services or not. | | ingressNginx.controller.service.enableHttps | bool | `true` | Enable the HTTPS listener on both controller services or not. | | ingressNginx.controller.service.enabled | bool | `true` | Enable controller services or not. This does not influence the creation of either the admission webhook or the metrics service. | | ingressNginx.controller.service.external.enabled | bool | `true` | Enable the external controller service or not. Useful for internal-only deployments. | +| ingressNginx.controller.service.external.labels | object | `{}` | Labels to be added to the external controller service. | | ingressNginx.controller.service.externalIPs | list | `[]` | List of node IP addresses at which the external controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips | | ingressNginx.controller.service.externalTrafficPolicy | string | `""` | External traffic policy of the external controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | | ingressNginx.controller.service.internal.annotations | object | `{}` | Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer | | ingressNginx.controller.service.internal.appProtocol | bool | `true` | Declare the app protocol of the internal HTTP and HTTPS listeners or not. Supersedes provider-specific annotations for declaring the backend protocol. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol | | ingressNginx.controller.service.internal.clusterIP | string | `""` | Pre-defined cluster internal IP address of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | +| ingressNginx.controller.service.internal.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the internal controller service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | | ingressNginx.controller.service.internal.enabled | bool | `false` | Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. | | ingressNginx.controller.service.internal.externalIPs | list | `[]` | List of node IP addresses at which the internal controller service is available. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips | | ingressNginx.controller.service.internal.externalTrafficPolicy | string | `""` | External traffic policy of the internal controller service. Set to "Local" to preserve source IP on providers supporting it. Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip | | ingressNginx.controller.service.internal.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the internal controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | | ingressNginx.controller.service.internal.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | +| ingressNginx.controller.service.internal.labels | object | `{}` | Labels to be added to the internal controller service. | | ingressNginx.controller.service.internal.loadBalancerClass | string | `""` | Load balancer class of the internal controller service. Used by cloud providers to select a load balancer implementation other than the cloud provider default. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class | | ingressNginx.controller.service.internal.loadBalancerIP | string | `""` | Deprecated: Pre-defined IP address of the internal controller service. Used by cloud providers to connect the resulting load balancer service to a pre-existing static IP. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer | | ingressNginx.controller.service.internal.loadBalancerSourceRanges | list | `[]` | Restrict access to the internal controller service. Values must be CIDRs. Allows any source address by default. | @@ -237,6 +252,7 @@ A Helm chart for Kubernetes | ingressNginx.controller.service.internal.ports | object | `{}` | | | ingressNginx.controller.service.internal.sessionAffinity | string | `""` | Session affinity of the internal controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | | ingressNginx.controller.service.internal.targetPorts | object | `{}` | | +| ingressNginx.controller.service.internal.trafficDistribution | string | `""` | Traffic distribution policy of the internal controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution | | ingressNginx.controller.service.internal.type | string | `""` | Type of the internal controller service. Defaults to the value of `controller.service.type`. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | | ingressNginx.controller.service.ipFamilies | list | `["IPv4"]` | List of IP families (e.g. IPv4, IPv6) assigned to the external controller service. This field is usually assigned automatically based on cluster configuration and the `ipFamilyPolicy` field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | | ingressNginx.controller.service.ipFamilyPolicy | string | `"SingleStack"` | Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. Fields `ipFamilies` and `clusterIP` depend on the value of this field. Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services | @@ -253,6 +269,7 @@ A Helm chart for Kubernetes | ingressNginx.controller.service.sessionAffinity | string | `""` | Session affinity of the external controller service. Must be either "None" or "ClientIP" if set. Defaults to "None". Ref: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity | | ingressNginx.controller.service.targetPorts.http | string | `"http"` | Port of the ingress controller the external HTTP listener is mapped to. | | ingressNginx.controller.service.targetPorts.https | string | `"https"` | Port of the ingress controller the external HTTPS listener is mapped to. | +| ingressNginx.controller.service.trafficDistribution | string | `""` | Traffic distribution policy of the external controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution | | ingressNginx.controller.service.type | string | `"LoadBalancer"` | Type of the external controller service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types | | ingressNginx.controller.shareProcessNamespace | bool | `false` | | | ingressNginx.controller.sysctls | object | `{}` | sysctls for controller pods # Ref: https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ | @@ -312,7 +329,9 @@ A Helm chart for Kubernetes | ingressNginx.defaultBackend.readinessProbe.timeoutSeconds | int | `5` | | | ingressNginx.defaultBackend.replicaCount | int | `1` | | | ingressNginx.defaultBackend.resources | object | `{}` | | +| ingressNginx.defaultBackend.runtimeClassName | string | `""` | Instruct the kubelet to use the named RuntimeClass to run the pod | | ingressNginx.defaultBackend.service.annotations | object | `{}` | | +| ingressNginx.defaultBackend.service.clusterIPs | list | `[]` | Pre-defined cluster internal IP addresses of the default backend service. Take care of collisions with existing services. This value is immutable. Set once, it can not be changed without deleting and re-creating the service. Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address | | ingressNginx.defaultBackend.service.externalIPs | list | `[]` | List of IP addresses at which the default backend service is available # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips # | | ingressNginx.defaultBackend.service.loadBalancerSourceRanges | list | `[]` | | | ingressNginx.defaultBackend.service.servicePort | int | `80` | | @@ -368,7 +387,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.3" + targetRevision: "0.1.4" chart: ingress-nginx path: '' helm: diff --git a/charts/ingress-nginx/charts/ingress-nginx-4.12.2.tgz b/charts/ingress-nginx/charts/ingress-nginx-4.12.2.tgz deleted file mode 100644 index 937ad18d..00000000 Binary files a/charts/ingress-nginx/charts/ingress-nginx-4.12.2.tgz and /dev/null differ diff --git a/charts/ingress-nginx/charts/ingress-nginx-4.13.0.tgz b/charts/ingress-nginx/charts/ingress-nginx-4.13.0.tgz new file mode 100644 index 00000000..b6cba477 Binary files /dev/null and b/charts/ingress-nginx/charts/ingress-nginx-4.13.0.tgz differ diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml index 4022f0da..ea26132c 100644 --- a/charts/ingress-nginx/values.yaml +++ b/charts/ingress-nginx/values.yaml @@ -47,9 +47,9 @@ ingressNginx: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.12.2" - digest: sha256:03497ee984628e95eca9b2279e3f3a3c1685dd48635479e627d219f00c8eefa9 - digestChroot: sha256:a697e2bfa419768315250d079ccbbca45f6099c60057769702b912d20897a574 + tag: "v1.13.0" + digest: sha256:dc75a7baec7a3b827a5d7ab0acd10ab507904c7dad692365b3e3b596eca1afd2 + digestChroot: sha256:af6264394cfa61d21f644d87372823064804e64de737b0747e86c86348b29c9f pullPolicy: IfNotPresent runAsNonRoot: true # -- This value must not be changed using the official image. @@ -95,6 +95,8 @@ ingressNginx: # By default, while using host network, name resolution uses the host's DNS. If you wish nginx-controller # to keep resolving names inside the k8s network, use ClusterFirstWithHostNet. dnsPolicy: ClusterFirst + # -- Instruct the kubelet to use the named RuntimeClass to run the pod + runtimeClassName: "" # -- Bare-metal considerations via the host network https://kubernetes.github.io/ingress-nginx/deploy/baremetal/#via-the-host-network # Ingress status was blank because there is no Service exposing the Ingress-Nginx Controller in a configuration using the host network, the default --publish-service flag used in standard cloud setups does not apply reportNodeInternalIp: false @@ -503,6 +505,8 @@ ingressNginx: external: # -- Enable the external controller service or not. Useful for internal-only deployments. enabled: true + # -- Labels to be added to the external controller service. + labels: {} # -- Annotations to be added to the external controller service. See `controller.service.internal.annotations` for annotations to be added to the internal controller service. annotations: {} # -- Labels to be added to both controller services. @@ -514,6 +518,10 @@ ingressNginx: # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address clusterIP: "" + # -- Pre-defined cluster internal IP addresses of the external controller service. Take care of collisions with existing services. + # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + clusterIPs: [] # -- List of node IP addresses at which the external controller service is available. