mirror of
https://github.com/outbackdingo/cozystack.git
synced 2026-01-28 18:18:41 +00:00
Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
39b31ca9e5 | ||
|
|
db7c591957 | ||
|
|
5baa48022e | ||
|
|
1234872bda | ||
|
|
6afb1aad03 | ||
|
|
ad8e09bb35 | ||
|
|
e8faf193eb | ||
|
|
2393e3427c | ||
|
|
ddb237718b | ||
|
|
ae619953fb |
11
hack/e2e.sh
11
hack/e2e.sh
@@ -318,7 +318,12 @@ kubectl patch -n tenant-root tenants.apps.cozystack.io root --type=merge -p '{"s
|
||||
timeout 60 sh -c 'until kubectl get hr -n tenant-root etcd ingress monitoring tenant-root; do sleep 1; done'
|
||||
|
||||
# Wait for HelmReleases be installed
|
||||
kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr etcd ingress monitoring tenant-root
|
||||
kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr etcd ingress tenant-root
|
||||
|
||||
if ! kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr monitoring; then
|
||||
flux reconcile hr monitoring -n tenant-root --force
|
||||
kubectl wait --timeout=2m --for=condition=ready -n tenant-root hr monitoring
|
||||
fi
|
||||
|
||||
kubectl patch -n tenant-root ingresses.apps.cozystack.io ingress --type=merge -p '{"spec":{
|
||||
"dashboard": true
|
||||
@@ -333,7 +338,7 @@ kubectl wait --timeout=5m --for=jsonpath=.status.readyReplicas=3 -n tenant-root
|
||||
|
||||
# Wait for Victoria metrics
|
||||
kubectl wait --timeout=5m --for=jsonpath=.status.updateStatus=operational -n tenant-root vmalert/vmalert-shortterm vmalertmanager/alertmanager
|
||||
kubectl wait --timeout=5m --for=jsonpath=.status.status=operational -n tenant-root vlogs/generic
|
||||
kubectl wait --timeout=5m --for=jsonpath=.status.updateStatus=operational -n tenant-root vlogs/generic
|
||||
kubectl wait --timeout=5m --for=jsonpath=.status.clusterStatus=operational -n tenant-root vmcluster/shortterm vmcluster/longterm
|
||||
|
||||
# Wait for grafana
|
||||
@@ -352,5 +357,5 @@ kubectl patch -n cozy-system cm/cozystack --type=merge -p '{"data":{
|
||||
"oidc-enabled": "true"
|
||||
}}'
|
||||
|
||||
timeout 60 sh -c 'until kubectl get hr -n cozy-keycloak keycloak keycloak-configure keycloak-operator; do sleep 1; done'
|
||||
timeout 120 sh -c 'until kubectl get hr -n cozy-keycloak keycloak keycloak-configure keycloak-operator; do sleep 1; done'
|
||||
kubectl wait --timeout=10m --for=condition=ready -n cozy-keycloak hr keycloak keycloak-configure keycloak-operator
|
||||
|
||||
@@ -4,4 +4,4 @@ description: Separated tenant namespace
|
||||
icon: /logos/tenant.svg
|
||||
|
||||
type: application
|
||||
version: 1.9.1
|
||||
version: 1.9.2
|
||||
|
||||
@@ -46,4 +46,8 @@ spec:
|
||||
resources: {}
|
||||
oncall:
|
||||
enabled: false
|
||||
{{- if .Values.ingress }}
|
||||
dependsOn:
|
||||
- name: ingress
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -128,7 +128,8 @@ tenant 1.6.8 bc95159a
|
||||
tenant 1.7.0 24fa7222
|
||||
tenant 1.8.0 160e4e2a
|
||||
tenant 1.9.0 728743db
|
||||
tenant 1.9.1 HEAD
|
||||
tenant 1.9.1 de19450f
|
||||
tenant 1.9.2 HEAD
|
||||
virtual-machine 0.1.4 f2015d65
|
||||
virtual-machine 0.1.5 263e47be
|
||||
virtual-machine 0.2.0 c0685f43
|
||||
|
||||
@@ -14,3 +14,4 @@ RUN curl -LO "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kube
|
||||
&& mv kubectl /usr/local/bin/kubectl
|
||||
RUN curl -sSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash -s - --version "v${HELM_VERSION}"
|
||||
RUN wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64 -O /usr/local/bin/yq && chmod +x /usr/local/bin/yq
|
||||
RUN curl -s https://fluxcd.io/install.sh | bash
|
||||
|
||||
@@ -4,6 +4,8 @@ kind: VLogs
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
image:
|
||||
tag: v1.17.0-victorialogs
|
||||
storage:
|
||||
resources:
|
||||
requests:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
apiVersion: v2
|
||||
appVersion: 0.17.0
|
||||
appVersion: 0.18.1
|
||||
description: Cluster API Operator
|
||||
name: cluster-api-operator
|
||||
type: application
|
||||
version: 0.17.0
|
||||
version: 0.18.1
|
||||
|
||||
@@ -26,8 +26,10 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: {{ $addonNamespace }}
|
||||
---
|
||||
@@ -37,8 +39,10 @@ metadata:
|
||||
name: {{ $addonName }}
|
||||
namespace: {{ $addonNamespace }}
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- if or $addonVersion $.Values.secretName }}
|
||||
spec:
|
||||
|
||||
@@ -26,8 +26,11 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: {{ $bootstrapNamespace }}
|
||||
---
|
||||
apiVersion: operator.cluster.x-k8s.io/v1alpha2
|
||||
@@ -36,8 +39,11 @@ metadata:
|
||||
name: {{ $bootstrapName }}
|
||||
namespace: {{ $bootstrapNamespace }}
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- if or $bootstrapVersion $.Values.configSecret.name }}
|
||||
spec:
|
||||
{{- end}}
|
||||
|
||||
@@ -26,8 +26,11 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: {{ $controlPlaneNamespace }}
|
||||
---
|
||||
apiVersion: operator.cluster.x-k8s.io/v1alpha2
|
||||
@@ -36,8 +39,11 @@ metadata:
|
||||
name: {{ $controlPlaneName }}
|
||||
namespace: {{ $controlPlaneNamespace }}
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }}
|
||||
spec:
|
||||
{{- end}}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure }}
|
||||
{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure .Values.ipam }}
|
||||
# Deploy core components if not specified
|
||||
{{- if not .Values.core }}
|
||||
---
|
||||
@@ -6,8 +6,11 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: capi-system
|
||||
---
|
||||
apiVersion: operator.cluster.x-k8s.io/v1alpha2
|
||||
@@ -16,8 +19,11 @@ metadata:
|
||||
name: cluster-api
|
||||
namespace: capi-system
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- with .Values.configSecret }}
|
||||
spec:
|
||||
configSecret:
|
||||
@@ -28,4 +34,3 @@ spec:
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
@@ -25,8 +25,11 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: {{ $coreNamespace }}
|
||||
---
|
||||
apiVersion: operator.cluster.x-k8s.io/v1alpha2
|
||||
@@ -35,8 +38,10 @@ metadata:
|
||||
name: {{ $coreName }}
|
||||
namespace: {{ $coreNamespace }}
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- if or $coreVersion $.Values.configSecret.name $.Values.manager }}
|
||||
spec:
|
||||
@@ -45,8 +50,8 @@ spec:
|
||||
version: {{ $coreVersion }}
|
||||
{{- end }}
|
||||
{{- if $.Values.manager }}
|
||||
manager:
|
||||
{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.core }}
|
||||
manager:
|
||||
featureGates:
|
||||
{{- range $key, $value := $.Values.manager.featureGates.core }}
|
||||
{{ $key }}: {{ $value }}
|
||||
|
||||
@@ -7,8 +7,10 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: capi-kubeadm-bootstrap-system
|
||||
---
|
||||
@@ -18,8 +20,10 @@ metadata:
|
||||
name: kubeadm
|
||||
namespace: capi-kubeadm-bootstrap-system
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- with .Values.configSecret }}
|
||||
spec:
|
||||
@@ -37,8 +41,10 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: capi-kubeadm-control-plane-system
|
||||
---
|
||||
@@ -48,14 +54,16 @@ metadata:
|
||||
name: kubeadm
|
||||
namespace: capi-kubeadm-control-plane-system
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- with .Values.configSecret }}
|
||||
spec:
|
||||
{{- if $.Values.manager }}
|
||||
manager:
|
||||
{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }}
|
||||
manager:
|
||||
featureGates:
|
||||
{{- range $key, $value := $.Values.manager.featureGates.kubeadm }}
|
||||
{{ $key }}: {{ $value }}
|
||||
|
||||
@@ -26,8 +26,10 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: {{ $infrastructureNamespace }}
|
||||
---
|
||||
@@ -37,8 +39,10 @@ metadata:
|
||||
name: {{ $infrastructureName }}
|
||||
namespace: {{ $infrastructureNamespace }}
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
|
||||
spec:
|
||||
@@ -47,8 +51,8 @@ spec:
|
||||
version: {{ $infrastructureVersion }}
|
||||
{{- end }}
|
||||
{{- if $.Values.manager }}
|
||||
manager:
|
||||
{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $infrastructureName) }}
|
||||
manager:
|
||||
{{- range $key, $value := $.Values.manager.featureGates }}
|
||||
{{- if eq $key $infrastructureName }}
|
||||
featureGates:
|
||||
|
||||
@@ -26,8 +26,10 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "1"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "1"
|
||||
name: {{ $ipamNamespace }}
|
||||
---
|
||||
@@ -37,8 +39,10 @@ metadata:
|
||||
name: {{ $ipamName }}
|
||||
namespace: {{ $ipamNamespace }}
|
||||
annotations:
|
||||
{{- if $.Values.enableHelmHook }}
|
||||
"helm.sh/hook": "post-install,post-upgrade"
|
||||
"helm.sh/hook-weight": "2"
|
||||
{{- end }}
|
||||
"argocd.argoproj.io/sync-wave": "2"
|
||||
{{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
|
||||
spec:
|
||||
@@ -47,8 +51,8 @@ spec:
|
||||
version: {{ $ipamVersion }}
|
||||
{{- end }}
|
||||
{{- if $.Values.manager }}
|
||||
manager:
|
||||
{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }}
|
||||
manager:
|
||||
{{- range $key, $value := $.Values.manager.featureGates }}
|
||||
{{- if eq $key $ipamName }}
|
||||
featureGates:
|
||||
|
||||
@@ -21,7 +21,7 @@ leaderElection:
|
||||
image:
|
||||
manager:
|
||||
repository: registry.k8s.io/capi-operator/cluster-api-operator
|
||||
tag: v0.17.0
|
||||
tag: v0.18.1
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
manager: []
|
||||
@@ -69,3 +69,4 @@ volumeMounts:
|
||||
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
||||
name: cert
|
||||
readOnly: true
|
||||
enableHelmHook: true
|
||||
|
||||
@@ -79,7 +79,7 @@ annotations:
|
||||
Pod IP Pool\n description: |\n CiliumPodIPPool defines an IP pool that can
|
||||
be used for pooled IPAM (i.e. the multi-pool IPAM mode).\n"
|
||||
apiVersion: v2
|
||||
appVersion: 1.17.1
|
||||
appVersion: 1.17.2
|
||||
description: eBPF-based Networking, Security, and Observability
|
||||
home: https://cilium.io/
|
||||
icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg
|
||||
@@ -95,4 +95,4 @@ kubeVersion: '>= 1.21.0-0'
|
||||
name: cilium
|
||||
sources:
|
||||
- https://github.com/cilium/cilium
|
||||
version: 1.17.1
|
||||
version: 1.17.2
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# cilium
|
||||
|
||||
 
|
||||
 
|
||||
|
||||
Cilium is open source software for providing and transparently securing
|
||||
network connectivity and loadbalancing between application workloads such as
|
||||
@@ -85,7 +85,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
|
||||
| authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true |
|
||||
| authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. |
|
||||
| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:a5d0ce49aa801d475da48f8cb163c354ab95cab073cd3c138bd458fc8257fbf1","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server |
|
||||
| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:498a000f370d8c37927118ed80afe8adc38d1edcbfc071627d17b25c88efcab0","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.37.0","useDigest":true}` | init container image of SPIRE agent and server |
|
||||
| authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into |
|
||||
| authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration |
|
||||
| authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations |
|
||||
@@ -131,6 +131,8 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| bpf.ctTcpMax | int | `524288` | Configure the maximum number of entries in the TCP connection tracking table. |
|
||||
| bpf.datapathMode | string | `veth` | Mode for Pod devices for the core datapath (veth, netkit, netkit-l2, lb-only) |
|
||||
| bpf.disableExternalIPMitigation | bool | `false` | Disable ExternalIP mitigation (CVE-2020-8554) |
|
||||
| bpf.distributedLRU | object | `{"enabled":false}` | Control to use a distributed per-CPU backend memory for the core BPF LRU maps which Cilium uses. This improves performance significantly, but it is also recommended to increase BPF map sizing along with that. |
|
||||
| bpf.distributedLRU.enabled | bool | `false` | Enable distributed LRU backend memory. For compatibility with existing installations it is off by default. |
|
||||
| bpf.enableTCX | bool | `true` | Attach endpoint programs using tcx instead of legacy tc hooks on supported kernels. |
|
||||
| bpf.events | object | `{"default":{"burstLimit":null,"rateLimit":null},"drop":{"enabled":true},"policyVerdict":{"enabled":true},"trace":{"enabled":true}}` | Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble. Helm configuration for BPF events map rate limiting is experimental and might change in upcoming releases. |
|
||||
| bpf.events.default | object | `{"burstLimit":null,"rateLimit":null}` | Default settings for all types of events except dbg and pcap. |
|
||||
@@ -195,7 +197,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. |
|
||||
| clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. |
|
||||
| clustermesh.apiserver.healthPort | int | `9880` | TCP port for the clustermesh-apiserver health API. |
|
||||
| clustermesh.apiserver.image | object | `{"digest":"sha256:1de22f46bfdd638de72c2224d5223ddc3bbeacda1803cb75799beca3d4bf7a4c","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.1","useDigest":true}` | Clustermesh API server image. |
|
||||
| clustermesh.apiserver.image | object | `{"digest":"sha256:981250ebdc6e66e190992eaf75cfca169113a8f08d5c3793fe15822176980398","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.17.2","useDigest":true}` | Clustermesh API server image. |
|
||||
| clustermesh.apiserver.kvstoremesh.enabled | bool | `true` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. |
|
||||
| clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. |
|
||||
| clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. |
|
||||
@@ -375,7 +377,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| envoy.healthPort | int | `9878` | TCP port for the health API. |
|
||||
| envoy.httpRetryCount | int | `3` | Maximum number of retries for each HTTP request |
|
||||
| envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s |
|
||||
| envoy.image | object | `{"digest":"sha256:fc708bd36973d306412b2e50c924cd8333de67e0167802c9b48506f9d772f521","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.31.5-1739264036-958bef243c6c66fcfd73ca319f2eb49fff1eb2ae","useDigest":true}` | Envoy container image. |
|
||||
| envoy.image | object | `{"digest":"sha256:377c78c13d2731f3720f931721ee309159e782d882251709cb0fac3b42c03f4b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.31.5-1741765102-efed3defcc70ab5b263a0fc44c93d316b846a211","useDigest":true}` | Envoy container image. |
|
||||
| envoy.initialFetchTimeoutSeconds | int | `30` | Time in seconds after which the initial fetch on an xDS stream is considered timed out |
|
||||
| envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe |
|
||||
| envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe |
|
||||
@@ -392,6 +394,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| envoy.podLabels | object | `{}` | Labels to be added to envoy pods |
|
||||
| envoy.podSecurityContext | object | `{"appArmorProfile":{"type":"Unconfined"}}` | Security Context for cilium-envoy pods. |
|
||||
| envoy.podSecurityContext.appArmorProfile | object | `{"type":"Unconfined"}` | AppArmorProfile options for the `cilium-agent` and init containers |
|
||||
| envoy.policyRestoreTimeoutDuration | string | `nil` | Max duration to wait for endpoint policies to be restored on restart. Default "3m". |
|
||||
| envoy.priorityClassName | string | `nil` | The priority class to use for cilium-envoy. |
|
||||
| envoy.prometheus | object | `{"enabled":true,"port":"9964","serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}]}}` | Configure Cilium Envoy Prometheus options. Note that some of these apply to either cilium-agent or cilium-envoy. |
|
||||
| envoy.prometheus.enabled | bool | `true` | Enable prometheus metrics for cilium-envoy |
|
||||
@@ -515,7 +518,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. |
|
||||
| hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay |
|
||||
| hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay |
|
||||
| hubble.relay.image | object | `{"digest":"sha256:397e8fbb188157f744390a7b272a1dec31234e605bcbe22d8919a166d202a3dc","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.1","useDigest":true}` | Hubble-relay container image. |
|
||||
| hubble.relay.image | object | `{"digest":"sha256:42a8db5c256c516cacb5b8937c321b2373ad7a6b0a1e5a5120d5028433d586cc","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.17.2","useDigest":true}` | Hubble-relay container image. |
|
||||
| hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. |
|
||||
| hubble.relay.listenPort | string | `"4245"` | Port to listen to. |
|
||||
| hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
|
||||
@@ -582,7 +585,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| hubble.ui.backend.extraEnv | list | `[]` | Additional hubble-ui backend environment variables. |
|
||||
| hubble.ui.backend.extraVolumeMounts | list | `[]` | Additional hubble-ui backend volumeMounts. |
|
||||
| hubble.ui.backend.extraVolumes | list | `[]` | Additional hubble-ui backend volumes. |
|
||||
| hubble.ui.backend.image | object | `{"digest":"sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.1","useDigest":true}` | Hubble-ui backend image. |
|
||||
| hubble.ui.backend.image | object | `{"digest":"sha256:a034b7e98e6ea796ed26df8f4e71f83fc16465a19d166eff67a03b822c0bfa15","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.2","useDigest":true}` | Hubble-ui backend image. |
|
||||
| hubble.ui.backend.livenessProbe.enabled | bool | `false` | Enable liveness probe for Hubble-ui backend (requires Hubble-ui 0.12+) |
|
||||
| hubble.ui.backend.readinessProbe.enabled | bool | `false` | Enable readiness probe for Hubble-ui backend (requires Hubble-ui 0.12+) |
|
||||
| hubble.ui.backend.resources | object | `{}` | Resource requests and limits for the 'backend' container of the 'hubble-ui' deployment. |
|
||||
@@ -592,7 +595,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| hubble.ui.frontend.extraEnv | list | `[]` | Additional hubble-ui frontend environment variables. |
|
||||
| hubble.ui.frontend.extraVolumeMounts | list | `[]` | Additional hubble-ui frontend volumeMounts. |
|
||||
| hubble.ui.frontend.extraVolumes | list | `[]` | Additional hubble-ui frontend volumes. |
|
||||
| hubble.ui.frontend.image | object | `{"digest":"sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.1","useDigest":true}` | Hubble-ui frontend image. |
|
||||
| hubble.ui.frontend.image | object | `{"digest":"sha256:9e37c1296b802830834cc87342a9182ccbb71ffebb711971e849221bd9d59392","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.2","useDigest":true}` | Hubble-ui frontend image. |
|
||||
| hubble.ui.frontend.resources | object | `{}` | Resource requests and limits for the 'frontend' container of the 'hubble-ui' deployment. |
|
||||
| hubble.ui.frontend.securityContext | object | `{}` | Hubble-ui frontend security context. |
|
||||
| hubble.ui.frontend.server.ipv6 | object | `{"enabled":true}` | Controls server listener for ipv6 |
|
||||
@@ -622,7 +625,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. |
|
||||
| identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd`, `kvstore` or `doublewrite-readkvstore` / `doublewrite-readcrd` for migrating between identity backends). |
|
||||
| identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. |
|
||||
| image | object | `{"digest":"sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.1","useDigest":true}` | Agent container image. |
|
||||
| image | object | `{"digest":"sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.2","useDigest":true}` | Agent container image. |
|
||||
| imagePullSecrets | list | `[]` | Configure image pull secrets for pulling container images |
|
||||
| ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set |
|
||||
| ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. |
|
||||
@@ -759,7 +762,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| operator.hostNetwork | bool | `true` | HostNetwork setting |
|
||||
| operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. |
|
||||
| operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. |
|
||||
| operator.image | object | `{"alibabacloudDigest":"sha256:034b479fba340f9d98510e509c7ce1c36e8889a109d5f1c2240fcb0942bc772c","awsDigest":"sha256:da74748057c836471bfdc0e65bb29ba0edb82916ec4b99f6a4f002b2fcc849d6","azureDigest":"sha256:b9e3e3994f5fcf1832e1f344f3b3b544832851b1990f124b2c2c68e3ffe04a9b","genericDigest":"sha256:628becaeb3e4742a1c36c4897721092375891b58bae2bfcae48bbf4420aaee97","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.1","useDigest":true}` | cilium-operator image. |
|
||||
| operator.image | object | `{"alibabacloudDigest":"sha256:7cb8c23417f65348bb810fe92fb05b41d926f019d77442f3fa1058d17fea7ffe","awsDigest":"sha256:955096183e22a203bbb198ca66e3266ce4dbc2b63f1a2fbd03f9373dcd97893c","azureDigest":"sha256:455fb88b558b1b8ba09d63302ccce76b4930581be89def027184ab04335c20e0","genericDigest":"sha256:81f2d7198366e8dec2903a3a8361e4c68d47d19c68a0d42f0b7b6e3f0523f249","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.17.2","useDigest":true}` | cilium-operator image. |
|
||||
| operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. |
|
||||
| operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
|
||||
| operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods |
|
||||
@@ -809,7 +812,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| preflight.extraEnv | list | `[]` | Additional preflight environment variables. |
|
||||
| preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. |
|
||||
| preflight.extraVolumes | list | `[]` | Additional preflight volumes. |
|
||||
| preflight.image | object | `{"digest":"sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.1","useDigest":true}` | Cilium pre-flight image. |
|
||||
| preflight.image | object | `{"digest":"sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.17.2","useDigest":true}` | Cilium pre-flight image. |
|
||||
| preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector |
|
||||
| preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods |
|
||||
| preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
|
||||
@@ -883,7 +886,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| tls.caBundle.useSecret | bool | `false` | Use a Secret instead of a ConfigMap. |
|
||||
| tls.readSecretsOnlyFromSecretsNamespace | string | `nil` | Configure if the Cilium Agent will only look in `tls.secretsNamespace` for CiliumNetworkPolicy relevant Secrets. If false, the Cilium Agent will be granted READ (GET/LIST/WATCH) access to _all_ secrets in the entire cluster. This is not recommended and is included for backwards compatibility. This value obsoletes `tls.secretsBackend`, with `true` == `local` in the old setting, and `false` == `k8s`. |
|
||||
| tls.secretSync | object | `{"enabled":null}` | Configures settings for synchronization of TLS Interception Secrets |
|
||||
| tls.secretSync.enabled | string | `nil` | Enable synchronization of Secrets for TLS Interception. If disabled and tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent. |
|
||||
| tls.secretSync.enabled | string | `nil` | Enable synchronization of Secrets for TLS Interception. If disabled and tls.readSecretsOnlyFromSecretsNamespace is set to 'false', then secrets will be read directly by the agent. |
|
||||
| tls.secretsBackend | string | `nil` | This configures how the Cilium agent loads the secrets used TLS-aware CiliumNetworkPolicies (namely the secrets referenced by terminatingTLS and originatingTLS). This value is DEPRECATED and will be removed in a future version. Use `tls.readSecretsOnlyFromSecretsNamespace` instead. Possible values: - local - k8s |
|
||||
| tls.secretsNamespace | object | `{"create":true,"name":"cilium-secrets"}` | Configures where secrets used in CiliumNetworkPolicies will be looked for |
|
||||
| tls.secretsNamespace.create | bool | `true` | Create secrets namespace for TLS Interception secrets. |
|
||||
@@ -891,6 +894,7 @@ contributors across the globe, there is almost always someone available to help.
