diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index a3123570..0880ff69 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -56,6 +56,7 @@ body: - universal - clusterpirate - common + - etcd - ghost - keycloak - mariadb @@ -68,6 +69,7 @@ body: - redis - timescaledb - valkey + - wordpress - zookeeper validations: required: true diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml index d9447e43..41db4486 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.yml +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -45,6 +45,7 @@ body: - universal - clusterpirate - common + - etcd - ghost - keycloak - mariadb @@ -57,4 +58,5 @@ body: - redis - timescaledb - valkey + - wordpress - zookeeper diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 1821d8e9..ce3d8b29 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -4,6 +4,9 @@ - Describe the scope of your change - i.e. what the change does. - Describe any known limitations with your change. - Please run any tests or examples that can exercise your modified code. + - Labels are automatically applied when they are inside the square brackets of your PR title on opening. Examples: + - [redis]: adds `redis` label + - [redis, valkey] Adds `redis` and `valkey` labels Thank you for contributing! We will try to test and integrate the change as soon as we can. --> @@ -23,6 +26,7 @@ ### Applicable issues + - fixes # ### Additional information @@ -33,6 +37,6 @@ -- [ ] Chart version bumped in `Chart.yaml` according to [semver](http://semver.org/). This is *not necessary* when the changes only affect README.md files. +- [ ] Chart version bumped in `Chart.yaml` according to [semver](http://semver.org/). This is _not necessary_ when the changes only affect README.md files. - [ ] Variables are documented in the values.yaml and added to the `README.md` - [ ] Title of the pull request follows this pattern [] Descriptive title diff --git a/.github/workflows/auto-label.yaml b/.github/workflows/auto-label.yaml index 9530d41f..0be436a7 100644 --- a/.github/workflows/auto-label.yaml +++ b/.github/workflows/auto-label.yaml @@ -2,23 +2,39 @@ name: Auto-label issues on: issues: types: [opened] + pull_request: + types: [opened] jobs: label: runs-on: ubuntu-latest permissions: issues: write + pull-requests: write steps: - name: Apply labels uses: actions/github-script@v7 with: script: | - const labels = (context.payload.issue.body.split(/### Affected Helm charts/)[1] || "") + let content = ""; + if (context.payload.pull_request) { + const parsedTitle = context.payload.pull_request.title.match(/^\[([a-z_-]+(?:, [a-z_-]+)*)\].+$/); + content = parsedTitle ? parsedTitle[1] : ""; + } else { + content = context.payload.issue.body.split(/### Affected Helm charts/)[1] || ""; + } + const { data } = await github.rest.issues.listLabelsForRepo({ + ...context.repo, + per_page: 100, + }); + const existingLabels = new Set(data.map((label) => label.name)); + const labels = content .trim() .split(",") .map((s) => s.trim()) - .filter((s) => s && s !== "_No response_"); + .filter((s) => s && existingLabels.has(s)); if (labels.length) { + console.log(`Adding ${labels.length} labels: ${labels.join(', ')}`) await github.rest.issues.addLabels({ ...context.repo, issue_number: context.issue.number, diff --git a/.github/workflows/check-signed-commits.yaml b/.github/workflows/check-signed-commits.yaml new file mode 100644 index 00000000..b39a9019 --- /dev/null +++ b/.github/workflows/check-signed-commits.yaml @@ -0,0 +1,139 @@ +name: "Check Signed Commits" + +on: + pull_request: + types: + - opened + - synchronize + - reopened + branches: + - main + +jobs: + check-signed-commits: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + issues: write + steps: + - name: Checkout repository + uses: actions/checkout@v5.0.0 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + + - name: Configure Git for SSH signature verification + run: | + # Create a temporary allowed signers file (not used for actual verification) + # This allows git to recognize SSH signatures exist without requiring key validation + touch /tmp/allowed_signers + git config --global gpg.ssh.allowedSignersFile /tmp/allowed_signers + # Configure git to recognize SSH signing format + git config --global gpg.format ssh + + - name: Check for verified commits + id: check-commits + run: | + # Get all commits in the PR + git fetch origin ${{ github.event.pull_request.base.ref }} + COMMITS=$(git rev-list origin/${{ github.event.pull_request.base.ref }}..${{ github.event.pull_request.head.sha }}) + + UNSIGNED_COMMITS="" + UNSIGNED_COUNT=0 + TOTAL_COUNT=0 + + for commit in $COMMITS; do + TOTAL_COUNT=$((TOTAL_COUNT + 1)) + # Check if commit is signed (GPG or SSH signature) + # %G? returns signature status + # %GF returns the signing key fingerprint (empty if not signed) + SIGNATURE=$(git log -1 --format='%G?' $commit) + FINGERPRINT=$(git log -1 --format='%GF' $commit) + + # %G? returns: + # G = good GPG signature + # U = unverified signature (has signature but can't verify - common for SSH) + # B = bad signature + # N = no signature + # E = signature expired + # Y = good signature (expired key) + + # A commit is considered SIGNED if it has any signature present + # We check for a fingerprint to confirm a signature exists + # For SSH signatures, %G? will be "U" but %GF will have the fingerprint + + if [[ -z "$FINGERPRINT" ]]; then + # No fingerprint means no signature at all + UNSIGNED_COMMITS="${UNSIGNED_COMMITS}${commit}\n" + UNSIGNED_COUNT=$((UNSIGNED_COUNT + 1)) + fi + done + + echo "total_commits=${TOTAL_COUNT}" >> $GITHUB_OUTPUT + echo "unsigned_commits=${UNSIGNED_COUNT}" >> $GITHUB_OUTPUT + + if [ $UNSIGNED_COUNT -gt 0 ]; then + echo "has_unsigned=true" >> $GITHUB_OUTPUT + else + echo "has_unsigned=false" >> $GITHUB_OUTPUT + fi + + - name: Check if comment already exists + if: steps.check-commits.outputs.has_unsigned == 'true' + id: check-comment + env: + GH_TOKEN: ${{ github.token }} + run: | + # Check if our bot has already commented on this PR + COMMENT_EXISTS=$(gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \ + | jq -r '.[] | select(.user.login == "github-actions[bot]" and (.body | contains("⚠️ Unsigned Commits Detected"))) | .id' | head -1) + + if [ -n "$COMMENT_EXISTS" ]; then + echo "comment_exists=true" >> $GITHUB_OUTPUT + echo "comment_id=${COMMENT_EXISTS}" >> $GITHUB_OUTPUT + else + echo "comment_exists=false" >> $GITHUB_OUTPUT + fi + + - name: Post warning comment + if: steps.check-commits.outputs.has_unsigned == 'true' && steps.check-comment.outputs.comment_exists == 'false' + env: + GH_TOKEN: ${{ github.token }} + run: | + cat << 'EOF' | gh pr comment ${{ github.event.pull_request.number }} --repo ${{ github.repository }} -F - + ## ⚠️ Unsigned Commits Detected + + This pull request contains unsigned commits. + + ### What does this mean? + + Signed commits help ensure the authenticity and traceability of contributions. They allow us to verify that commits actually came from the stated author, even if GitHub accounts are deleted or modified in the future. + + ### Current Policy (Grace Period) + + **This is currently a warning only.