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips externalIPs: [] @@ -540,6 +548,9 @@ ingressNginx: # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 + # -- Traffic distribution policy of the external controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution + trafficDistribution: "" # -- Represents the dual-stack capabilities of the external controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. # Fields `ipFamilies` and `clusterIP` depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services @@ -583,6 +594,8 @@ ingressNginx: internal: # -- Enable the internal controller service or not. Remember to configure `controller.service.internal.annotations` when enabling this. enabled: false + # -- Labels to be added to the internal controller service. + labels: {} # -- Annotations to be added to the internal controller service. Mandatory for the internal controller service to be created. Varies with the cloud service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer annotations: {} @@ -594,6 +607,10 @@ ingressNginx: # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address clusterIP: "" + # -- Pre-defined cluster internal IP addresses of the internal controller service. Take care of collisions with existing services. + # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + clusterIPs: [] # -- List of node IP addresses at which the internal controller service is available. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips externalIPs: [] @@ -620,6 +637,9 @@ ingressNginx: # Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip # healthCheckNodePort: 0 + # -- Traffic distribution policy of the internal controller service. Set to "PreferClose" to route traffic to endpoints that are topologically closer to the client. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-distribution + trafficDistribution: "" # -- Represents the dual-stack capabilities of the internal controller service. Possible values are SingleStack, PreferDualStack or RequireDualStack. # Fields `ipFamilies` and `clusterIP` depend on the value of this field. # Ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services @@ -771,6 +791,8 @@ ingressNginx: type: ClusterIP createSecretJob: name: create + # -- Deadline in seconds for the job to complete. Must be greater than 0 to enforce. If unset or 0, no deadline is enforced. + activeDeadlineSeconds: 0 # -- Security context for secret creation containers securityContext: runAsNonRoot: true @@ -792,6 +814,8 @@ ingressNginx: # memory: 20Mi patchWebhookJob: name: patch + # -- Deadline in seconds for the job to complete. Must be greater than 0 to enforce. If unset or 0, no deadline is enforced. + activeDeadlineSeconds: 0 # -- Security context for webhook patch containers securityContext: runAsNonRoot: true @@ -813,12 +837,14 @@ ingressNginx: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v1.5.3 - digest: sha256:2cf4ebfa82a37c357455458f6dfc334aea1392d508270b2517795a9933a02524 + tag: v1.6.0 + digest: sha256:c9f76a75fd00e975416ea1b73300efd413116de0de8570346ed90766c5b5cefb pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## priorityClassName: "" + # -- Instruct the kubelet to use the named RuntimeClass to run the pod + runtimeClassName: "" podAnnotations: {} # NetworkPolicy for webhook patch networkPolicy: @@ -850,9 +876,15 @@ ingressNginx: rootCert: # default to be 5y duration: "" + # -- Revision history limit of the root certificate. + # Ref.: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec + revisionHistoryLimit: 0 admissionCert: # default to be 1y duration: "" + # -- Revision history limit of the webhook certificate. + # Ref.: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec + revisionHistoryLimit: 0 # issuerRef: # name: "issuer" # kind: "ClusterIssuer" @@ -899,6 +931,16 @@ ingressNginx: targetLabels: [] relabelings: [] metricRelabelings: [] + # -- Per-scrape limit on number of labels that will be accepted for a sample. + labelLimit: 0 + # -- Per-scrape limit on length of labels name that will be accepted for a sample. + labelNameLengthLimit: 0 + # -- Per-scrape limit on length of labels value that will be accepted for a sample. + labelValueLengthLimit: 0 + # -- Defines a per-scrape limit on the number of scraped samples that will be accepted. + sampleLimit: 0 + # -- Defines a limit on the number of scraped targets that will be accepted. + targetLimit: 0 prometheusRule: enabled: false additionalLabels: {} @@ -1162,7 +1204,10 @@ ingressNginx: service: annotations: {} # clusterIP: "" - + # -- Pre-defined cluster internal IP addresses of the default backend service. Take care of collisions with existing services. + # This value is immutable. Set once, it can not be changed without deleting and re-creating the service. + # Ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + clusterIPs: [] # -- List of IP addresses at which the default backend service is available ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips ## @@ -1172,6 +1217,8 @@ ingressNginx: servicePort: 80 type: ClusterIP priorityClassName: "" + # -- Instruct the kubelet to use the named RuntimeClass to run the pod + runtimeClassName: "" # -- Labels to be added to the default backend resources labels: {} ## Enable RBAC as per https://github.com/kubernetes/ingress-nginx/blob/main/docs/deploy/rbac.md and https://github.com/kubernetes/ingress-nginx/issues/266 diff --git a/charts/kube-prometheus-stack/Chart.lock b/charts/kube-prometheus-stack/Chart.lock index f988a640..be3ce061 100644 --- a/charts/kube-prometheus-stack/Chart.lock +++ b/charts/kube-prometheus-stack/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kube-prometheus-stack repository: https://prometheus-community.github.io/helm-charts - version: 72.3.1 -digest: sha256:0fa4db9176dd8b6927926ad48aefd95ae8ca6c7205f0b6fda94c18841017b934 -generated: "2025-05-14T10:23:41.25331317Z" + version: 75.15.1 +digest: sha256:ff956d9fadf6a35e942c676d70cd8a89ab010b2052554d98145bab53608c5a9a +generated: "2025-07-30T10:26:11.229211388Z" diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index aa159653..fb33fe53 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,6 +24,6 @@ version: 0.1.2 appVersion: "v0.80.1" dependencies: - name: kube-prometheus-stack - version: 72.3.1 + version: 75.15.1 repository: "https://prometheus-community.github.io/helm-charts" alias: kubePrometheusStack diff --git a/charts/kube-prometheus-stack/README.md b/charts/kube-prometheus-stack/README.md index d124e9e5..479b74e5 100644 --- a/charts/kube-prometheus-stack/README.md +++ b/charts/kube-prometheus-stack/README.md @@ -1,6 +1,6 @@ # kube-prometheus-stack -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.80.1](https://img.shields.io/badge/AppVersion-v0.80.1-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.80.1](https://img.shields.io/badge/AppVersion-v0.80.1-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://prometheus-community.github.io/helm-charts | kubePrometheusStack(kube-prometheus-stack) | 72.3.1 | +| https://prometheus-community.github.io/helm-charts | kubePrometheusStack(kube-prometheus-stack) | 75.15.1 | ## Description @@ -22,6 +22,8 @@ A Helm chart for Kubernetes | Key | Type | Default | Description | |-----|------|---------|-------------| | kubePrometheusStack.additionalPrometheusRulesMap | object | `{}` | | +| kubePrometheusStack.alertmanager.additionalLabels | object | `{}` | | +| kubePrometheusStack.alertmanager.alertmanagerSpec.additionalArgs | list | `[]` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.additionalConfig | object | `{}` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.additionalConfigString | string | `""` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.additionalPeers | list | `[]` | | @@ -40,6 +42,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.alertmanagerSpec.containers | list | `[]` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.externalUrl | string | `nil` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.forceEnableClusterMode | bool | `false` | | +| kubePrometheusStack.alertmanager.alertmanagerSpec.image.pullPolicy | string | `"IfNotPresent"` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.image.registry | string | `"quay.io"` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.image.repository | string | `"prometheus/alertmanager"` | | | kubePrometheusStack.alertmanager.alertmanagerSpec.image.sha | string | `""` | | @@ -109,6 +112,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.ingress.annotations | object | `{}` | | | kubePrometheusStack.alertmanager.ingress.enabled | bool | `false` | | | kubePrometheusStack.alertmanager.ingress.hosts | list | `[]` | | +| kubePrometheusStack.alertmanager.ingress.ingressClassName | string | `""` | | | kubePrometheusStack.alertmanager.ingress.labels | object | `{}` | | | kubePrometheusStack.alertmanager.ingress.paths | list | `[]` | | | kubePrometheusStack.alertmanager.ingress.tls | list | `[]` | | @@ -116,6 +120,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.ingressPerReplica.enabled | bool | `false` | | | kubePrometheusStack.alertmanager.ingressPerReplica.hostDomain | string | `""` | | | kubePrometheusStack.alertmanager.ingressPerReplica.hostPrefix | string | `""` | | +| kubePrometheusStack.alertmanager.ingressPerReplica.ingressClassName | string | `""` | | | kubePrometheusStack.alertmanager.ingressPerReplica.labels | object | `{}` | | | kubePrometheusStack.alertmanager.ingressPerReplica.paths | list | `[]` | | | kubePrometheusStack.alertmanager.ingressPerReplica.tlsSecretName | string | `""` | | @@ -136,7 +141,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.alertmanager.networkPolicy.monitoringRules.prometheus | bool | `true` | Enable ingress from Prometheus # | | kubePrometheusStack.alertmanager.networkPolicy.policyTypes | list | `["Ingress"]` | Define policy types. If egress is enabled, both Ingress and Egress will be used Valid values are ["Ingress"] or ["Ingress", "Egress"] # | | kubePrometheusStack.alertmanager.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.alertmanager.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.alertmanager.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.alertmanager.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.alertmanager.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[]}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | @@ -327,6 +331,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.defaultRules.additionalRuleGroupLabels.prometheusOperator | object | `{}` | | | kubePrometheusStack.defaultRules.additionalRuleLabels | object | `{}` | | | kubePrometheusStack.defaultRules.annotations | object | `{}` | | +| kubePrometheusStack.defaultRules.appNamespacesOperator | string | `"=~"` | | | kubePrometheusStack.defaultRules.appNamespacesTarget | string | `".*"` | | | kubePrometheusStack.defaultRules.create | bool | `true` | | | kubePrometheusStack.defaultRules.disabled | object | `{}` | | @@ -374,8 +379,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.global.imageRegistry | string | `""` | | | kubePrometheusStack.global.rbac.create | bool | `true` | | | kubePrometheusStack.global.rbac.createAggregateClusterRoles | bool | `false` | | -| kubePrometheusStack.global.rbac.pspAnnotations | object | `{}` | | -| kubePrometheusStack.global.rbac.pspEnabled | bool | `false` | | | kubePrometheusStack.grafana.additionalDataSources | list | `[]` | | | kubePrometheusStack.grafana.adminPassword | string | `"prom-operator"` | | | kubePrometheusStack.grafana.adminUser | string | `"admin"` | | @@ -693,7 +696,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.nodeExporter.operatingSystems.darwin.enabled | bool | `true` | | | kubePrometheusStack.nodeExporter.operatingSystems.linux.enabled | bool | `true` | | | kubePrometheusStack.prometheus-node-exporter.extraArgs[0] | string | `"--collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)"` | | -| kubePrometheusStack.prometheus-node-exporter.extraArgs[1] | string | `"--collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$"` | | +| kubePrometheusStack.prometheus-node-exporter.extraArgs[1] | string | `"--collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs|erofs)$"` | | | kubePrometheusStack.prometheus-node-exporter.namespaceOverride | string | `""` | | | kubePrometheusStack.prometheus-node-exporter.podLabels.jobLabel | string | `"node-exporter"` | | | kubePrometheusStack.prometheus-node-exporter.prometheus.monitor.enabled | bool | `true` | | @@ -721,6 +724,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus-windows-exporter.prometheus.monitor.enabled | bool | `true` | | | kubePrometheusStack.prometheus-windows-exporter.prometheus.monitor.jobLabel | string | `"jobLabel"` | | | kubePrometheusStack.prometheus-windows-exporter.releaseLabel | bool | `true` | | +| kubePrometheusStack.prometheus.additionalLabels | object | `{}` | | | kubePrometheusStack.prometheus.additionalPodMonitors | list | `[]` | | | kubePrometheusStack.prometheus.additionalRulesForClusterRole | list | `[]` | | | kubePrometheusStack.prometheus.additionalServiceMonitors | list | `[]` | | @@ -732,6 +736,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.ingress.annotations | object | `{}` | | | kubePrometheusStack.prometheus.ingress.enabled | bool | `false` | | | kubePrometheusStack.prometheus.ingress.hosts | list | `[]` | | +| kubePrometheusStack.prometheus.ingress.ingressClassName | string | `""` | | | kubePrometheusStack.prometheus.ingress.labels | object | `{}` | | | kubePrometheusStack.prometheus.ingress.paths | list | `[]` | | | kubePrometheusStack.prometheus.ingress.tls | list | `[]` | | @@ -739,6 +744,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.ingressPerReplica.enabled | bool | `false` | | | kubePrometheusStack.prometheus.ingressPerReplica.hostDomain | string | `""` | | | kubePrometheusStack.prometheus.ingressPerReplica.hostPrefix | string | `""` | | +| kubePrometheusStack.prometheus.ingressPerReplica.ingressClassName | string | `""` | | | kubePrometheusStack.prometheus.ingressPerReplica.labels | object | `{}` | | | kubePrometheusStack.prometheus.ingressPerReplica.paths | list | `[]` | | | kubePrometheusStack.prometheus.ingressPerReplica.tlsSecretName | string | `""` | | @@ -747,12 +753,8 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.networkPolicy.enabled | bool | `false` | | | kubePrometheusStack.prometheus.networkPolicy.flavor | string | `"kubernetes"` | | | kubePrometheusStack.prometheus.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.prometheus.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.prometheus.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.prometheus.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | -| kubePrometheusStack.prometheus.podSecurityPolicy.allowedCapabilities | list | `[]` | | -| kubePrometheusStack.prometheus.podSecurityPolicy.allowedHostPaths | list | `[]` | | -| kubePrometheusStack.prometheus.podSecurityPolicy.volumes | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.additionalAlertManagerConfigs | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret | object | `{}` | | | kubePrometheusStack.prometheus.prometheusSpec.additionalAlertRelabelConfigs | list | `[]` | | @@ -776,6 +778,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.disableCompaction | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.enableAdminAPI | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.enableFeatures | list | `[]` | | +| kubePrometheusStack.prometheus.prometheusSpec.enableOTLPReceiver | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.enableRemoteWriteReceiver | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.enforcedKeepDroppedTargets | int | `0` | | | kubePrometheusStack.prometheus.prometheusSpec.enforcedLabelLimit | bool | `false` | | @@ -792,10 +795,11 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.hostAliases | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.hostNetwork | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.ignoreNamespaceSelectors | bool | `false` | | +| kubePrometheusStack.prometheus.prometheusSpec.image.pullPolicy | string | `"IfNotPresent"` | | | kubePrometheusStack.prometheus.prometheusSpec.image.registry | string | `"quay.io"` | | | kubePrometheusStack.prometheus.prometheusSpec.image.repository | string | `"prometheus/prometheus"` | | | kubePrometheusStack.prometheus.prometheusSpec.image.sha | string | `""` | | -| kubePrometheusStack.prometheus.prometheusSpec.image.tag | string | `"v3.3.1"` | | +| kubePrometheusStack.prometheus.prometheusSpec.image.tag | string | `"v3.5.0"` | | | kubePrometheusStack.prometheus.prometheusSpec.initContainers | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.listenLocal | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.logFormat | string | `"logfmt"` | | @@ -804,6 +808,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.minReadySeconds | int | `0` | | | kubePrometheusStack.prometheus.prometheusSpec.nameValidationScheme | string | `""` | | | kubePrometheusStack.prometheus.prometheusSpec.nodeSelector | object | `{}` | | +| kubePrometheusStack.prometheus.prometheusSpec.otlp | object | `{}` | | | kubePrometheusStack.prometheus.prometheusSpec.overrideHonorLabels | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.overrideHonorTimestamps | bool | `false` | | | kubePrometheusStack.prometheus.prometheusSpec.paused | bool | `false` | | @@ -814,6 +819,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.podMonitorNamespaceSelector | object | `{}` | | | kubePrometheusStack.prometheus.prometheusSpec.podMonitorSelector | object | `{}` | | | kubePrometheusStack.prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues | bool | `true` | | +| kubePrometheusStack.prometheus.prometheusSpec.podTargetLabels | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.portName | string | `"http-web"` | | | kubePrometheusStack.prometheus.prometheusSpec.priorityClassName | string | `""` | | | kubePrometheusStack.prometheus.prometheusSpec.probeNamespaceSelector | object | `{}` | | @@ -844,6 +850,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.prometheusSpec.scrapeConfigSelectorNilUsesHelmValues | bool | `true` | | | kubePrometheusStack.prometheus.prometheusSpec.scrapeFailureLogFile | string | `""` | | | kubePrometheusStack.prometheus.prometheusSpec.scrapeInterval | string | `""` | | +| kubePrometheusStack.prometheus.prometheusSpec.scrapeProtocols | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.scrapeTimeout | string | `""` | | | kubePrometheusStack.prometheus.prometheusSpec.secrets | list | `[]` | | | kubePrometheusStack.prometheus.prometheusSpec.securityContext.fsGroup | int | `2000` | | @@ -927,6 +934,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.thanosIngress.annotations | object | `{}` | | | kubePrometheusStack.prometheus.thanosIngress.enabled | bool | `false` | | | kubePrometheusStack.prometheus.thanosIngress.hosts | list | `[]` | | +| kubePrometheusStack.prometheus.thanosIngress.ingressClassName | string | `""` | | | kubePrometheusStack.prometheus.thanosIngress.labels | object | `{}` | | | kubePrometheusStack.prometheus.thanosIngress.nodePort | int | `30901` | | | kubePrometheusStack.prometheus.thanosIngress.paths | list | `[]` | | @@ -972,7 +980,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheus.thanosServiceMonitor.metricRelabelings | list | `[]` | | | kubePrometheusStack.prometheus.thanosServiceMonitor.relabelings | list | `[]` | | | kubePrometheusStack.prometheus.thanosServiceMonitor.scheme | string | `""` | | -| kubePrometheusStack.prometheus.thanosServiceMonitor.scrapeProtocols | list | `[]` | | | kubePrometheusStack.prometheus.thanosServiceMonitor.tlsConfig | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.annotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.caBundle | string | `""` | | @@ -1008,7 +1015,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.nodeSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podAnnotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.podLabels | object | `{}` | | @@ -1052,6 +1058,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.admissionWebhooks.deployment.tolerations | list | `[]` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.enabled | bool | `true` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.failurePolicy | string | `""` | | +| kubePrometheusStack.prometheusOperator.admissionWebhooks.matchConditions | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.mutatingWebhookConfiguration.annotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.namespaceSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.objectSelector | object | `{}` | | @@ -1062,7 +1069,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.repository | string | `"ingress-nginx/kube-webhook-certgen"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.sha | string | `""` | | -| kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.tag | string | `"v1.5.3"` | | +| kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.image.tag | string | `"v1.6.0"` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.nodeSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.podAnnotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.admissionWebhooks.patch.priorityClassName | string | `""` | | @@ -1124,7 +1131,6 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.nodeSelector | object | `{}` | | | kubePrometheusStack.prometheusOperator.podAnnotations | object | `{}` | | | kubePrometheusStack.prometheusOperator.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.prometheusOperator.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.prometheusOperator.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.prometheusOperator.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.prometheusOperator.podLabels | object | `{}` | | @@ -1185,7 +1191,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.prometheusOperator.thanosImage.registry | string | `"quay.io"` | | | kubePrometheusStack.prometheusOperator.thanosImage.repository | string | `"thanos/thanos"` | | | kubePrometheusStack.prometheusOperator.thanosImage.sha | string | `""` | | -| kubePrometheusStack.prometheusOperator.thanosImage.tag | string | `"v0.38.0"` | | +| kubePrometheusStack.prometheusOperator.thanosImage.tag | string | `"v0.39.2"` | | | kubePrometheusStack.prometheusOperator.thanosRulerInstanceNamespaces | list | `[]` | | | kubePrometheusStack.prometheusOperator.thanosRulerInstanceSelector | string | `""` | | | kubePrometheusStack.prometheusOperator.tls.enabled | bool | `true` | | @@ -1204,11 +1210,11 @@ A Helm chart for Kubernetes | kubePrometheusStack.thanosRuler.ingress.annotations | object | `{}` | | | kubePrometheusStack.thanosRuler.ingress.enabled | bool | `false` | | | kubePrometheusStack.thanosRuler.ingress.hosts | list | `[]` | | +| kubePrometheusStack.thanosRuler.ingress.ingressClassName | string | `""` | | | kubePrometheusStack.thanosRuler.ingress.labels | object | `{}` | | | kubePrometheusStack.thanosRuler.ingress.paths | list | `[]` | | | kubePrometheusStack.thanosRuler.ingress.tls | list | `[]` | | | kubePrometheusStack.thanosRuler.podDisruptionBudget.enabled | bool | `false` | | -| kubePrometheusStack.thanosRuler.podDisruptionBudget.maxUnavailable | string | `""` | | | kubePrometheusStack.thanosRuler.podDisruptionBudget.minAvailable | int | `1` | | | kubePrometheusStack.thanosRuler.podDisruptionBudget.unhealthyPodEvictionPolicy | string | `"AlwaysAllow"` | | | kubePrometheusStack.thanosRuler.route | object | `{"main":{"additionalRules":[],"annotations":{},"apiVersion":"gateway.networking.k8s.io/v1","enabled":false,"filters":[],"hostnames":[],"httpsRedirect":false,"kind":"HTTPRoute","labels":{},"matches":[{"path":{"type":"PathPrefix","value":"/"}}],"parentRefs":[]}}` | BETA: Configure the gateway routes for the chart here. More routes can be added by adding a dictionary key like the 'main' route. Be aware that this is an early beta of this feature, kube-prometheus-stack does not guarantee this works and is subject to change. Being BETA this can/will change in the future without notice, do not use unless you want to take that risk [[ref]](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1alpha2) | @@ -1265,7 +1271,7 @@ A Helm chart for Kubernetes | kubePrometheusStack.thanosRuler.thanosRulerSpec.image.registry | string | `"quay.io"` | | | kubePrometheusStack.thanosRuler.thanosRulerSpec.image.repository | string | `"thanos/thanos"` | | | kubePrometheusStack.thanosRuler.thanosRulerSpec.image.sha | string | `""` | | -| kubePrometheusStack.thanosRuler.thanosRulerSpec.image.tag | string | `"v0.38.0"` | | +| kubePrometheusStack.thanosRuler.thanosRulerSpec.image.tag | string | `"v0.39.2"` | | | kubePrometheusStack.thanosRuler.thanosRulerSpec.initContainers | list | `[]` | | | kubePrometheusStack.thanosRuler.thanosRulerSpec.labels | object | `{}` | | | kubePrometheusStack.thanosRuler.thanosRulerSpec.listenLocal | bool | `false` | | @@ -1329,7 +1335,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.2" + targetRevision: "0.1.3" chart: kube-prometheus-stack path: '' helm: diff --git a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-72.3.1.tgz b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-72.3.1.tgz deleted file mode 100644 index ea520468..00000000 Binary files a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-72.3.1.tgz and /dev/null differ diff --git a/charts/kube-prometheus-stack/charts/kube-prometheus-stack-75.15.1.tgz b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-75.15.1.tgz new file mode 100644 index 00000000..f454bb89 Binary files /dev/null and b/charts/kube-prometheus-stack/charts/kube-prometheus-stack-75.15.1.tgz differ diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml index ac16c284..bc43f08d 100644 --- a/charts/kube-prometheus-stack/values.yaml +++ b/charts/kube-prometheus-stack/values.yaml @@ -205,6 +205,11 @@ kubePrometheusStack: prometheusOperator: true windows: true + # Defines the operator for namespace selection in rules + # Use "=~" to include namespaces matching the pattern (default) + # Use "!~" to exclude namespaces matching the pattern + appNamespacesOperator: "=~" + ## Reduce app namespace alert scope appNamespacesTarget: ".