|
||||
| tolerations | list | `[{"operator":"Exists"}]` | Node tolerations for agent scheduling to nodes with taints ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ |
|
||||
| tunnelPort | int | Port 8472 for VXLAN, Port 6081 for Geneve | Configure VXLAN and Geneve tunnel port. |
|
||||
| tunnelProtocol | string | `"vxlan"` | Tunneling protocol to use in tunneling mode and for ad-hoc tunnels. Possible values: - "" - vxlan - geneve |
|
||||
| tunnelSourcePortRange | string | 0-0 to let the kernel driver decide the range | Configure VXLAN and Geneve tunnel source port range hint. |
|
||||
| updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":2},"type":"RollingUpdate"}` | Cilium agent update strategy |
|
||||
| upgradeCompatibility | string | `nil` | upgradeCompatibility helps users upgrading to ensure that the configMap for Cilium will not change critical values to ensure continued operation This flag is not required for new installations. For example: '1.7', '1.8', '1.9' |
|
||||
| vtep.cidr | string | `""` | A space separated list of VTEP device CIDRs, for example "1.1.1.0/24 1.1.2.0/24" |
|
||||
|
||||
@@ -7,8 +7,15 @@ staticResources:
|
||||
- name: "envoy-prometheus-metrics-listener"
|
||||
address:
|
||||
socketAddress:
|
||||
address: "0.0.0.0"
|
||||
address: {{ .Values.ipv4.enabled | ternary "0.0.0.0" "::" | quote }}
|
||||
portValue: {{ .Values.envoy.prometheus.port }}
|
||||
{{- if and .Values.ipv4.enabled .Values.ipv6.enabled }}
|
||||
additionalAddresses:
|
||||
- address:
|
||||
socketAddress:
|
||||
address: "::"
|
||||
portValue: {{ .Values.envoy.prometheus.port }}
|
||||
{{- end }}
|
||||
filterChains:
|
||||
- filters:
|
||||
- name: "envoy.filters.network.http_connection_manager"
|
||||
@@ -289,7 +296,7 @@ overloadManager:
|
||||
applicationLogConfig:
|
||||
logFormat:
|
||||
{{- if .Values.envoy.log.format_json }}
|
||||
jsonFormat: "{{ .Values.envoy.log.format_json | toJson }}"
|
||||
jsonFormat: {{ .Values.envoy.log.format_json | toJson }}
|
||||
{{- else }}
|
||||
textFormat: "{{ .Values.envoy.log.format }}"
|
||||
{{- end }}
|
||||
|
||||
@@ -232,7 +232,7 @@ spec:
|
||||
resources:
|
||||
{{- toYaml . | trim | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.prometheus.enabled .Values.hubble.metrics.enabled }}
|
||||
{{- if or .Values.prometheus.enabled (or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled) }}
|
||||
ports:
|
||||
- name: peer-service
|
||||
containerPort: {{ .Values.hubble.peerService.targetPort }}
|
||||
@@ -364,7 +364,7 @@ spec:
|
||||
mountPath: {{ .Values.kubeConfigPath }}
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled .Values.hubble.metrics.tls.enabled }}
|
||||
{{- if and .Values.hubble.enabled (or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled) .Values.hubble.metrics.tls.enabled }}
|
||||
- name: hubble-metrics-tls
|
||||
mountPath: /var/lib/cilium/tls/hubble-metrics
|
||||
readOnly: true
|
||||
@@ -999,7 +999,7 @@ spec:
|
||||
path: client-ca.crt
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled .Values.hubble.metrics.tls.enabled }}
|
||||
{{- if and .Values.hubble.enabled (or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled) .Values.hubble.metrics.tls.enabled }}
|
||||
- name: hubble-metrics-tls
|
||||
projected:
|
||||
# note: the leading zero means this number is in octal representation: do not remove it
|
||||
|
||||
@@ -39,6 +39,9 @@ metadata:
|
||||
{{- end }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
@@ -62,6 +65,9 @@ metadata:
|
||||
{{- end }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
@@ -85,6 +91,9 @@ metadata:
|
||||
{{- end }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
@@ -104,6 +113,9 @@ metadata:
|
||||
namespace: {{ .Values.bgpControlPlane.secretsNamespace.name | quote }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
@@ -123,6 +135,9 @@ metadata:
|
||||
namespace: {{ .Values.tls.secretsNamespace.name | quote }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
|
||||
@@ -46,6 +46,9 @@ metadata:
|
||||
k8s-app: cilium
|
||||
app.kubernetes.io/name: cilium-agent
|
||||
app.kubernetes.io/part-of: cilium
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
clusterIP: None
|
||||
type: ClusterIP
|
||||
|
||||
@@ -403,7 +403,7 @@ data:
|
||||
|
||||
{{- if .Values.bpf.authMapMax }}
|
||||
# bpf-auth-map-max specifies the maximum number of entries in the auth map
|
||||
bpf-auth-map-max: {{ .Values.bpf.authMapMax | quote }}
|
||||
bpf-auth-map-max: "{{ .Values.bpf.authMapMax | int }}"
|
||||
{{- end }}
|
||||
{{- if or $bpfCtTcpMax $bpfCtAnyMax }}
|
||||
# bpf-ct-global-*-max specifies the maximum number of connections
|
||||
@@ -419,34 +419,34 @@ data:
|
||||
# For users upgrading from Cilium 1.2 or earlier, to minimize disruption
|
||||
# during the upgrade process, set bpf-ct-global-tcp-max to 1000000.
|
||||
{{- if $bpfCtTcpMax }}
|
||||
bpf-ct-global-tcp-max: {{ $bpfCtTcpMax | quote }}
|
||||
bpf-ct-global-tcp-max: "{{ $bpfCtTcpMax | int }}"
|
||||
{{- end }}
|
||||
{{- if $bpfCtAnyMax }}
|
||||
bpf-ct-global-any-max: {{ $bpfCtAnyMax | quote }}
|
||||
bpf-ct-global-any-max: "{{ $bpfCtAnyMax | int }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.bpf.ctAccounting }}
|
||||
bpf-conntrack-accounting: "{{ .Values.bpf.ctAccounting }}"
|
||||
bpf-conntrack-accounting: "{{ .Values.bpf.ctAccounting | int }}"
|
||||
{{- end }}
|
||||
{{- if .Values.bpf.natMax }}
|
||||
# bpf-nat-global-max specified the maximum number of entries in the
|
||||
# BPF NAT table.
|
||||
bpf-nat-global-max: "{{ .Values.bpf.natMax }}"
|
||||
bpf-nat-global-max: "{{ .Values.bpf.natMax | int }}"
|
||||
{{- end }}
|
||||
{{- if .Values.bpf.neighMax }}
|
||||
# bpf-neigh-global-max specified the maximum number of entries in the
|
||||
# BPF neighbor table.
|
||||
bpf-neigh-global-max: "{{ .Values.bpf.neighMax }}"
|
||||
bpf-neigh-global-max: "{{ .Values.bpf.neighMax | int }}"
|
||||
{{- end }}
|
||||
{{- if hasKey .Values.bpf "policyMapMax" }}
|
||||
# bpf-policy-map-max specifies the maximum number of entries in endpoint
|
||||
# policy map (per endpoint)
|
||||
bpf-policy-map-max: "{{ .Values.bpf.policyMapMax }}"
|
||||
bpf-policy-map-max: "{{ .Values.bpf.policyMapMax | int }}"
|
||||
{{- end }}
|
||||
{{- if hasKey .Values.bpf "lbMapMax" }}
|
||||
# bpf-lb-map-max specifies the maximum number of entries in bpf lb service,
|
||||
# backend and affinity maps.
|
||||
bpf-lb-map-max: "{{ .Values.bpf.lbMapMax }}"
|
||||
bpf-lb-map-max: "{{ .Values.bpf.lbMapMax | int }}"
|
||||
{{- end }}
|
||||
{{- if hasKey .Values.bpf "lbExternalClusterIP" }}
|
||||
bpf-lb-external-clusterip: {{ .Values.bpf.lbExternalClusterIP | quote }}
|
||||
@@ -461,6 +461,7 @@ data:
|
||||
bpf-lb-mode-annotation: {{ .Values.bpf.lbModeAnnotation | quote }}
|
||||
{{- end }}
|
||||
|
||||
bpf-distributed-lru: {{ .Values.bpf.distributedLRU.enabled | quote }}
|
||||
bpf-events-drop-enabled: {{ .Values.bpf.events.drop.enabled | quote }}
|
||||
bpf-events-policy-verdict-enabled: {{ .Values.bpf.events.policyVerdict.enabled | quote }}
|
||||
bpf-events-trace-enabled: {{ .Values.bpf.events.trace.enabled | quote }}
|
||||
@@ -513,6 +514,9 @@ data:
|
||||
{{- if .Values.tunnelPort }}
|
||||
tunnel-port: {{ .Values.tunnelPort | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.tunnelSourcePortRange }}
|
||||
tunnel-source-port-range: {{ .Values.tunnelSourcePortRange | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.serviceNoBackendResponse }}
|
||||
service-no-backend-response: "{{ .Values.serviceNoBackendResponse }}"
|
||||
@@ -927,9 +931,8 @@ data:
|
||||
operator-api-serve-addr: {{ $defaultOperatorApiServeAddr | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.hubble.enabled }}
|
||||
# Enable Hubble gRPC service.
|
||||
enable-hubble: {{ .Values.hubble.enabled | quote }}
|
||||
{{- if .Values.hubble.enabled }}
|
||||
# UNIX domain socket for Hubble server to listen to.
|
||||
hubble-socket-path: {{ .Values.hubble.socketPath | quote }}
|
||||
{{- if hasKey .Values.hubble "eventQueueSize" }}
|
||||
@@ -941,7 +944,7 @@ data:
|
||||
# Capacity of the buffer to store recent events.
|
||||
hubble-event-buffer-capacity: {{ .Values.hubble.eventBufferCapacity | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.hubble.metrics.enabled }}
|
||||
{{- if or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled}}
|
||||
# Address to expose Hubble metrics (e.g. ":7070"). Metrics server will be disabled if this
|
||||
# field is not set.
|
||||
hubble-metrics-server: ":{{ .Values.hubble.metrics.port }}"
|
||||
@@ -953,14 +956,20 @@ data:
|
||||
hubble-metrics-server-tls-client-ca-files: /var/lib/cilium/tls/hubble-metrics/client-ca.crt
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.hubble.metrics.enabled }}
|
||||
# A space separated list of metrics to enable. See [0] for available metrics.
|
||||
#
|
||||
# https://github.com/cilium/hubble/blob/master/Documentation/metrics.md
|
||||
hubble-metrics: {{- range .Values.hubble.metrics.enabled }}
|
||||
{{.}}
|
||||
{{- end}}
|
||||
{{- if .Values.hubble.metrics.dynamic.enabled }}
|
||||
hubble-dynamic-metrics-config-path: /dynamic-metrics-config/dynamic-metrics.yaml
|
||||
{{- end }}
|
||||
enable-hubble-open-metrics: {{ .Values.hubble.metrics.enableOpenMetrics | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.hubble.redact }}
|
||||
{{- if eq .Values.hubble.redact.enabled true }}
|
||||
# Enables hubble redact capabilities
|
||||
@@ -1004,10 +1013,6 @@ data:
|
||||
hubble-flowlogs-config-path: /flowlog-config/flowlogs.yaml
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.hubble.metrics.dynamic.enabled }}
|
||||
hubble-dynamic-metrics-config-path: /dynamic-metrics-config/dynamic-metrics.yaml
|
||||
hubble-metrics-server: ":{{ .Values.hubble.metrics.port }}"
|
||||
{{- end }}
|
||||
{{- if hasKey .Values.hubble "listenAddress" }}
|
||||
# An additional address for Hubble server to listen to (e.g. ":4244").
|
||||
hubble-listen-address: {{ .Values.hubble.listenAddress | quote }}
|
||||
@@ -1041,8 +1046,8 @@ data:
|
||||
{{- else }}
|
||||
ipam: {{ $ipam | quote }}
|
||||
{{- end }}
|
||||
{{- if hasKey .Values.ipam "multiPoolPreAllocation" }}
|
||||
ipam-multi-pool-pre-allocation: {{ .Values.ipam.multiPoolPreAllocation }}
|
||||
{{- if .Values.ipam.multiPoolPreAllocation }}
|
||||
ipam-multi-pool-pre-allocation: {{ .Values.ipam.multiPoolPreAllocation | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.ipam.ciliumNodeUpdateRate }}
|
||||
@@ -1335,6 +1340,10 @@ data:
|
||||
external-envoy-proxy: {{ include "envoyDaemonSetEnabled" . | quote }}
|
||||
envoy-base-id: {{ .Values.envoy.baseID | quote }}
|
||||
|
||||
{{- if .Values.envoy.policyRestoreTimeoutDuration }}
|
||||
envoy-policy-restore-timeout: {{ .Values.envoy.policyRestoreTimeoutDuration | quote }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.envoy.log.path }}
|
||||
envoy-log: {{ .Values.envoy.log.path | quote }}
|
||||
{{- end }}
|
||||
|
||||
@@ -41,6 +41,9 @@ metadata:
|
||||
{{- end }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
@@ -66,6 +69,9 @@ metadata:
|
||||
{{- end }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
|
||||
@@ -7,24 +7,23 @@ kind: RoleBinding
|
||||
metadata:
|
||||
name: cilium-operator-ingress-secrets
|
||||
namespace: {{ .Values.ingressController.secretsNamespace.name | quote }}
|
||||
{{- with .Values.commonLabels }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.operator.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: cilium-operator-ingress-secrets
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.serviceAccounts.operator.name | quote }}
|
||||
namespace: {{ include "cilium.namespace" . }}
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.serviceAccounts.operator.name | quote }}
|
||||
namespace: {{ include "cilium.namespace" . }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.operator.enabled .Values.serviceAccounts.operator.create .Values.gatewayAPI.enabled .Values.gatewayAPI.secretsNamespace.sync .Values.gatewayAPI.secretsNamespace.name }}
|
||||
@@ -34,12 +33,15 @@ kind: RoleBinding
|
||||
metadata:
|
||||
name: cilium-operator-gateway-secrets
|
||||
namespace: {{ .Values.gatewayAPI.secretsNamespace.name | quote }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.operator.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
@@ -57,12 +59,15 @@ kind: RoleBinding
|
||||
metadata:
|
||||
name: cilium-operator-tlsinterception-secrets
|
||||
namespace: {{ .Values.tls.secretsNamespace.name | quote }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.operator.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app.kubernetes.io/part-of: cilium
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{{- if and .Values.hubble.enabled .Values.hubble.metrics.enabled .Values.hubble.metrics.serviceMonitor.enabled }}
|
||||
{{- if and .Values.hubble.enabled (or .Values.hubble.metrics.enabled .Values.hubble.metrics.dynamic.enabled) .Values.hubble.metrics.serviceMonitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
|
||||
@@ -4,10 +4,13 @@ kind: Service
|
||||
metadata:
|
||||
name: spire-server
|
||||
namespace: {{ .Values.authentication.mutual.spire.install.namespace }}
|
||||
{{- with .Values.commonLabels }}
|
||||
labels:
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.authentication.mutual.spire.install.server.service.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.authentication.mutual.spire.install.server.service.annotations .Values.authentication.mutual.spire.annotations }}
|
||||
annotations:
|
||||
{{- with .Values.authentication.mutual.spire.annotations }}
|
||||
@@ -17,10 +20,6 @@ metadata:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.authentication.mutual.spire.install.server.service.labels }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
type: {{ .Values.authentication.mutual.spire.install.server.service.type }}
|
||||
ports:
|
||||
|
||||
@@ -4,10 +4,6 @@ kind: StatefulSet
|
||||
metadata:
|
||||
name: spire-server
|
||||
namespace: {{ .Values.authentication.mutual.spire.install.namespace }}
|
||||
{{- with .Values.commonLabels }}
|
||||
labels:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if or .Values.authentication.mutual.spire.install.server.annotations .Values.authentication.mutual.spire.annotations }}
|
||||
annotations:
|
||||
{{- with .Values.authentication.mutual.spire.annotations }}
|
||||
@@ -19,9 +15,12 @@ metadata:
|
||||
{{- end }}
|
||||
labels:
|
||||
app: spire-server
|
||||
{{- with .Values.authentication.mutual.spire.install.server.labels }}
|
||||
{{- with .Values.commonLabels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.authentication.mutual.spire.install.server.labels }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
|
||||
@@ -519,6 +519,14 @@
|
||||
"disableExternalIPMitigation": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"distributedLRU": {
|
||||
"properties": {
|
||||
"enabled": {
|
||||
"type": "boolean"
|
||||
}
|
||||
},
|
||||
"type": "object"
|
||||
},
|
||||
"enableTCX": {
|
||||
"type": "boolean"
|
||||
},
|
||||
@@ -2110,6 +2118,12 @@
|
||||
},
|
||||
"type": "object"
|
||||
},
|
||||
"policyRestoreTimeoutDuration": {
|
||||
"type": [
|
||||
"null",
|
||||
"string"
|
||||
]
|
||||
},
|
||||
"priorityClassName": {
|
||||
"type": [
|
||||
"null",
|
||||
@@ -5462,6 +5476,9 @@
|
||||
"tunnelProtocol": {
|
||||
"type": "string"
|
||||
},
|
||||
"tunnelSourcePortRange": {
|
||||
"type": "string"
|
||||
},
|
||||
"updateStrategy": {
|
||||
"properties": {
|
||||
"rollingUpdate": {
|
||||
|
||||
@@ -191,10 +191,10 @@ image:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/cilium"
|
||||
tag: "v1.17.1"
|
||||
tag: "v1.17.2"
|
||||
pullPolicy: "IfNotPresent"
|
||||
# cilium-digest
|
||||
digest: "sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866"
|
||||
digest: "sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1"
|
||||
useDigest: true
|
||||
# -- Scheduling configurations for cilium pods
|
||||
scheduling:
|
||||
@@ -495,6 +495,13 @@ bpf:
|
||||
# tracking table.
|
||||
# @default -- `262144`
|
||||
ctAnyMax: ~
|
||||
# -- Control to use a distributed per-CPU backend memory for the core BPF LRU maps
|
||||
# which Cilium uses. This improves performance significantly, but it is also
|
||||
# recommended to increase BPF map sizing along with that.
|
||||
distributedLRU:
|
||||
# -- Enable distributed LRU backend memory. For compatibility with existing
|
||||
# installations it is off by default.
|
||||
enabled: false
|
||||
# -- Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble.
|
||||
# Helm configuration for BPF events map rate limiting is experimental and might change
|
||||
# in upcoming releases.
|
||||
@@ -1433,9 +1440,9 @@ hubble:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/hubble-relay"
|
||||
tag: "v1.17.1"
|
||||
tag: "v1.17.2"
|
||||
# hubble-relay-digest
|
||||
digest: "sha256:397e8fbb188157f744390a7b272a1dec31234e605bcbe22d8919a166d202a3dc"
|
||||
digest: "sha256:42a8db5c256c516cacb5b8937c321b2373ad7a6b0a1e5a5120d5028433d586cc"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
# -- Specifies the resources for the hubble-relay pods
|
||||
@@ -1684,8 +1691,8 @@ hubble:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/hubble-ui-backend"
|
||||
tag: "v0.13.1"
|
||||
digest: "sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b"
|
||||
tag: "v0.13.2"
|
||||
digest: "sha256:a034b7e98e6ea796ed26df8f4e71f83fc16465a19d166eff67a03b822c0bfa15"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
# -- Hubble-ui backend security context.
|
||||
@@ -1718,8 +1725,8 @@ hubble:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/hubble-ui"
|
||||
tag: "v0.13.1"
|
||||
digest: "sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6"
|
||||
tag: "v0.13.2"
|
||||
digest: "sha256:9e37c1296b802830834cc87342a9182ccbb71ffebb711971e849221bd9d59392"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
# -- Hubble-ui frontend security context.
|
||||
@@ -2332,6 +2339,11 @@ envoy:
|
||||
xffNumTrustedHopsL7PolicyIngress: 0
|
||||
# -- Number of trusted hops regarding the x-forwarded-for and related HTTP headers for the egress L7 policy enforcement Envoy listeners.
|
||||
xffNumTrustedHopsL7PolicyEgress: 0
|
||||
# @schema
|
||||
# type: [null, string]
|
||||
# @schema
|
||||
# -- Max duration to wait for endpoint policies to be restored on restart. Default "3m".
|
||||
policyRestoreTimeoutDuration: null
|
||||
# -- Envoy container image.
|
||||
image:
|
||||
# @schema
|
||||
@@ -2339,9 +2351,9 @@ envoy:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/cilium-envoy"
|
||||
tag: "v1.31.5-1739264036-958bef243c6c66fcfd73ca319f2eb49fff1eb2ae"
|
||||
tag: "v1.31.5-1741765102-efed3defcc70ab5b263a0fc44c93d316b846a211"
|
||||
pullPolicy: "IfNotPresent"
|
||||
digest: "sha256:fc708bd36973d306412b2e50c924cd8333de67e0167802c9b48506f9d772f521"
|
||||
digest: "sha256:377c78c13d2731f3720f931721ee309159e782d882251709cb0fac3b42c03f4b"
|
||||
useDigest: true
|
||||
# -- Additional containers added to the cilium Envoy DaemonSet.
|
||||
extraContainers: []
|
||||
@@ -2605,7 +2617,7 @@ tls:
|
||||
# type: [null, boolean]
|
||||
# @schema
|
||||
# -- Enable synchronization of Secrets for TLS Interception. If disabled and
|
||||
# tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent.
|
||||
# tls.readSecretsOnlyFromSecretsNamespace is set to 'false', then secrets will be read directly by the agent.
|
||||
enabled: ~
|
||||
# -- Base64 encoded PEM values for the CA certificate and private key.
|
||||
# This can be used as common CA to generate certificates used by hubble and clustermesh components.
|
||||
@@ -2658,6 +2670,9 @@ routingMode: ""
|
||||
# -- Configure VXLAN and Geneve tunnel port.
|
||||
# @default -- Port 8472 for VXLAN, Port 6081 for Geneve
|
||||
tunnelPort: 0
|
||||
# -- Configure VXLAN and Geneve tunnel source port range hint.
|
||||
# @default -- 0-0 to let the kernel driver decide the range
|
||||
tunnelSourcePortRange: 0-0
|
||||
# -- Configure what the response should be to traffic for a service without backends.
|
||||
# Possible values:
|
||||
# - reject (default)
|
||||
@@ -2693,15 +2708,15 @@ operator:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/operator"
|
||||
tag: "v1.17.1"
|
||||
tag: "v1.17.2"
|
||||
# operator-generic-digest
|
||||
genericDigest: "sha256:628becaeb3e4742a1c36c4897721092375891b58bae2bfcae48bbf4420aaee97"
|
||||
genericDigest: "sha256:81f2d7198366e8dec2903a3a8361e4c68d47d19c68a0d42f0b7b6e3f0523f249"
|
||||
# operator-azure-digest
|
||||
azureDigest: "sha256:b9e3e3994f5fcf1832e1f344f3b3b544832851b1990f124b2c2c68e3ffe04a9b"
|
||||
azureDigest: "sha256:455fb88b558b1b8ba09d63302ccce76b4930581be89def027184ab04335c20e0"
|
||||
# operator-aws-digest
|
||||
awsDigest: "sha256:da74748057c836471bfdc0e65bb29ba0edb82916ec4b99f6a4f002b2fcc849d6"
|
||||
awsDigest: "sha256:955096183e22a203bbb198ca66e3266ce4dbc2b63f1a2fbd03f9373dcd97893c"
|
||||
# operator-alibabacloud-digest
|
||||
alibabacloudDigest: "sha256:034b479fba340f9d98510e509c7ce1c36e8889a109d5f1c2240fcb0942bc772c"
|
||||
alibabacloudDigest: "sha256:7cb8c23417f65348bb810fe92fb05b41d926f019d77442f3fa1058d17fea7ffe"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
suffix: ""
|
||||
@@ -2976,9 +2991,9 @@ preflight:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/cilium"
|
||||
tag: "v1.17.1"
|
||||
tag: "v1.17.2"
|
||||
# cilium-digest
|
||||
digest: "sha256:8969bfd9c87cbea91e40665f8ebe327268c99d844ca26d7d12165de07f702866"
|
||||
digest: "sha256:3c4c9932b5d8368619cb922a497ff2ebc8def5f41c18e410bcc84025fcd385b1"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
# -- The priority class to use for the preflight pod.
|
||||
@@ -3125,9 +3140,9 @@ clustermesh:
|
||||
# @schema
|
||||
override: ~
|
||||
repository: "quay.io/cilium/clustermesh-apiserver"
|
||||
tag: "v1.17.1"
|
||||
tag: "v1.17.2"
|
||||
# clustermesh-apiserver-digest
|
||||
digest: "sha256:1de22f46bfdd638de72c2224d5223ddc3bbeacda1803cb75799beca3d4bf7a4c"
|
||||
digest: "sha256:981250ebdc6e66e190992eaf75cfca169113a8f08d5c3793fe15822176980398"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
# -- TCP port for the clustermesh-apiserver health API.
|
||||
@@ -3634,7 +3649,7 @@ authentication:
|
||||
override: ~
|
||||
repository: "docker.io/library/busybox"
|
||||
tag: "1.37.0"
|
||||
digest: "sha256:a5d0ce49aa801d475da48f8cb163c354ab95cab073cd3c138bd458fc8257fbf1"
|
||||
digest: "sha256:498a000f370d8c37927118ed80afe8adc38d1edcbfc071627d17b25c88efcab0"
|
||||
useDigest: true
|
||||
pullPolicy: "IfNotPresent"
|
||||
# SPIRE agent configuration
|
||||
|
||||
@@ -500,6 +500,13 @@ bpf:
|
||||
# tracking table.
|
||||
# @default -- `262144`
|
||||
ctAnyMax: ~
|
||||
# -- Control to use a distributed per-CPU backend memory for the core BPF LRU maps
|
||||
# which Cilium uses. This improves performance significantly, but it is also
|
||||
# recommended to increase BPF map sizing along with that.
|
||||
distributedLRU:
|
||||
# -- Enable distributed LRU backend memory. For compatibility with existing
|
||||
# installations it is off by default.
|
||||
enabled: false
|
||||
# -- Control events generated by the Cilium datapath exposed to Cilium monitor and Hubble.
|
||||
# Helm configuration for BPF events map rate limiting is experimental and might change
|
||||
# in upcoming releases.
|
||||
@@ -2351,6 +2358,11 @@ envoy:
|
||||
xffNumTrustedHopsL7PolicyIngress: 0
|
||||
# -- Number of trusted hops regarding the x-forwarded-for and related HTTP headers for the egress L7 policy enforcement Envoy listeners.
|
||||
xffNumTrustedHopsL7PolicyEgress: 0
|
||||
# @schema
|
||||
# type: [null, string]
|
||||
# @schema
|
||||
# -- Max duration to wait for endpoint policies to be restored on restart. Default "3m".
|
||||
policyRestoreTimeoutDuration: null
|
||||
# -- Envoy container image.
|
||||
image:
|
||||
# @schema
|
||||
@@ -2626,7 +2638,7 @@ tls:
|
||||
# type: [null, boolean]
|
||||
# @schema
|
||||
# -- Enable synchronization of Secrets for TLS Interception. If disabled and
|
||||
# tls.secretsBackend is set to 'k8s', then secrets will be read directly by the agent.
|
||||
# tls.readSecretsOnlyFromSecretsNamespace is set to 'false', then secrets will be read directly by the agent.
|
||||
enabled: ~
|
||||
# -- Base64 encoded PEM values for the CA certificate and private key.
|
||||
# This can be used as common CA to generate certificates used by hubble and clustermesh components.
|
||||
@@ -2679,6 +2691,9 @@ routingMode: ""
|
||||
# -- Configure VXLAN and Geneve tunnel port.
|
||||
# @default -- Port 8472 for VXLAN, Port 6081 for Geneve
|
||||
tunnelPort: 0
|
||||
# -- Configure VXLAN and Geneve tunnel source port range hint.
|
||||
# @default -- 0-0 to let the kernel driver decide the range
|
||||
tunnelSourcePortRange: 0-0
|
||||
# -- Configure what the response should be to traffic for a service without backends.
|
||||
# Possible values:
|
||||
# - reject (default)
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
ARG VERSION=v1.17.1
|
||||
ARG VERSION=v1.17.2
|
||||
FROM quay.io/cilium/cilium:${VERSION}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: kamaji-etcd
|
||||
repository: https://clastix.github.io/charts
|
||||
version: 0.8.1
|
||||
digest: sha256:381d8ef9619c2daeea37e40c6a9772ae3e5cee80887148879db04e887d5364ad
|
||||
generated: "2024-10-25T19:28:40.880766186+02:00"
|
||||
version: 0.9.2
|
||||
digest: sha256:ba76d3a30e5e20dbbbbcc36a0e7465d4b1adacc956061e7f6ea47b99fc8f08a6
|
||||
generated: "2025-03-14T21:23:30.421915+09:00"
|
||||
|
||||
@@ -21,7 +21,7 @@ version: 0.0.0
|
||||
dependencies:
|
||||
- name: kamaji-etcd
|
||||
repository: https://clastix.github.io/charts
|
||||
version: ">=0.8.1"
|
||||
version: ">=0.9.2"
|
||||
condition: kamaji-etcd.deploy
|
||||
annotations:
|
||||
catalog.cattle.io/certified: partner
|
||||
|
||||
@@ -22,7 +22,7 @@ Kubernetes: `>=1.21.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://clastix.github.io/charts | kamaji-etcd | >=0.8.1 |
|
||||
| https://clastix.github.io/charts | kamaji-etcd | >=0.9.2 |
|
||||
|
||||
[Kamaji](https://github.com/clastix/kamaji) requires a [multi-tenant `etcd`](https://github.com/clastix/kamaji-internal/blob/master/deploy/getting-started-with-kamaji.md#setup-internal-multi-tenant-etcd) cluster.
|
||||
This Helm Chart starting from v0.1.1 provides the installation of an internal `etcd` in order to streamline the local test. If you'd like to use an externally managed etcd instance, you can specify the overrides and by setting the value `etcd.deploy=false`.