** We are in a transition period to give all contributors time to set up commit signing. + + After this grace period, **all commits will be required to be signed** before PRs can be merged. + + ### How to sign your commits + + Please see our [Contributing Guide](../blob/main/CONTRIBUTING.md#setting-up-your-development-environment) for detailed instructions on setting up commit signing. + + ### Resources + + - [Contributing Guide: Development Setup](../blob/main/CONTRIBUTING.md#setting-up-your-development-environment) + - [GitHub Docs: About Commit Signature Verification](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) + + --- + + _This check will become mandatory in the future. Please start signing your commits now to avoid issues later._ + EOF + + - name: Success message + if: steps.check-commits.outputs.has_unsigned == 'false' + run: | + echo "✅ All ${{ steps.check-commits.outputs.total_commits }} commits in this PR are signed!" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index df6176ef..653e571c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -6,11 +6,23 @@ Hi there! We are thrilled that you'd like to contribute to this project. It's pe - [Code of Conduct](#code-of-conduct) - [How Can I Contribute?](#how-can-i-contribute) + - [Reporting Bugs](#reporting-bugs) + - [Suggesting Enhancements](#suggesting-enhancements) + - [Types of Contributions We're Looking For](#types-of-contributions-were-looking-for) - [Development Setup](#development-setup) + - [Prerequisites](#prerequisites) + - [Setting Up Your Development Environment](#setting-up-your-development-environment) - [Contributing Guidelines](#contributing-guidelines) -- [Chart Development Standards](#chart-development-standards) + - [Chart Development Standards](#chart-development-standards) + - [Chart Structure](#chart-structure) + - [Documentation Requirements](#documentation-requirements) + - [Versioning](#versioning) - [Testing](#testing) + - [Running Tests](#running-tests) + - [Test Requirements](#test-requirements) + - [Manual Testing](#manual-testing) - [Pull Request Process](#pull-request-process) + - [Pull Request Checklist](#pull-request-checklist) ## Code of Conduct @@ -22,21 +34,21 @@ This project and everyone participating in it is governed by our [Code of Conduc Before creating bug reports, please check the existing issues as you might find out that you don't need to create one. When you are creating a bug report, please include as many details as possible: -- **Use a clear and descriptive title** -- **Describe the exact steps to reproduce the problem** -- **Provide specific examples to demonstrate the steps** -- **Describe the behavior you observed and what behavior you expected** -- **Include details about your configuration and environment** +- Use a **clear and descriptive title** +- Describe the **exact steps to reproduce** the problem +- Provide **specific examples** to demonstrate the steps +- Describe the **behavior you observed** and what **behavior you expected** +- Include details about **your configuration and environment** ### Suggesting Enhancements Enhancement suggestions are tracked as GitHub issues. When creating an enhancement suggestion, please include: -- **Use a clear and descriptive title** -- **Provide a step-by-step description of the suggested enhancement** -- **Provide specific examples to demonstrate the steps** -- **Describe the current behavior and explain which behavior you expected to see** -- **Explain why this enhancement would be useful** +- Use a **clear and descriptive title** +- Provide a **step-by-step description** of the suggested enhancement +- Provide **specific examples** to demonstrate the steps +- Describe the **current behavior** and explain which **behavior you expected** to see +- Explain **why this enhancement would be useful** ### Types of Contributions We're Looking For @@ -52,21 +64,39 @@ Enhancement suggestions are tracked as GitHub issues. When creating an enhanceme - Kubernetes 1.24+ - Helm 3.2.0+ - [helm-unittest](https://github.com/helm-unittest/helm-unittest) plugin +- Commits verified by signature ### Setting Up Your Development Environment 1. Fork the repository on GitHub 2. Clone your fork locally: + ```bash git clone https://github.com/your-username/helm-charts.git cd helm-charts ``` 3. Install the helm-unittest plugin: + ```bash helm plugin install https://github.com/helm-unittest/helm-unittest ``` +4. Make sure to sign your commits + + ```bash + git config gpg.format ssh + git config user.signingkey + git config commit.gpgsign true + git config tag.gpgsign true + ``` + + Replace `` with the path to your public ssh key file, e.g. `~/.ssh/id_ed25519.pub`, wich you use to push to GitHub. + Alternatively, a signing ssh key can be used instead. + If you want to sign commits in every repository, not just this one, add the `--global` parameter. + + > More information: [GitHub docs](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification) + ## Contributing Guidelines ### Chart Development Standards @@ -74,18 +104,21 @@ Enhancement suggestions are tracked as GitHub issues. When creating an enhanceme All charts in this repository must follow these standards: #### Security First + - Implement read-only root filesystems where possible - Drop unnecessary Linux capabilities - Configure security contexts properly - Never hardcode credentials #### Production Ready + - Include comprehensive health checks (liveness, readiness, startup probes) - Support resource requests and limits - Provide persistent storage configurations - Include health check endpoints #### Highly Configurable + - Provide extensive `values.yaml` with detailed documentation - Support existing secrets and ConfigMaps - Offer flexible ingress configurations @@ -154,6 +187,7 @@ helm unittest charts/your-chart ### Test Requirements Your tests should cover: + - Template rendering with default values - Template rendering with custom values - Required value validation @@ -181,6 +215,7 @@ kubectl get all -n test ## Pull Request Process 1. **Branch**: Create a feature branch from `main` + ```bash git checkout -b feature/your-chart-improvement ``` @@ -188,6 +223,7 @@ kubectl get all -n test 2. **Development**: Make your changes following the guidelines above 3. **Testing**: Run all tests and ensure they pass + ```bash ./test-all-charts.sh helm lint ./charts/your-chart @@ -196,6 +232,7 @@ kubectl get all -n test 4. **Documentation**: Update documentation as needed 5. **Commit**: Use clear, descriptive commit messages + ```bash git commit -m "[chart-name] Add support for custom annotations" ``` diff --git a/charts/common/CHANGELOG.md b/charts/common/CHANGELOG.md index 53edbc01..02c2d6c5 100644 --- a/charts/common/CHANGELOG.md +++ b/charts/common/CHANGELOG.md @@ -2,4 +2,4 @@ ## 1.1.1 (2025-10-09) -* [mongodb] feat: add metrics exporter ([#243](https://github.com/CloudPirates-io/helm-charts/pull/243)) +* [mongodb] fix: newline between mongo labels and additional labels ([#301](https://github.com/CloudPirates-io/helm-charts/pull/301)) diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml index 7993fc38..39402ffb 100644 --- a/charts/common/Chart.yaml +++ b/charts/common/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: common description: A library chart for common templates and helper functions type: library -version: 1.1.1 +version: 1.1.2 appVersion: "1.0.0" home: https://www.cloudpirates.io diff --git a/charts/common/templates/_helpers.tpl b/charts/common/templates/_helpers.tpl index 4a37405a..5ec8980c 100644 --- a/charts/common/templates/_helpers.tpl +++ b/charts/common/templates/_helpers.tpl @@ -23,6 +23,15 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} +{{/* +Return the namespace to use for resources. +Defaults to .Release.Namespace but can be overridden via .Values.namespaceOverride. +Useful for multi-namespace deployments in combined charts. +*/}} +{{- define "common.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/charts/etcd/CHANGELOG.md b/charts/etcd/CHANGELOG.md new file mode 100644 index 00000000..d3cdee79 --- /dev/null +++ b/charts/etcd/CHANGELOG.md @@ -0,0 +1,9 @@ +# Changelog + +## 0.1.1 (2025-10-10) + +* [Etcd] artifact hub repository id ([#333](https://github.com/CloudPirates-io/helm-charts/pull/333)) + +## 0.1.0 (2025-10-10) + +* [etcd]: Initial etcd implementation (#230) ([c6476c3](https://github.com/CloudPirates-io/helm-charts/commit/c6476c3)), closes [#230](https://github.com/CloudPirates-io/helm-charts/issues/230) diff --git a/charts/etcd/Chart.lock b/charts/etcd/Chart.lock new file mode 100644 index 00000000..527e3864 --- /dev/null +++ b/charts/etcd/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: oci://registry-1.docker.io/cloudpirates + version: 1.1.1 +digest: sha256:8da3c04e2c4a1ebfff4f21936399938e0f3fcf9fbd2f7135e7e907ce725b8f00 +generated: "2025-10-08T12:49:37.237547+02:00" diff --git a/charts/etcd/Chart.yaml b/charts/etcd/Chart.yaml new file mode 100644 index 00000000..c25fdae9 --- /dev/null +++ b/charts/etcd/Chart.yaml @@ -0,0 +1,26 @@ +apiVersion: v2 +name: etcd +description: etcd is a distributed reliable key-value store for the most critical data of a distributed system +type: application +version: 0.1.1 +appVersion: "3.6.0" +keywords: + - etcd + - distributed + - key-value + - consensus + - raft +home: https://etcd.io/ +sources: + - https://github.com/etcd-io/etcd +annotations: + category: Database + license: Apache-2.0 +maintainers: + - name: CloudPirates GmbH & Co. KG + url: https://www.cloudpirates.io +dependencies: + - name: common + version: "1.x.x" + repository: oci://registry-1.docker.io/cloudpirates +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/etcd/icon/color/etcd-icon-color.svg diff --git a/charts/etcd/README.md b/charts/etcd/README.md new file mode 100644 index 00000000..fbfde18e --- /dev/null +++ b/charts/etcd/README.md @@ -0,0 +1,265 @@ +

+ +

+ +# etcd Helm Chart + +etcd is a distributed reliable key-value store for the most critical data of a distributed system, with a focus on being simple, secure, fast, and reliable. + +## Quick Start + +### Prerequisites + +- Kubernetes 1.24+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure (if persistence is enabled) + +### Installation + +To install the chart with the release name `my-etcd`: + +```bash +helm install my-etcd oci://registry-1.docker.io/cloudpirates/etcd +``` + +To install with custom values: + +```bash +helm install my-etcd oci://registry-1.docker.io/cloudpirates/etcd -f my-values.yaml +``` + +Or install directly from the local chart: + +```bash +helm install my-etcd ./charts/etcd +``` + +### Getting Started + +1. Check the status of your etcd cluster: + +```bash +kubectl exec -it my-etcd-0 -- etcdctl \ + --endpoints=my-etcd:2379 \ + endpoint health +``` + +2. Connect to etcd from inside the cluster: + +```bash +kubectl run etcd-client --rm --tty -i --restart='Never' \ + --image gcr.io/etcd-development/etcd:v3.6.0-alpha.0 -- bash + +# Inside the pod: +etcdctl --endpoints=my-etcd:2379 endpoint status --write-out=table +``` + +## Configuration + +### Image Configuration + +| Parameter | Description | Default | +| ------------------- | ------------------------------------- | ------------------------------------ | +| `image.registry` | etcd image registry | `gcr.io` | +| `image.repository` | etcd image repository | `etcd-development/etcd` | +| `image.tag` | etcd image tag | `v3.6.0-alpha.0` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `global.imageRegistry` | Global Docker image registry override | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names | `[]` | + +### Common Parameters + +| Parameter | Description | Default | +| ------------------- | --------------------------------------- | ------- | +| `nameOverride` | String to partially override etcd.fullname | `""` | +| `fullnameOverride` | String to fully override etcd.fullname | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `replicaCount` | Number of etcd replicas to deploy (must be odd) | `3` | +| `podLabels` | Additional labels for etcd pods | `{}` | +| `podAnnotations` | Additional annotations for etcd pods | `{}` | + +### Service Configuration + +| Parameter | Description | Default | +| ---------------------- | ----------------------- | ----------- | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.annotations` | Service annotations | `{}` | +| `service.clientPort` | etcd client port | `2379` | +| `service.peerPort` | etcd peer port | `2380` | +| `service.metricsPort` | etcd metrics port | `2381` | + +### Authentication and Security + +| Parameter | Description | Default | +| --------------------------- | -------------------------------------------------- | ------- | +| `auth.enabled` | Enable client-to-server TLS authentication | `false` | +| `auth.existingSecret` | Name of existing secret containing client certificates | `""` | +| `auth.peer.enabled` | Enable peer-to-peer TLS authentication | `false` | +| `auth.peer.existingSecret` | Name of existing secret containing peer certificates | `""` | + +### etcd Configuration + +| Parameter | Description | Default | +| -------------------------------- | -------------------------------------------- | --------------- | +| `config.initialClusterState` | Initial cluster state (new or existing) | `new` | +| `config.autoCompactionMode` | Auto compaction mode (periodic or revision) | `periodic` | +| `config.autoCompactionRetention` | Auto compaction retention | `1` | +| `config.snapshotCount` | Number of transactions to trigger a snapshot | `10000` | +| `config.quotaBackendBytes` | Backend storage quota in bytes (2GB) | `2147483648` | +| `config.maxRequestBytes` | Maximum client request