*" @@ -334,16 +339,6 @@ kubePrometheusStack: ## Create ClusterRoles that extend the existing view, edit and admin ClusterRoles to interact with prometheus-operator CRDs ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles createAggregateClusterRoles: false - pspEnabled: false - pspAnnotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' ## Global image registry to use if it needs to be overridden for some specific use cases (e.g local registries, custom images, ...) ## @@ -401,6 +396,10 @@ kubePrometheusStack: ## annotations: {} + ## Additional labels for Alertmanager + ## + additionalLabels: {} + ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2 ## apiVersion: v2 @@ -501,7 +500,7 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ## Alertmanager configuration directives @@ -597,9 +596,7 @@ kubePrometheusStack: ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} @@ -685,9 +682,7 @@ kubePrometheusStack: ingressPerReplica: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -922,6 +917,7 @@ kubePrometheusStack: repository: prometheus/alertmanager tag: v0.28.1 sha: "" + pullPolicy: IfNotPresent ## If true then the user will be responsible to provide a secret with alertmanager configuration ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used @@ -1001,6 +997,9 @@ kubePrometheusStack: # alertmanagerConfigMatcherStrategy: # type: OnNamespace + ## Additional command line arguments to pass to Alertmanager (in addition to those generated by the chart) + additionalArgs: [] + ## Define Log Format # Use logfmt (default) or json logging logFormat: logfmt @@ -1029,7 +1028,7 @@ kubePrometheusStack: # resources: # requests: # storage: 50Gi - # selector: {} + # selector: {} ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false @@ -1132,7 +1131,7 @@ kubePrometheusStack: containers: [] # containers: # - name: oauth-proxy - # image: quay.io/oauth2-proxy/oauth2-proxy:v7.9.0 + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.10.0 # args: # - --upstream=http://127.0.0.1:9093 # - --http-address=0.0.0.0:8081 @@ -1174,15 +1173,15 @@ kubePrometheusStack: clusterAdvertiseAddress: false ## clusterGossipInterval determines interval between gossip attempts. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterGossipInterval: "" ## clusterPeerTimeout determines timeout for cluster peering. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterPeerTimeout: "" ## clusterPushpullInterval determines interval between pushpull attempts. - ## Needs to be specified as GoDuration, a time duration that can be parsed by Go’s time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) + ## Needs to be specified as GoDuration, a time duration that can be parsed by Go's time.ParseDuration() (e.g. 45ms, 30s, 1m, 1h20m15s) clusterPushpullInterval: "" ## clusterLabel defines the identifier that uniquely identifies the Alertmanager cluster. @@ -2525,7 +2524,7 @@ kubePrometheusStack: releaseLabel: true extraArgs: - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) - - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ + - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs|erofs)$ service: portName: http-metrics ipDualStack: @@ -2670,6 +2669,7 @@ kubePrometheusStack: namespaceSelector: {} objectSelector: {} + matchConditions: {} mutatingWebhookConfiguration: annotations: {} @@ -2694,7 +2694,7 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ## Number of old replicasets to retain ## @@ -2905,7 +2905,7 @@ kubePrometheusStack: image: registry: registry.k8s.io repository: ingress-nginx/kube-webhook-certgen - tag: v1.5.3 # latest tag: https://github.com/kubernetes/ingress-nginx/blob/main/images/kube-webhook-certgen/TAG + tag: v1.6.0 # latest tag: https://github.com/kubernetes/ingress-nginx/blob/main/images/kube-webhook-certgen/TAG sha: "" pullPolicy: IfNotPresent resources: {} @@ -3096,7 +3096,7 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ## Assign a PriorityClassName to pods if set @@ -3343,7 +3343,7 @@ kubePrometheusStack: thanosImage: registry: quay.io repository: thanos/thanos - tag: v0.38.0 + tag: v0.39.2 sha: "" ## Set a Label Selector to filter watched prometheus and prometheusAgent @@ -3388,6 +3388,10 @@ kubePrometheusStack: ## annotations: {} + ## Additional labels for Prometheus + ## + additionalLabels: {} + ## Configure network policy for the prometheus networkPolicy: enabled: false @@ -3489,9 +3493,6 @@ kubePrometheusStack: ## relabel configs to apply to samples before ingestion. relabelings: [] - ## Set default scrapeProtocols for Prometheus instances - ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#scrapeprotocolstring-alias - scrapeProtocols: [] # Service for external access to sidecar # Enabling this creates a service to expose thanos-sidecar outside the cluster. thanosServiceExternal: @@ -3640,16 +3641,14 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow # Ingress exposes thanos sidecar outside the cluster thanosIngress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -3697,9 +3696,7 @@ kubePrometheusStack: ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -3778,9 +3775,7 @@ kubePrometheusStack: ingressPerReplica: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} labels: {} @@ -3816,13 +3811,6 @@ kubePrometheusStack: ## prefix: "prometheus" - ## Configure additional options for default pod security policy for Prometheus - ## ref: https://kubernetes.io/docs/concepts/security/pod-security-policy/ - podSecurityPolicy: - allowedCapabilities: [] - allowedHostPaths: [] - volumes: [] - serviceMonitor: ## If true, create a serviceMonitor for prometheus ## @@ -3907,9 +3895,9 @@ kubePrometheusStack: disableCompaction: false ## AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in the pod, - ## If the field isn’t set, the operator mounts the service account token by default. + ## If the field isn't set, the operator mounts the service account token by default. ## Warning: be aware that by default, Prometheus requires the service account token for Kubernetes service discovery, - ## It is possible to use strategic merge patch to project the service account token into the ‘prometheus’ container. + ## It is possible to use strategic merge patch to project the service account token into the 'prometheus' container. automountServiceAccountToken: true ## APIServerConfig @@ -3948,6 +3936,11 @@ kubePrometheusStack: # caFile: /etc/prometheus/secrets/istio.default/root-cert.pem # certFile: /etc/prometheus/secrets/istio.default/cert-chain.pem + ## PodTargetLabels are appended to the `spec.podTargetLabels` field of all PodMonitor and ServiceMonitor objects. + ## + podTargetLabels: [] + # - customlabel + ## Interval between consecutive evaluations. ## evaluationInterval: "" @@ -3956,6 +3949,9 @@ kubePrometheusStack: ## listenLocal: false + ## enableOTLPReceiver enables the OTLP receiver for Prometheus. + enableOTLPReceiver: false + ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series. ## This is disabled by default. ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis @@ -3983,6 +3979,14 @@ kubePrometheusStack: enableFeatures: [] # - exemplar-storage + ## https://prometheus.io/docs/guides/opentelemetry + ## + otlp: {} + # promoteResourceAttributes: [] + # keepIdentifyingResourceAttributes: false + # translationStrategy: NoUTF8EscapingWithSuffixes + # convertHistogramsToNHCB: false + ## serviceName: @@ -3991,8 +3995,9 @@ kubePrometheusStack: image: registry: quay.io repository: prometheus/prometheus - tag: v3.3.1 + tag: v3.5.0 sha: "" + pullPolicy: IfNotPresent ## Tolerations for use with node taints ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ @@ -4321,7 +4326,7 @@ kubePrometheusStack: # resources: # requests: # storage: 50Gi - # selector: {} + # selector: {} ## Using tmpfs volume ## @@ -4498,7 +4503,7 @@ kubePrometheusStack: containers: [] # containers: # - name: oauth-proxy - # image: quay.io/oauth2-proxy/oauth2-proxy:v7.9.0 + # image: quay.io/oauth2-proxy/oauth2-proxy:v7.10.0 # args: # - --upstream=http://127.0.0.1:9090 # - --http-address=0.0.0.0:8081 @@ -4615,7 +4620,7 @@ kubePrometheusStack: hostNetwork: false # HostAlias holds the mapping between IP and hostnames that will be injected - # as an entry in the pod’s hosts file. + # as an entry in the pod's hosts file. hostAliases: [] # - ip: 10.10.0.100 # hostnames: @@ -4627,7 +4632,7 @@ kubePrometheusStack: tracingConfig: {} ## Defines the service discovery role used to discover targets from ServiceMonitor objects and Alertmanager endpoints. - ## If set, the value should be either “Endpoints” or “EndpointSlice”. If unset, the operator assumes the “Endpoints” role. + ## If set, the value should be either "Endpoints" or "EndpointSlice". If unset, the operator assumes the "Endpoints" role. serviceDiscoveryRole: "" ## Additional configuration which is not covered by the properties above. (passed through tpl) @@ -4645,6 +4650,10 @@ kubePrometheusStack: ## minutes). maximumStartupDurationSeconds: 0 + ## Set default scrapeProtocols for Prometheus instances + ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api-reference/api.md#scrapeprotocolstring-alias + scrapeProtocols: [] + additionalRulesForClusterRole: [] # - apiGroups: [ "" ] # resources: @@ -4863,15 +4872,13 @@ kubePrometheusStack: podDisruptionBudget: enabled: false minAvailable: 1 - maxUnavailable: "" + # maxUnavailable: "" unhealthyPodEvictionPolicy: AlwaysAllow ingress: enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx + ingressClassName: "" annotations: {} @@ -5071,7 +5078,7 @@ kubePrometheusStack: image: registry: quay.io repository: thanos/thanos - tag: v0.38.0 + tag: v0.39.2 sha: "" ## Namespaces to be selected for PrometheusRules discovery. @@ -5137,7 +5144,7 @@ kubePrometheusStack: # resources: # requests: # storage: 50Gi - # selector: {} + # selector: {} ## AlertmanagerConfig define configuration for connecting to alertmanager. ## Only available with Thanos