|
||||
@@ -31,9 +31,13 @@ This Helm Chart starting from v0.1.1 provides the installation of an internal `e
|
||||
|
||||
## Install Kamaji
|
||||
|
||||
To add clastix helm repository:
|
||||
|
||||
helm repo add clastix https://clastix.github.io/charts
|
||||
|
||||
To install the Chart with the release name `kamaji`:
|
||||
|
||||
helm upgrade --install --namespace kamaji-system --create-namespace clastix/kamaji
|
||||
helm upgrade --install --namespace kamaji-system --create-namespace kamaji clastix/kamaji
|
||||
|
||||
Show the status:
|
||||
|
||||
|
||||
@@ -18,10 +18,15 @@ This Helm Chart starting from v0.1.1 provides the installation of an internal `e
|
||||
|
||||
## Install Kamaji
|
||||
|
||||
To add clastix helm repository:
|
||||
|
||||
|
||||
helm repo add clastix https://clastix.github.io/charts
|
||||
|
||||
To install the Chart with the release name `kamaji`:
|
||||
|
||||
|
||||
helm upgrade --install --namespace kamaji-system --create-namespace clastix/kamaji
|
||||
helm upgrade --install --namespace kamaji-system --create-namespace kamaji clastix/kamaji
|
||||
|
||||
Show the status:
|
||||
|
||||
|
||||
@@ -497,7 +497,7 @@ spec:
|
||||
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
|
||||
properties:
|
||||
exec:
|
||||
description: Exec specifies the action to take.
|
||||
description: Exec specifies a command to execute in the container.
|
||||
properties:
|
||||
command:
|
||||
description: |-
|
||||
@@ -512,7 +512,7 @@ spec:
|
||||
x-kubernetes-list-type: atomic
|
||||
type: object
|
||||
httpGet:
|
||||
description: HTTPGet specifies the http request to perform.
|
||||
description: HTTPGet specifies an HTTP GET request to perform.
|
||||
properties:
|
||||
host:
|
||||
description: |-
|
||||
@@ -559,7 +559,7 @@ spec:
|
||||
- port
|
||||
type: object
|
||||
sleep:
|
||||
description: Sleep represents the duration that the container should sleep before being terminated.
|
||||
description: Sleep represents a duration that the container should sleep.
|
||||
properties:
|
||||
seconds:
|
||||
description: Seconds is the number of seconds to sleep.
|
||||
@@ -571,8 +571,8 @@ spec:
|
||||
tcpSocket:
|
||||
description: |-
|
||||
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
|
||||
for the backward compatibility. There are no validation of this field and
|
||||
lifecycle hooks will fail in runtime when tcp handler is specified.
|
||||
for backward compatibility. There is no validation of this field and
|
||||
lifecycle hooks will fail at runtime when it is specified.
|
||||
properties:
|
||||
host:
|
||||
description: 'Optional: Host name to connect to, defaults to the pod IP.'
|
||||
@@ -603,7 +603,7 @@ spec:
|
||||
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
|
||||
properties:
|
||||
exec:
|
||||
description: Exec specifies the action to take.
|
||||
description: Exec specifies a command to execute in the container.
|
||||
properties:
|
||||
command:
|
||||
description: |-
|
||||
@@ -618,7 +618,7 @@ spec:
|
||||
x-kubernetes-list-type: atomic
|
||||
type: object
|
||||
httpGet:
|
||||
description: HTTPGet specifies the http request to perform.
|
||||
description: HTTPGet specifies an HTTP GET request to perform.
|
||||
properties:
|
||||
host:
|
||||
description: |-
|
||||
@@ -665,7 +665,7 @@ spec:
|
||||
- port
|
||||
type: object
|
||||
sleep:
|
||||
description: Sleep represents the duration that the container should sleep before being terminated.
|
||||
description: Sleep represents a duration that the container should sleep.
|
||||
properties:
|
||||
seconds:
|
||||
description: Seconds is the number of seconds to sleep.
|
||||
@@ -677,8 +677,8 @@ spec:
|
||||
tcpSocket:
|
||||
description: |-
|
||||
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
|
||||
for the backward compatibility. There are no validation of this field and
|
||||
lifecycle hooks will fail in runtime when tcp handler is specified.
|
||||
for backward compatibility. There is no validation of this field and
|
||||
lifecycle hooks will fail at runtime when it is specified.
|
||||
properties:
|
||||
host:
|
||||
description: 'Optional: Host name to connect to, defaults to the pod IP.'
|
||||
@@ -705,7 +705,7 @@ spec:
|
||||
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
|
||||
properties:
|
||||
exec:
|
||||
description: Exec specifies the action to take.
|
||||
description: Exec specifies a command to execute in the container.
|
||||
properties:
|
||||
command:
|
||||
description: |-
|
||||
@@ -726,7 +726,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
grpc:
|
||||
description: GRPC specifies an action involving a GRPC port.
|
||||
description: GRPC specifies a GRPC HealthCheckRequest.
|
||||
properties:
|
||||
port:
|
||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||
@@ -744,7 +744,7 @@ spec:
|
||||
- port
|
||||
type: object
|
||||
httpGet:
|
||||
description: HTTPGet specifies the http request to perform.
|
||||
description: HTTPGet specifies an HTTP GET request to perform.
|
||||
properties:
|
||||
host:
|
||||
description: |-
|
||||
@@ -809,7 +809,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
tcpSocket:
|
||||
description: TCPSocket specifies an action involving a TCP port.
|
||||
description: TCPSocket specifies a connection to a TCP port.
|
||||
properties:
|
||||
host:
|
||||
description: 'Optional: Host name to connect to, defaults to the pod IP.'
|
||||
@@ -911,7 +911,7 @@ spec:
|
||||
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
|
||||
properties:
|
||||
exec:
|
||||
description: Exec specifies the action to take.
|
||||
description: Exec specifies a command to execute in the container.
|
||||
properties:
|
||||
command:
|
||||
description: |-
|
||||
@@ -932,7 +932,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
grpc:
|
||||
description: GRPC specifies an action involving a GRPC port.
|
||||
description: GRPC specifies a GRPC HealthCheckRequest.
|
||||
properties:
|
||||
port:
|
||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||
@@ -950,7 +950,7 @@ spec:
|
||||
- port
|
||||
type: object
|
||||
httpGet:
|
||||
description: HTTPGet specifies the http request to perform.
|
||||
description: HTTPGet specifies an HTTP GET request to perform.
|
||||
properties:
|
||||
host:
|
||||
description: |-
|
||||
@@ -1015,7 +1015,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
tcpSocket:
|
||||
description: TCPSocket specifies an action involving a TCP port.
|
||||
description: TCPSocket specifies a connection to a TCP port.
|
||||
properties:
|
||||
host:
|
||||
description: 'Optional: Host name to connect to, defaults to the pod IP.'
|
||||
@@ -1354,7 +1354,7 @@ spec:
|
||||
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
|
||||
properties:
|
||||
exec:
|
||||
description: Exec specifies the action to take.
|
||||
description: Exec specifies a command to execute in the container.
|
||||
properties:
|
||||
command:
|
||||
description: |-
|
||||
@@ -1375,7 +1375,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
grpc:
|
||||
description: GRPC specifies an action involving a GRPC port.
|
||||
description: GRPC specifies a GRPC HealthCheckRequest.
|
||||
properties:
|
||||
port:
|
||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||
@@ -1393,7 +1393,7 @@ spec:
|
||||
- port
|
||||
type: object
|
||||
httpGet:
|
||||
description: HTTPGet specifies the http request to perform.
|
||||
description: HTTPGet specifies an HTTP GET request to perform.
|
||||
properties:
|
||||
host:
|
||||
description: |-
|
||||
@@ -1458,7 +1458,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
tcpSocket:
|
||||
description: TCPSocket specifies an action involving a TCP port.
|
||||
description: TCPSocket specifies a connection to a TCP port.
|
||||
properties:
|
||||
host:
|
||||
description: 'Optional: Host name to connect to, defaults to the pod IP.'
|
||||
@@ -1862,7 +1862,7 @@ spec:
|
||||
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
|
||||
properties:
|
||||
exec:
|
||||
description: Exec specifies the action to take.
|
||||
description: Exec specifies a command to execute in the container.
|
||||
properties:
|
||||
command:
|
||||
description: |-
|
||||
@@ -1877,7 +1877,7 @@ spec:
|
||||
x-kubernetes-list-type: atomic
|
||||
type: object
|
||||
httpGet:
|
||||
description: HTTPGet specifies the http request to perform.
|
||||
description: HTTPGet specifies an HTTP GET request to perform.
|
||||
properties:
|
||||
host:
|
||||
description: |-
|
||||
@@ -1924,7 +1924,7 @@ spec:
|
||||
- port
|
||||
type: object
|
||||
sleep:
|
||||
description: Sleep represents the duration that the container should sleep before being terminated.
|
||||
description: Sleep represents a duration that the container should sleep.
|
||||
properties:
|
||||
seconds:
|
||||
description: Seconds is the number of seconds to sleep.
|
||||
@@ -1936,8 +1936,8 @@ spec:
|
||||
tcpSocket:
|
||||
description: |-
|
||||
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
|
||||
for the backward compatibility. There are no validation of this field and
|
||||
lifecycle hooks will fail in runtime when tcp handler is specified.
|
||||
for backward compatibility. There is no validation of this field and
|
||||
lifecycle hooks will fail at runtime when it is specified.
|
||||
properties:
|
||||
host:
|
||||
description: 'Optional: Host name to connect to, defaults to the pod IP.'
|
||||
@@ -1968,7 +1968,7 @@ spec:
|
||||
More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
|
||||
properties:
|
||||
exec:
|
||||
description: Exec specifies the action to take.
|
||||
description: Exec specifies a command to execute in the container.
|
||||
properties:
|
||||
command:
|
||||
description: |-
|
||||
@@ -1983,7 +1983,7 @@ spec:
|
||||
x-kubernetes-list-type: atomic
|
||||
type: object
|
||||
httpGet:
|
||||
description: HTTPGet specifies the http request to perform.
|
||||
description: HTTPGet specifies an HTTP GET request to perform.
|
||||
properties:
|
||||
host:
|
||||
description: |-
|
||||
@@ -2030,7 +2030,7 @@ spec:
|
||||
- port
|
||||
type: object
|
||||
sleep:
|
||||
description: Sleep represents the duration that the container should sleep before being terminated.
|
||||
description: Sleep represents a duration that the container should sleep.
|
||||
properties:
|
||||
seconds:
|
||||
description: Seconds is the number of seconds to sleep.
|
||||
@@ -2042,8 +2042,8 @@ spec:
|
||||
tcpSocket:
|
||||
description: |-
|
||||
Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
|
||||
for the backward compatibility. There are no validation of this field and
|
||||
lifecycle hooks will fail in runtime when tcp handler is specified.
|
||||
for backward compatibility. There is no validation of this field and
|
||||
lifecycle hooks will fail at runtime when it is specified.
|
||||
properties:
|
||||
host:
|
||||
description: 'Optional: Host name to connect to, defaults to the pod IP.'
|
||||
@@ -2070,7 +2070,7 @@ spec:
|
||||
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
|
||||
properties:
|
||||
exec:
|
||||
description: Exec specifies the action to take.
|
||||
description: Exec specifies a command to execute in the container.
|
||||
properties:
|
||||
command:
|
||||
description: |-
|
||||
@@ -2091,7 +2091,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
grpc:
|
||||
description: GRPC specifies an action involving a GRPC port.
|
||||
description: GRPC specifies a GRPC HealthCheckRequest.
|
||||
properties:
|
||||
port:
|
||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||
@@ -2109,7 +2109,7 @@ spec:
|
||||
- port
|
||||
type: object
|
||||
httpGet:
|
||||
description: HTTPGet specifies the http request to perform.
|
||||
description: HTTPGet specifies an HTTP GET request to perform.
|
||||
properties:
|
||||
host:
|
||||
description: |-
|
||||
@@ -2174,7 +2174,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
tcpSocket:
|
||||
description: TCPSocket specifies an action involving a TCP port.
|
||||
description: TCPSocket specifies a connection to a TCP port.
|
||||
properties:
|
||||
host:
|
||||
description: 'Optional: Host name to connect to, defaults to the pod IP.'
|
||||
@@ -2276,7 +2276,7 @@ spec:
|
||||
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
|
||||
properties:
|
||||
exec:
|
||||
description: Exec specifies the action to take.
|
||||
description: Exec specifies a command to execute in the container.
|
||||
properties:
|
||||
command:
|
||||
description: |-
|
||||
@@ -2297,7 +2297,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
grpc:
|
||||
description: GRPC specifies an action involving a GRPC port.
|
||||
description: GRPC specifies a GRPC HealthCheckRequest.
|
||||
properties:
|
||||
port:
|
||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||
@@ -2315,7 +2315,7 @@ spec:
|
||||
- port
|
||||
type: object
|
||||
httpGet:
|
||||
description: HTTPGet specifies the http request to perform.
|
||||
description: HTTPGet specifies an HTTP GET request to perform.
|
||||
properties:
|
||||
host:
|
||||
description: |-
|
||||
@@ -2380,7 +2380,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
tcpSocket:
|
||||
description: TCPSocket specifies an action involving a TCP port.
|
||||
description: TCPSocket specifies a connection to a TCP port.
|
||||
properties:
|
||||
host:
|
||||
description: 'Optional: Host name to connect to, defaults to the pod IP.'
|
||||
@@ -2719,7 +2719,7 @@ spec:
|
||||
More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
|
||||
properties:
|
||||
exec:
|
||||
description: Exec specifies the action to take.
|
||||
description: Exec specifies a command to execute in the container.
|
||||
properties:
|
||||
command:
|
||||
description: |-
|
||||
@@ -2740,7 +2740,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
grpc:
|
||||
description: GRPC specifies an action involving a GRPC port.
|
||||
description: GRPC specifies a GRPC HealthCheckRequest.
|
||||
properties:
|
||||
port:
|
||||
description: Port number of the gRPC service. Number must be in the range 1 to 65535.
|
||||
@@ -2758,7 +2758,7 @@ spec:
|
||||
- port
|
||||
type: object
|
||||
httpGet:
|
||||
description: HTTPGet specifies the http request to perform.
|
||||
description: HTTPGet specifies an HTTP GET request to perform.
|
||||
properties:
|
||||
host:
|
||||
description: |-
|
||||
@@ -2823,7 +2823,7 @@ spec:
|
||||
format: int32
|
||||
type: integer
|
||||
tcpSocket:
|
||||
description: TCPSocket specifies an action involving a TCP port.
|
||||
description: TCPSocket specifies a connection to a TCP port.
|
||||
properties:
|
||||
host:
|
||||
description: 'Optional: Host name to connect to, defaults to the pod IP.'
|
||||
@@ -3214,6 +3214,8 @@ spec:
|
||||
description: |-
|
||||
awsElasticBlockStore represents an AWS Disk resource that is attached to a
|
||||
kubelet's host machine and then exposed to the pod.
|
||||
Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree
|
||||
awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver.
|
||||
More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
|
||||
properties:
|
||||
fsType:
|
||||
@@ -3245,7 +3247,10 @@ spec:
|
||||
- volumeID
|
||||
type: object
|
||||
azureDisk:
|
||||
description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
|
||||
description: |-
|
||||
azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
|
||||
Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type
|
||||
are redirected to the disk.csi.azure.com CSI driver.
|
||||
properties:
|
||||
cachingMode:
|
||||
description: 'cachingMode is the Host Caching mode: None, Read Only, Read Write.'
|
||||
@@ -3277,7 +3282,10 @@ spec:
|
||||
- diskURI
|
||||
type: object
|
||||
azureFile:
|
||||
description: azureFile represents an Azure File Service mount on the host and bind mount to the pod.
|
||||
description: |-
|
||||
azureFile represents an Azure File Service mount on the host and bind mount to the pod.
|
||||
Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type
|
||||
are redirected to the file.csi.azure.com CSI driver.
|
||||
properties:
|
||||
readOnly:
|
||||
description: |-
|
||||
@@ -3295,7 +3303,9 @@ spec:
|
||||
- shareName
|
||||
type: object
|
||||
cephfs:
|
||||
description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
|
||||
description: |-
|
||||
cephFS represents a Ceph FS mount on the host that shares a pod's lifetime.
|
||||
Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.
|
||||
properties:
|
||||
monitors:
|
||||
description: |-
|
||||
@@ -3346,6 +3356,8 @@ spec:
|
||||
cinder:
|
||||
description: |-
|
||||
cinder represents a cinder volume attached and mounted on kubelets host machine.
|
||||
Deprecated: Cinder is deprecated. All operations for the in-tree cinder type
|
||||
are redirected to the cinder.csi.openstack.org CSI driver.
|
||||
More info: https://examples.k8s.io/mysql-cinder-pd/README.md
|
||||
properties:
|
||||
fsType:
|
||||
@@ -3452,7 +3464,7 @@ spec:
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
csi:
|
||||
description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
|
||||
description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.
|
||||
properties:
|
||||
driver:
|
||||
description: |-
|
||||
@@ -3894,6 +3906,7 @@ spec:
|
||||
description: |-
|
||||
flexVolume represents a generic volume resource that is
|
||||
provisioned/attached using an exec based plugin.
|
||||
Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.
|
||||
properties:
|
||||
driver:
|
||||
description: driver is the name of the driver to use for this volume.
|
||||
@@ -3937,7 +3950,9 @@ spec:
|
||||
- driver
|
||||
type: object
|
||||
flocker:
|
||||
description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
|
||||
description: |-
|
||||
flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running.
|
||||
Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.
|
||||
properties:
|
||||
datasetName:
|
||||
description: |-
|
||||
@@ -3952,6 +3967,8 @@ spec:
|
||||
description: |-
|
||||
gcePersistentDisk represents a GCE Disk resource that is attached to a
|
||||
kubelet's host machine and then exposed to the pod.
|
||||
Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree
|
||||
gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver.
|
||||
More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
|
||||
properties:
|
||||
fsType:
|
||||
@@ -3987,7 +4004,7 @@ spec:
|
||||
gitRepo:
|
||||
description: |-
|
||||
gitRepo represents a git repository at a particular revision.
|
||||
DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
|
||||
Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an
|
||||
EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
|
||||
into the Pod's container.
|
||||
properties:
|
||||
@@ -4010,6 +4027,7 @@ spec:
|
||||
glusterfs:
|
||||
description: |-
|
||||
glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
|
||||
Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.
|
||||
More info: https://examples.k8s.io/volumes/glusterfs/README.md
|
||||
properties:
|
||||
endpoints:
|
||||
@@ -4216,7 +4234,9 @@ spec:
|
||||
- claimName
|
||||
type: object
|
||||
photonPersistentDisk:
|
||||
description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
|
||||
description: |-
|
||||
photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine.
|
||||
Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.
|
||||
properties:
|
||||
fsType:
|
||||
description: |-
|
||||
@@ -4231,7 +4251,11 @@ spec:
|
||||
- pdID
|
||||
type: object
|
||||
portworxVolume:
|
||||
description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine
|
||||
description: |-
|
||||
portworxVolume represents a portworx volume attached and mounted on kubelets host machine.
|
||||
Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type
|
||||
are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate
|
||||
is on.
|
||||
properties:
|
||||
fsType:
|
||||
description: |-
|
||||
@@ -4566,7 +4590,9 @@ spec:
|
||||
x-kubernetes-list-type: atomic
|
||||
type: object
|
||||
quobyte:
|
||||
description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime
|
||||
description: |-
|
||||
quobyte represents a Quobyte mount on the host that shares a pod's lifetime.
|
||||
Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.
|
||||
properties:
|
||||
group:
|
||||
description: |-
|
||||
@@ -4604,6 +4630,7 @@ spec:
|
||||
rbd:
|
||||
description: |-
|
||||
rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
|
||||
Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.
|
||||
More info: https://examples.k8s.io/volumes/rbd/README.md
|
||||
properties:
|
||||
fsType:
|
||||
@@ -4676,7 +4703,9 @@ spec:
|
||||
- monitors
|
||||
type: object
|
||||
scaleIO:
|
||||
description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
|
||||
description: |-
|
||||
scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
|
||||
Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.
|
||||
properties:
|
||||
fsType:
|
||||
default: xfs
|
||||
@@ -4802,7 +4831,9 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
storageos:
|
||||
description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
|
||||
description: |-
|
||||
storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
|
||||
Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.
|
||||
properties:
|
||||
fsType:
|
||||
description: |-
|
||||
@@ -4847,7 +4878,10 @@ spec:
|
||||
type: string
|
||||
type: object
|
||||
vsphereVolume:
|
||||
description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
|
||||
description: |-
|
||||
vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine.
|
||||
Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type
|
||||
are redirected to the csi.vsphere.vmware.com CSI driver.
|
||||
properties:
|
||||
fsType:
|
||||
description: |-
|
||||
@@ -6802,6 +6836,7 @@ spec:
|
||||
Ports is a list of records of service ports
|
||||
If used, every port defined in the service should have an entry in it
|
||||
items:
|
||||
description: PortStatus represents the error condition of a service port
|
||||
properties:
|
||||
error:
|
||||
description: |-
|
||||
@@ -7283,6 +7318,7 @@ spec:
|
||||
Ports is a list of records of service ports
|
||||
If used, every port defined in the service should have an entry in it
|
||||
items:
|
||||
description: PortStatus represents the error condition of a service port
|
||||
properties:
|
||||
error:
|
||||
description: |-
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# Build the manager binary
|
||||
FROM golang:1.23 as builder
|
||||
|
||||
ARG VERSION=edge-24.12.1
|
||||
ARG VERSION=edge-25.3.2
|
||||
ARG TARGETOS TARGETARCH
|
||||
|
||||
WORKDIR /workspace
|
||||
|
||||
@@ -272,18 +272,18 @@ annotations:
|
||||
secret: secret-name-in-operator-ns
|
||||
url: https://keycloak.example.com
|
||||
artifacthub.io/images: |
|
||||
- name: keycloak-operator:1.23.0
|
||||
image: epamedp/keycloak-operator:1.23.0
|
||||
- name: keycloak-operator:1.25.0
|
||||
image: epamedp/keycloak-operator:1.25.0
|
||||
artifacthub.io/license: Apache-2.0
|
||||
artifacthub.io/links: |
|
||||
- name: KubeRocketCI Documentation
|
||||
url: https://docs.kuberocketci.io
|
||||
url: https://docs.kuberocketci.io/
|
||||
- name: EPAM SolutionHub
|
||||
url: https://solutionshub.epam.com/solution/kuberocketci
|
||||
artifacthub.io/operator: "true"
|
||||
artifacthub.io/operatorCapabilities: Deep Insights
|
||||
apiVersion: v2
|
||||
appVersion: 1.23.0
|
||||
appVersion: 1.25.0
|
||||
description: A Helm chart for KubeRocketCI Keycloak Operator
|
||||
home: https://docs.kuberocketci.io/
|
||||
icon: https://docs.kuberocketci.io/img/logo.svg
|
||||
@@ -308,4 +308,4 @@ name: keycloak-operator
|
||||
sources:
|
||||
- https://github.com/epam/edp-keycloak-operator
|
||||
type: application
|
||||
version: 1.23.0
|
||||
version: 1.25.0
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# keycloak-operator
|
||||
|
||||
  
|
||||
  
|
||||
|
||||
A Helm chart for KubeRocketCI Keycloak Operator
|
||||
|
||||
@@ -32,7 +32,7 @@ To install the Keycloak Operator, follow the steps below:
|
||||
```bash
|
||||
helm search repo epamedp/keycloak-operator -l
|
||||
NAME CHART VERSION APP VERSION DESCRIPTION
|
||||
epamedp/keycloak-operator 1.22.0 1.22.0 A Helm chart for KRCI Keycloak Operator
|
||||
epamedp/keycloak-operator 1.24.0 1.24.0 A Helm chart for KRCI Keycloak Operator
|
||||
```
|
||||
|
||||
_**NOTE:** It is highly recommended to use the latest stable version._
|
||||
|
||||
@@ -33,7 +33,7 @@ To install the Keycloak Operator, follow the steps below:
|
||||
```bash
|
||||
helm search repo epamedp/keycloak-operator -l
|
||||
NAME CHART VERSION APP VERSION DESCRIPTION
|
||||
epamedp/keycloak-operator 1.22.0 1.22.0 A Helm chart for KRCI Keycloak Operator
|
||||
epamedp/keycloak-operator 1.24.0 1.24.0 A Helm chart for KRCI Keycloak Operator
|
||||
```
|
||||
|
||||
_**NOTE:** It is highly recommended to use the latest stable version._
|
||||
|
||||
@@ -12,6 +12,8 @@ spec:
|
||||
public: false
|
||||
secret: $client-secret-name:client-secret-key
|
||||
webUrl: https://argocd.example.com
|
||||
adminUrl: https://admin.example.com
|
||||
homeUrl: /home/
|
||||
defaultClientScopes:
|
||||
- groups
|
||||
redirectUris:
|
||||
@@ -23,19 +25,28 @@ spec:
|
||||
apiVersion: v1.edp.epam.com/v1
|
||||
kind: KeycloakClient
|
||||
metadata:
|
||||
name: keycloakclient-policy-sample
|
||||
name: keycloakclient-authorization-sample
|
||||
spec:
|
||||
realmRef:
|
||||
name: keycloakrealm-sample
|
||||
kind: KeycloakRealm
|
||||
clientId: policy-sample
|
||||
secret: $client-secret-policy-sample:client-secret-key
|
||||
webUrl: http://example.com
|
||||
clientId: authorization-sample
|
||||
secret: $client-secret-authorization-sample:client-secret-key
|
||||
webUrl: https://example.com
|
||||
directAccess: true
|
||||
authorizationServicesEnabled: true
|
||||
serviceAccount:
|
||||
enabled: true
|
||||
authorization:
|
||||
scopes:
|
||||
- scope1
|
||||
resources:
|
||||
- name: resource1
|
||||
displayName: Resource 1
|
||||
type: test
|
||||
iconUri: https://example.com/icon.png
|
||||
scopes:
|
||||
- scope1
|
||||
policies:
|
||||
- name: role-policy
|
||||
type: role
|
||||
@@ -112,6 +123,6 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: client-secret-policy-sample
|
||||
name: client-secret-authorization-sample
|
||||
data:
|
||||
client-secret-key: cGFzc3dvcmQ=
|
||||
|
||||
@@ -32,3 +32,65 @@ spec:
|
||||
refreshTokenMaxReuse: 300
|
||||
revokeRefreshToken: true
|
||||
defaultSignatureAlgorithm: RS256
|
||||
userProfileConfig:
|
||||
unmanagedAttributePolicy: "ENABLED"
|
||||
attributes:
|
||||
- name: "test-attribute"
|
||||
displayName: "Test Attribute"
|
||||
required:
|
||||
roles:
|
||||
- "admin"
|
||||
scopes:
|
||||
- "profile"
|
||||
multivalued: true
|
||||
group: "test-group"
|
||||
permissions:
|
||||
edit:
|
||||
- "admin"
|
||||
view:
|
||||
- "admin"
|
||||
- "user"
|
||||
selector:
|
||||
scopes:
|
||||
- "profile"
|
||||
annotations:
|
||||
inputType: "text"
|
||||
validations:
|
||||
email:
|
||||
max-local-length:
|
||||
intVal: 64
|
||||
local-date: {}
|
||||
options:
|
||||
options:
|
||||
sliceVal:
|
||||
- "option1"
|
||||
- "option2"
|
||||
multivalued:
|
||||
min:
|
||||
stringVal: "1"
|
||||
max:
|
||||
stringVal: "10"
|
||||
groups:
|
||||
- name: "test-group"
|
||||
displayDescription: "Test Group"
|
||||
displayHeader: "Test Group"
|
||||
annotations:
|
||||
groupAnnotation: "groupAnnotation"
|
||||
smtp:
|
||||
template:
|
||||
from: "frm@mailcom"
|
||||
fromDisplayName: "from display name"
|
||||
replyTo: "to@mail.com"
|
||||
replyToDisplayName: "reply to display name"
|
||||
envelopeFrom: "envelopeFrom@mail.com"
|
||||
connection:
|
||||
host: "host"
|
||||
enableSSL: true
|
||||
enableStartTLS: true
|
||||
authentication:
|
||||
password:
|
||||
secretKeyRef:
|
||||
name: "secret-with-email-authentication"
|
||||
key: "password"
|
||||
username:
|
||||
value: "username"
|
||||
|
||||
@@ -19,6 +19,14 @@ spec:
|
||||
jsonPath: .status.available
|
||||
name: Available
|
||||
type: boolean
|
||||
- description: Keycloak realm name
|
||||
jsonPath: .spec.realmName
|
||||
name: Realm
|
||||
type: boolean
|
||||
- description: ClusterKeycloak instance name
|
||||
jsonPath: .spec.clusterKeycloakRef
|
||||
name: Cluster-Keycloak
|
||||
type: boolean
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
@@ -119,6 +127,11 @@ spec:
|
||||
description: AdminEventsEnabled indicates whether to enable admin
|
||||
events.