size in bytes | `1572864` | +| `config.logLevel` | Log level (debug, info, warn, error, panic, fatal) | `info` | +| `config.initialClusterToken` | Initial cluster token | `etcd-cluster` | +| `config.heartbeatInterval` | Heartbeat interval in milliseconds | `100` | +| `config.electionTimeout` | Election timeout in milliseconds | `1000` | +| `config.maxSnapshots` | Maximum number of snapshot files to retain | `5` | +| `config.maxWals` | Maximum number of WAL files to retain | `5` | +| `config.listenPeerIp` | IP address to bind for peer traffic | `0.0.0.0` | +| `config.listenClientIp` | IP address to bind for client traffic | `0.0.0.0` | + +### Persistence + +| Parameter | Description | Default | +| ----------------------------- | ---------------------------------------- | ---------------- | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.storageClass` | Storage class of backing PVC | `""` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `persistence.size` | Size of data volume | `8Gi` | +| `persistence.accessModes` | Persistent Volume Access Modes | `[ReadWriteOnce]`| +| `persistence.mountPath` | Mount path for data volume | `/var/run/etcd` | + +### Resources + +| Parameter | Description | Default | +| ----------- | ------------------------------------ | ------- | +| `resources` | CPU/Memory resource requests/limits | `{}` | + +### StatefulSet Configuration + +| Parameter | Description | Default | +| ------------------ | ------------------------------ | ----------------- | +| `updateStrategy.type` | StatefulSet update strategy | `RollingUpdate` | + +### Metrics Configuration + +| Parameter | Description | Default | +| -------------------------------------------- | ------------------------------------------------ | ------- | +| `metrics.enabled` | Enable Prometheus metrics | `true` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor for Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace for ServiceMonitor | `""` | +| `metrics.serviceMonitor.interval` | Scrape interval | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout | `""` | +| `metrics.serviceMonitor.relabelings` | Relabel configurations | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | Metric relabel configurations | `[]` | +| `metrics.serviceMonitor.labels` | Additional labels for ServiceMonitor | `{}` | +| `metrics.serviceMonitor.honorLabels` | Honor labels from metrics | `false` | + +### High Availability + +| Parameter | Description | Default | +| ----------------------------------- | ------------------------------------- | ------- | +| `podDisruptionBudget.enabled` | Enable PodDisruptionBudget | `false` | +| `podDisruptionBudget.minAvailable` | Minimum number of available pods | `""` | +| `podDisruptionBudget.maxUnavailable`| Maximum number of unavailable pods | `1` | + +### Service Account + +| Parameter | Description | Default | +| -------------------------------------------- | ---------------------------------------- | ------- | +| `serviceAccount.create` | Create service account | `true` | +| `serviceAccount.name` | Service account name | `""` | +| `serviceAccount.annotations` | Service account annotations | `{}` | +| `serviceAccount.automountServiceAccountToken`| Automount service account token | `false` | + +### Network Policy + +| Parameter | Description | Default | +| -------------------------------- | ------------------------------------ | ------- | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Allow external traffic | `true` | +| `networkPolicy.extraIngress` | Additional ingress rules | `[]` | +| `networkPolicy.extraEgress` | Additional egress rules | `[]` | + +### Security Context + +| Parameter | Description | Default | +| -------------------------------------------- | -------------------------------------------- | ------------------ | +| `containerSecurityContext.runAsUser` | User ID to run the container | `1000` | +| `containerSecurityContext.runAsGroup` | Group ID to run the container | `1000` | +| `containerSecurityContext.runAsNonRoot` | Run as non-root user | `true` | +| `containerSecurityContext.allowPrivilegeEscalation` | Allow privilege escalation | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Mount root filesystem as read-only | `true` | +| `containerSecurityContext.capabilities.drop` | Linux capabilities to drop | `[ALL]` | +| `podSecurityContext.fsGroup` | Group ID for the volumes | `1000` | + +### Probes + +| Parameter | Description | Default | +| ----------------------------------- | ---------------------------------- | ------- | +| `startupProbe.enabled` | Enable startup probe | `true` | +| `startupProbe.initialDelaySeconds` | Initial delay for startup probe | `0` | +| `startupProbe.periodSeconds` | Period for startup probe | `10` | +| `startupProbe.timeoutSeconds` | Timeout for startup probe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startup probe| `30` | +| `livenessProbe.enabled` | Enable liveness probe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay for liveness probe | `10` | +| `livenessProbe.periodSeconds` | Period for liveness probe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout for liveness probe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for liveness probe | `3` | +| `readinessProbe.enabled` | Enable readiness probe | `true` | +| `readinessProbe.initialDelaySeconds`| Initial delay for readiness probe | `5` | +| `readinessProbe.periodSeconds` | Period for readiness probe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout for readiness probe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | + +### Scheduling + +| Parameter | Description | Default | +| ------------------------------ | --------------------------------------- | ------- | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `affinity` | Affinity rules for pod assignment | `{}` | +| `topologySpreadConstraints` | Topology Spread Constraints | `[]` | +| `priorityClassName` | Priority class name for pod eviction | `""` | + +### Extra Configuration + +| Parameter | Description | Default | +| ------------------- | ------------------------------------------------- | ------- | +| `extraArgs` | Additional etcd command line arguments | `[]` | +| `extraEnv` | Additional environment variables | `[]` | +| `extraVolumes` | Additional volumes to add to the pod | `[]` | +| `extraVolumeMounts` | Additional volume mounts for etcd container | `[]` | +| `extraObjects` | Array of extra objects to deploy with the release | `[]` | + +## Upgrading + +To upgrade your release: + +```bash +helm upgrade my-etcd oci://registry-1.docker.io/cloudpirates/etcd +``` + +## Uninstalling + +To uninstall/delete the `my-etcd` deployment: + +```bash +helm delete my-etcd +``` + +## License + +Copyright © 2024 CloudPirates GmbH & Co. KG + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/charts/etcd/artifacthub-repo.yml b/charts/etcd/artifacthub-repo.yml new file mode 100644 index 00000000..3b8407ed --- /dev/null +++ b/charts/etcd/artifacthub-repo.yml @@ -0,0 +1 @@ +repositoryID: 229cfa80-872a-4900-ad74-d9d1252e8214 \ No newline at end of file diff --git a/charts/etcd/templates/_helpers.tpl b/charts/etcd/templates/_helpers.tpl new file mode 100644 index 00000000..11429253 --- /dev/null +++ b/charts/etcd/templates/_helpers.tpl @@ -0,0 +1,93 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "etcd.name" -}} +{{- include "common.name" . -}} +{{- end }} + +{{/* +Create a default fully qualified app name. +*/}} +{{- define "etcd.fullname" -}} +{{- include "common.fullname" . -}} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "etcd.chart" -}} +{{- include "common.chart" . -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "etcd.labels" -}} +{{- include "common.labels" . }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "etcd.selectorLabels" -}} +{{- include "common.selectorLabels" . -}} +{{- end }} + +{{/* +Common annotations +*/}} +{{- define "etcd.annotations" -}} +{{- include "common.annotations" . -}} +{{- end }} + +{{/* +Return the proper etcd image name +*/}} +{{- define "etcd.image" -}} +{{- include "common.image" (dict "image" .Values.image "global" .Values.global) -}} +{{- end }} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "etcd.imagePullSecrets" -}} +{{ include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" .) }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "etcd.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "etcd.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Validate etcd values +*/}} +{{- define "etcd.validateValues" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- if and (gt $replicaCount 1) (eq (mod $replicaCount 2) 0) }} +{{- fail (printf "etcd: Invalid replica count. etcd requires an odd number of replicas for quorum (e.g., 1, 3, 5, 7). Current value: %d" $replicaCount) }} +{{- end }} +{{- end }} + +{{/* +Generate etcd initial cluster string +*/}} +{{- define "etcd.initialCluster" -}} +{{- $namespace := .Release.Namespace }} +{{- $name := include "etcd.fullname" . -}} +{{- $peerPort := .Values.service.peerPort -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- $protocol := "http" }} +{{- if .Values.auth.peer.enabled }} +{{- $protocol = "https" }} +{{- end }} +{{- range $i := until $replicaCount }} +{{- if $i }},{{ end -}}{{ $name }}-{{ $i }}={{ $protocol }}://{{ $name }}-{{ $i }}.{{ $name }}-headless.{{ $namespace }}.svc.cluster.local:{{ $peerPort }} +{{- end }} +{{- end }} diff --git a/charts/etcd/templates/extraobjects.yaml b/charts/etcd/templates/extraobjects.yaml new file mode 100644 index 00000000..5a8cb412 --- /dev/null +++ b/charts/etcd/templates/extraobjects.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraObjects }} +--- +{{- include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/etcd/templates/networkpolicy.yaml b/charts/etcd/templates/networkpolicy.yaml new file mode 100644 index 00000000..d3e202fe --- /dev/null +++ b/charts/etcd/templates/networkpolicy.yaml @@ -0,0 +1,68 @@ +{{- if .Values.networkPolicy.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "etcd.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "etcd.labels" . | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "etcd.selectorLabels" . | nindent 6 }} + policyTypes: + - Ingress + - Egress + ingress: + # Allow client connections + - ports: + - port: {{ .Values.service.clientPort }} + protocol: TCP + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: {} + {{- end }} + # Allow peer connections + - ports: + - port: {{ .Values.service.peerPort }} + protocol: TCP + from: + - podSelector: + matchLabels: + {{- include "etcd.selectorLabels" . | nindent 14 }} + {{- if .Values.metrics.enabled }} + # Allow metrics scraping + - ports: + - port: {{ .Values.service.metricsPort }} + protocol: TCP + {{- if not .Values.networkPolicy.allowExternal }} + from: + - namespaceSelector: {} + podSelector: + matchLabels: + app.kubernetes.io/name: prometheus + {{- end }} + {{- end }} + {{- with .Values.networkPolicy.extraIngress }} + {{- toYaml . | nindent 4 }} + {{- end }} + egress: + # Allow DNS resolution + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + # Allow etcd peer communication + - ports: + - port: {{ .Values.service.peerPort }} + protocol: TCP + to: + - podSelector: + matchLabels: + {{- include "etcd.selectorLabels" . | nindent 14 }} + {{- with .Values.networkPolicy.extraEgress }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/etcd/templates/poddisruptionbudget.yaml b/charts/etcd/templates/poddisruptionbudget.yaml new file mode 100644 index 00000000..81c8d2a2 --- /dev/null +++ b/charts/etcd/templates/poddisruptionbudget.yaml @@ -0,0 +1,19 @@ +{{- if .Values.podDisruptionBudget.enabled }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "etcd.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "etcd.labels" . | nindent 4 }} +spec: + {{- if .Values.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: + {{- include "etcd.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/etcd/templates/service.yaml b/charts/etcd/templates/service.yaml new file mode 100644 index 00000000..393f414d --- /dev/null +++ b/charts/etcd/templates/service.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "etcd.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "etcd.labels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.clientPort | default 2379 }} + targetPort: client + protocol: TCP + name: client + {{- if .Values.metrics.enabled }} + - port: {{ .Values.service.metricsPort | default 2381 }} + targetPort: metrics + protocol: TCP + name: metrics + {{- end }} + selector: + {{- include "etcd.selectorLabels" . | nindent 4 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "etcd.fullname" . }}-headless + namespace: {{ .Release.Namespace }} + labels: + {{- include "etcd.labels" . | nindent 4 }} +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - port: {{ .Values.service.clientPort | default 2379 }} + targetPort: client + protocol: TCP + name: client + - port: {{ .Values.service.peerPort | default 2380 }} + targetPort: peer + protocol: TCP + name: peer + selector: + {{- include "etcd.selectorLabels" . | nindent 4 }} diff --git a/charts/etcd/templates/serviceaccount.yaml b/charts/etcd/templates/serviceaccount.yaml new file mode 100644 index 00000000..1aadc749 --- /dev/null +++ b/charts/etcd/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "etcd.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "etcd.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/etcd/templates/servicemonitor.yaml b/charts/etcd/templates/servicemonitor.yaml new file mode 100644 index 00000000..de65a73f --- /dev/null +++ b/charts/etcd/templates/servicemonitor.yaml @@ -0,0 +1,38 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "etcd.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace }} + labels: + {{- include "etcd.labels" . | nindent 4 }} + {{- with .Values.metrics.