v0.10.0 and higher. Maps to the alertmanagers.config Thanos Ruler arg. diff --git a/charts/kyverno-policies/Chart.lock b/charts/kyverno-policies/Chart.lock index 4ce80734..9e1026f5 100644 --- a/charts/kyverno-policies/Chart.lock +++ b/charts/kyverno-policies/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kyverno-policies repository: https://kyverno.github.io/kyverno/ - version: 3.4.1 -digest: sha256:b89431a68f4f8f139e462342b965ceac69e2e75b17a53008e94b61ecfd3f79c1 -generated: "2025-05-07T10:22:57.488368538Z" + version: 3.4.4 +digest: sha256:88dbf03dd590ea5716f1a3573e0fcafd8a23b1a1f70a554853da5575afc0f2a4 +generated: "2025-07-30T10:26:44.098996261Z" diff --git a/charts/kyverno-policies/Chart.yaml b/charts/kyverno-policies/Chart.yaml index 8628e595..f59af636 100644 --- a/charts/kyverno-policies/Chart.yaml +++ b/charts/kyverno-policies/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ version: 0.1.1 appVersion: "1.13.4" dependencies: - name: kyverno-policies - version: 3.4.1 + version: 3.4.4 repository: "https://kyverno.github.io/kyverno/" alias: kyvernopolicies maintainers: diff --git a/charts/kyverno-policies/README.md b/charts/kyverno-policies/README.md index 24023ee5..820dfd7a 100644 --- a/charts/kyverno-policies/README.md +++ b/charts/kyverno-policies/README.md @@ -1,6 +1,6 @@ # kyverno-policies -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://kyverno.github.io/kyverno/ | kyvernopolicies(kyverno-policies) | 3.4.1 | +| https://kyverno.github.io/kyverno/ | kyvernopolicies(kyverno-policies) | 3.4.4 | ## Maintainers @@ -30,6 +30,7 @@ A Helm chart for Kubernetes |-----|------|---------|-------------| | kyvernopolicies.autogenControllers | string | `""` | Customize the target Pod controllers for the auto-generated rules. (Eg. `none`, `Deployment`, `DaemonSet,Deployment,StatefulSet`) For more info https://kyverno.io/docs/writing-policies/autogen/. | | kyvernopolicies.background | bool | `true` | Policies background mode | +| kyvernopolicies.customAnnotations | object | `{}` | Additional Annotations. | | kyvernopolicies.customLabels | object | `{}` | Additional labels. | | kyvernopolicies.customPolicies | list | `[]` | Additional custom policies to include. | | kyvernopolicies.failurePolicy | string | `"Fail"` | API server behavior if the webhook fails to respond ('Ignore', 'Fail') For more info: https://kyverno.io/docs/writing-policies/policy-settings/ | @@ -45,7 +46,7 @@ A Helm chart for Kubernetes | kyvernopolicies.policyKind | string | `"ClusterPolicy"` | Policy kind (`ClusterPolicy`, `Policy`) Set to `Policy` if you need namespaced policies and not cluster policies | | kyvernopolicies.policyPreconditions | object | `{}` | Add preconditions to individual policies. Policies with multiple rules can have individual rules excluded by using the name of the rule as the key in the `policyPreconditions` map. | | kyvernopolicies.skipBackgroundRequests | bool | `nil` | SkipBackgroundRequests bypasses admission requests that are sent by the background controller | -| kyvernopolicies.validationAllowExistingViolations | bool | `true` | Validate already existing resources. For more info https://kyverno.io/docs/writing-policies/validate. | +| kyvernopolicies.validationAllowExistingViolations | bool | `true` | Validate already existing resources. For more info https://kyverno.io/docs/policy-types/. | | kyvernopolicies.validationFailureAction | string | `"Audit"` | Validation failure action (`Audit`, `Enforce`). For more info https://kyverno.io/docs/writing-policies/validate. | | kyvernopolicies.validationFailureActionByPolicy | object | `{}` | Define validationFailureActionByPolicy for specific policies. Override the defined `validationFailureAction` with a individual validationFailureAction for individual Policies. | | kyvernopolicies.validationFailureActionOverrides | object | `{"all":[]}` | Define validationFailureActionOverrides for specific policies. The overrides for `all` will apply to all policies. | @@ -75,7 +76,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.1" + targetRevision: "0.1.2" chart: kyverno-policies path: '' helm: diff --git a/charts/kyverno-policies/charts/kyverno-policies-3.4.1.tgz b/charts/kyverno-policies/charts/kyverno-policies-3.4.1.tgz deleted file mode 100644 index f9a948ad..00000000 Binary files a/charts/kyverno-policies/charts/kyverno-policies-3.4.1.tgz and /dev/null differ diff --git a/charts/kyverno-policies/charts/kyverno-policies-3.4.4.tgz b/charts/kyverno-policies/charts/kyverno-policies-3.4.4.tgz new file mode 100644 index 00000000..84e1ca03 Binary files /dev/null and b/charts/kyverno-policies/charts/kyverno-policies-3.4.4.tgz differ diff --git a/charts/kyverno-policies/values.yaml b/charts/kyverno-policies/values.yaml index 507647bd..fc7dcc48 100644 --- a/charts/kyverno-policies/values.yaml +++ b/charts/kyverno-policies/values.yaml @@ -58,7 +58,7 @@ kyvernopolicies: # - fluent # -- Validate already existing resources. - # For more info https://kyverno.io/docs/writing-policies/validate. + # For more info https://kyverno.io/docs/policy-types/. validationAllowExistingViolations: true # -- Exclude resources from individual policies. @@ -108,6 +108,9 @@ kyvernopolicies: # -- Name override. nameOverride: + # -- Additional Annotations. + customAnnotations: {} + # -- Additional labels. customLabels: {} diff --git a/charts/kyverno/Chart.lock b/charts/kyverno/Chart.lock index 405959e7..4ac8bc44 100644 --- a/charts/kyverno/Chart.lock +++ b/charts/kyverno/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: kyverno repository: https://kyverno.github.io/kyverno/ - version: 3.4.1 -digest: sha256:91a0bea17ffa77211290f7a569dc9e5f9383814f736c25caea2a07a2b500c2ff -generated: "2025-05-07T10:25:24.475931183Z" + version: 3.4.4 +digest: sha256:01e46952e3c1624a9684e8adec824e6d071df2de6073ff9f7436ea6f5993300e +generated: "2025-07-30T10:27:38.908212251Z" diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml index dbee9a78..68b643c7 100644 --- a/charts/kyverno/Chart.yaml +++ b/charts/kyverno/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -24,7 +24,7 @@ version: 0.1.2 appVersion: "1.13.4" dependencies: - name: kyverno - version: 3.4.1 + version: 3.4.4 repository: "https://kyverno.github.io/kyverno/" maintainers: - name: wiemaouadi diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md index 9c95965b..922f7672 100644 --- a/charts/kyverno/README.md +++ b/charts/kyverno/README.md @@ -1,6 +1,6 @@ # kyverno -![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.4](https://img.shields.io/badge/AppVersion-1.13.4-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ | Repository | Name | Version | |------------|------|---------| -| https://kyverno.github.io/kyverno/ | kyverno | 3.4.1 | +| https://kyverno.github.io/kyverno/ | kyverno | 3.4.4 | ## Maintainers @@ -48,6 +48,7 @@ A Helm chart for kyverno | kyverno.admissionController.container.resources.limits | object | `{"memory":"384Mi"}` | Pod resource limits | | kyverno.admissionController.container.resources.requests | object | `{"cpu":"100m","memory":"128Mi"}` | Pod resource requests | | kyverno.admissionController.container.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context | +| kyverno.admissionController.crdWatcher | bool | `false` | Enable/Disable custom resource watcher to invalidate cache | | kyverno.admissionController.createSelfSignedCert | bool | `false` | Create self-signed certificates at deployment time. The certificates won't be automatically renewed if this is set to `true`. | | kyverno.admissionController.dnsConfig | object | `{}` | `dnsConfig` allows to specify DNS configuration for the pod. For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config. | | kyverno.admissionController.dnsPolicy | string | `"ClusterFirst"` | `dnsPolicy` determines the manner in which DNS resolution happens in the cluster. In case of `hostNetwork: true`, usually, the `dnsPolicy` is suitable to be `ClusterFirstWithHostNet`. For further reference: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy. | @@ -332,6 +333,7 @@ A Helm chart for kyverno | kyverno.crds.migration.resources | list | `["cleanuppolicies.kyverno.io","clustercleanuppolicies.kyverno.io","clusterpolicies.kyverno.io","globalcontextentries.kyverno.io","policies.kyverno.io","policyexceptions.kyverno.io","updaterequests.kyverno.io"]` | Resources to migrate | | kyverno.crds.migration.