|
||||
type: boolean
|
||||
adminEventsExpiration:
|
||||
description: |-
|
||||
AdminEventsExpiration sets the expiration for events in seconds.
|
||||
Expired events are periodically deleted from the database.
|
||||
type: integer
|
||||
enabledEventTypes:
|
||||
description: EnabledEventTypes is a list of event types to enable.
|
||||
items:
|
||||
@@ -140,6 +153,140 @@ spec:
|
||||
realmName:
|
||||
description: RealmName specifies the name of the realm.
|
||||
type: string
|
||||
smtp:
|
||||
description: Smtp is the configuration for email in the realm.
|
||||
nullable: true
|
||||
properties:
|
||||
connection:
|
||||
description: Connection specifies the email connection configuration.
|
||||
properties:
|
||||
authentication:
|
||||
description: Authentication specifies the email authentication
|
||||
configuration.
|
||||
properties:
|
||||
password:
|
||||
description: Password specifies login password.
|
||||
properties:
|
||||
configMapKeyRef:
|
||||
description: Selects a key of a ConfigMap.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
secretKeyRef:
|
||||
description: Selects a key of a secret.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from.
|
||||
type: string
|
||||
name:
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
username:
|
||||
description: Username specifies login username.
|
||||
properties:
|
||||
configMapKeyRef:
|
||||
description: Selects a key of a ConfigMap.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
secretKeyRef:
|
||||
description: Selects a key of a secret.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from.
|
||||
type: string
|
||||
name:
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
value:
|
||||
description: Directly specifies a value.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- password
|
||||
- username
|
||||
type: object
|
||||
enableSSL:
|
||||
description: EnableSSL specifies if SSL is enabled.
|
||||
type: boolean
|
||||
enableStartTLS:
|
||||
description: EnableStartTLS specifies if StartTLS is enabled.
|
||||
type: boolean
|
||||
host:
|
||||
description: Host specifies the email server host.
|
||||
type: string
|
||||
port:
|
||||
default: 25
|
||||
description: Port specifies the email server port.
|
||||
type: integer
|
||||
required:
|
||||
- host
|
||||
type: object
|
||||
template:
|
||||
description: Template specifies the email template configuration.
|
||||
properties:
|
||||
envelopeFrom:
|
||||
description: EnvelopeFrom is an email address used for bounces
|
||||
.
|
||||
type: string
|
||||
from:
|
||||
description: From specifies the sender email address.
|
||||
type: string
|
||||
fromDisplayName:
|
||||
description: FromDisplayName specifies the sender display
|
||||
for sender email address.
|
||||
type: string
|
||||
replyTo:
|
||||
description: ReplyTo specifies the reply-to email address.
|
||||
type: string
|
||||
replyToDisplayName:
|
||||
description: ReplyToDisplayName specifies display name for
|
||||
reply-to email address.
|
||||
type: string
|
||||
required:
|
||||
- from
|
||||
type: object
|
||||
required:
|
||||
- connection
|
||||
- template
|
||||
type: object
|
||||
themes:
|
||||
description: Themes is a map of themes to apply to the realm.
|
||||
nullable: true
|
||||
@@ -235,6 +382,143 @@ spec:
|
||||
Otherwise, refresh tokens are not revoked when used and can be used multiple times.
|
||||
type: boolean
|
||||
type: object
|
||||
userProfileConfig:
|
||||
description: UserProfileConfig is the configuration for user profiles
|
||||
in the realm.
|
||||
nullable: true
|
||||
properties:
|
||||
attributes:
|
||||
description: Attributes specifies the list of user profile attributes.
|
||||
items:
|
||||
properties:
|
||||
annotations:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Annotations specifies the annotations for the
|
||||
attribute.
|
||||
type: object
|
||||
displayName:
|
||||
description: Display name for the attribute.
|
||||
type: string
|
||||
group:
|
||||
description: Group to which the attribute belongs.
|
||||
type: string
|
||||
multivalued:
|
||||
description: |-
|
||||
Multivalued specifies if this attribute supports multiple values.
|
||||
This setting is an indicator and does not enable any validation
|
||||
type: boolean
|
||||
name:
|
||||
description: Name of the user attribute, used to uniquely
|
||||
identify an attribute.
|
||||
type: string
|
||||
permissions:
|
||||
description: Permissions specifies the permissions for the
|
||||
attribute.
|
||||
properties:
|
||||
edit:
|
||||
description: Edit specifies who can edit the attribute.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
view:
|
||||
description: View specifies who can view the attribute.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
description: Required indicates that the attribute must
|
||||
be set by users and administrators.
|
||||
properties:
|
||||
roles:
|
||||
description: Roles specifies the roles for whom the
|
||||
attribute is required.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
scopes:
|
||||
description: Scopes specifies the scopes when the attribute
|
||||
is required.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
selector:
|
||||
description: Selector specifies the scopes for which the
|
||||
attribute is available.
|
||||
properties:
|
||||
scopes:
|
||||
description: Scopes specifies the scopes for which the
|
||||
attribute is available.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
validations:
|
||||
additionalProperties:
|
||||
additionalProperties:
|
||||
properties:
|
||||
intVal:
|
||||
type: integer
|
||||
mapVal:
|
||||
additionalProperties:
|
||||
type: string
|
||||
nullable: true
|
||||
type: object
|
||||
sliceVal:
|
||||
items:
|
||||
type: string
|
||||
nullable: true
|
||||
type: array
|
||||
stringVal:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
description: Validations specifies the validations for the
|
||||
attribute.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
groups:
|
||||
description: Groups specifies the list of user profile groups.
|
||||
items:
|
||||
properties:
|
||||
annotations:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: |-
|
||||
Annotations specifies the annotations for the group.
|
||||
nullable
|
||||
type: object
|
||||
displayDescription:
|
||||
description: DisplayDescription specifies a user-friendly
|
||||
name for the group that should be used when rendering
|
||||
a group of attributes in user-facing forms.
|
||||
type: string
|
||||
displayHeader:
|
||||
description: DisplayHeader specifies a text that should
|
||||
be used as a header when rendering user-facing forms.
|
||||
type: string
|
||||
name:
|
||||
description: Name is unique name of the group.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
unmanagedAttributePolicy:
|
||||
description: |-
|
||||
UnmanagedAttributePolicy are user attributes not explicitly defined in the user profile configuration.
|
||||
Empty value means that unmanaged attributes are disabled.
|
||||
Possible values:
|
||||
ENABLED - unmanaged attributes are allowed.
|
||||
ADMIN_VIEW - unmanaged attributes are read-only and only available through the administration console and API.
|
||||
ADMIN_EDIT - unmanaged attributes can be managed only through the administration console and API.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- clusterKeycloakRef
|
||||
- realmName
|
||||
|
||||
@@ -44,6 +44,15 @@ spec:
|
||||
spec:
|
||||
description: KeycloakClientSpec defines the desired state of KeycloakClient.
|
||||
properties:
|
||||
adminFineGrainedPermissionsEnabled:
|
||||
description: AdminFineGrainedPermissionsEnabled enable/disable fine-grained
|
||||
admin permissions for a client.
|
||||
type: boolean
|
||||
adminUrl:
|
||||
description: |-
|
||||
AdminUrl is client admin url.
|
||||
If empty - WebUrl will be used.
|
||||
type: string
|
||||
advancedProtocolMappers:
|
||||
description: AdvancedProtocolMappers is a flag to enable advanced
|
||||
protocol mappers.
|
||||
@@ -56,6 +65,14 @@ spec:
|
||||
description: Attributes is a map of client attributes.
|
||||
nullable: true
|
||||
type: object
|
||||
authenticationFlowBindingOverrides:
|
||||
description: AuthenticationFlowBindingOverrides client auth flow overrides
|
||||
properties:
|
||||
browser:
|
||||
type: string
|
||||
directGrant:
|
||||
type: string
|
||||
type: object
|
||||
authorization:
|
||||
description: Authorization is a client authorization configuration.
|
||||
nullable: true
|
||||
@@ -334,14 +351,61 @@ spec:
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
resources:
|
||||
items:
|
||||
properties:
|
||||
attributes:
|
||||
additionalProperties:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
description: Attributes is a map of resource attributes.
|
||||
nullable: true
|
||||
type: object
|
||||
displayName:
|
||||
description: DisplayName for Identity Providers.
|
||||
type: string
|
||||
iconUri:
|
||||
description: IconURI pointing to an icon.
|
||||
type: string
|
||||
name:
|
||||
description: Name is unique resource name.
|
||||
type: string
|
||||
ownerManagedAccess:
|
||||
description: OwnerManagedAccess if enabled, the access to
|
||||
this resource can be managed by the resource owner.
|
||||
type: boolean
|
||||
scopes:
|
||||
description: |-
|
||||
Scopes requested or assigned in advance to the client to determine whether the policy is applied to this client.
|
||||
Condition is evaluated during OpenID Connect authorization request and/or token request.
|
||||
items:
|
||||
type: string
|
||||
nullable: true
|
||||
type: array
|
||||
type:
|
||||
description: Type of this resource. It can be used to group
|
||||
different resource instances with the same type.
|
||||
type: string
|
||||
uris:
|
||||
description: URIs which are protected by resource.
|
||||
items:
|
||||
type: string
|
||||
nullable: true
|
||||
type: array
|
||||
required:
|
||||
- displayName
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
scopes:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
authorizationServicesEnabled:
|
||||
description: ServiceAccountsEnabled enable/disable fine-grained authorization
|
||||
support for a client.
|
||||
description: AuthorizationServicesEnabled enable/disable fine-grained
|
||||
authorization support for a client.
|
||||
type: boolean
|
||||
bearerOnly:
|
||||
description: BearerOnly is a flag to enable bearer-only.
|
||||
@@ -389,6 +453,9 @@ spec:
|
||||
default: true
|
||||
description: FullScopeAllowed is a flag to enable full scope.
|
||||
type: boolean
|
||||
homeUrl:
|
||||
description: HomeUrl is a client home url.
|
||||
type: string
|
||||
implicitFlowEnabled:
|
||||
description: ImplicitFlowEnabled is a flag to enable support for OpenID
|
||||
Connect redirect based authentication without authorization code.
|
||||
@@ -403,6 +470,26 @@ spec:
|
||||
type: string
|
||||
nullable: true
|
||||
type: array
|
||||
permission:
|
||||
description: Permission is a client permissions configuration
|
||||
nullable: true
|
||||
properties:
|
||||
scopePermissions:
|
||||
description: ScopePermissions mapping of scope and the policies
|
||||
attached
|
||||
items:
|
||||
properties:
|
||||
name:
|
||||
type: string
|
||||
policies:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
protocol:
|
||||
description: Protocol is a client protocol.
|
||||
nullable: true
|
||||
|
||||
@@ -23,6 +23,14 @@ spec:
|
||||
jsonPath: .status.value
|
||||
name: Status
|
||||
type: string
|
||||
- description: Keycloak realm name
|
||||
jsonPath: .spec.realmName
|
||||
name: Realm
|
||||
type: boolean
|
||||
- description: Keycloak instance name
|
||||
jsonPath: .spec.keycloakRef
|
||||
name: Keycloak
|
||||
type: boolean
|
||||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
@@ -124,6 +132,11 @@ spec:
|
||||
description: AdminEventsEnabled indicates whether to enable admin
|
||||
events.
|
||||
type: boolean
|
||||
adminEventsExpiration:
|
||||
description: |-
|
||||
AdminEventsExpiration sets the expiration for events in seconds.
|
||||
Expired events are periodically deleted from the database.
|
||||
type: integer
|
||||
enabledEventTypes:
|
||||
description: EnabledEventTypes is a list of event types to enable.
|
||||
items:
|
||||
@@ -145,6 +158,140 @@ spec:
|
||||
realmName:
|
||||
description: RealmName specifies the name of the realm.
|
||||
type: string
|
||||
smtp:
|
||||
description: Smtp is the configuration for email in the realm.
|
||||
nullable: true
|
||||
properties:
|
||||
connection:
|
||||
description: Connection specifies the email connection configuration.
|
||||
properties:
|
||||
authentication:
|
||||
description: Authentication specifies the email authentication
|
||||
configuration.
|
||||
properties:
|
||||
password:
|
||||
description: Password specifies login password.
|
||||
properties:
|
||||
configMapKeyRef:
|
||||
description: Selects a key of a ConfigMap.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
secretKeyRef:
|
||||
description: Selects a key of a secret.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from.
|
||||
type: string
|
||||
name:
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: object
|
||||
username:
|
||||
description: Username specifies login username.
|
||||
properties:
|
||||
configMapKeyRef:
|
||||
description: Selects a key of a ConfigMap.
|
||||
properties:
|
||||
key:
|
||||
description: The key to select.
|
||||
type: string
|
||||
name:
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
secretKeyRef:
|
||||
description: Selects a key of a secret.
|
||||
properties:
|
||||
key:
|
||||
description: The key of the secret to select from.
|
||||
type: string
|
||||
name:
|
||||
description: |-
|
||||
Name of the referent.
|
||||
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
||||
TODO: Add other useful fields. apiVersion, kind, uid?
|
||||
type: string
|
||||
required:
|
||||
- key
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
value:
|
||||
description: Directly specifies a value.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- password
|
||||
- username
|
||||
type: object
|
||||
enableSSL:
|
||||
description: EnableSSL specifies if SSL is enabled.
|
||||
type: boolean
|
||||
enableStartTLS:
|
||||
description: EnableStartTLS specifies if StartTLS is enabled.
|
||||
type: boolean
|
||||
host:
|
||||
description: Host specifies the email server host.
|
||||
type: string
|
||||
port:
|
||||
default: 25
|
||||
description: Port specifies the email server port.
|
||||
type: integer
|
||||
required:
|
||||
- host
|
||||
type: object
|
||||
template:
|
||||
description: Template specifies the email template configuration.
|
||||
properties:
|
||||
envelopeFrom:
|
||||
description: EnvelopeFrom is an email address used for bounces
|
||||
.
|
||||
type: string
|
||||
from:
|
||||
description: From specifies the sender email address.
|
||||
type: string
|
||||
fromDisplayName:
|
||||
description: FromDisplayName specifies the sender display
|
||||
for sender email address.
|
||||
type: string
|
||||
replyTo:
|
||||
description: ReplyTo specifies the reply-to email address.
|
||||
type: string
|
||||
replyToDisplayName:
|
||||
description: ReplyToDisplayName specifies display name for
|
||||
reply-to email address.
|
||||
type: string
|
||||
required:
|
||||
- from
|
||||
type: object
|
||||
required:
|
||||
- connection
|
||||
- template
|
||||
type: object
|
||||
themes:
|
||||
description: Themes is a map of themes to apply to the realm.
|
||||
nullable: true
|
||||
@@ -245,6 +392,145 @@ spec:
|
||||
Otherwise, refresh tokens are not revoked when used and can be used multiple times.
|
||||
type: boolean
|
||||
type: object
|
||||
userProfileConfig:
|
||||
description: |-
|
||||
UserProfileConfig is the configuration for user profiles in the realm.
|
||||
Attributes and groups will be added to the current realm configuration.
|
||||
Deletion of attributes and groups is not supported.
|
||||
nullable: true
|
||||
properties:
|
||||
attributes:
|
||||
description: Attributes specifies the list of user profile attributes.
|
||||
items:
|
||||
properties:
|
||||
annotations:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Annotations specifies the annotations for the
|
||||
attribute.
|
||||
type: object
|
||||
displayName:
|
||||
description: Display name for the attribute.
|
||||
type: string
|
||||
group:
|
||||
description: Group to which the attribute belongs.
|
||||
type: string
|
||||
multivalued:
|
||||
description: |-
|
||||
Multivalued specifies if this attribute supports multiple values.
|
||||
This setting is an indicator and does not enable any validation
|
||||
type: boolean
|
||||
name:
|
||||
description: Name of the user attribute, used to uniquely
|
||||
identify an attribute.
|
||||
type: string
|
||||
permissions:
|
||||
description: Permissions specifies the permissions for the
|
||||
attribute.
|
||||
properties:
|
||||
edit:
|
||||
description: Edit specifies who can edit the attribute.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
view:
|
||||
description: View specifies who can view the attribute.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
description: Required indicates that the attribute must
|
||||
be set by users and administrators.
|
||||
properties:
|
||||
roles:
|
||||
description: Roles specifies the roles for whom the
|
||||
attribute is required.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
scopes:
|
||||
description: Scopes specifies the scopes when the attribute
|
||||
is required.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
selector:
|
||||
description: Selector specifies the scopes for which the
|
||||
attribute is available.
|
||||
properties:
|
||||
scopes:
|
||||
description: Scopes specifies the scopes for which the
|
||||
attribute is available.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
validations:
|
||||
additionalProperties:
|
||||
additionalProperties:
|
||||
properties:
|
||||
intVal:
|
||||
type: integer
|
||||
mapVal:
|
||||
additionalProperties:
|
||||
type: string
|
||||
nullable: true
|
||||
type: object
|
||||
sliceVal:
|
||||
items:
|
||||
type: string
|
||||
nullable: true
|
||||
type: array
|
||||
stringVal:
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
description: Validations specifies the validations for the
|
||||
attribute.
|
||||
type: object
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
groups:
|
||||
description: Groups specifies the list of user profile groups.
|
||||
items:
|
||||
properties:
|
||||
annotations:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: |-
|
||||
Annotations specifies the annotations for the group.
|
||||
nullable
|
||||
type: object
|
||||
displayDescription:
|
||||
description: DisplayDescription specifies a user-friendly
|
||||
name for the group that should be used when rendering
|
||||
a group of attributes in user-facing forms.
|
||||
type: string
|
||||
displayHeader:
|
||||
description: DisplayHeader specifies a text that should
|
||||
be used as a header when rendering user-facing forms.
|
||||
type: string
|
||||
name:
|
||||
description: Name is unique name of the group.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
unmanagedAttributePolicy:
|
||||
description: |-
|
||||
UnmanagedAttributePolicy are user attributes not explicitly defined in the user profile configuration.
|
||||
Empty value means that unmanaged attributes are disabled.
|
||||
Possible values:
|
||||
ENABLED - unmanaged attributes are allowed.
|
||||
ADMIN_VIEW - unmanaged attributes are read-only and only available through the administration console and API.
|
||||
ADMIN_EDIT - unmanaged attributes can be managed only through the administration console and API.
|
||||
type: string
|
||||
type: object
|
||||
users:
|
||||
description: Users is a list of users to create in the realm.
|
||||
items:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
KUBEOVN_TAG = v1.13.3
|
||||
KUBEOVN_TAG = v1.13.6
|
||||
|
||||
export NAME=kubeovn
|
||||
export NAMESPACE=cozy-$(NAME)
|
||||
|
||||
@@ -15,12 +15,12 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: v1.13.3
|
||||
version: v1.13.6
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "1.13.3"
|
||||
appVersion: "1.13.6"
|
||||
|
||||
kubeVersion: ">= 1.23.0-0"
|
||||
|
||||
@@ -10,7 +10,7 @@ global:
|
||||
repository: kube-ovn
|
||||
dpdkRepository: kube-ovn-dpdk
|
||||
vpcRepository: vpc-nat-gateway
|
||||
tag: v1.13.3
|
||||
tag: v1.13.6
|
||||
support_arm: true
|
||||
thirdparty: true
|
||||
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
# syntax = docker/dockerfile:experimental
|
||||
ARG VERSION=v1.13.3
|
||||
ARG VERSION=v1.13.6
|
||||
ARG BASE_TAG=$VERSION
|
||||
|
||||
FROM golang:1.23-bookworm as builder
|
||||
|
||||
ARG TAG=v1.13.3
|
||||
ARG TAG=v1.13.6
|
||||
RUN git clone --branch ${TAG} --depth 1 https://github.com/kubeovn/kube-ovn /source
|
||||
|
||||
WORKDIR /source
|
||||
|
||||
@@ -3,4 +3,4 @@ dependencies:
|
||||
repository: ""
|
||||
version: 0.0.0
|
||||
digest: sha256:aeada3fbffa2565a325406ad014001fd2685f7c0c9cfc1167da4f10c75a1bd65
|
||||
generated: "2024-10-03T10:30:07.403949316Z"
|
||||
generated: "2025-03-15T22:08:36.140314181Z"
|
||||
|
||||
@@ -10,7 +10,7 @@ annotations:
|
||||
- name: QuentinBisson
|
||||
email: quentin.bisson@gmail.com
|
||||
apiVersion: v2
|
||||
appVersion: v0.77.1
|
||||
appVersion: v0.81.0
|
||||
dependencies:
|
||||
- name: crds
|
||||
repository: ""
|
||||
@@ -25,14 +25,18 @@ kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: dacamposol@gmail.com
|
||||
name: dacamposol
|
||||
url: https://github.com/dacamposol
|
||||
- email: cedric@desaintmartin.fr
|
||||
name: desaintmartin
|
||||
url: https://github.com/desaintmartin
|
||||
- email: quentin.bisson@gmail.com
|
||||
name: QuentinBisson
|
||||
url: https://github.com/QuentinBisson
|
||||
- email: github@jkroepke.de
|
||||
name: jkroepke
|
||||
name: Jan-Otto Kröpke
|
||||
url: https://github.com/jkroepke
|
||||
name: prometheus-operator-crds
|
||||
sources:
|
||||
- https://github.com/prometheus-community/helm-charts
|
||||
type: application
|
||||
version: 15.0.0
|
||||
version: 19.0.0
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.77.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.81.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
@@ -7,8 +7,8 @@ metadata:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
controller-gen.kubebuilder.io/version: v0.16.1
|
||||
operator.prometheus.io/version: 0.77.1
|
||||
controller-gen.kubebuilder.io/version: v0.17.2
|
||||
operator.prometheus.io/version: 0.81.0
|
||||
name: podmonitors.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
@@ -81,6 +81,18 @@ spec:
|
||||
It requires Prometheus >= v2.28.0.
|
||||
pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$
|
||||
type: string
|
||||
fallbackScrapeProtocol:
|
||||
description: |-
|
||||
The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
|
||||
|
||||
It requires Prometheus >= v3.0.0.
|
||||
enum:
|
||||
- PrometheusProto
|
||||
- OpenMetricsText0.0.1
|
||||
- OpenMetricsText1.0.0
|
||||
- PrometheusText0.0.4
|
||||
- PrometheusText1.0.0
|
||||
type: string
|
||||
jobLabel:
|
||||
description: |-
|
||||
The label to use to retrieve the job name from.
|
||||
@@ -139,6 +151,23 @@ spec:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
nativeHistogramBucketLimit:
|
||||
description: |-
|
||||
If there are more than this many buckets in a native histogram,
|
||||
buckets will be merged to stay within the limit.
|
||||
It requires Prometheus >= v2.45.0.
|
||||
format: int64
|
||||
type: integer
|
||||
nativeHistogramMinBucketFactor:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
If the growth factor of one bucket to the next is smaller than this,
|
||||
buckets will be merged to increase the factor sufficiently.
|
||||
It requires Prometheus >= v2.50.0.
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
x-kubernetes-int-or-string: true
|
||||
podMetricsEndpoints:
|
||||
description: Defines how to scrape metrics from the selected pods.
|
||||
items:
|
||||
@@ -746,10 +775,16 @@ spec:
|
||||
type: string
|
||||
port:
|
||||
description: |-
|
||||
Name of the Pod port which this endpoint refers to.
|
||||
The `Pod` port name which exposes the endpoint.
|
||||
|
||||
It takes precedence over `targetPort`.
|
||||
It takes precedence over the `portNumber` and `targetPort` fields.
|
||||
type: string
|
||||
portNumber:
|
||||
description: The `Pod` port number which exposes the endpoint.
|
||||
format: int32
|
||||
maximum: 65535
|
||||
minimum: 1
|
||||
type: integer
|
||||
proxyUrl:
|
||||
description: |-
|
||||
`proxyURL` configures the HTTP Proxy URL (e.g.
|
||||
@@ -868,6 +903,7 @@ spec:
|
||||
|
||||
If empty, Prometheus uses the global scrape timeout unless it is less
|
||||
than the target's scrape interval value in which the latter is used.
|
||||
The value cannot be greater than the scrape interval otherwise the operator will reject the resource.
|
||||
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
|
||||
type: string
|
||||
targetPort:
|
||||
@@ -878,7 +914,7 @@ spec:
|
||||
Name or number of the target port of the `Pod` object behind the Service, the
|
||||
port must be specified with container port property.
|
||||
|
||||
Deprecated: use 'port' instead.
|
||||
Deprecated: use 'port' or 'portNumber' instead.
|
||||
x-kubernetes-int-or-string: true
|
||||
tlsConfig:
|
||||
description: TLS configuration to use when scraping the target.
|
||||
@@ -1069,6 +1105,11 @@ spec:
|
||||
description: The scrape class to apply.
|
||||
minLength: 1
|
||||
type: string
|
||||
scrapeClassicHistograms:
|
||||
description: |-
|
||||
Whether to scrape a classic histogram that is also exposed as a native histogram.
|
||||
It requires Prometheus >= v2.45.0.
|
||||
type: boolean
|
||||
scrapeProtocols:
|
||||
description: |-
|
||||
`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the
|
||||
@@ -1085,11 +1126,13 @@ spec:
|
||||
* `OpenMetricsText1.0.0`
|
||||
* `PrometheusProto`
|
||||
* `PrometheusText0.0.4`
|
||||
* `PrometheusText1.0.0`
|
||||
enum:
|
||||
- PrometheusProto
|
||||
- OpenMetricsText0.0.1
|
||||
- OpenMetricsText1.0.0
|
||||
- PrometheusText0.0.4
|
||||
- PrometheusText1.0.0
|
||||
type: string
|
||||
type: array
|
||||
x-kubernetes-list-type: set
|
||||
@@ -1140,6 +1183,18 @@ spec:
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
selectorMechanism:
|
||||
description: |-
|
||||
Mechanism used to select the endpoints to scrape.
|
||||
By default, the selection process relies on relabel configurations to filter the discovered targets.
|
||||
Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters.
|
||||
Which strategy is best for your use case needs to be carefully evaluated.
|
||||
|
||||
It requires Prometheus >= v2.17.0.
|
||||
enum:
|
||||
- RelabelConfig
|
||||
- RoleSelector
|
||||
type: string
|
||||
targetLimit:
|
||||
description: |-
|
||||
`targetLimit` defines a limit on the number of scraped targets that will
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.77.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.81.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
@@ -7,8 +7,8 @@ metadata:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
controller-gen.kubebuilder.io/version: v0.16.1
|
||||
operator.prometheus.io/version: 0.77.1
|
||||
controller-gen.kubebuilder.io/version: v0.17.2
|
||||
operator.prometheus.io/version: 0.81.0
|
||||
name: probes.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
@@ -177,6 +177,18 @@ spec:
|
||||
- key
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
fallbackScrapeProtocol:
|
||||
description: |-
|
||||
The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
|
||||
|
||||
It requires Prometheus >= v3.0.0.
|
||||
enum:
|
||||
- PrometheusProto
|
||||
- OpenMetricsText0.0.1
|
||||
- OpenMetricsText1.0.0
|
||||
- PrometheusText0.0.4
|
||||
- PrometheusText1.0.0
|
||||
type: string
|
||||
interval:
|
||||
description: |-
|
||||
Interval at which targets are probed using the configured prober.
|
||||
@@ -304,6 +316,23 @@ spec:
|
||||
Example module configuring in the blackbox exporter:
|
||||
https://github.com/prometheus/blackbox_exporter/blob/master/example.yml
|
||||
type: string
|
||||
nativeHistogramBucketLimit:
|
||||
description: |-
|
||||
If there are more than this many buckets in a native histogram,
|
||||
buckets will be merged to stay within the limit.
|
||||
It requires Prometheus >= v2.45.0.
|
||||
format: int64
|
||||
type: integer
|
||||
nativeHistogramMinBucketFactor:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
If the growth factor of one bucket to the next is smaller than this,
|
||||
buckets will be merged to increase the factor sufficiently.
|
||||
It requires Prometheus >= v2.50.0.
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
x-kubernetes-int-or-string: true
|
||||
oauth2:
|
||||
description: OAuth2 for the URL. Only valid in Prometheus versions
|
||||
2.27.0 and newer.
|
||||
@@ -664,6 +693,11 @@ spec:
|
||||
description: The scrape class to apply.
|
||||
minLength: 1
|
||||
type: string
|
||||
scrapeClassicHistograms:
|
||||
description: |-
|
||||
Whether to scrape a classic histogram that is also exposed as a native histogram.
|
||||
It requires Prometheus >= v2.45.0.
|
||||
type: boolean
|
||||
scrapeProtocols:
|
||||
description: |-
|
||||
`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the
|
||||
@@ -680,11 +714,13 @@ spec:
|
||||
* `OpenMetricsText1.0.0`
|
||||
* `PrometheusProto`
|
||||
* `PrometheusText0.0.4`
|
||||
* `PrometheusText1.0.0`
|
||||
enum:
|
||||
- PrometheusProto
|
||||
- OpenMetricsText0.0.1
|
||||
- OpenMetricsText1.0.0
|
||||
- PrometheusText0.0.4
|
||||
- PrometheusText1.0.0
|
||||
type: string
|
||||
type: array
|
||||
x-kubernetes-list-type: set
|
||||
@@ -692,6 +728,7 @@ spec:
|
||||
description: |-
|
||||
Timeout for scraping metrics from the Prometheus exporter.
|
||||
If not specified, the Prometheus global scrape timeout is used.
|
||||
The value cannot be greater than the scrape interval otherwise the operator will reject the resource.
|
||||
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
|
||||
type: string
|
||||
targetLimit:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.77.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.81.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
@@ -7,8 +7,8 @@ metadata:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
controller-gen.kubebuilder.io/version: v0.16.1
|
||||
operator.prometheus.io/version: 0.77.1
|
||||
controller-gen.kubebuilder.io/version: v0.17.2
|
||||
operator.prometheus.io/version: 0.81.0
|
||||
name: prometheusrules.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
@@ -62,6 +62,16 @@ spec:
|
||||
are evaluated.
|
||||
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
|
||||
type: string
|
||||
labels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: |-
|
||||
Labels to add or overwrite before storing the result for its rules.
|
||||
The labels defined at the rule level take precedence.
|
||||
|
||||
It requires Prometheus >= 3.0.0.
|
||||
The field is ignored for Thanos Ruler.
|
||||
type: object
|
||||
limit:
|
||||
description: |-
|
||||
Limit the number of alerts an alerting rule and series a recording
|
||||
@@ -79,6 +89,14 @@ spec:
|
||||
More info: https://github.com/thanos-io/thanos/blob/main/docs/components/rule.md#partial-response
|
||||
pattern: ^(?i)(abort|warn)?$
|
||||
type: string
|
||||
query_offset:
|
||||
description: |-
|
||||
Defines the offset the rule evaluation timestamp of this particular group by the specified duration into the past.
|
||||
|
||||
It requires Prometheus >= v2.53.0.
|
||||
It is not supported for ThanosRuler.
|
||||
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
|
||||
type: string
|
||||
rules:
|
||||
description: List of alerting and recording rules.
|
||||
items:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.77.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
|
||||
# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.81.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
@@ -7,8 +7,8 @@ metadata:
|
||||
{{- with .Values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
controller-gen.kubebuilder.io/version: v0.16.1
|
||||
operator.prometheus.io/version: 0.77.1
|
||||
controller-gen.kubebuilder.io/version: v0.17.2
|
||||
operator.prometheus.io/version: 0.81.0
|
||||
name: servicemonitors.monitoring.coreos.com
|
||||
spec:
|
||||
group: monitoring.coreos.com
|
||||
@@ -820,6 +820,7 @@ spec:
|
||||
|
||||
If empty, Prometheus uses the global scrape timeout unless it is less
|
||||
than the target's scrape interval value in which the latter is used.
|
||||
The value cannot be greater than the scrape interval otherwise the operator will reject the resource.
|
||||
pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$
|
||||
type: string
|
||||
targetPort:
|
||||
@@ -1014,6 +1015,18 @@ spec:
|
||||
type: boolean
|
||||
type: object
|
||||
type: array
|
||||
fallbackScrapeProtocol:
|
||||
description: |-
|
||||
The protocol to use if a scrape returns blank, unparseable, or otherwise invalid Content-Type.
|
||||
|
||||
It requires Prometheus >= v3.0.0.
|
||||
enum:
|
||||
- PrometheusProto
|
||||
- OpenMetricsText0.0.1
|
||||
- OpenMetricsText1.0.0
|
||||
- PrometheusText0.0.4
|
||||
- PrometheusText1.0.0
|
||||
type: string
|
||||
jobLabel:
|
||||
description: |-
|
||||
`jobLabel` selects the label from the associated Kubernetes `Service`
|
||||
@@ -1072,6 +1085,23 @@ spec:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
nativeHistogramBucketLimit:
|
||||
description: |-
|
||||
If there are more than this many buckets in a native histogram,
|
||||
buckets will be merged to stay within the limit.
|
||||
It requires Prometheus >= v2.45.0.
|
||||
format: int64
|
||||
type: integer
|
||||
nativeHistogramMinBucketFactor:
|
||||
anyOf:
|
||||
- type: integer
|
||||
- type: string
|
||||
description: |-
|
||||
If the growth factor of one bucket to the next is smaller than this,
|
||||
buckets will be merged to increase the factor sufficiently.
|
||||
It requires Prometheus >= v2.50.0.
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
x-kubernetes-int-or-string: true
|
||||
podTargetLabels:
|
||||
description: |-
|
||||
`podTargetLabels` defines the labels which are transferred from the
|
||||
@@ -1089,6 +1119,11 @@ spec:
|
||||
description: The scrape class to apply.
|
||||
minLength: 1
|
||||
type: string
|
||||
scrapeClassicHistograms:
|
||||
description: |-
|
||||
Whether to scrape a classic histogram that is also exposed as a native histogram.
|
||||
It requires Prometheus >= v2.45.0.
|
||||
type: boolean
|
||||
scrapeProtocols:
|
||||
description: |-
|
||||
`scrapeProtocols` defines the protocols to negotiate during a scrape. It tells clients the
|
||||
@@ -1105,11 +1140,13 @@ spec:
|
||||
* `OpenMetricsText1.0.0`
|
||||
* `PrometheusProto`
|
||||
* `PrometheusText0.0.4`
|
||||
* `PrometheusText1.0.0`
|
||||
enum:
|
||||
- PrometheusProto
|
||||
- OpenMetricsText0.0.1
|
||||
- OpenMetricsText1.0.0
|
||||
- PrometheusText0.0.4
|
||||
- PrometheusText1.0.0
|
||||
type: string
|
||||
type: array
|
||||
x-kubernetes-list-type: set
|
||||
@@ -1160,6 +1197,18 @@ spec:
|
||||
type: object
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
selectorMechanism:
|
||||
description: |-
|
||||
Mechanism used to select the endpoints to scrape.
|
||||
By default, the selection process relies on relabel configurations to filter the discovered targets.
|
||||
Alternatively, you can opt in for role selectors, which may offer better efficiency in large clusters.
|
||||
Which strategy is best for your use case needs to be carefully evaluated.
|
||||
|
||||
It requires Prometheus >= v2.17.0.
|
||||
enum:
|
||||
- RelabelConfig
|
||||
- RoleSelector
|
||||
type: string
|
||||
targetLabels:
|
||||
description: |-
|
||||
`targetLabels` defines the labels which are transferred from the
|
||||
|
||||
@@ -20,3 +20,5 @@
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
*.md
|
||||
*.md.gotmpl
|
||||
|
||||
@@ -1,612 +0,0 @@
|
||||
## Next release
|
||||
|
||||
- TODO
|
||||
|
||||
## 0.36.0
|
||||
|
||||
**Release date:** 2024-10-22
|
||||
|
||||
|
||||
|
||||
|
||||
- replaced `crd.enabled` property to `crds.plain`. Instead of disabling CRDs it selects if CRDs should be rendered from template or as plain CRDs
|
||||
|
||||
## 0.35.5
|
||||
|
||||
**Release date:** 2024-10-15
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator to [v0.48.4](https://github.com/VictoriaMetrics/operator/releases/tag/v0.48.4) version
|
||||
|
||||
## 0.35.4
|
||||
|
||||
**Release date:** 2024-10-11
|
||||
|
||||
|
||||
|
||||
|
||||
- Human-readable error about Helm version requirement
|
||||
|
||||
## 0.35.3
|
||||
|
||||
**Release date:** 2024-10-10
|
||||
|
||||
|
||||
|
||||
|
||||
- upgraded common chart dependency
|
||||
- made webhook pod port configurable. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1565)
|
||||
- added configurable cleanup hook resources. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1571)
|
||||
- added ability to configure `terminationGracePeriodSeconds` and `lifecycle`. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1563) for details
|
||||
|
||||
## 0.35.2
|
||||
|
||||
**Release date:** 2024-09-29
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator to [v0.48.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.48.3) version
|
||||
|
||||
## 0.35.1
|
||||
|
||||
**Release date:** 2024-09-26
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator to [v0.48.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.48.1) version
|
||||
|
||||
## 0.35.0
|
||||
|
||||
**Release date:** 2024-09-26
|
||||
|
||||
|
||||
|
||||
|
||||
- Made webhook port configurable. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1506)
|
||||
- Changed crd cleanup hook delete policy to prevent `resource already exists` error.
|
||||
- updates operator to [v0.48.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.48.0) version
|
||||
|
||||
## 0.34.8
|
||||
|
||||
**Release date:** 2024-09-10
|
||||
|
||||
|
||||
|
||||
|
||||
- Added ability to override deployment namespace using `namespaceOverride` and `global.namespaceOverride` variables
|
||||
- Fixed template for cert-manager certificates
|
||||
- Fixed operator Role creation when only watching own namespace using `watchNamespaces`
|
||||
- Changed webhook service port from 443 to 9443
|
||||
|
||||
## 0.34.7
|
||||
|
||||
**Release date:** 2024-09-03
|
||||
|
||||
|
||||
|
||||
|
||||
- Do not create ClusterRole if `watchNamespaces` contains only namespace, where operator is deployed
|
||||
|
||||
## 0.34.6
|
||||
|
||||
**Release date:** 2024-08-29
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator to [v0.47.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.47.3) version
|
||||
- Made `cleanupCRD` deprecated in a favour of `crd.cleanup.enabled`
|
||||
- Made `cleanupImage` deprecated in a favour of `crd.cleanup.image`
|
||||
- Made `watchNamespace` string deprecated in a favour of `watchNamespaces` slice
|
||||
- Decreased rendering time by 2 seconds
|
||||
|
||||
## 0.34.5
|
||||
|
||||
**Release date:** 2024-08-26
|
||||
|
||||
|
||||
|
||||
|
||||
- fixes typo at clean webhook. vmlogs->vlogs.
|
||||
|
||||
## 0.34.4
|
||||
|
||||
**Release date:** 2024-08-26
|
||||
|
||||
|
||||
|
||||
|
||||
- fixes RBAC by rollback <https://github.com/VictoriaMetrics/helm-charts/commit/7d75b93525bb0a99a8011b700d0a51b6b762321c>
|
||||
|
||||
## 0.34.3
|
||||
|
||||
**Release date:** 2024-08-26
|
||||
|
||||
|
||||
|
||||
|
||||
- removes not implemented scrape CRDs from validation webhook
|
||||
|
||||
## 0.34.2
|
||||
|
||||
**Release date:** 2024-08-26
|
||||
|
||||
|
||||
|
||||
|
||||
- set `admissionWebhooks.keepTLSSecret` to `true` by default
|
||||
- fixed indent, for Issuer crd, when `cert-manager.enabled: true`
|
||||
- updates operator to [v0.47.2](https://github.com/VictoriaMetrics/operator/releases/tag/v0.47.2) version
|
||||
|
||||
## 0.34.1
|
||||
|
||||
**Release date:** 2024-08-23
|
||||
|
||||
|
||||
|
||||
|
||||
**Update note**: main container name was changed to `operator`, which will recreate a pod.
|
||||
|
||||
- Updated operator to v0.47.1 release
|
||||
- Added global imagePullSecrets and image.registry
|
||||
- Use static container names in a pod
|
||||
- Updated operator service scrape config
|
||||
- Added `.Values.vmstorage.service.ipFamilies` and `.Values.vmstorage.service.ipFamilyPolicy` for service IP family management
|
||||
- Enabled webhook by default
|
||||
- Generate webhook certificate when Cert Manager is not enabled
|
||||
- Added ability to configure container port
|
||||
- Fixed image pull secrets. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1285)
|
||||
|
||||
## 0.34.0
|
||||
|
||||
**Release date:** 2024-08-15
|
||||
|
||||
|
||||
|
||||
|
||||
- Set minimal kubernetes version to 1.25
|
||||
- Removed support for policy/v1beta1/PodDisruptionBudget
|
||||
- Added configurable probes at `.Values.probe`
|
||||
- updates operator to [v0.47.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.47.0) release
|
||||
- adds RBAC permissions to VLogs object
|
||||
|
||||
## 0.33.6
|
||||
|
||||
**Release date:** 2024-08-07
|
||||
|
||||
|
||||
|
||||
|
||||
- add missing permission to allow patching `horizontalpodautoscalers` when operator watches single namespace.
|
||||
|
||||
## 0.33.5
|
||||
|
||||
**Release date:** 2024-08-01
|
||||
|
||||
|
||||
|
||||
|
||||
- fix cleanup job image tag when `.Capabilities.KubeVersion.Minor` returns version with plus sign. See [this pull request](https://github.com/VictoriaMetrics/helm-charts/pull/1169) by @dimaslv.
|
||||
|
||||
## 0.33.4
|
||||
|
||||
**Release date:** 2024-07-10
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator to [v0.46.4](https://github.com/VictoriaMetrics/operator/releases/tag/v0.46.4) release
|
||||
|
||||
## 0.33.3
|
||||
|
||||
**Release date:** 2024-07-05
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator to [v0.46.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.46.3) release
|
||||
|
||||
## 0.33.2
|
||||
|
||||
**Release date:** 2024-07-04
|
||||
|
||||
|
||||
|
||||
|
||||
- breaking change: operator uses different entrypoint, remove `command` entrypoint
|
||||
- breaking change: operator uses new flag for leader election `leader-elect`
|
||||
- removes podsecurity policy. It's longer supported by kubernetes
|
||||
- updates operator to [v0.46.2](https://github.com/VictoriaMetrics/operator/releases/tag/v0.46.2) release
|
||||
|
||||
## 0.33.1
|
||||
|
||||
**Release date:** 2024-07-03
|
||||
|
||||
|
||||
|
||||
|
||||
- breaking change: operator uses different entrypoint, remove `command` entrypoint
|
||||
- breaking change: operator uses new flag for leader election `leader-elect`
|
||||
- removes podsecurity policy. It's longer supported by kubernetes
|
||||
- updates operator to [v0.46.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.46.0) release
|
||||
|
||||
## 0.32.3
|
||||
|
||||
**Release date:** 2024-07-02
|
||||
|
||||
|
||||
|
||||
|
||||
- use bitnami/kubectl image for cleanup instead of deprecated gcr.io/google_containers/hyperkube
|
||||
|
||||
## 0.32.2
|
||||
|
||||
**Release date:** 2024-06-14
|
||||
|
||||
|
||||
|
||||
|
||||
- fix default image tag when using `Chart.AppVersion`, previously the version is missing "v".
|
||||
|
||||
## 0.32.1
|
||||
|
||||
**Release date:** 2024-06-14
|
||||
|
||||
|
||||
|
||||
|
||||
**Update note**: The VictoriaMetrics components image tag template has been updated. This change introduces `.Values.<component>.image.variant` to specify tag suffixes like `-scratch`, `-cluster`, `-enterprise`. Additionally, you can now omit `.Values.<component>.image.tag` to automatically use the version specified in `.Chart.AppVersion`.
|
||||
|
||||
- support specifying image tag suffix like "-enterprise" for VictoriaMetrics components using `.Values.<component>.image.variant`.
|
||||
|
||||
## 0.32.0
|
||||
|
||||
**Release date:** 2024-06-10
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator to [v0.45.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.45.0)
|
||||
|
||||
## 0.31.2
|
||||
|
||||
**Release date:** 2024-05-14
|
||||
|
||||
|
||||
|
||||
|
||||
- fix missing serviceaccounts patch permission in ClusterRole, see [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1012) for details.
|
||||
|
||||
## 0.31.1
|
||||
|
||||
**Release date:** 2024-05-10
|
||||
|
||||
|
||||
|
||||
|
||||
- fix serviceAccount template when `.Values.serviceAccount.create=false`, see this [pull request](https://github.com/VictoriaMetrics/helm-charts/pull/1002) by @tylerturk for details.
|
||||
- support creating aggregated clusterRoles for VM CRDs with admin and read permissions, see this [pull request](https://github.com/VictoriaMetrics/helm-charts/pull/996) by @reegnz for details.
|
||||
|
||||
## 0.31.0
|
||||
|
||||
**Release date:** 2024-05-09
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator to [v0.44.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.44.0)
|
||||
|
||||
## 0.30.3
|
||||
|
||||
**Release date:** 2024-04-26
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator to [v0.43.5](https://github.com/VictoriaMetrics/operator/releases/tag/v0.43.5)
|
||||
|
||||
## 0.30.2
|
||||
|
||||
**Release date:** 2024-04-23
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator to v0.43.1 version
|
||||
- fixes typo at single-namespace role for `vmscrapeconfig`. See this [issue](https://github.com/VictoriaMetrics/helm-charts/issues/987) for details.
|
||||
|
||||
## 0.30.1
|
||||
|
||||
**Release date:** 2024-04-18
|
||||
|
||||
|
||||
|
||||
|
||||
- TODO
|
||||
|
||||
- updates operator to v0.43.1 version
|
||||
|
||||
## 0.30.0
|
||||
|
||||
**Release date:** 2024-04-18
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator to v0.43.0-0 version
|
||||
- adds `events` create permission
|
||||
- properly truncate value of `app.kubernetes.io/managed-by` and `app.kubernetes.io/instance` labels in case release name exceeds 63 characters.
|
||||
|
||||
## 0.29.6
|
||||
|
||||
**Release date:** 2024-04-16
|
||||
|
||||
|
||||
|
||||
|
||||
- clean up vmauth as well when uninstall chart with `cleanupCRD: true`, since it also has `finalizers`.
|
||||
- sync new crd VMScrapeConfig from operator, see detail in <https://docs.victoriametrics.com/operator/api/#vmscrapeconfig>.
|
||||
|
||||
## 0.29.5
|
||||
|
||||
**Release date:** 2024-04-02
|
||||
|
||||
|
||||
|
||||
|
||||
- bump version of VM operator to [0.42.4](https://github.com/VictoriaMetrics/operator/releases/tag/v0.42.4)
|
||||
|
||||
## 0.29.4
|
||||
|
||||
**Release date:** 2024-03-28
|
||||
|
||||
|
||||
|
||||
|
||||
- added ability to use slice variables in extraArgs (#944)
|
||||
|
||||
## 0.29.3
|
||||
|
||||
**Release date:** 2024-03-12
|
||||
|
||||
|
||||
|
||||
|
||||
- TODO
|
||||
|
||||
## 0.29.2
|
||||
|
||||
**Release date:** 2024-03-06
|
||||
|
||||
|
||||
|
||||
|
||||
- bump version of VM operator to [0.42.2](https://github.com/VictoriaMetrics/operator/releases/tag/v0.42.2)
|
||||
|
||||
## 0.29.0
|
||||
|
||||
**Release date:** 2024-03-06
|
||||
|
||||
|
||||
|
||||
|
||||
- bump version of VM operator to [0.42.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.42.1)
|
||||
|
||||
## 0.29.0
|
||||
|
||||
**Release date:** 2024-03-04
|
||||
|
||||
|
||||
|
||||
|
||||
- bump version of VM operator to [0.42.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.42.0)
|
||||
|
||||
## 0.28.1
|
||||
|
||||
**Release date:** 2024-02-21
|
||||
|
||||
|
||||
|
||||
|
||||
- bump version of VM operator to [0.41.2](https://github.com/VictoriaMetrics/operator/releases/tag/v0.41.2)
|
||||
|
||||
## 0.28.0
|
||||
|
||||
**Release date:** 2024-02-09
|
||||
|
||||
|
||||
|
||||
|
||||
- Update victoriametrics CRD resources yaml.
|
||||
|
||||
## 0.27.11
|
||||
|
||||
**Release date:** 2024-02-01
|
||||
|
||||
|
||||
|
||||
|
||||
- bump version of VM operator to [0.41.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.41.1)
|
||||
|
||||
## 0.27.10
|
||||
|
||||
**Release date:** 2024-01-24
|
||||
|
||||
|
||||
|
||||
|
||||
- Bump operator version to [0.40.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.40.0)
|
||||
|
||||
## 0.27.9
|
||||
|
||||
**Release date:** 2023-12-12
|
||||
|
||||
|
||||
|
||||
|
||||
- bump version of VM operator to [0.39.4](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.4)
|
||||
|
||||
## 0.27.8
|
||||
|
||||
**Release date:** 2023-12-08
|
||||
|
||||
|
||||
|
||||
|
||||
- Sync CRD resources with operator [v0.39.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.3).
|
||||
|
||||
## 0.27.7
|
||||
|
||||
**Release date:** 2023-12-08
|
||||
|
||||
|
||||
|
||||
|
||||
- Skip deleting victoriametrics CRD resources when uninstall release.
|
||||
|
||||
## 0.27.6
|
||||
|
||||
**Release date:** 2023-11-16
|
||||
|
||||
|
||||
|
||||
|
||||
- bump version of VM operator to [0.39.3](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.3)
|
||||
|
||||
## 0.27.5
|
||||
|
||||
**Release date:** 2023-11-15
|
||||
|
||||
|
||||
|
||||
|
||||
- bump version of VM operator to [0.39.2](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.2)
|
||||
- Add `extraObjects` to allow deploying additional resources with the chart release. (#751)
|
||||
|
||||
## 0.27.4
|
||||
|
||||
**Release date:** 2023-11-01
|
||||
|
||||
|
||||
|
||||
|
||||
- bump version of VM operator to [0.39.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.1)
|
||||
|
||||
## 0.27.3
|
||||
|
||||
**Release date:** 2023-10-08
|
||||
|
||||
|
||||
|
||||
|
||||
- Added endpointslices permissions to operator roles (#708)
|
||||
|
||||
## 0.27.2
|
||||
|
||||
**Release date:** 2023-10-04
|
||||
|
||||
|
||||
|
||||
|
||||
- bump version of VM operator to [0.39.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.39.0)
|
||||
|
||||
## 0.27.1
|
||||
|
||||
**Release date:** 2023-09-28
|
||||
|
||||
|
||||
|
||||
|
||||
- Fix `relabelConfigs` for operator's VMServiceScrape (#624)
|
||||
|
||||
## 0.27.0
|
||||
|
||||
**Release date:** 2023-09-11
|
||||
|
||||
|
||||
|
||||
|
||||
- Bump version of operator to [v0.38.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.38.0)
|
||||
|
||||
## 0.26.2
|
||||
|
||||
**Release date:** 2023-09-07
|
||||
|
||||
|
||||
|
||||
|
||||
- Updated CRDs for operator
|
||||
|
||||
## 0.26.1
|
||||
|
||||
**Release date:** 2023-09-04
|
||||
|
||||
|
||||
|
||||
|
||||
- Bump version of Victoria Metrics operator to `v0.37.1`
|
||||
|
||||
## 0.26.0
|
||||
|
||||
**Release date:** 2023-08-30
|
||||
|
||||
|
||||
|
||||
|
||||
- Bump operator version to [v0.37.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.37.0)
|
||||
- `psp_auto_creation_enabled` for operator is disabled by default
|
||||
|
||||
## 0.25.0
|
||||
|
||||
**Release date:** 2023-08-24
|
||||
|
||||
|
||||
|
||||
|
||||
- Added `topologySpreadConstraints` for the operator + a small refactoring (#611)
|
||||
- Fix vm operator appVersion (#589)
|
||||
- Fixes operator doc description
|
||||
- Add `cleanupCRD` option to clean up vm cr resources when uninstalling (#593)
|
||||
- Bump operator version to [v0.36.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.36.0)
|
||||
|
||||
## 0.24.1
|
||||
|
||||
**Release date:** 2023-07-13
|
||||
|
||||
|
||||
|
||||
|
||||
- operator release v0.35.1
|
||||
|
||||
## 0.24.0
|
||||
|
||||
**Release date:** 2023-07-03
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator for v0.35.0
|
||||
- updates for v1.91.1 release
|
||||
|
||||
## 0.23.1
|
||||
|
||||
**Release date:** 2023-05-29
|
||||
|
||||
|
||||
|
||||
|
||||
- updates operator for v0.34.1 version
|
||||
|
||||
## 0.23.0
|
||||
|
||||
**Release date:** 2023-05-25
|
||||
|
||||
|
||||
|
||||
|
||||
- bump operator version
|
||||
- feat(operator): add PodDisruptionBudget (#546)
|
||||
@@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: victoria-metrics-common
|
||||
repository: https://victoriametrics.github.io/helm-charts
|
||||
version: 0.0.16
|
||||
version: 0.0.42
|
||||
- name: crds
|
||||
repository: ""
|
||||
version: 0.0.*
|
||||
digest: sha256:1dbeda933645106331943d21d8ba9fb76db1eca47446d47f98c916eadd1bbfbd
|
||||
generated: "2024-10-16T22:31:25.325936+03:00"
|
||||
digest: sha256:d186ad6f54d64a2f828cd80a136e06dcf1f30dbc8ae94964bb9b166ee32eb30e
|
||||
generated: "2025-03-19T09:59:22.84209872Z"
|
||||
|
||||
@@ -1,18 +1,20 @@
|
||||
annotations:
|
||||
artifacthub.io/category: monitoring-logging
|
||||
artifacthub.io/changes: |
|
||||
- replaced `crd.enabled` property to `crds.plain`. Instead of disabling CRDs it selects if CRDs should be rendered from template or as plain CRDs
|
||||
- updates operator to [v0.55.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.55.0) version
|
||||
artifacthub.io/license: Apache-2.0
|
||||
artifacthub.io/links: |
|
||||
- name: Sources
|
||||
url: https://github.com/VictoriaMetrics/helm-charts
|
||||
url: https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-operator
|
||||
- name: Charts repo
|
||||
url: https://victoriametrics.github.io/helm-charts/
|
||||
- name: Docs
|
||||
url: https://docs.victoriametrics.com/operator
|
||||
- name: Changelog
|
||||
url: https://docs.victoriametrics.com/operator/changelog
|
||||
artifacthub.io/operator: "true"
|
||||
apiVersion: v2
|
||||
appVersion: v0.48.4
|
||||
appVersion: v0.55.0
|
||||
dependencies:
|
||||
- name: victoria-metrics-common
|
||||
repository: https://victoriametrics.github.io/helm-charts
|
||||
@@ -40,4 +42,4 @@ sources:
|
||||
- https://github.com/VictoriaMetrics/helm-charts
|
||||
- https://github.com/VictoriaMetrics/operator
|
||||
type: application
|
||||
version: 0.36.0
|
||||
version: 0.44.0
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,98 +0,0 @@
|
||||
{{ template "chart.typeBadge" . }} {{ template "chart.versionBadge" . }}
|
||||
[](https://artifacthub.io/packages/helm/victoriametrics/victoria-metrics-operator)
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
## Prerequisites
|
||||
|
||||
* Install the follow packages: ``git``, ``kubectl``, ``helm``, ``helm-docs``. See this [tutorial](https://docs.victoriametrics.com/helm/requirements/).
|
||||
* PV support on underlying infrastructure.
|
||||
|
||||
## ArgoCD issues
|
||||
|
||||
When running operator using ArgoCD without Cert Manager (`.Values.admissionWebhooks.certManager.enabled: false`) it will rerender webhook certificates
|
||||
on each sync since Helm `lookup` function is not respected by ArgoCD. To prevent this please update you operator Application `spec.syncPolicy` and `spec.ignoreDifferences` with a following:
|
||||
|
||||
```yaml
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
...
|
||||
spec:
|
||||
...