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsGroup":65534,"runAsNonRoot":true,"runAsUser":65534,"seccompProfile":{"type":"RuntimeDefault"}}` | Security context for the hook containers | | kyverno.crds.migration.tolerations | list | `[]` | List of node taints to tolerate | +| kyverno.crds.reportsServer.enabled | bool | `false` | Kyverno reports-server is used in your cluster | | kyverno.customLabels | object | `{}` | Additional labels | | kyverno.existingImagePullSecrets | list | `[]` | Existing Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument | | kyverno.features.admissionReports.enabled | bool | `true` | Enables the feature | @@ -342,6 +344,7 @@ A Helm chart for kyverno | kyverno.features.backgroundScan.enabled | bool | `true` | Enables the feature | | kyverno.features.backgroundScan.skipResourceFilters | bool | `true` | Skips resource filters in background scan | | kyverno.features.configMapCaching.enabled | bool | `true` | Enables the feature | +| kyverno.features.controllerRuntimeMetrics.bindAddress | string | `":8080"` | Bind address for controller-runtime metrics (use "0" to disable it) | | kyverno.features.deferredLoading.enabled | bool | `true` | Enables the feature | | kyverno.features.dumpPatches.enabled | bool | `false` | Enables the feature | | kyverno.features.dumpPayload.enabled | bool | `false` | Enables the feature | @@ -371,6 +374,7 @@ A Helm chart for kyverno | kyverno.fullnameOverride | string | `nil` | Override the expanded name of the chart | | kyverno.global.caCertificates.data | string | `nil` | Global CA certificates to use with Kyverno deployments This value is expected to be one large string of CA certificates Individual controller values will override this global value | | kyverno.global.caCertificates.volume | object | `{}` | Global value to set single volume to be mounted for CA certificates for all deployments. Not used when `.Values.global.caCertificates.data` is defined Individual controller values will override this global value | +| kyverno.global.crdWatcher | bool | `false` | Enable/Disable custom resource watcher to invalidate cache | | kyverno.global.extraEnvVars | list | `[]` | Additional container environment variables to apply to all containers and init containers | | kyverno.global.image.registry | string | `nil` | Global value that allows to set a single image registry across all deployments. When set, it will override any values set under `.image.registry` across the chart. | | kyverno.global.imagePullSecrets | list | `[]` | Global list of Image pull secrets When set, it will override any values set under `imagePullSecrets` under different components across the chart. | @@ -550,7 +554,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.2" + targetRevision: "0.1.3" chart: kyverno path: '' helm: diff --git a/charts/kyverno/charts/kyverno-3.4.1.tgz b/charts/kyverno/charts/kyverno-3.4.1.tgz deleted file mode 100644 index 4cc88c26..00000000 Binary files a/charts/kyverno/charts/kyverno-3.4.1.tgz and /dev/null differ diff --git a/charts/kyverno/charts/kyverno-3.4.4.tgz b/charts/kyverno/charts/kyverno-3.4.4.tgz new file mode 100644 index 00000000..8163db2d Binary files /dev/null and b/charts/kyverno/charts/kyverno-3.4.4.tgz differ diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml index 98935898..2e84ac78 100644 --- a/charts/kyverno/values.yaml +++ b/charts/kyverno/values.yaml @@ -37,6 +37,9 @@ kyverno: # -- Resync period for informers resyncPeriod: 15m + # -- Enable/Disable custom resource watcher to invalidate cache + crdWatcher: false + caCertificates: # -- Global CA certificates to use with Kyverno deployments # This value is expected to be one large string of CA certificates @@ -97,6 +100,10 @@ kyverno: # -- Whether to have Helm install the Kyverno CRDs, if the CRDs are not installed by Helm, they must be added before policies can be created install: true + reportsServer: + # -- Kyverno reports-server is used in your cluster + enabled: false + groups: # -- Install CRDs in group `kyverno.io` @@ -375,10 +382,10 @@ kyverno: values: - kube-system # Exclude objects - # - objectSelector: - # matchExpressions: - # - key: webhooks.kyverno.io/exclude - # operator: DoesNotExist + # objectSelector: + # matchExpressions: + # - key: webhooks.kyverno.io/exclude + # operator: DoesNotExist # -- Defines annotations to set on webhook configurations. webhookAnnotations: @@ -727,6 +734,9 @@ kyverno: configMapCaching: # -- Enables the feature enabled: true + controllerRuntimeMetrics: + # -- Bind address for controller-runtime metrics (use "0" to disable it) + bindAddress: ":8080" deferredLoading: # -- Enables the feature enabled: true @@ -862,6 +872,9 @@ kyverno: # -- Resync period for informers resyncPeriod: 15m + # -- Enable/Disable custom resource watcher to invalidate cache + crdWatcher: false + # -- Additional labels to add to each pod podLabels: {} # example.com/label: foo diff --git a/charts/velero/Chart.lock b/charts/velero/Chart.lock index b32a7e61..cc67d62d 100644 --- a/charts/velero/Chart.lock +++ b/charts/velero/Chart.lock @@ -1,7 +1,7 @@ dependencies: - name: velero repository: https://vmware-tanzu.github.io/helm-charts - version: 9.1.2 + version: 10.0.10 - name: gcp-workload-identity repository: https://edixos.github.io/ekp-helm version: 0.1.1 @@ -14,5 +14,5 @@ dependencies: - name: gcp-bucket repository: https://edixos.github.io/ekp-helm version: 0.1.0 -digest: sha256:56dafcc28b5517504b03be7a9549166c131b26251d03d0d55a63954e2c5bf30a -generated: "2025-05-14T10:23:09.920610947Z" +digest: sha256:d1e92116b22eab1bcf50472f1d1e358ccf9b8493e9e8ced1f245923b184ba239 +generated: "2025-07-30T10:27:20.231150666Z" diff --git a/charts/velero/Chart.yaml b/charts/velero/Chart.yaml index 2bca7d40..321cdb7f 100644 --- a/charts/velero/Chart.yaml +++ b/charts/velero/Chart.yaml @@ -2,11 +2,11 @@ apiVersion: v2 name: velero description: A Helm chart for velero type: application -version: 0.1.4 +version: 0.1.5 appVersion: "1.15.2" dependencies: - name: velero - version: 9.1.2 + version: 10.0.10 repository: "https://vmware-tanzu.github.io/helm-charts" - name: gcp-workload-identity version: 0.1.1 diff --git a/charts/velero/README.md b/charts/velero/README.md index c13ca208..8e0ab204 100644 --- a/charts/velero/README.md +++ b/charts/velero/README.md @@ -1,6 +1,6 @@ # velero -![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.15.2](https://img.shields.io/badge/AppVersion-1.15.2-informational?style=flat-square) +![Version: 0.1.5](https://img.shields.io/badge/Version-0.1.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.15.2](https://img.shields.io/badge/AppVersion-1.15.2-informational?style=flat-square) ## Prerequisites @@ -15,7 +15,7 @@ | https://edixos.github.io/ekp-helm | iamCustomRole(gcp-iam-custom-role) | 0.1.0 | | https://edixos.github.io/ekp-helm | iamPolicyMembers(gcp-iam-policy-members) | 0.1.2 | | https://edixos.github.io/ekp-helm | workloadIdentity(gcp-workload-identity) | 0.1.1 | -| https://vmware-tanzu.github.io/helm-charts | velero | 9.1.2 | +| https://vmware-tanzu.github.io/helm-charts | velero | 10.0.10 | ## Maintainers @@ -53,20 +53,21 @@ A Helm chart for velero | velero.configMaps | object | `{}` | | | velero.configuration.backupStorageLocation[0].accessMode | string | `"ReadWrite"` | | | velero.configuration.backupStorageLocation[0].annotations | object | `{}` | | -| velero.configuration.backupStorageLocation[0].bucket | string | `nil` | | +| velero.configuration.backupStorageLocation[0].bucket | string | `""` | | | velero.configuration.backupStorageLocation[0].caCert | string | `nil` | | | velero.configuration.backupStorageLocation[0].config | object | `{}` | | | velero.configuration.backupStorageLocation[0].credential.key | string | `nil` | | | velero.configuration.backupStorageLocation[0].credential.name | string | `nil` | | -| velero.configuration.backupStorageLocation[0].default | string | `nil` | | +| velero.configuration.backupStorageLocation[0].default | bool | `false` | | | velero.configuration.backupStorageLocation[0].name | string | `nil` | | | velero.configuration.backupStorageLocation[0].prefix | string | `nil` | | -| velero.configuration.backupStorageLocation[0].provider | string | `nil` | | +| velero.configuration.backupStorageLocation[0].provider | string | `""` | | | velero.configuration.backupStorageLocation[0].validationFrequency | string | `nil` | | | velero.configuration.backupSyncPeriod | string | `nil` | | | velero.configuration.clientBurst | string | `nil` | | | velero.configuration.clientPageSize | string | `nil` | | | velero.configuration.clientQPS | string | `nil` | | +| velero.configuration.dataMoverPrepareTimeout | string | `nil` | | | velero.configuration.defaultBackupStorageLocation | string | `nil` | | | velero.configuration.defaultBackupTTL | string | `nil` | | | velero.configuration.defaultItemOperationTimeout | string | `nil` | | @@ -77,7 +78,7 @@ A Helm chart for velero | velero.configuration.disableControllers | string | `nil` | | | velero.configuration.disableInformerCache | bool | `false` | | | velero.configuration.extraArgs | list | `[]` | | -| velero.configuration.extraEnvVars | object | `{}` | | +| velero.configuration.extraEnvVars | list | `[]` | | | velero.configuration.features | string | `nil` | | | velero.configuration.fsBackupTimeout | string | `nil` | | | velero.configuration.garbageCollectionFrequency | string | `nil` | | @@ -101,7 +102,7 @@ A Helm chart for velero | velero.configuration.volumeSnapshotLocation[0].credential.key | string | `nil` | | | velero.configuration.volumeSnapshotLocation[0].credential.name | string | `nil` | | | velero.configuration.volumeSnapshotLocation[0].name | string | `nil` | | -| velero.configuration.volumeSnapshotLocation[0].provider | string | `nil` | | +| velero.configuration.volumeSnapshotLocation[0].provider | string | `""` | | | velero.containerSecurityContext | object | `{}` | | | velero.credentials.existingSecret | string | `nil` | | | velero.credentials.extraEnvVars | object | `{}` | | @@ -116,10 +117,11 @@ A Helm chart for velero | velero.extraVolumeMounts | list | `[]` | | | velero.extraVolumes | list | `[]` | | | velero.fullnameOverride | string | `""` | | +| velero.hostAliases | list | `[]` | | | velero.image.imagePullSecrets | list | `[]` | | | velero.image.pullPolicy | string | `"IfNotPresent"` | | | velero.image.repository | string | `"velero/velero"` | | -| velero.image.tag | string | `"v1.16.0"` | | +| velero.image.tag | string | `"v1.16.1"` | | | velero.initContainers | string | `nil` | | | velero.kubectl.annotations | object | `{}` | | | velero.kubectl.containerSecurityContext | object | `{}` | | @@ -153,7 +155,13 @@ A Helm chart for velero | velero.metrics.scrapeInterval | string | `"30s"` | | | velero.metrics.scrapeTimeout | string | `"10s"` | | | velero.metrics.service.annotations | object | `{}` | | +| velero.metrics.service.externalTrafficPolicy | string | `""` | | +| velero.metrics.service.internalTrafficPolicy | string | `""` | | +| velero.metrics.service.ipFamilies | list | `[]` | | +| velero.metrics.service.ipFamilyPolicy | string | `""` | | | velero.metrics.service.labels | object | `{}` | | +| velero.metrics.service.nodePort | string | `nil` | | +| velero.metrics.service.type | string | `"ClusterIP"` | | | velero.metrics.serviceMonitor.additionalLabels | object | `{}` | | | velero.metrics.serviceMonitor.annotations | object | `{}` | | | velero.metrics.serviceMonitor.autodetect | bool | `true` | | @@ -166,9 +174,10 @@ A Helm chart for velero | velero.nodeAgent.dnsConfig | object | `{}` | | | velero.nodeAgent.dnsPolicy | string | `"ClusterFirst"` | | | velero.nodeAgent.extraArgs | list | `[]` | | -| velero.nodeAgent.extraEnvVars | object | `{}` | | +| velero.nodeAgent.extraEnvVars | list | `[]` | | | velero.nodeAgent.extraVolumeMounts | list | `[]` | | | velero.nodeAgent.extraVolumes | list | `[]` | | +| velero.nodeAgent.hostAliases | list | `[]` | | | velero.nodeAgent.labels | object | `{}` | | | velero.nodeAgent.lifecycle | object | `{}` | | | velero.nodeAgent.nodeSelector | object | `{}` | | @@ -213,7 +222,7 @@ A Helm chart for velero | velero.tolerations | list | `[]` | | | velero.upgradeCRDs | bool | `true` | | | velero.upgradeCRDsJob.automountServiceAccountToken | bool | `true` | | -| velero.upgradeCRDsJob.extraEnvVars | object | `{}` | | +| velero.upgradeCRDsJob.extraEnvVars | list | `[]` | | | velero.upgradeCRDsJob.extraVolumeMounts | list | `[]` | | | velero.upgradeCRDsJob.extraVolumes | list | `[]` | | | velero.upgradeJobResources | object | `{}` | | @@ -244,7 +253,7 @@ spec: source: repoURL: "https://edixos.github.io/ekp-helm" - targetRevision: "0.1.4" + targetRevision: "0.1.5" chart: velero path: '' helm: diff --git a/charts/velero/charts/velero-10.0.10.tgz b/charts/velero/charts/velero-10.0.10.tgz new file mode 100644 index 00000000..879d1f6c Binary files /dev/null and b/charts/velero/charts/velero-10.0.10.tgz differ diff --git a/charts/velero/charts/velero-9.1.2.tgz b/charts/velero/charts/velero-9.1.2.tgz deleted file mode 100644 index 14de8687..00000000 Binary files a/charts/velero/charts/velero-9.1.2.tgz and /dev/null differ diff --git a/charts/velero/values.yaml b/charts/velero/values.yaml index 33574af6..da388585 100644 --- a/charts/velero/values.yaml +++ b/charts/velero/values.yaml @@ -43,7 +43,7 @@ velero: # enabling node-agent). Required. image: repository: velero/velero - tag: v1.16.0 + tag: v1.16.1 # Digest value example: sha256:d238835e151cec91c6a811fe3a89a66d3231d9f64d09e5f3c49552672d271f38. # If used, it will take precedence over the image.tag. # digest: @@ -91,6 +91,14 @@ velero: # cpu: 1000m # memory: 512Mi + # Configure hostAliases for Velero deployment. Optional + # For more information, check: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + # Resource requests/limits to specify for the upgradeCRDs job pod. Need to be adjusted by user accordingly. upgradeJobResources: {} # requests: @@ -104,8 +112,18 @@ velero: extraVolumes: [] # Extra volumeMounts for the Upgrade CRDs Job. Optional. extraVolumeMounts: [] - # Extra key/value pairs to be used as environment variables. Optional. - extraEnvVars: {} + # Additional values to be used as environment variables. Optional. + extraEnvVars: [] + # Simple value + # - name: SIMPLE_VAR + # value: "simple-value" + + # FieldRef example + # - name: MY_POD_LABEL + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['my_label'] + # Configure if API credential for Service Account is automounted. automountServiceAccountToken: true # Configure the shell cmd in case you are using custom image @@ -120,7 +138,7 @@ velero: # If the value is a string then it is evaluated as a template. initContainers: # - name: velero-plugin-for-aws - # image: velero/velero-plugin-for-aws:v1.10.0 + # image: velero/velero-plugin-for-aws:v1.12.1 # imagePullPolicy: IfNotPresent # volumeMounts: # - mountPath: /target @@ -230,7 +248,19 @@ velero: # service metdata if metrics are enabled service: annotations: {} + type: ClusterIP labels: {} + nodePort: null + + # External/Internal traffic policy setting (Cluster, Local) + # https://kubernetes.io/docs/reference/networking/virtual-ips/#traffic-policies + externalTrafficPolicy: "" + internalTrafficPolicy: "" + + # the IP family policy for the metrics Service to be able to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). + ipFamilyPolicy: "" + # a list of IP families for the metrics Service that should be supported, in the order in which they should be applied to ClusterIP. Can be "IPv4" and/or "IPv6". + ipFamilies: [] # Pod annotations for Prometheus podAnnotations: @@ -339,15 +369,15 @@ velero: # a backup storage location will be created with the name "default". Optional. - name: # provider is the name for the backup storage location provider. - provider: + provider: "" # bucket is the name of the bucket to store backups in. Required. - bucket: + bucket: "" # caCert defines a base64 encoded CA bundle to use when verifying TLS connections to the provider. Optional. caCert: # prefix is the directory under which all Velero data should be stored within the bucket. Optional. prefix: # default indicates this location is the default backup storage location. Optional. - default: + default: false # validationFrequency defines how frequently Velero should validate the object storage. Optional. validationFrequency: # accessMode determines if velero can write to this backup storage location. Optional. @@ -383,10 +413,11 @@ velero: # Parameters for the VolumeSnapshotLocation(s). Configure multiple by adding other element(s) to the volumeSnapshotLocation slice. # See https://velero.io/docs/v1.6/api-types/volumesnapshotlocation/ volumeSnapshotLocation: - # name is the name of the volume snapshot location where snapshots are being taken. Required. + # name is the name of the volume snapshot location where snapshots are being taken. If a name is not provided, + # a volume snapshot location will be created with the name "default". Optional. - name: # provider is the name for the volume snapshot provider. - provider: + provider: "" credential: # name of the secret used by this volumeSnapshotLocation. name: @@ -463,6 +494,8 @@ velero: # Comma separated list of velero feature flags. default: empty # features: EnableCSI features: + # Configures the timeout for provisioning the volume created from the CSI snapshot. Default: 30m + dataMoverPrepareTimeout: # Resource requests/limits to specify for the repository-maintenance job. Optional. # https://velero.io/docs/v1.14/repository-maintenance/#resource-limitation repositoryMaintenanceJob: @@ -480,8 +513,17 @@ velero: # e.g.: extraArgs: ["--foo=bar"] extraArgs: [] - # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'" - extraEnvVars: {} + # Additional values to be used as environment variables. Optional. + extraEnvVars: [] + # Simple value + # - name: SIMPLE_VAR + # value: "simple-value" + + # FieldRef example + # - name: MY_POD_LABEL + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['my_label'] # Set true for backup all pod volumes without having to apply annotation on the pod when used file system backup Default: false. defaultVolumesToFsBackup: @@ -600,8 +642,17 @@ velero: # Extra volumeMounts for the node-agent daemonset. Optional. extraVolumeMounts: [] - # Key/value pairs to be used as environment variables for the node-agent daemonset. Optional. - extraEnvVars: {} + # Additional values to be used as environment variables for node-agent daemonset. Optional. + extraEnvVars: [] + # Simple key/value + # - name: SIMPLE_VAR + # value: "simple-value" + + # FieldRef example + # - name: MY_POD_LABEL + # valueFrom: + # fieldRef: + # fieldPath: metadata.labels['my_label'] # Additional command-line arguments that will be passed to the node-agent. Optional. # e.g.: extraArgs: ["--foo=bar"] @@ -611,6 +662,14 @@ velero: # See: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy dnsPolicy: ClusterFirst + # Configure hostAliases for node-agent daemonset. Optional + # For more information, check: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ + hostAliases: [] + # - ip: "127.0.0.1" + # hostnames: + # - "foo.local" + # - "bar.local" + # SecurityContext to use for the Velero deployment. Optional. # Set fsGroup for `AWS IAM Roles for Service Accounts` # see more informations at: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html