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
# https://argo-cd.readthedocs.io/en/stable/user-guide/sync-options/#respect-ignore-difference-configs
|
||||
# argocd must also ignore difference during apply stage
|
||||
# otherwise it ll silently override changes and cause a problem
|
||||
- RespectIgnoreDifferences=true
|
||||
ignoreDifferences:
|
||||
- group: ""
|
||||
kind: Secret
|
||||
name: <fullname>-validation
|
||||
namespace: kube-system
|
||||
jsonPointers:
|
||||
- /data
|
||||
- group: admissionregistration.k8s.io
|
||||
kind: ValidatingWebhookConfiguration
|
||||
name: <fullname>-admission
|
||||
jqPathExpressions:
|
||||
- '.webhooks[]?.clientConfig.caBundle'
|
||||
```
|
||||
where `<fullname>` is output of `{{"{{"}} include "vm-operator.fullname" {{"}}"}}` for your setup
|
||||
|
||||
## Upgrade guide
|
||||
|
||||
During release an issue with helm CRD was discovered. So for upgrade from version less then 0.1.3 you have to two options:
|
||||
1) use helm management for CRD, enabled by default.
|
||||
2) use own management system, need to add variable: --set createCRD=false.
|
||||
|
||||
If you choose helm management, following steps must be done before upgrade:
|
||||
|
||||
1) define namespace and helm release name variables
|
||||
|
||||
```
|
||||
export NAMESPACE=default
|
||||
export RELEASE_NAME=operator
|
||||
```
|
||||
|
||||
execute kubectl commands:
|
||||
|
||||
```
|
||||
kubectl get crd | grep victoriametrics.com | awk '{print $1 }' | xargs -i kubectl label crd {} app.kubernetes.io/managed-by=Helm --overwrite
|
||||
kubectl get crd | grep victoriametrics.com | awk '{print $1 }' | xargs -i kubectl annotate crd {} meta.helm.sh/release-namespace="$NAMESPACE" meta.helm.sh/release-name="$RELEASE_NAME" --overwrite
|
||||
```
|
||||
|
||||
run helm upgrade command.
|
||||
|
||||
## Chart Details
|
||||
|
||||
This chart will do the following:
|
||||
|
||||
* Rollout victoria metrics operator
|
||||
|
||||
{{ include "chart.installSection" . }}
|
||||
|
||||
## Validation webhook
|
||||
|
||||
Its possible to use validation of created resources with operator. For now, you need cert-manager to easily certificate management https://cert-manager.io/docs/
|
||||
|
||||
```yaml
|
||||
admissionWebhooks:
|
||||
enabled: true
|
||||
# what to do in case, when operator not available to validate request.
|
||||
certManager:
|
||||
# enables cert creation and injection by cert-manager
|
||||
enabled: true
|
||||
```
|
||||
|
||||
{{ include "chart.uninstallSection" . }}
|
||||
|
||||
{{ include "chart.helmDocs" . }}
|
||||
|
||||
## Parameters
|
||||
|
||||
The following tables lists the configurable parameters of the chart and their default values.
|
||||
|
||||
Change the values according to the need of the environment in ``victoria-metrics-operator/values.yaml`` file.
|
||||
|
||||
{{ template "chart.valuesTableHtml" . }}
|
||||
@@ -0,0 +1,7 @@
|
||||
# Release notes for version 0.44.0
|
||||
|
||||
**Release date:** 02 Apr 2025
|
||||
|
||||
 
|
||||
|
||||
- updates operator to [v0.55.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.55.0) version
|
||||
@@ -1,8 +0,0 @@
|
||||
# Release notes for version 0.36.0
|
||||
|
||||
**Release date:** 2024-10-22
|
||||
|
||||
|
||||
|
||||
|
||||
- replaced `crd.enabled` property to `crds.plain`. Instead of disabling CRDs it selects if CRDs should be rendered from template or as plain CRDs
|
||||
@@ -1,13 +0,0 @@
|
||||
---
|
||||
weight: 1
|
||||
title: CHANGELOG
|
||||
menu:
|
||||
docs:
|
||||
weight: 1
|
||||
identifier: helm-victoriametrics-operator-changelog
|
||||
parent: helm-victoriametrics-operator
|
||||
url: /helm/victoriametrics-operator/changelog
|
||||
aliases:
|
||||
- /helm/victoriametrics-operator/changelog/index.html
|
||||
---
|
||||
{{% content "CHANGELOG.md" %}}
|
||||
@@ -1,13 +0,0 @@
|
||||
---
|
||||
weight: 10
|
||||
title: VictoriaMetrics Operator
|
||||
menu:
|
||||
docs:
|
||||
parent: helm
|
||||
weight: 10
|
||||
identifier: helm-victoriametrics-operator
|
||||
url: /helm/victoriametrics-operator
|
||||
aliases:
|
||||
- /helm/victoriametrics-operator/index.html
|
||||
---
|
||||
{{% content "README.md" %}}
|
||||
File diff suppressed because it is too large
Load Diff
@@ -20,3 +20,5 @@
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
*.md
|
||||
*.md.gotmpl
|
||||
|
||||
@@ -1,159 +0,0 @@
|
||||
# CHANGELOG for `victoria-metrics-common` helm-chart
|
||||
|
||||
## Next release
|
||||
|
||||
- TODO
|
||||
|
||||
## 0.0.16
|
||||
|
||||
**Release date:** 2024-10-15
|
||||
|
||||
|
||||
|
||||
- Allow extract name prefix from app level fullnameOverride property
|
||||
|
||||
## 0.0.15
|
||||
|
||||
**Release date:** 2024-10-11
|
||||
|
||||
|
||||
|
||||
- Display compatibility error message
|
||||
|
||||
## 0.0.14
|
||||
|
||||
**Release date:** 2024-10-04
|
||||
|
||||
|
||||
|
||||
- Fixed openshift compatibility templates
|
||||
|
||||
## 0.0.13
|
||||
|
||||
**Release date:** 2024-09-16
|
||||
|
||||
|
||||
|
||||
- Do not use image variant if custom image tag is set in `vm.image` template
|
||||
- Support multiple license flag styles, which are different for vmanomaly and other services
|
||||
|
||||
## 0.0.12
|
||||
|
||||
**Release date:** 2024-09-16
|
||||
|
||||
|
||||
|
||||
- Add enterprise to existing variant if enterprise enabled
|
||||
- Added `vm.enterprise.disabled` template to check if enterprise license is disabled
|
||||
- Use `service.servicePort` as a port source if flag is not set in `vm.url`
|
||||
|
||||
## 0.0.11
|
||||
|
||||
**Release date:** 2024-09-11
|
||||
|
||||
|
||||
|
||||
- Added ability to pass extra prefix for `vm.managed.fullname`
|
||||
|
||||
## 0.0.10
|
||||
|
||||
**Release date:** 2024-09-10
|
||||
|
||||
|
||||
|
||||
- Fixed protocol extraction with TLS enabled
|
||||
- Typo fixes
|
||||
- use appkey as `app` label by default
|
||||
- support multiple service naming styles for `vm.service`
|
||||
|
||||
## 0.0.9
|
||||
|
||||
**Release date:** 2024-09-02
|
||||
|
||||
|
||||
|
||||
- Allow `appKey` argument to be a list to support deeply nested objects
|
||||
- Added `vm.namespace`, which returns `namespaceOverride` or `global.namespaceOverride` or `Release.Namespace` as a default
|
||||
- Added `vm.managed.fullname`, which returns default fullname prefixed by `appKey`
|
||||
- Added `vm.plain.fullname`, which returns default fullname suffixed by `appKey`
|
||||
|
||||
## 0.0.8
|
||||
|
||||
**Release date:** 2024-08-29
|
||||
|
||||
|
||||
|
||||
- Added `vm.service` for unified service name generation
|
||||
- Added `vm.url` to construct service base url
|
||||
- Added `vm.name` for chart name
|
||||
- Added `vm.fullname` which is actively used in resource name construction
|
||||
- Added `vm.chart` to construct chart name label value
|
||||
- Added `vm.labels` for common labels
|
||||
- Added `vm.sa` for service account name
|
||||
- Added `vm.release` for release name
|
||||
- Added `vm.selectorLabels` for common selector labels
|
||||
|
||||
## 0.0.7
|
||||
|
||||
**Release date:** 2024-08-27
|
||||
|
||||
|
||||
|
||||
- Support short and long args flags in `vm.args`
|
||||
- Updated `vm.enterprise.only` error message
|
||||
|
||||
## 0.0.6
|
||||
|
||||
**Release date:** 2024-08-27
|
||||
|
||||
|
||||
|
||||
- Changed structure of `vm.args` template output
|
||||
- Removed `eula` support
|
||||
|
||||
## 0.0.5
|
||||
|
||||
**Release date:** 2024-08-26
|
||||
|
||||
|
||||
|
||||
- Fixed `vm.enterprise.only` template to check if at least one of both global.licence.eula and .Values.license.eula are defined
|
||||
- Convert `vm.args` bool `true` values to flags without values
|
||||
|
||||
## 0.0.4
|
||||
|
||||
**Release date:** 2024-08-26
|
||||
|
||||
|
||||
|
||||
- Updated `vm.probe.*` templates to remove Helm 3.14 restriction.
|
||||
- Added `vm.args` template for cmd args generation
|
||||
|
||||
## 0.0.3
|
||||
|
||||
**Release date:** 2024-08-25
|
||||
|
||||
|
||||
|
||||
- Moved license templates from other charts `vm.license.volume`, `vm.license.mount`, `vm.license.flag`
|
||||
- Moved `vm.compatibility.renderSecurityContext` template
|
||||
- Fixed a case, when null is passed to a `.Values.global`. See [this issue](https://github.com/VictoriaMetrics/helm-charts/issues/1296)
|
||||
|
||||
## 0.0.2
|
||||
|
||||
**Release date:** 2024-08-23
|
||||
|
||||
|
||||
|
||||
- Added `vm.port.from.flag` template to extract port from cmd flag listen address.
|
||||
|
||||
## 0.0.1
|
||||
|
||||
**Release date:** 2024-08-15
|
||||
|
||||
|
||||
|
||||
- Added `vm.enterprise.only` template to fail rendering if required license arguments weren't set.
|
||||
- Added `vm.image` template that introduces common chart logic of how to build image name from application variables.
|
||||
- Added `vm.ingress.port` template to render properly tngress port configuration depending on args type.
|
||||
- Added `vm.probe.*` templates to render probes params consistently across all templates.
|
||||
@@ -1,3 +1,3 @@
|
||||
dependencies: []
|
||||
digest: sha256:643d5437104296e21d906ecb15b2c96ad278f20cfc4af53b12bb6069bd853726
|
||||
generated: "2024-10-15T17:49:14.591209997Z"
|
||||
generated: "2024-11-13T12:10:17.363248379Z"
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
annotations:
|
||||
artifacthub.io/category: monitoring-logging
|
||||
artifacthub.io/changes: |
|
||||
- Allow extract name prefix from app level fullnameOverride property
|
||||
- Support custom case for list empty argument.
|
||||
artifacthub.io/license: Apache-2.0
|
||||
artifacthub.io/links: |
|
||||
- name: Sources
|
||||
url: https://github.com/VictoriaMetrics/helm-charts
|
||||
url: https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-common
|
||||
- name: Charts repo
|
||||
url: https://victoriametrics.github.io/helm-charts/
|
||||
apiVersion: v2
|
||||
@@ -25,4 +25,4 @@ name: victoria-metrics-common
|
||||
sources:
|
||||
- https://github.com/VictoriaMetrics/helm-charts
|
||||
type: library
|
||||
version: 0.0.16
|
||||
version: 0.0.42
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
# Release notes for version 0.0.42
|
||||
|
||||
**Release date:** 19 Mar 2025
|
||||
|
||||
|
||||
|
||||
- Support custom case for list empty argument.
|
||||
@@ -1,7 +0,0 @@
|
||||
# Release notes for version 0.0.16
|
||||
|
||||
**Release date:** 2024-10-15
|
||||
|
||||
|
||||
|
||||
- Allow extract name prefix from app level fullnameOverride property
|
||||
@@ -1,11 +1,23 @@
|
||||
{{- define "vm.license.secret.key" -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- (($Values.license).secret).key | default ((($Values.global).license).secret).key | default "" -}}
|
||||
{{- $plain := (($Values.license).secret).key | default ((($Values.global).license).secret).key -}}
|
||||
{{- $managed := (($Values.license).keyRef).key | default ((($Values.global).license).keyRef).key }}
|
||||
{{- if $plain -}}
|
||||
{{- $plain -}}
|
||||
{{- else if $managed -}}
|
||||
{{- $managed -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.license.secret.name" -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- (($Values.license).secret).name | default ((($Values.global).license).secret).name | default "" -}}
|
||||
{{- $plain := (($Values.license).secret).name | default ((($Values.global).license).secret).name -}}
|
||||
{{- $managed := (($Values.license).keyRef).name | default ((($Values.global).license).keyRef).name -}}
|
||||
{{- if $plain -}}
|
||||
{{- $plain -}}
|
||||
{{- else if $managed -}}
|
||||
{{- $managed -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.license.key" -}}
|
||||
@@ -17,7 +29,7 @@
|
||||
{{- $licenseKey := (include "vm.license.key" .) -}}
|
||||
{{- $licenseSecretKey := (include "vm.license.secret.key" .) -}}
|
||||
{{- $licenseSecretName := (include "vm.license.secret.name" .) -}}
|
||||
{{- and (empty $licenseKey) (and (empty $licenseSecretName) (empty $licenseSecretKey)) -}}
|
||||
{{- or .noEnterprise (and (empty $licenseKey) (and (empty $licenseSecretName) (empty $licenseSecretKey))) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.enterprise.only" -}}
|
||||
|
||||
@@ -1,15 +1,16 @@
|
||||
{{- define "vm.namespace" -}}
|
||||
{{- include "vm.validate.args" . -}}
|
||||
{{- $Release := (.helm).Release | default .Release -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $Capabilities := (.helm).Capabilities | default .Capabilities -}}
|
||||
{{- if semverCompare "<3.14.0" $Capabilities.HelmVersion.Version }}
|
||||
{{- fail "This chart requires helm version 3.14.0 or higher" }}
|
||||
{{- end }}
|
||||
{{- $Values.namespaceOverride | default ($Values.global).namespaceOverride | default $Release.Namespace -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.validate.args" -}}
|
||||
{{- $Chart := (.helm).Chart | default .Chart -}}
|
||||
{{- $Capabilities := (.helm).Capabilities | default .Capabilities -}}
|
||||
{{- if semverCompare "<3.14.0" $Capabilities.HelmVersion.Version }}
|
||||
{{- fail "This chart requires helm version 3.14.0 or higher" }}
|
||||
{{- end }}
|
||||
{{- if empty $Chart -}}
|
||||
{{- fail "invalid template data" -}}
|
||||
{{- end -}}
|
||||
@@ -20,7 +21,12 @@
|
||||
{{- include "vm.validate.args" . -}}
|
||||
{{- $Chart := (.helm).Chart | default .Chart -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $Values.nameOverride | default ($Values.global).nameOverride | default $Chart.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- $nameOverride := $Values.nameOverride | default ($Values.global).nameOverride | default $Chart.Name -}}
|
||||
{{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}}
|
||||
{{- $nameOverride -}}
|
||||
{{- else -}}
|
||||
{{- $nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /*
|
||||
@@ -34,88 +40,127 @@ If release name contains chart name it will be used as a full name.
|
||||
{{- $Chart := (.helm).Chart | default .Chart -}}
|
||||
{{- $Release := (.helm).Release | default .Release -}}
|
||||
{{- $fullname := "" -}}
|
||||
{{- if .appKey -}}
|
||||
{{- $appKey := ternary (list .appKey) .appKey (kindIs "string" .appKey) -}}
|
||||
{{- $values := $Values -}}
|
||||
{{- $global := (index $Values.global $Chart.Name) | default dict -}}
|
||||
{{- range $ak := $appKey }}
|
||||
{{- if $values -}}
|
||||
{{- $values = (index $values $ak) | default dict -}}
|
||||
{{- end -}}
|
||||
{{- if $global -}}
|
||||
{{- $global = (index $global $ak) | default dict -}}
|
||||
{{- end -}}
|
||||
{{- if and (kindIs "map" $values) $values.name -}}
|
||||
{{- $fullname = $values.name -}}
|
||||
{{- else if and (kindIs "map" $values) $values.fullnameOverride -}}
|
||||
{{- $fullname = $values.fullnameOverride -}}
|
||||
{{- else if and (kindIs "map" $global) $global.name -}}
|
||||
{{- $fullname = $global.name -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
{{- if empty $fullname -}}
|
||||
{{- if $Values.fullnameOverride -}}
|
||||
{{- $fullname = $Values.fullnameOverride -}}
|
||||
{{- else if (dig $Chart.Name "fullnameOverride" "" ($Values.global)) -}}
|
||||
{{- $fullname = (dig $Chart.Name "fullnameOverride" "" ($Values.global)) -}}
|
||||
{{- else if ($Values.global).fullnameOverride -}}
|
||||
{{- $fullname = $Values.global.fullnameOverride -}}
|
||||
{{- if $Values.fullnameOverride -}}
|
||||
{{- $fullname = $Values.fullnameOverride -}}
|
||||
{{- else if ($Values.global).fullnameOverride -}}
|
||||
{{- $fullname = $Values.global.fullnameOverride -}}
|
||||
{{- else -}}
|
||||
{{- $name := default $Chart.Name $Values.nameOverride -}}
|
||||
{{- if contains $name $Release.Name -}}
|
||||
{{- $fullname = $Release.Name -}}
|
||||
{{- else -}}
|
||||
{{- $name := default $Chart.Name $Values.nameOverride -}}
|
||||
{{- if contains $name $Release.Name -}}
|
||||
{{- $fullname = $Release.Name -}}
|
||||
{{- else -}}
|
||||
{{- $fullname = (printf "%s-%s" $Release.Name $name) }}
|
||||
{{- end -}}
|
||||
{{- $fullname = (printf "%s-%s" $Release.Name $name) }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- with .prefix -}}
|
||||
{{- $fullname = printf "%s-%s" . $fullname -}}
|
||||
{{- $fullname = tpl $fullname . -}}
|
||||
{{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}}
|
||||
{{- $fullname -}}
|
||||
{{- else -}}
|
||||
{{- $fullname | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- with .suffix -}}
|
||||
{{- $fullname = printf "%s-%s" $fullname . -}}
|
||||
{{- end -}}
|
||||
{{- $fullname | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
|
||||
{{- define "vm.cr.fullname" -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $_ := set . "overrideKey" "name" -}}
|
||||
{{- $fullname := include "vm.internal.key" . -}}
|
||||
{{- $_ := unset . "overrideKey" -}}
|
||||
{{- if empty $fullname -}}
|
||||
{{- $fullname = include "vm.fullname" . -}}
|
||||
{{- end -}}
|
||||
{{- $fullname = tpl $fullname . -}}
|
||||
{{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}}
|
||||
{{- $fullname -}}
|
||||
{{- else -}}
|
||||
{{- $fullname | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.managed.fullname" -}}
|
||||
{{- $prefix := .appKey -}}
|
||||
{{- $oldPrefix := .prefix -}}
|
||||
{{- if kindIs "slice" $prefix -}}
|
||||
{{- $prefix = last $prefix -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $_ := set . "overrideKey" "name" -}}
|
||||
{{- $fullname := include "vm.internal.key" . -}}
|
||||
{{- $_ := unset . "overrideKey" -}}
|
||||
{{- if empty $fullname -}}
|
||||
{{- $fullname = include "vm.fullname" . -}}
|
||||
{{- end -}}
|
||||
{{- if $prefix -}}
|
||||
{{- with $oldPrefix -}}
|
||||
{{- $prefix = printf "%s-%s" $prefix . -}}
|
||||
{{- end }}
|
||||
{{- $_ := set $ "prefix" $prefix -}}
|
||||
{{- with include "vm.internal.key.default" . -}}
|
||||
{{- $prefix := ternary . (printf "vm%s" .) (or (hasPrefix "vm" .) (hasPrefix "vl" .)) -}}
|
||||
{{- $fullname = printf "%s-%s" $prefix $fullname -}}
|
||||
{{- end -}}
|
||||
{{- $fullname = tpl $fullname . -}}
|
||||
{{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}}
|
||||
{{- $fullname -}}
|
||||
{{- else -}}
|
||||
{{- $fullname | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- include "vm.fullname" . -}}
|
||||
{{- $_ := set . "prefix" $oldPrefix -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.plain.fullname" -}}
|
||||
{{- $suffix := .appKey -}}
|
||||
{{- $oldSuffix := .suffix -}}
|
||||
{{- if kindIs "slice" $suffix -}}
|
||||
{{- $suffix = last $suffix }}
|
||||
{{- end -}}
|
||||
{{- if $suffix -}}
|
||||
{{- with $oldSuffix -}}
|
||||
{{- $suffix = printf "%s-%s" $suffix . -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $_ := set . "overrideKey" "fullnameOverride" -}}
|
||||
{{- $fullname := include "vm.internal.key" . -}}
|
||||
{{- $_ := unset . "overrideKey" -}}
|
||||
{{- if empty $fullname -}}
|
||||
{{- $fullname = include "vm.fullname" . -}}
|
||||
{{- with include "vm.internal.key.default" . -}}
|
||||
{{- $fullname = printf "%s-%s" $fullname . -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set . "suffix" $suffix -}}
|
||||
{{- end -}}
|
||||
{{- include "vm.fullname" . -}}
|
||||
{{- $_ := set . "suffix" $oldSuffix -}}
|
||||
{{- $fullname = tpl $fullname . -}}
|
||||
{{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}}
|
||||
{{- $fullname -}}
|
||||
{{- else -}}
|
||||
{{- $fullname | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.internal.key" -}}
|
||||
{{- include "vm.validate.args" . -}}
|
||||
{{- $overrideKey := .overrideKey | default "fullnameOverride" -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $key := "" -}}
|
||||
{{- if .appKey -}}
|
||||
{{- $appKey := ternary (list .appKey) .appKey (kindIs "string" .appKey) -}}
|
||||
{{- $ctx := . -}}
|
||||
{{- $values := $Values -}}
|
||||
{{- range $ak := $appKey }}
|
||||
{{- $values = ternary (default dict) (index $values $ak | default dict) (empty $values) -}}
|
||||
{{- $ctx = ternary (default dict) (index $ctx $ak | default dict) (empty $ctx) -}}
|
||||
{{- if and (empty $values) (empty $ctx) -}}
|
||||
{{- fail (printf "No data for appKey %s" (join "->" $appKey)) -}}
|
||||
{{- end -}}
|
||||
{{- if and (kindIs "map" $values) (index $values $overrideKey) -}}
|
||||
{{- $key = index $values $overrideKey -}}
|
||||
{{- else if and (kindIs "map" $ctx) (index $ctx $overrideKey) -}}
|
||||
{{- $key = index $ctx $overrideKey -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- if and (empty $key) .fallback -}}
|
||||
{{- $key = include "vm.internal.key.default" . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $key -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.internal.key.default" -}}
|
||||
{{- with .appKey -}}
|
||||
{{- $key := ternary (list .) . (kindIs "string" .) -}}
|
||||
{{- last (without $key "spec") -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /* Create chart name and version as used by the chart label. */ -}}
|
||||
{{- define "vm.chart" -}}
|
||||
{{- include "vm.validate.args" . -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $Chart := (.helm).Chart | default .Chart -}}
|
||||
{{- printf "%s-%s" $Chart.Name $Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- $chart := printf "%s-%s" $Chart.Name $Chart.Version | replace "+" "_" -}}
|
||||
{{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}}
|
||||
{{- $chart -}}
|
||||
{{- else -}}
|
||||
{{- $chart | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- /* Create the name of the service account to use */ -}}
|
||||
@@ -138,14 +183,22 @@ If release name contains chart name it will be used as a full name.
|
||||
{{- toYaml $labels -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.podLabels" -}}
|
||||
{{- include "vm.validate.args" . -}}
|
||||
{{- $Release := (.helm).Release | default .Release -}}
|
||||
{{- $labels := fromYaml (include "vm.selectorLabels" .) -}}
|
||||
{{- $labels = mergeOverwrite $labels (.extraLabels | default dict) -}}
|
||||
{{- $_ := set $labels "app.kubernetes.io/managed-by" $Release.Service -}}
|
||||
{{- toYaml $labels -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /* Common labels */ -}}
|
||||
{{- define "vm.labels" -}}
|
||||
{{- include "vm.validate.args" . -}}
|
||||
{{- $Chart := (.helm).Chart | default .Chart -}}
|
||||
{{- $labels := fromYaml (include "vm.selectorLabels" .) -}}
|
||||
{{- $labels = mergeOverwrite $labels (fromYaml (include "vm.metaLabels" .)) -}}
|
||||
{{- with $Chart.AppVersion -}}
|
||||
{{- $_ := set $labels "app.kubernetes.io/version" ($Chart.AppVersion) -}}
|
||||
{{- with (include "vm.image.tag" .) }}
|
||||
{{- $_ := set $labels "app.kubernetes.io/version" (regexReplaceAll "(.*)(@sha.*)" . "${1}") -}}
|
||||
{{- end -}}
|
||||
{{- toYaml $labels -}}
|
||||
{{- end -}}
|
||||
@@ -154,28 +207,20 @@ If release name contains chart name it will be used as a full name.
|
||||
{{- include "vm.validate.args" . -}}
|
||||
{{- $Release := (.helm).Release | default .Release -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- default $Release.Name $Values.argocdReleaseOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- $release := default $Release.Name $Values.argocdReleaseOverride -}}
|
||||
{{- if or ($Values.global).disableNameTruncation $Values.disableNameTruncation -}}
|
||||
{{- $release -}}
|
||||
{{- else -}}
|
||||
{{- $release | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.app.name" -}}
|
||||
{{- if .appKey -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $Chart := (.helm).Chart | default .Chart -}}
|
||||
{{- $values := $Values -}}
|
||||
{{- $global := (index $Values.global $Chart.Name) | default dict -}}
|
||||
{{- $appKey := ternary (list .appKey) .appKey (kindIs "string" .appKey) -}}
|
||||
{{- $name := last $appKey }}
|
||||
{{- range $ak := $appKey }}
|
||||
{{- $values = (index $values $ak) | default dict -}}
|
||||
{{- $global = (index $global $ak) | default dict -}}
|
||||
{{- if $values.name -}}
|
||||
{{- $name = $values.name -}}
|
||||
{{- else if $global.name -}}
|
||||
{{- $name = $global.name -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $name -}}
|
||||
{{- end -}}
|
||||
{{- $_ := set . "overrideKey" "name" -}}
|
||||
{{- $_ := set . "fallback" true -}}
|
||||
{{- tpl (include "vm.internal.key" .) . -}}
|
||||
{{- $_ := unset . "overrideKey" -}}
|
||||
{{- $_ := unset . "fallback" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /* Selector labels */ -}}
|
||||
@@ -184,7 +229,11 @@ If release name contains chart name it will be used as a full name.
|
||||
{{- $_ := set $labels "app.kubernetes.io/name" (include "vm.name" .) -}}
|
||||
{{- $_ := set $labels "app.kubernetes.io/instance" (include "vm.release" .) -}}
|
||||
{{- with (include "vm.app.name" .) -}}
|
||||
{{- $_ := set $labels "app" . -}}
|
||||
{{- if eq $.style "managed" -}}
|
||||
{{- $_ := set $labels "app.kubernetes.io/component" (printf "%s-%s" (include "vm.name" $) .) -}}
|
||||
{{- else -}}
|
||||
{{- $_ := set $labels "app" . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- toYaml $labels -}}
|
||||
{{- end }}
|
||||
|
||||
@@ -2,12 +2,25 @@
|
||||
Victoria Metrics Image
|
||||
*/}}
|
||||
{{- define "vm.image" -}}
|
||||
{{- $image := (fromYaml (include "vm.internal.image" .)).image | default dict -}}
|
||||
{{- $tag := include "vm.image.tag" . -}}
|
||||
{{- if empty $image.repository -}}
|
||||
{{- fail "cannot create image without `.repository` defined" -}}
|
||||
{{- end -}}
|
||||
{{- $result := tpl (printf "%s:%s" $image.repository $tag) . -}}
|
||||
{{- with $image.registry | default "" -}}
|
||||
{{- $result = (printf "%s/%s" . $result) -}}
|
||||
{{- end -}}
|
||||
{{- $result -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.image.tag" -}}
|
||||
{{- $Chart := (.helm).Chart | default .Chart -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $tag := .app.image.tag -}}
|
||||
{{- $image := (fromYaml (include "vm.internal.image" .)).image | default dict -}}
|
||||
{{- $tag := $image.tag -}}
|
||||
{{- if empty $tag }}
|
||||
{{- $tag = $Chart.AppVersion -}}
|
||||
{{- $variant := .app.image.variant }}
|
||||
{{- $variant := $image.variant }}
|
||||
{{- if eq (include "vm.enterprise.disabled" .) "false" -}}
|
||||
{{- if $variant }}
|
||||
{{- $variant = printf "enterprise-%s" $variant }}
|
||||
@@ -19,9 +32,30 @@ Victoria Metrics Image
|
||||
{{- $tag = (printf "%s-%s" $tag .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $image := tpl (printf "%s:%s" .app.image.repository $tag) . -}}
|
||||
{{- with .app.image.registry | default (($Values.global).image).registry | default "" -}}
|
||||
{{- $image = (printf "%s/%s" . $image) -}}
|
||||
{{- end -}}
|
||||
{{- $image -}}
|
||||
{{- $tag -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.internal.image" -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $values := $Values -}}
|
||||
{{- $ctx := . -}}
|
||||
{{- with .appKey -}}
|
||||
{{- $appKey := ternary (list .) . (kindIs "string" .) -}}
|
||||
{{- range $ak := $appKey -}}
|
||||
{{- $values = ternary (default dict) (index $values $ak | default dict) (empty $values) -}}
|
||||
{{- $ctx = ternary (default dict) (index $ctx $ak | default dict) (empty $ctx) -}}
|
||||
{{- if and (empty $values) (empty $ctx) -}}
|
||||
{{- fail (printf "No data for appKey %s" (join "->" $appKey)) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- $image := ternary $ctx.image $values.image (hasKey $ctx "image") -}}
|
||||
{{- if not $image.registry }}
|
||||
{{- if (($Values.global).image).registry -}}
|
||||
{{- $_ := set $image "registry" (($Values.global).image).registry -}}
|
||||
{{- else if hasKey $image "registry" -}}
|
||||
{{- $_ := unset $image "registry" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- toYaml (dict "image" $image) -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -24,16 +24,13 @@ Usage:
|
||||
{{- include "vm.securityContext" (dict "securityContext" .Values.containerSecurityContext "helm" .) -}}
|
||||
*/ -}}
|
||||
{{- define "vm.securityContext" -}}
|
||||
{{- $securityContext := .securityContext -}}
|
||||
{{- $securityContext := omit .securityContext "enabled" -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $adaptMode := (((($Values).global).compatibility).openshift).adaptSecurityContext | default "" -}}
|
||||
{{- if or (eq $adaptMode "force") (and (eq $adaptMode "auto") (include "vm.isOpenshift" .)) -}}
|
||||
{{- $securityContext = omit $securityContext "fsGroup" "runAsUser" "runAsGroup" -}}
|
||||
{{- if not $securityContext.seLinuxOptions -}}
|
||||
{{- $securityContext = omit $securityContext "seLinuxOptions" -}}
|
||||
{{- end -}}
|
||||
{{- $securityContext = omit $securityContext "fsGroup" "runAsUser" "runAsGroup" "seLinuxOptions" -}}
|
||||
{{- end -}}
|
||||
{{- omit $securityContext "enabled" | toYaml -}}
|
||||
{{- toYaml $securityContext -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /*
|
||||
@@ -75,7 +72,11 @@ HTTP GET probe path
|
||||
HTTP GET probe scheme
|
||||
*/ -}}
|
||||
{{- define "vm.probe.http.scheme" -}}
|
||||
{{- ternary "HTTPS" "HTTP" (.app.extraArgs.tls | default false) -}}
|
||||
{{- $isSecure := false -}}
|
||||
{{- with ((.app).extraArgs).tls -}}
|
||||
{{- $isSecure = eq (toString .) "true" -}}
|
||||
{{- end -}}
|
||||
{{- ternary "HTTPS" "HTTP" $isSecure -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- /*
|
||||
@@ -86,12 +87,12 @@ Net probe port
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm.arg" -}}
|
||||
{{- if empty .value }}
|
||||
{{- if and (empty .value) (kindIs "string" .value) (ne (toString .list) "true") }}
|
||||
{{- .key -}}
|
||||
{{- else if and (kindIs "bool" .value) .value -}}
|
||||
{{- else if eq (toString .value) "true" -}}
|
||||
-{{ ternary "" "-" (eq (len .key) 1) }}{{ .key }}
|
||||
{{- else -}}
|
||||
-{{ ternary "" "-" (eq (len .key) 1) }}{{ .key }}={{ .value }}
|
||||
-{{ ternary "" "-" (eq (len .key) 1) }}{{ .key }}={{ ternary (toJson .value | squote) .value (has (kindOf .value) (list "map" "slice")) }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -106,7 +107,7 @@ command line arguments
|
||||
{{- end -}}
|
||||
{{- if kindIs "slice" $value -}}
|
||||
{{- range $v := $value -}}
|
||||
{{- $args = append $args (include "vm.arg" (dict "key" $key "value" $v)) -}}
|
||||
{{- $args = append $args (include "vm.arg" (dict "key" $key "value" $v "list" true)) -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- $args = append $args (include "vm.arg" (dict "key" $key "value" $value)) -}}
|
||||
|
||||
@@ -2,11 +2,13 @@
|
||||
{{- define "vm.service" -}}
|
||||
{{- include "vm.validate.args" . -}}
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- $nameTpl := "vm.fullname" }}
|
||||
{{- $nameTpl := "" -}}
|
||||
{{- if eq .style "managed" -}}
|
||||
{{- $nameTpl = "vm.managed.fullname" }}
|
||||
{{- else if eq .style "plain" -}}
|
||||
{{- $nameTpl = "vm.plain.fullname" }}
|
||||
{{- else -}}
|
||||
{{- fail ".style argument should be either `plain` or `managed`"}}
|
||||
{{- end -}}
|
||||
{{- include $nameTpl . -}}
|
||||
{{- end }}
|
||||
@@ -32,18 +34,26 @@
|
||||
{{- $Values := (.helm).Values | default .Values -}}
|
||||
{{- if .appKey -}}
|
||||
{{- $appKey := ternary (list .appKey) .appKey (kindIs "string" .appKey) -}}
|
||||
{{- $spec := $Values -}}
|
||||
{{- $values := $Values -}}
|
||||
{{- $ctx := . -}}
|
||||
{{- range $ak := $appKey -}}
|
||||
{{- if index $spec $ak -}}
|
||||
{{- $spec = (index $spec $ak) -}}
|
||||
{{- end -}}
|
||||
{{- if and (kindIs "map" $spec) (hasKey $spec "spec") -}}
|
||||
{{- $spec = $spec.spec -}}
|
||||
{{- end -}}
|
||||
{{- $values = ternary (default dict) (index $values $ak | default dict) (empty $values) -}}
|
||||
{{- $ctx = ternary (default dict) (index $ctx $ak | default dict) (empty $ctx) -}}
|
||||
{{- end -}}
|
||||
{{- $spec := default dict -}}
|
||||
{{- if $ctx -}}
|
||||
{{- $spec = $ctx -}}
|
||||
{{- else if $values -}}
|
||||
{{- $spec = $values -}}
|
||||
{{- end -}}
|
||||
{{- with ($spec.extraArgs).tls -}}
|
||||
{{- $isSecure = eq (toString .) "true" -}}
|
||||
{{- end -}}
|
||||
{{- $isSecure = (eq ($spec.extraArgs).tls "true") | default $isSecure -}}
|
||||
{{- $port = (ternary 443 80 $isSecure) -}}
|
||||
{{- $port = $spec.port | default ($spec.service).servicePort | default $port -}}
|
||||
{{- $port = $spec.port | default ($spec.service).servicePort | default ($spec.service).port | default $port -}}
|
||||
{{- if hasKey . "appIdx" -}}
|
||||
{{- $port = (include "vm.port.from.flag" (dict "flag" ($spec.extraArgs).httpListenAddr "default" $port)) -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- $fqdn }}:{{ $port }}
|
||||
{{- end -}}
|
||||
@@ -56,18 +66,23 @@
|
||||
{{- $isSecure := ternary false true (empty .appSecure) -}}
|
||||
{{- if .appKey -}}
|
||||
{{- $appKey := ternary (list .appKey) .appKey (kindIs "string" .appKey) -}}
|
||||
{{- $spec := $Values -}}
|
||||
{{- $values := $Values -}}
|
||||
{{- $ctx := . -}}
|
||||
{{- range $ak := $appKey -}}
|
||||
{{- if index $spec $ak -}}
|
||||
{{- $spec = (index $spec $ak) -}}
|
||||
{{- end -}}
|
||||
{{- if and (kindIs "map" $spec) (hasKey $spec "spec") -}}
|
||||
{{- $spec = $spec.spec -}}
|
||||
{{- end -}}
|
||||
{{- $values = ternary (default dict) (index $values $ak | default dict) (empty $values) -}}
|
||||
{{- $ctx = ternary (default dict) (index $ctx $ak | default dict) (empty $ctx) -}}
|
||||
{{- end -}}
|
||||
{{- $spec := default dict -}}
|
||||
{{- if $values -}}
|
||||
{{- $spec = $values -}}
|
||||
{{- else if $ctx -}}
|
||||
{{- $spec = $ctx -}}
|
||||
{{- end -}}
|
||||
{{- with ($spec.extraArgs).tls -}}
|
||||
{{- $isSecure = eq (toString .) "true" -}}
|
||||
{{- end -}}
|
||||
{{- $isSecure = (eq ($spec.extraArgs).tls "true") | default $isSecure -}}
|
||||
{{- $proto = (ternary "https" "http" $isSecure) -}}
|
||||
{{- $path = dig "http.pathPrefix" $path ($spec.extraArgs | default dict) -}}
|
||||
{{- end -}}
|
||||
{{- printf "%s://%s%s" $proto $host $path -}}
|
||||
{{- printf "%s://%s%s" $proto $host (trimSuffix "/" $path) -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
unitTest: false
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,4 +1,4 @@
|
||||
{{ $.Chart.Name }} has been installed. Check its status by running:
|
||||
{{ include "vm.name" . }} has been installed. Check its status by running:
|
||||
kubectl --namespace {{ include "vm.namespace" . }} get pods -l "app.kubernetes.io/instance={{ $.Release.Name }}"
|
||||
|
||||
Get more information on https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-operator.
|
||||
|
||||
@@ -1,82 +1,9 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "vm-operator.name" -}}
|
||||
{{- $Chart :=(.helm).Chart | default .Chart -}}
|
||||
{{- $Values :=(.helm).Values | default .Values -}}
|
||||
{{- default $Chart.Name $Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "vm-operator.cleanup.annotations" -}}
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-weight": "{{ .hookWeight }}"
|
||||
"helm.sh/hook-delete-policy": before-hook-creation
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "vm-operator.fullname" -}}
|
||||
{{- $Values :=(.helm).Values | default .Values -}}
|
||||
{{- $Release :=(.helm).Release | default .Release -}}
|
||||
{{- $Chart := (.helm).Chart | default .Chart -}}
|
||||
{{- if $Values.fullnameOverride -}}
|
||||
{{- $Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default $Chart.Name $Values.nameOverride -}}
|
||||
{{- if contains $name $Release.Name -}}
|
||||
{{- $Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" $Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "vm-operator.chart" -}}
|
||||
{{- $Chart := (.helm).Chart | default .Chart -}}
|
||||
{{- printf "%s-%s" $Chart.Name $Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account
|
||||
*/}}
|
||||
{{- define "vm-operator.serviceAccountName" -}}
|
||||
{{- $Values := (.helm).Values | default .Values }}
|
||||
{{- if $Values.serviceAccount.create -}}
|
||||
{{ default (include "vm-operator.fullname" .) $Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" $Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "vm-operator.selectorLabels" -}}
|
||||
{{- $Release := (.helm).Release | default .Release -}}
|
||||
app.kubernetes.io/name: {{ include "vm-operator.name" . }}
|
||||
app.kubernetes.io/instance: {{ $Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- with .extraLabels }}
|
||||
{{ toYaml . }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create unified labels for vm-operator components
|
||||
*/}}
|
||||
{{- define "vm-operator.labels" -}}
|
||||
{{- include "vm-operator.selectorLabels" . }}
|
||||
{{- $Release := (.helm).Release | default .Release }}
|
||||
helm.sh/chart: {{ include "vm-operator.chart" . }}
|
||||
app.kubernetes.io/managed-by: {{ $Release.Service | trunc 63 | trimSuffix "-" }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create unified annotations for vm-operator components
|
||||
*/}}
|
||||
@@ -87,13 +14,6 @@ meta.helm.sh/release-namespace: {{ include "vm.namespace" . }}
|
||||
meta.helm.sh/release-name: {{ $Release.Name }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of service account and clusterRole for cleanup-hook
|
||||
*/}}
|
||||
{{- define "vm-operator.cleanupHookName" -}}
|
||||
{{- include "vm-operator.fullname" . }}-cleanup-hook
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Generate certificates for webhook
|
||||
*/}}
|
||||
@@ -102,8 +22,8 @@ Generate certificates for webhook
|
||||
{{- $Release := (.helm).Release | default .Release }}
|
||||
{{- $webhook := $Values.admissionWebhooks -}}
|
||||
{{- $tls := $webhook.tls -}}
|
||||
{{- $serviceName := (include "vm-operator.fullname" .) -}}
|
||||
{{- $secretName := (printf "%s-validation" $serviceName) -}}
|
||||
{{- $fullname := (include "vm.plain.fullname" .) -}}
|
||||
{{- $secretName := (printf "%s-validation" $fullname) -}}
|
||||
{{- $secret := lookup "v1" "Secret" (include "vm.namespace" .) $secretName -}}
|
||||
{{- if (and $tls.caCert $tls.cert $tls.key) -}}
|
||||
caCert: {{ $tls.caCert | b64enc }}
|
||||
@@ -115,12 +35,12 @@ clientCert: {{ index $secret.data "tls.crt" }}
|
||||
clientKey: {{ index $secret.data "tls.key" }}
|
||||
{{- else -}}
|
||||
{{- $altNames := default list -}}
|
||||
{{- $namePrefix := (printf "%s.%s" $serviceName (include "vm.namespace" .)) -}}
|
||||
{{- $namePrefix := (printf "%s.%s" $fullname (include "vm.namespace" .)) -}}
|
||||
{{- $altNames = append $altNames $namePrefix -}}
|
||||
{{- $altNames = append $altNames (printf "%s.svc" $namePrefix) -}}
|
||||
{{- $altNames = append $altNames (printf "%s.svc.%s" $namePrefix $Values.global.cluster.dnsDomain) -}}
|
||||
{{- $ca := genCA "vm-operator-ca" 3650 -}}
|
||||
{{- $cert := genSignedCert $serviceName nil $altNames 3650 $ca -}}
|
||||
{{- $cert := genSignedCert $fullname nil $altNames 3650 $ca -}}
|
||||
caCert: {{ $ca.Cert | b64enc }}
|
||||
clientCert: {{ $cert.Cert | b64enc }}
|
||||
clientKey: {{ $cert.Key | b64enc }}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{{- if .Values.crds.cleanup.enabled }}
|
||||
{{- if and .Values.crds.enabled .Values.crds.cleanup.enabled }}
|
||||
{{- $app := .Values.crds.cleanup }}
|
||||
{{- if empty ($app.image).tag }}
|
||||
{{- $tag := (printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor) | replace "+" "" -}}
|
||||
@@ -6,27 +6,31 @@
|
||||
{{- else if not (kindIs "string" ($app.image).tag) }}
|
||||
{{- fail "`crd.cleanup.image.tag` is not string, most probably you need to enquote provided value" -}}
|
||||
{{- end }}
|
||||
{{- $ctx := dict "helm" . "noEnterprise" true }}
|
||||
{{- $fullname := include "vm.plain.fullname" $ctx }}
|
||||
{{- $ns := include "vm.namespace" $ctx }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}-cleanup-hook
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
labels: {{ include "vm-operator.labels" . | nindent 4 }}
|
||||
name: {{ $fullname }}-cleanup-hook
|
||||
namespace: {{ $ns }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
annotations: {{ include "vm-operator.cleanup.annotations" (dict "hookWeight" "-3") | nindent 4 }}
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
name: {{ .Release.Name }}
|
||||
labels: {{ include "vm-operator.labels" . | nindent 8 }}
|
||||
name: {{ $fullname }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ include "vm-operator.fullname" . }}-cleanup-hook
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
serviceAccountName: {{ $fullname }}-cleanup-hook
|
||||
{{- with (.Values.imagePullSecrets | default .Values.global.imagePullSecrets) }}
|
||||
imagePullSecrets: {{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: kubectl
|
||||
image: {{ include "vm.image" (dict "helm" . "app" $app) }}
|
||||
{{- $_ := set $ctx "appKey" (list "crds" "cleanup") }}
|
||||
image: {{ include "vm.image" $ctx }}
|
||||
imagePullPolicy: {{ $app.image.pullPolicy }}
|
||||
resources: {{ toYaml $app.resources | nindent 12 }}
|
||||
args:
|
||||
|
||||
@@ -1,37 +1,41 @@
|
||||
{{- $ctx := dict "helm" . }}
|
||||
{{- $fullname := include "vm.plain.fullname" $ctx }}
|
||||
{{- $ns := include "vm.namespace" $ctx }}
|
||||
{{- if .Values.rbac.create }}
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}
|
||||
{{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }}
|
||||
labels: {{ include "vm-operator.labels" $ctx | nindent 4 }}
|
||||
name: {{ $fullname }}
|
||||
{{- $_ := set $ctx "extraLabels" .Values.extraLabels }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
{{- $_ := unset $ctx "extraLabels" }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "vm-operator.serviceAccountName" . }}
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
name: {{ (.Values.serviceAccount).name | default $fullname }}
|
||||
namespace: {{ $ns }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: {{ include "vm-operator.fullname" . }}
|
||||
name: {{ $fullname }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
||||
{{- if .Values.crds.cleanup.enabled }}
|
||||
{{- if and .Values.crds.enabled .Values.crds.cleanup.enabled }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}-cleanup-hook
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
labels: {{ include "vm-operator.labels" . | nindent 4 }}
|
||||
name: {{ $fullname }}-cleanup-hook
|
||||
namespace: {{ $ns }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
annotations: {{ include "vm-operator.cleanup.annotations" (dict "hookWeight" "-4") | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ include "vm-operator.fullname" . }}-cleanup-hook
|
||||
name: {{ $fullname }}-cleanup-hook
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "vm-operator.fullname" . }}-cleanup-hook
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
name: {{ $fullname }}-cleanup-hook
|
||||
namespace: {{ $ns }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,15 +1,22 @@
|
||||
{{- /* do not update crds here, please update in /victoria-metrics-operator/crd.yaml */ -}}
|
||||
{{- /* this is used to add "helm.sh/resource-policy: keep" annotation for each crd */ -}}
|
||||
{{- /* see this pull request https://github.com/VictoriaMetrics/helm-charts/pull/771 for details */ -}}
|
||||
{{- if not .Values.crds.plain }}
|
||||
{{- $ctx := dict "helm" . }}
|
||||
{{- if and .Values.crds.plain (not .Values.crds.enabled) }}
|
||||
{{- fail "When CRDs are disabled (`crds.enabled: false`) you need to disable plain CRD rendering (`crds.plain: false`)" -}}
|
||||
{{- end -}}
|
||||
{{- if and (not .Values.crds.plain) .Values.crds.enabled }}
|
||||
{{- $files := .Files }}
|
||||
{{- $crds := $files.Get "crd.yaml" | splitList "---" }}
|
||||
{{- $labels := (include "vm-operator.labels" .) | fromYaml -}}
|
||||
{{- $annotations := (include "vm-operator.crds.annotations" .) | fromYaml -}}
|
||||
{{- $labels := (include "vm.labels" $ctx) | fromYaml -}}
|
||||
{{- $annotations := mergeOverwrite ((include "vm-operator.crds.annotations" .) | fromYaml) .Values.crds.annotations -}}
|
||||
{{- $extra := dict "metadata" (dict "annotations" $annotations "labels" $labels) -}}
|
||||
{{- range $crds }}
|
||||
{{- $crd := . | fromYaml }}
|
||||
{{- toYaml (merge $crd $extra) }}
|
||||
{{- $crd := merge (fromYaml .) $extra }}
|
||||
{{- range $attrKey, $attrValue := $crd }}
|
||||
{{- $attrKey }}: {{ toJson $attrValue }}
|
||||
{{- printf "\n" -}}
|
||||
{{ end }}
|
||||
{{- print "\n---\n" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,39 +1,47 @@
|
||||
{{- $ctx := dict "helm" . "noEnterprise" true }}
|
||||
{{- $fullname := include "vm.plain.fullname" $ctx }}
|
||||
{{- $ns := include "vm.namespace" $ctx }}
|
||||
---
|
||||
{{- if hasKey .Values "watchNamespace" }}
|
||||
{{- fail "`watchNamespace` is deprecated Please use `watchNamespaces` slice instead" -}}
|
||||
{{- end }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
{{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }}
|
||||
labels: {{ include "vm-operator.labels" $ctx | nindent 4 }}
|
||||
name: {{ $fullname }}
|
||||
namespace: {{ $ns }}
|
||||
{{- $_ := set $ctx "extraLabels" .Values.extraLabels }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
{{- $_ := unset $ctx "extraLabels" }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{.Values.replicaCount}}
|
||||
replicas: {{.Values.replicaCount }}
|
||||
selector:
|
||||
matchLabels: {{ include "vm-operator.selectorLabels" . | nindent 6 }}
|
||||
matchLabels: {{ include "vm.selectorLabels" $ctx | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
{{- with .Values.annotations }}
|
||||
annotations: {{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- $_ := set $ctx "extraLabels" .Values.podLabels }}
|
||||
labels: {{ include "vm-operator.selectorLabels" $ctx | nindent 8}}
|
||||
labels: {{ include "vm.podLabels" $ctx | nindent 8 }}
|
||||
{{- $_ := unset $ctx "extraLabels" }}
|
||||
spec:
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{ include "vm.securityContext" (dict "securityContext" .Values.podSecurityContext "helm" .) | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ include "vm-operator.serviceAccountName" . }}
|
||||
{{- if .Values.hostNetwork }}
|
||||
hostNetwork: true
|
||||
{{- end }}
|
||||
{{- if or (.Values.serviceAccount).name (.Values.serviceAccount).create }}
|
||||
serviceAccountName: {{ (.Values.serviceAccount).name | default $fullname }}
|
||||
{{- end }}
|
||||
{{- with (.Values.imagePullSecrets | default .Values.global.imagePullSecrets) }}
|
||||
imagePullSecrets: {{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: operator
|
||||
image: {{ include "vm.image" (dict "helm" . "app" .Values ) }}
|
||||
image: {{ include "vm.image" $ctx }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
{{- with .Values.envFrom }}
|
||||
envFrom: {{ toYaml . | nindent 12 }}
|
||||
@@ -128,6 +136,9 @@ spec:
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector: {{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.priorityClassName }}
|
||||
priorityClassName: {{ . }}
|
||||
{{- end }}
|
||||
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
|
||||
{{- with .Values.lifecycle }}
|
||||
lifecycle: {{ toYaml . | nindent 8 }}
|
||||
@@ -141,7 +152,7 @@ spec:
|
||||
- {{ toYaml $constraint | nindent 10 | trim }}
|
||||
{{- if not $constraint.labelSelector }}
|
||||
labelSelector:
|
||||
matchLabels: {{ include "vm-operator.selectorLabels" $ | nindent 14 }}
|
||||
matchLabels: {{ include "vm.selectorLabels" $ctx | nindent 14 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -153,7 +164,7 @@ spec:
|
||||
- name: cert
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: {{ include "vm-operator.fullname" . }}-validation
|
||||
secretName: {{ $fullname }}-validation
|
||||
{{- end }}
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- toYaml .| nindent 8 }}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{{ range .Values.extraObjects }}
|
||||
---
|
||||
{{ tpl (toYaml .) $ }}
|
||||
{{ tpl (ternary . (toYaml .) (typeIs "string" .)) $ }}
|
||||
{{ end }}
|
||||
|
||||
@@ -0,0 +1,48 @@
|
||||
{{- $monitor := .Values.serviceMonitor }}
|
||||
{{- if $monitor.enabled -}}
|
||||
{{- $annotations := mustMerge $monitor.annotations .Values.annotations -}}
|
||||
{{- $labels := mustMerge $monitor.extraLabels .Values.extraLabels -}}
|
||||
{{- $ctx := dict "helm" . }}
|
||||
{{- $fullname := include "vm.plain.fullname" $ctx }}
|
||||
{{- $ns := include "vm.namespace" $ctx }}
|
||||
apiVersion: {{ ternary "operator.victoriametrics.com/v1beta1" "monitoring.coreos.com/v1" $monitor.vm }}
|
||||
kind: {{ ternary "VMServiceScrape" "ServiceMonitor" $monitor.vm }}
|
||||
metadata:
|
||||
name: {{ $fullname }}
|
||||
namespace: {{ $ns }}
|
||||
{{- $_ := set $ctx "extraLabels" $labels }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
{{- $_ := unset $ctx "extraLabels" }}
|
||||
{{- with $annotations }}
|
||||
annotations: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels: {{ include "vm.selectorLabels" $ctx | nindent 6 }}
|
||||
endpoints:
|
||||
- port: http
|
||||
{{- with $monitor.scheme }}
|
||||
scheme: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $monitor.interval }}
|
||||
interval: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $monitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $monitor.tlsConfig }}
|
||||
tlsConfig: {{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $monitor.relabelings }}
|
||||
{{ ternary "relabelConfigs" "relabelings" $monitor.vm }}: {{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $monitor.basicAuth }}
|
||||
basicAuth: {{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $monitor.proxyURL }}
|
||||
{{ ternary "proxyURL" "proxyUrl" $monitor.vm }}: {{ . }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ $ns }}
|
||||
{{- end }}
|
||||
@@ -1,18 +1,23 @@
|
||||
{{- if .Values.podDisruptionBudget.enabled }}
|
||||
{{- $pdb := .Values.podDisruptionBudget }}
|
||||
{{- if $pdb.enabled }}
|
||||
{{- $ctx := dict "helm" . }}
|
||||
{{- $fullname := include "vm.plain.fullname" $ctx }}
|
||||
{{- $ns := include "vm.namespace" $ctx }}
|
||||
apiVersion: policy/v1
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
{{- $ctx := dict "helm" . "extraLabels" .Values.podDisruptionBudget.labels }}
|
||||
labels: {{ include "vm-operator.labels" $ctx | nindent 4 }}
|
||||
name: {{ $fullname }}
|
||||
namespace: {{ $ns }}
|
||||
{{- $_ := set $ctx "extraLabels" $pdb.labels }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
{{- $_ := unset $ctx "extraLabels" }}
|
||||
spec:
|
||||
{{- with .Values.podDisruptionBudget.minAvailable }}
|
||||
{{- with $pdb.minAvailable }}
|
||||
minAvailable: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.podDisruptionBudget.maxUnavailable }}
|
||||
{{- with $pdb.maxUnavailable }}
|
||||
maxUnavailable: {{ . }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels: {{ include "vm-operator.selectorLabels" . | nindent 6 }}
|
||||
matchLabels: {{ include "vm.selectorLabels" $ctx | nindent 6 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,20 +1,24 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
{{- $ctx := dict "helm" . }}
|
||||
{{- $fullname := include "vm.plain.fullname" $ctx }}
|
||||
{{- $ns := include "vm.namespace" $ctx }}
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
{{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }}
|
||||
labels: {{ include "vm-operator.labels" $ctx | nindent 4 }}
|
||||
name: {{ $fullname }}
|
||||
namespace: {{ $ns }}
|
||||
{{- $_ := set $ctx "extraLabels" .Values.extraLabels }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
{{- $_ := unset $ctx "extraLabels" }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "vm-operator.serviceAccountName" . }}
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
name: {{ (.Values.serviceAccount).name | default $fullname }}
|
||||
namespace: {{ $ns }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "vm-operator.fullname" . }}
|
||||
name: {{ $fullname }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
||||
|
||||
@@ -20,18 +20,20 @@
|
||||
{{- end -}}
|
||||
|
||||
{{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }}
|
||||
{{- $fullname := include "vm.plain.fullname" $ctx }}
|
||||
{{- $ns := include "vm.namespace" $ctx }}
|
||||
|
||||
{{- if .Values.rbac.create }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}
|
||||
labels: {{ include "vm-operator.labels" $ctx | nindent 4 }}
|
||||
name: {{ $fullname }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
namespace: {{ $ns }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
@@ -43,22 +45,20 @@ rules:
|
||||
- leases
|
||||
|
||||
{{- $watchNamespaces := (fromYaml (tpl (toYaml (dict "ns" .Values.watchNamespaces)) .)).ns }}
|
||||
{{- $selfNamespace := (include "vm.namespace" .) }}
|
||||
{{- $selfNamespace := $ns }}
|
||||
{{- $watchSelfNamespace := (and (eq (len $watchNamespaces) 1) (eq (first $watchNamespaces) $selfNamespace)) }}
|
||||
{{- if not $watchSelfNamespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ template "vm-operator.fullname" . }}
|
||||
labels: {{ include "vm-operator.labels" $ctx | nindent 4 }}
|
||||
name: {{ $fullname }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- nonResourceURLs:
|
||||
- /metrics
|
||||
- /metrics/resources
|
||||
- nonResourceURLs: {{ toYaml .Values.allowedMetricsEndpoints | nindent 2 }}
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
@@ -97,6 +97,8 @@ rules:
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- daemonsets
|
||||
- daemonsets/finalizers
|
||||
- deployments
|
||||
- deployments/finalizers
|
||||
- replicasets
|
||||
@@ -177,14 +179,14 @@ rules:
|
||||
{{ toYaml . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.crds.cleanup.enabled }}
|
||||
{{- if and .Values.crds.enabled .Values.crds.cleanup.enabled }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}-cleanup-hook
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
labels: {{ include "vm-operator.labels" . | nindent 4 }}
|
||||
name: {{ $fullname }}-cleanup-hook
|
||||
namespace: {{ $ns }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
annotations: {{ include "vm-operator.cleanup.annotations" (dict "hookWeight" "-5") | nindent 4 }}
|
||||
rules: {{ toYaml $rules.admin | nindent 2 }}
|
||||
{{- end }}
|
||||
@@ -195,22 +197,22 @@ rules: {{ toYaml $rules.admin | nindent 2 }}
|
||||
{{- /* kubernetes clusterrole aggregation feature to include these */ -}}
|
||||
{{- /* cluster roles into the default view and admin roles */ -}}
|
||||
{{- /* See https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles */}}
|
||||
---
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: victoriametrics:admin
|
||||
name: {{ $fullname }}-victoriametrics-admin
|
||||
labels:
|
||||
{{- include "vm-operator.labels" . | nindent 4 }}
|
||||
{{- include "vm.labels" $ctx | nindent 4 }}
|
||||
{{- .Values.rbac.aggregatedClusterRoles.labels.admin | toYaml | nindent 4 }}
|
||||
rules: {{ toYaml $rules.admin | nindent 2 }}
|
||||
rules: {{ toYaml ($rules.admin | default list) | nindent 2 }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: victoriametrics:view
|
||||
name: {{ $fullname }}-victoriametrics-view
|
||||
labels:
|
||||
{{- include "vm-operator.labels" . | nindent 4 }}
|
||||
{{- include "vm.labels" $ctx | nindent 4 }}
|
||||
{{- .Values.rbac.aggregatedClusterRoles.labels.view | toYaml | nindent 4 }}
|
||||
rules: {{ toYaml $rules.view | nindent 2 }}
|
||||
rules: {{ toYaml ($rules.view | default list) | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,45 +1,50 @@
|
||||
{{- $service := .Values.service }}
|
||||
{{- $ctx := dict "helm" . }}
|
||||
{{- $fullname := include "vm.plain.fullname" $ctx }}
|
||||
{{- $ns := include "vm.namespace" $ctx }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
{{- with .Values.service.annotations }}
|
||||
namespace: {{ $ns }}
|
||||
{{- with $service.annotations }}
|
||||
annotations: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }}
|
||||
labels: {{ include "vm-operator.labels" $ctx | nindent 4 }}
|
||||
name: {{ include "vm-operator.fullname" . }}
|
||||
{{- $_ := set $ctx "extraLabels" .Values.extraLabels }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
{{- $_ := unset $ctx "extraLabels" }}
|
||||
name: {{ $fullname }}
|
||||
spec:
|
||||
{{- with .Values.service.clusterIP }}
|
||||
{{- with $service.clusterIP }}
|
||||
clusterIP: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.externalIPs }}
|
||||
{{- with $service.externalIPs }}
|
||||
externalIPs: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.loadBalancerIP }}
|
||||
{{- with $service.loadBalancerIP }}
|
||||
loadBalancerIP: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.loadBalancerSourceRanges }}
|
||||
{{- with $service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
type: {{ .Values.service.type }}
|
||||
{{- with .Values.service.healthCheckNodePort }}
|
||||
type: {{ $service.type }}
|
||||
{{- with $service.healthCheckNodePort }}
|
||||
healthCheckNodePort: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.externalTrafficPolicy }}
|
||||
{{- with $service.externalTrafficPolicy }}
|
||||
externalTrafficPolicy: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.ipFamilyPolicy }}
|
||||
{{- with $service.ipFamilyPolicy }}
|
||||
ipFamilyPolicy: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.service.ipFamilies }}
|
||||
{{- with $service.ipFamilies }}
|
||||
ipFamilies: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: http
|
||||
port: {{ .Values.service.servicePort }}
|
||||
port: {{ $service.servicePort }}
|
||||
targetPort: http
|
||||
protocol: TCP
|
||||
- name: webhook
|
||||
port: {{ .Values.service.webhookPort }}
|
||||
port: {{ $service.webhookPort }}
|
||||
targetPort: webhook
|
||||
selector: {{ include "vm-operator.selectorLabels" . | nindent 4 }}
|
||||
selector: {{ include "vm.selectorLabels" $ctx | nindent 4 }}
|
||||
|
||||
@@ -1,22 +1,27 @@
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{- $ctx := dict "helm" . }}
|
||||
{{- $fullname := include "vm.plain.fullname" $ctx }}
|
||||
{{- $ns := include "vm.namespace" $ctx }}
|
||||
{{- $sa := .Values.serviceAccount }}
|
||||
{{- if $sa.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "vm-operator.serviceAccountName" . }}
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
{{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }}
|
||||
labels: {{ include "vm-operator.labels" $ctx | nindent 4 }}
|
||||
name: {{ $sa.name | default $fullname }}
|
||||
namespace: {{ $ns }}
|
||||
{{- $_ := set $ctx "extraLabels" .Values.extraLabels }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
{{- with .Values.annotations }}
|
||||
annotations: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||
{{- end }}
|
||||
{{- if .Values.crds.cleanup.enabled }}
|
||||
{{- if and .Values.crds.enabled .Values.crds.cleanup.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}-cleanup-hook
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
labels: {{ include "vm-operator.labels" . | nindent 4 }}
|
||||
name: {{ $fullname }}-cleanup-hook
|
||||
namespace: {{ $ns }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
annotations: {{ include "vm-operator.cleanup.annotations" (dict "hookWeight" "-5") | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -1,41 +0,0 @@
|
||||
{{- $serviceMonitor := .Values.serviceMonitor }}
|
||||
{{- if $serviceMonitor.enabled -}}
|
||||
{{- $mergedVMServiceScrapeAnnotations := mustMerge $serviceMonitor.annotations .Values.annotations -}}
|
||||
{{- $mergedVMServiceScrapeLabels := mustMerge $serviceMonitor.extraLabels .Values.extraLabels -}}
|
||||
apiVersion: operator.victoriametrics.com/v1beta1
|
||||
kind: VMServiceScrape
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
{{- $ctx := dict "helm" . "extraLabels" $mergedVMServiceScrapeLabels }}
|
||||
labels: {{ include "vm-operator.labels" $ctx | nindent 4 }}
|
||||
{{- with $mergedVMServiceScrapeAnnotations }}
|
||||
annotations: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels: {{ include "vm-operator.selectorLabels" . | nindent 6 }}
|
||||
endpoints:
|
||||
- port: http
|
||||
{{- with $serviceMonitor.scheme }}
|
||||
scheme: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $serviceMonitor.interval }}
|
||||
interval: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $serviceMonitor.scrapeTimeout }}
|
||||
scrapeTimeout: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $serviceMonitor.tlsConfig }}
|
||||
tlsConfig: {{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $serviceMonitor.relabelings }}
|
||||
relabelConfigs: {{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $serviceMonitor.basicAuth }}
|
||||
basicAuth: {{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ include "vm.namespace" . }}
|
||||
{{- end }}
|
||||
@@ -1,27 +1,31 @@
|
||||
{{- if .Values.admissionWebhooks.enabled }}
|
||||
{{- $tls := fromYaml (include "vm-operator.certs" .) }}
|
||||
{{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }}
|
||||
{{- $tls := fromYaml (include "vm-operator.certs" $ctx) }}
|
||||
{{- $fullname := include "vm.plain.fullname" $ctx }}
|
||||
{{- $domain := ((.Values.global).cluster).dnsDomain }}
|
||||
{{- $ns := include "vm.namespace" $ctx }}
|
||||
{{- $certManager := .Values.admissionWebhooks.certManager }}
|
||||
---
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}-admission
|
||||
{{- if .Values.admissionWebhooks.certManager.enabled }}
|
||||
name: {{ $fullname }}-admission
|
||||
{{- if $certManager.enabled }}
|
||||
annotations:
|
||||
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-validation" (include "vm.namespace" .) ( include "vm-operator.fullname" .) | quote }}
|
||||
cert-manager.io/inject-ca-from: {{ printf "%s/%s-validation" (include "vm.namespace" .) (include "vm-operator.fullname" .) | quote }}
|
||||
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-validation" $ns $fullname | quote }}
|
||||
cert-manager.io/inject-ca-from: {{ printf "%s/%s-validation" $ns $fullname | quote }}
|
||||
{{- end }}
|
||||
{{- $ctx := dict "helm" . "extraLabels" .Values.extraLabels }}
|
||||
labels: {{ include "vm-operator.labels" $ctx | nindent 4 }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
webhooks:
|
||||
{{- range $name, $enabled := .Values.admissionWebhooks.enabledCRDValidation }}
|
||||
{{- if $enabled }}
|
||||
- clientConfig:
|
||||
service:
|
||||
namespace: {{ include "vm.namespace" $ }}
|
||||
name: {{ include "vm-operator.fullname" $ }}
|
||||
namespace: {{ $ns }}
|
||||
name: {{ $fullname }}
|
||||
path: /validate-operator-victoriametrics-com-v1beta1-{{ $name }}
|
||||
port: {{ $.Values.service.webhookPort }}
|
||||
{{- if not $.Values.admissionWebhooks.certManager.enabled }}
|
||||
{{- if not $certManager.enabled }}
|
||||
caBundle: {{ $tls.caCert }}
|
||||
{{- end }}
|
||||
failurePolicy: {{ $.Values.admissionWebhooks.policy }}
|
||||
@@ -32,7 +36,7 @@ webhooks:
|
||||
matchExpressions:
|
||||
- key: app.kubernetes.io/name
|
||||
operator: NotIn
|
||||
values: [{{ include "vm-operator.name" $ }}]
|
||||
values: [{{ include "vm.name" $ }}]
|
||||
rules:
|
||||
- apiGroups:
|
||||
- operator.victoriametrics.com
|
||||
@@ -45,69 +49,84 @@ webhooks:
|
||||
- {{ $name }}{{ ternary "" "s" (hasSuffix "s" $name) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.admissionWebhooks.certManager.enabled }}
|
||||
{{- if not .Values.admissionWebhooks.certManager.issuer }}
|
||||
{{- if $certManager.enabled }}
|
||||
{{- if not $certManager.issuer }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}-root
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
name: {{ $fullname }}-root
|
||||
namespace: {{ $ns }}
|
||||
spec:
|
||||
selfSigned: {}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}-root-ca
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
name: {{ $fullname }}-root-ca
|
||||
namespace: {{ $ns }}
|
||||
spec:
|
||||
secretName: {{ include "vm-operator.fullname" . }}-root-ca
|
||||
duration: 63800h0m0s
|
||||
secretName: {{ $fullname }}-root-ca
|
||||
duration: {{ $certManager.ca.duration }}
|
||||
{{- with $certManager.ca.secretTemplate }}
|
||||
secretTemplate: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $certManager.ca.subject }}
|
||||
subject: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
issuerRef:
|
||||
name: {{ include "vm-operator.fullname" . }}-root
|
||||
commonName: "ca.validation.victoriametrics"
|
||||
name: {{ $fullname }}-root
|
||||
commonName: {{ $certManager.ca.commonName }}
|
||||
isCA: true
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}-issuer
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
name: {{ $fullname }}-issuer
|
||||
namespace: {{ $ns }}
|
||||
spec:
|
||||
ca:
|
||||
secretName: {{ include "vm-operator.fullname" . }}-root-ca
|
||||
secretName: {{ $fullname }}-root-ca
|
||||
{{- end }}
|
||||
---
|
||||
# actual cert part for operator
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}-validation
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
name: {{ $fullname }}-validation
|
||||
namespace: {{ $ns }}
|
||||
spec:
|
||||
secretName: {{ include "vm-operator.fullname" . }}-validation
|
||||
duration: 45800h0m0s
|
||||
issuerRef:
|
||||
{{- if .Values.admissionWebhooks.certManager.issuer }}
|
||||
{{- range $k, $v := .Values.admissionWebhooks.certManager.issuer }}
|
||||
{{ $k}}: {{ $v}}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
name: {{ include "vm-operator.fullname" . }}-issuer
|
||||
secretName: {{ $fullname }}-validation
|
||||
duration: {{ $certManager.cert.duration }}
|
||||
{{- with $certManager.cert.secretTemplate }}
|
||||
secretTemplate: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $certManager.cert.commonName }}
|
||||
commonName: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $certManager.cert.subject }}
|
||||
subject: {{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- $issuerRef := $certManager.issuer | default dict }}
|
||||
{{- if empty $issuerRef }}
|
||||
{{- $_ := set $issuerRef "name" (printf "%s-issuer" $fullname) }}
|
||||
{{- end }}
|
||||
issuerRef: {{ toYaml $issuerRef | nindent 4 }}
|
||||
dnsNames:
|
||||
- {{ include "vm-operator.fullname" . }}
|
||||
- {{ include "vm-operator.fullname" . }}.{{ include "vm.namespace" . }}
|
||||
- {{ include "vm-operator.fullname" . }}.{{ include "vm.namespace" . }}.svc
|
||||
- {{ $fullname }}
|
||||
- {{ $fullname }}.{{ $ns }}
|
||||
- {{ $fullname }}.{{ $ns }}.svc
|
||||
{{- with $domain }}
|
||||
- {{ $fullname }}.{{ $ns }}.svc.{{ . }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "vm-operator.fullname" . }}-validation
|
||||
namespace: {{ include "vm.namespace" . }}
|
||||
labels: {{ include "vm-operator.labels" . | nindent 4 }}
|
||||
name: {{ $fullname }}-validation
|
||||
namespace: {{ $ns }}
|
||||
labels: {{ include "vm.labels" $ctx | nindent 4 }}
|
||||
type: kubernetes.io/tls
|
||||
data:
|
||||
ca.crt: {{ $tls.caCert }}
|
||||
|
||||
@@ -9,7 +9,8 @@ global:
|
||||
openshift:
|
||||
adaptSecurityContext: "auto"
|
||||
cluster:
|
||||
dnsDomain: cluster.local
|
||||
# -- K8s cluster domain suffix, uses for building storage pods' FQDN. Details are [here](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/)
|
||||
dnsDomain: cluster.local.
|
||||
# Default values for victoria-metrics.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
@@ -29,10 +30,14 @@ image:
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
crds:
|
||||
# -- manages CRD creation. Disables CRD creation only in combination with `crds.plain: false` due to helm dependency conditions limitation
|
||||
enabled: true
|
||||
# -- check if plain or templated CRDs should be created.
|
||||
# with this option set to `false`, all CRDs will be rendered from templates.
|
||||
# with this option set to `true`, all CRDs are immutable and require manual upgrade.
|
||||
plain: false
|
||||
# -- additional CRD annotations, when `.Values.crds.plain: false`
|
||||
annotations: {}
|
||||
cleanup:
|
||||
# -- Tells helm to clean up all the vm resources under this release's namespace when uninstalling
|
||||
enabled: false
|
||||
@@ -57,15 +62,19 @@ replicaCount: 1
|
||||
# -- Secret to pull images
|
||||
imagePullSecrets: []
|
||||
|
||||
# -- VM operatror deployment name override
|
||||
# -- Override chart name
|
||||
nameOverride: ""
|
||||
|
||||
# -- Overrides the full name of server component
|
||||
# -- Overrides the full name of server component resources
|
||||
fullnameOverride: ""
|
||||
|
||||
# -- VM operator log level. Possible values: info and error.
|
||||
logLevel: "info"
|
||||
|
||||
allowedMetricsEndpoints:
|
||||
- /metrics
|
||||
- /metrics/resources
|
||||
|
||||
rbac:
|
||||
# -- Specifies whether the RBAC resources should be created
|
||||
create: true
|
||||
@@ -89,10 +98,18 @@ annotations: {}
|
||||
# -- Pod's security context. Details are [here](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 2000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
|
||||
# -- Security context to be added to server pods
|
||||
securityContext:
|
||||
enabled: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
|
||||
operator:
|
||||
# -- By default, operator converts prometheus-operator objects.
|
||||
@@ -117,6 +134,9 @@ serviceAccount:
|
||||
# -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template
|
||||
name: ""
|
||||
|
||||
# -- Whether to automount the service account token. Note that token needs to be mounted manually if this is disabled.
|
||||
automountServiceAccountToken: true
|
||||
|
||||
service:
|
||||
# -- Service annotations
|
||||
annotations: {}
|
||||
@@ -126,7 +146,7 @@ service:
|
||||
clusterIP: ""
|
||||
# -- Service external IPs. Check [here](https://kubernetes.io/docs/user-guide/services/#external-ips) for details
|
||||
externalIPs: ""
|
||||
# -- Service load balacner IP
|
||||
# -- Service load balancer IP
|
||||
loadBalancerIP: ""
|
||||
# -- Load balancer source range
|
||||
loadBalancerSourceRanges: []
|
||||
@@ -171,6 +191,9 @@ resources:
|
||||
# -- Pod's node selector. Details are [here](https://kubernetes.io/docs/user-guide/node-selection/)
|
||||
nodeSelector: {}
|
||||
|
||||
# -- Name of Priority Class
|
||||
priorityClassName: ""
|
||||
|
||||
# -- Array of tolerations object. Spec is [here](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/)
|
||||
tolerations: []
|
||||
|
||||
@@ -223,6 +246,9 @@ extraContainers:
|
||||
# - name: config-reloader
|
||||
# image: reloader-image
|
||||
|
||||
# -- Enable hostNetwork on operator deployment
|
||||
hostNetwork: false
|
||||
|
||||
# -- Configures resource validation
|
||||
admissionWebhooks:
|
||||
# -- Enables validation webhook.
|
||||
@@ -246,6 +272,18 @@ admissionWebhooks:
|
||||
enabled: false
|
||||
# --If needed, provide own issuer. Operator will create self-signed if empty.
|
||||
issuer: {}
|
||||
# -- Certificate Authority parameters
|
||||
ca:
|
||||
secretTemplate: {}
|
||||
subject: {}
|
||||
duration: 63800h0m0s
|
||||
commonName: ca.validation.victoriametrics
|
||||
# -- Certificate parameters
|
||||
cert:
|
||||
secretTemplate: {}
|
||||
subject: {}
|
||||
duration: 45800h0m0s
|
||||
commonName: ""
|
||||
keepTLSSecret: true
|
||||
# tls specifies TLS cert/key for the webhook
|
||||
tls:
|
||||
@@ -253,9 +291,11 @@ admissionWebhooks:
|
||||
cert:
|
||||
key:
|
||||
|
||||
# -- Configures monitoring with serviceScrape. VMServiceScrape must be pre-installed
|
||||
# -- Configures monitoring with serviceScrape using either `VMServiceScrape` or `ServiceMonitor`. For latter [Prometheus Operator CRDs](https://artifacthub.io/packages/helm/prometheus-community/prometheus-operator-crds) should be preinstalled
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
# -- Creates `VMServiceScrape` if `true` and `ServiceMonitor` otherwise. Make sure [Prometheus Operator CRDs](https://artifacthub.io/packages/helm/prometheus-community/prometheus-operator-crds) are installed if it's set to `false`
|
||||
vm: true
|
||||
extraLabels: {}
|
||||
annotations: {}
|
||||
relabelings: []
|
||||
|
||||
Reference in New Issue
Block a user