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "etcd.selectorLabels" . | nindent 6 }} + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/charts/etcd/templates/statefulset.yaml b/charts/etcd/templates/statefulset.yaml new file mode 100644 index 00000000..e7c93f0a --- /dev/null +++ b/charts/etcd/templates/statefulset.yaml @@ -0,0 +1,240 @@ +{{- include "etcd.validateValues" . }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "etcd.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "etcd.labels" . | nindent 4 }} + {{- with (include "etcd.annotations" .) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + serviceName: {{ include "etcd.fullname" . }}-headless + replicas: {{ .Values.replicaCount }} + podManagementPolicy: Parallel + {{- if .Values.updateStrategy }} + updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "etcd.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "etcd.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{- with (include "etcd.annotations" .) }} + {{- . | nindent 8 }} + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: +{{- with (include "etcd.imagePullSecrets" .) }} +{{ . | nindent 6 }} +{{- end }} + serviceAccountName: {{ include "etcd.serviceAccountName" . }} + securityContext: {{ include "common.renderPodSecurityContext" . | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: {{ include "common.renderContainerSecurityContext" . | nindent 12 }} + image: {{ include "etcd.image" . | quote }} + imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" | quote }} + command: + - /usr/local/bin/etcd + args: + - --name=$(POD_NAME) + - --listen-peer-urls={{ if .Values.auth.peer.enabled }}https{{ else }}http{{ end }}://{{ .Values.config.listenPeerIp }}:{{ .Values.service.peerPort }} + - --listen-client-urls={{ if .Values.auth.enabled }}https{{ else }}http{{ end }}://{{ .Values.config.listenClientIp }}:{{ .Values.service.clientPort }} + - --advertise-client-urls={{ if .Values.auth.enabled }}https{{ else }}http{{ end }}://$(POD_NAME).{{ include "etcd.fullname" . }}-headless.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.clientPort }} + - --initial-advertise-peer-urls={{ if .Values.auth.peer.enabled }}https{{ else }}http{{ end }}://$(POD_NAME).{{ include "etcd.fullname" . }}-headless.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.peerPort }} + - --initial-cluster={{ include "etcd.initialCluster" . }} + - --initial-cluster-token={{ .Values.config.initialClusterToken }} + - --initial-cluster-state={{ .Values.config.initialClusterState }} + - --data-dir={{ .Values.persistence.mountPath }}/default.etcd + - --auto-compaction-mode={{ .Values.config.autoCompactionMode }} + - --auto-compaction-retention={{ .Values.config.autoCompactionRetention }} + - --snapshot-count={{ .Values.config.snapshotCount | int64 }} + - --quota-backend-bytes={{ .Values.config.quotaBackendBytes | int64 }} + - --max-request-bytes={{ .Values.config.maxRequestBytes | int64 }} + - --heartbeat-interval={{ .Values.config.heartbeatInterval }} + - --election-timeout={{ .Values.config.electionTimeout }} + - --max-snapshots={{ .Values.config.maxSnapshots }} + - --max-wals={{ .Values.config.maxWals }} + - --log-level={{ .Values.config.logLevel }} + {{- if .Values.auth.enabled }} + - --client-cert-auth + - --trusted-ca-file=/etc/etcd/certs/client/ca.crt + - --cert-file=/etc/etcd/certs/client/tls.crt + - --key-file=/etc/etcd/certs/client/tls.key + {{- end }} + {{- if .Values.auth.peer.enabled }} + - --peer-client-cert-auth + - --peer-trusted-ca-file=/etc/etcd/certs/peer/ca.crt + - --peer-cert-file=/etc/etcd/certs/peer/tls.crt + - --peer-key-file=/etc/etcd/certs/peer/tls.key + {{- end }} + {{- if .Values.metrics.enabled }} + - --listen-metrics-urls=http://{{ .Values.config.listenClientIp }}:{{ .Values.service.metricsPort }} + {{- end }} + {{- range .Values.extraArgs }} + - {{ . }} + {{- end }} + ports: + - name: client + containerPort: {{ .Values.service.clientPort | default 2379 }} + protocol: TCP + - name: peer + containerPort: {{ .Values.service.peerPort | default 2380 }} + protocol: TCP + {{- if .Values.metrics.enabled }} + - name: metrics + containerPort: {{ .Values.service.metricsPort | default 2381 }} + protocol: TCP + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + {{- range .Values.extraEnv }} + - name: {{ .name }} + value: {{ .value | quote }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + httpGet: + path: /health + port: client + {{- if .Values.auth.enabled }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /health + port: client + {{- if .Values.auth.enabled }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /health?serializable=true + port: client + {{- if .Values.auth.enabled }} + scheme: HTTPS + {{- else }} + scheme: HTTP + {{- end }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + {{- end }} + resources: {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: data + mountPath: {{ .Values.persistence.mountPath }} + {{- if .Values.containerSecurityContext.readOnlyRootFilesystem }} + - name: tmp + mountPath: /tmp + {{- end }} + {{- if .Values.auth.enabled }} + - name: client-certs + mountPath: /etc/etcd/certs/client + readOnly: true + {{- end }} + {{- if .Values.auth.peer.enabled }} + - name: peer-certs + mountPath: /etc/etcd/certs/peer + readOnly: true + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + {{- if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.containerSecurityContext.readOnlyRootFilesystem }} + - name: tmp + emptyDir: {} + {{- end }} + {{- if .Values.auth.enabled }} + - name: client-certs + secret: + secretName: {{ .Values.auth.existingSecret }} + defaultMode: 0400 + {{- end }} + {{- if .Values.auth.peer.enabled }} + - name: peer-certs + secret: + secretName: {{ .Values.auth.peer.existingSecret }} + defaultMode: 0400 + {{- end }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- with .Values.persistence.accessModes }} + {{- toYaml . | nindent 10 }} + {{- end}} + {{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- end }} diff --git a/charts/etcd/tests/common-parameters_test.yaml b/charts/etcd/tests/common-parameters_test.yaml new file mode 100644 index 00000000..ea73fca5 --- /dev/null +++ b/charts/etcd/tests/common-parameters_test.yaml @@ -0,0 +1,210 @@ +suite: test etcd common parameters +templates: + - statefulset.yaml +set: + image: + tag: v3.6.0-alpha.0 +tests: + - it: should use default values when nothing is overridden + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-etcd + - equal: + path: metadata.labels["app.kubernetes.io/name"] + value: etcd + - equal: + path: metadata.labels["app.kubernetes.io/instance"] + value: RELEASE-NAME + - equal: + path: spec.template.spec.containers[0].image + value: quay.io/coreos/etcd:v3.6.0-alpha.0 + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + + - it: should respect global.imageRegistry override + set: + global: + imageRegistry: "my-registry.com" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: my-registry.com/coreos/etcd:v3.6.0-alpha.0 + + - it: should respect global.imagePullSecrets + set: + global: + imagePullSecrets: + - name: my-secret-1 + - name: my-secret-2 + asserts: + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: my-secret-1 + - equal: + path: spec.template.spec.imagePullSecrets[1].name + value: my-secret-2 + + - it: should respect nameOverride + set: + nameOverride: "custom-name" + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-custom-name + - equal: + path: metadata.labels["app.kubernetes.io/name"] + value: custom-name + + - it: should respect fullnameOverride + set: + fullnameOverride: "completely-custom-name" + asserts: + - equal: + path: metadata.name + value: completely-custom-name + + - it: should add commonLabels to all resources + set: + commonLabels: + environment: "test" + team: "platform" + asserts: + - equal: + path: metadata.labels.environment + value: test + - equal: + path: metadata.labels.team + value: platform + + - it: should add commonAnnotations to all resources + set: + commonAnnotations: + deployment.kubernetes.io/revision: "1" + prometheus.io/scrape: "true" + asserts: + - equal: + path: metadata.annotations["deployment.kubernetes.io/revision"] + value: "1" + - equal: + path: metadata.annotations["prometheus.io/scrape"] + value: "true" + + - it: should respect image.registry override + set: + image: + registry: "custom-registry.io" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: custom-registry.io/coreos/etcd:v3.6.0-alpha.0 + + - it: should respect image.repository override + set: + image: + repository: "custom/etcd" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: quay.io/custom/etcd:v3.6.0-alpha.0 + + - it: should respect image.tag override + set: + image: + tag: "v3.5.0" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: quay.io/coreos/etcd:v3.5.0 + + - it: should respect image.pullPolicy override + set: + image: + pullPolicy: "Always" + asserts: + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Always + + - it: should prioritize global.imageRegistry over image.registry + set: + global: + imageRegistry: "global-registry.com" + image: + registry: "image-registry.com" + asserts: + - equal: + path: spec.template.spec.containers[0].image + value: global-registry.com/coreos/etcd:v3.6.0-alpha.0 + + - it: should add podLabels to pod template + set: + podLabels: + custom: "label" + foo: "bar" + asserts: + - equal: + path: spec.template.metadata.labels.custom + value: label + - equal: + path: spec.template.metadata.labels.foo + value: bar + + - it: should add podAnnotations to pod template + set: + podAnnotations: + custom: "annotation" + foo: "bar" + asserts: + - equal: + path: spec.template.metadata.annotations.custom + value: annotation + - equal: + path: spec.template.metadata.annotations.foo + value: bar + + - it: should combine all overrides correctly + set: + global: + imageRegistry: "global-reg.io" + imagePullSecrets: + - name: global-secret + nameOverride: "custom-etcd" + commonLabels: + env: "prod" + commonAnnotations: + version: "v1.0.0" + podLabels: + pod-label: "value" + podAnnotations: + pod-annotation: "value" + image: + repository: "custom/etcd" + tag: "v3.5.0" + pullPolicy: "Never" + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-custom-etcd + - equal: + path: metadata.labels.env + value: prod + - equal: + path: metadata.annotations.version + value: v1.0.0 + - equal: + path: spec.template.metadata.labels.pod-label + value: value + - equal: + path: spec.template.metadata.annotations.pod-annotation + value: value + - equal: + path: spec.template.spec.containers[0].image + value: global-reg.io/custom/etcd:v3.5.0 + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: Never + - equal: + path: spec.template.spec.imagePullSecrets[0].name + value: global-secret diff --git a/charts/etcd/tests/etcd-functionality_test.yaml b/charts/etcd/tests/etcd-functionality_test.yaml new file mode 100644 index 00000000..0cee7b96 --- /dev/null +++ b/charts/etcd/tests/etcd-functionality_test.yaml @@ -0,0 +1,258 @@ +suite: test etcd functionality +templates: + - statefulset.yaml + - service.yaml + - poddisruptionbudget.yaml + - servicemonitor.yaml + - networkpolicy.yaml +set: + image: + tag: v3.6.0-alpha.0 +tests: + # Replica count validation + - it: should fail with even replica count + template: statefulset.yaml + set: + replicaCount: 2 + asserts: + - failedTemplate: {} + + - it: should succeed with odd replica count + template: statefulset.yaml + set: + replicaCount: 5 + asserts: + - equal: + path: spec.replicas + value: 5 + + # etcd configuration + - it: should configure initial cluster state + template: statefulset.yaml + set: + config: + initialClusterState: "existing" + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--initial-cluster-state=existing" + + - it: should configure heartbeat and election timeout + template: statefulset.yaml + set: + config: + heartbeatInterval: 200 + electionTimeout: 2000 + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--heartbeat-interval=200" + - contains: + path: spec.template.spec.containers[0].args + content: "--election-timeout=2000" + + - it: should configure listen IPs + template: statefulset.yaml + set: + config: + listenPeerIp: "127.0.0.1" + listenClientIp: "127.0.0.1" + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--listen-peer-urls=http://127.0.0.1:2380" + - contains: + path: spec.template.spec.containers[0].args + content: "--listen-client-urls=http://127.0.0.1:2379" + + - it: should add extraArgs + template: statefulset.yaml + set: + extraArgs: + - "--max-txn-ops=128" + - "--grpc-keepalive-min-time=5s" + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--max-txn-ops=128" + - contains: + path: spec.template.spec.containers[0].args + content: "--grpc-keepalive-min-time=5s" + + # TLS configuration + - it: should enable client TLS + template: statefulset.yaml + set: + auth: + enabled: true + existingSecret: "etcd-client-certs" + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--client-cert-auth" + - contains: + path: spec.template.spec.containers[0].args + content: "--listen-client-urls=https://0.0.0.0:2379" + + - it: should enable peer TLS + template: statefulset.yaml + set: + auth: + peer: + enabled: true + existingSecret: "etcd-peer-certs" + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--peer-client-cert-auth" + - contains: + path: spec.template.spec.containers[0].args + content: "--listen-peer-urls=https://0.0.0.0:2380" + + # Metrics configuration + - it: should expose metrics port when enabled + template: statefulset.yaml + set: + metrics: + enabled: true + asserts: + - contains: + path: spec.template.spec.containers[0].args + content: "--listen-metrics-urls=http://0.0.0.0:2381" + - contains: + path: spec.template.spec.containers[0].ports + content: + name: metrics + containerPort: 2381 + protocol: TCP + + - it: should not expose metrics port when disabled + template: statefulset.yaml + set: + metrics: + enabled: false + asserts: + - notContains: + path: spec.template.spec.containers[0].args + content: "--listen-metrics-urls=http://0.0.0.0:2381" + + - it: should create ServiceMonitor when enabled + template: servicemonitor.yaml + set: + metrics: + enabled: true + serviceMonitor: + enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ServiceMonitor + + - it: should not create ServiceMonitor when disabled + template: servicemonitor.yaml + set: + metrics: + enabled: true + serviceMonitor: + enabled: false + asserts: + - hasDocuments: + count: 0 + + # Service configuration + - it: should add service annotations + template: service.yaml + set: + service: + annotations: + key1: "value1" + key2: "value2" + asserts: + - equal: + path: metadata.annotations.key1 + value: value1 + documentIndex: 0 + - equal: + path: metadata.annotations.key2 + value: value2 + documentIndex: 0 + + - it: should expose metrics port in service + template: service.yaml + set: + metrics: + enabled: true + asserts: + - contains: + path: spec.ports + content: + name: metrics + port: 2381 + targetPort: metrics + protocol: TCP + documentIndex: 0 + + # PodDisruptionBudget + - it: should create PDB when enabled + template: poddisruptionbudget.yaml + set: + podDisruptionBudget: + enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: PodDisruptionBudget + + - it: should not create PDB when disabled + template: poddisruptionbudget.yaml + set: + podDisruptionBudget: + enabled: false + asserts: + - hasDocuments: + count: 0 + + - it: should set minAvailable in PDB + template: poddisruptionbudget.yaml + set: + podDisruptionBudget: + enabled: true + minAvailable: 2 + asserts: + - equal: + path: spec.minAvailable + value: 2 + + # NetworkPolicy + - it: should create NetworkPolicy when enabled + template: networkpolicy.yaml + set: + networkPolicy: + enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: NetworkPolicy + + - it: should not create NetworkPolicy when disabled + template: networkpolicy.yaml + set: + networkPolicy: + enabled: false + asserts: + - hasDocuments: + count: 0 + + # UpdateStrategy + - it: should configure update strategy + template: statefulset.yaml + set: + updateStrategy: + type: "OnDelete" + asserts: + - equal: + path: spec.updateStrategy.type + value: OnDelete diff --git a/charts/etcd/tests/service-account_test.yaml b/charts/etcd/tests/service-account_test.yaml new file mode 100644 index 00000000..22388d09 --- /dev/null +++ b/charts/etcd/tests/service-account_test.yaml @@ -0,0 +1,58 @@ +suite: test etcd service account parameters +templates: + - serviceaccount.yaml +set: + serviceAccount: + create: true +tests: + - it: should use default labels for the manifest + asserts: + - equal: + path: metadata.name + value: RELEASE-NAME-etcd + - equal: + path: metadata.labels["app.kubernetes.io/name"] + value: etcd + - equal: + path: metadata.labels["app.kubernetes.io/instance"] + value: RELEASE-NAME + + - it: should respect serviceAccount.name override + set: + serviceAccount: + name: "my-service-account" + asserts: + - equal: + path: metadata.name + value: my-service-account + + - it: should respect serviceAccount.annotations override + set: + serviceAccount: + annotations: + key1: "value1" + key2: "value2" + asserts: + - equal: + path: metadata.annotations.key1 + value: value1 + - equal: + path: metadata.annotations.key2 + value: value2 + + - it: should respect serviceAccount.automountServiceAccountToken + set: + serviceAccount: + automountServiceAccountToken: true + asserts: + - equal: + path: automountServiceAccountToken + value: true + + - it: should not render when create is false + set: + serviceAccount: + create: false + asserts: + - hasDocuments: + count: 0 diff --git a/charts/etcd/values.schema.json b/charts/etcd/values.schema.json new file mode 100644 index 00000000..8efc0440 --- /dev/null +++ b/charts/etcd/values.schema.json @@ -0,0 +1,341 @@ +{ + "$schema": "https://json-schema.org/draft-07/schema#", + "type": "object", + "title": "etcd Helm Chart Values Schema", + "description": "Schema for etcd Helm chart values", + "properties": { + "global": { + "type": "object", + "title": "Global parameters", + "description": "Global Docker image parameters", + "properties": { + "imageRegistry": { + "type": "string", + "title": "Global Docker Image Registry", + "description": "Global Docker image registry" + }, + "imagePullSecrets": { + "type": "array", + "title": "Global Image Pull Secrets", + "description": "Global Docker registry secret names as an array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "required": ["name"] + } + } + } + }, + "nameOverride": { + "type": "string", + "title": "Name Override", + "description": "String to partially override etcd.fullname" + }, + "fullnameOverride": { + "type": "string", + "title": "Full Name Override", + "description": "String to fully override etcd.fullname" + }, + "commonLabels": { + "type": "object", + "title": "Common Labels", + "description": "Labels to add to all deployed objects" + }, + "commonAnnotations": { + "type": "object", + "title": "Common Annotations", + "description": "Annotations to add to all deployed objects" + }, + "image": { + "type": "object", + "title": "etcd Image Configuration", + "description": "Configuration for etcd container image", + "properties": { + "registry": { + "type": "string", + "title": "etcd Image Registry" + }, + "repository": { + "type": "string", + "title": "etcd Image Repository" + }, + "tag": { + "type": "string", + "title": "etcd Image Tag" + }, + "pullPolicy": { + "type": "string", + "title": "etcd Image Pull Policy", + "enum": ["Always", "IfNotPresent", "Never"] + } + } + }, + "replicaCount": { + "type": "integer", + "title": "Replica Count", + "description": "Number of etcd replicas to deploy", + "minimum": 1 + }, + "podLabels": { + "type": "object", + "title": "Pod Labels", + "description": "Additional labels for etcd pods" + }, + "podAnnotations": { + "type": "object", + "title": "Pod Annotations", + "description": "Additional annotations for etcd pods" + }, + "service": { + "type": "object", + "title": "Service Configuration", + "properties": { + "type": { + "type": "string", + "title": "Service Type", + "enum": ["ClusterIP", "NodePort", "LoadBalancer"] + }, + "annotations": { + "type": "object", + "title": "Service Annotations" + }, + "clientPort": { + "type": "integer", + "title": "Client Port", + "minimum": 1, + "maximum": 65535 + }, + "peerPort": { + "type": "integer", + "title": "Peer Port", + "minimum": 1, + "maximum": 65535 + }, + "metricsPort": { + "type": "integer", + "title": "Metrics Port", + "minimum": 1, + "maximum": 65535 + } + } + }, + "config": { + "type": "object", + "title": "etcd Configuration", + "properties": { + "initialClusterState": { + "type": "string", + "title": "Initial Cluster State", + "enum": ["new", "existing"] + }, + "autoCompactionMode": { + "type": "string", + "title": "Auto Compaction Mode", + "enum": ["periodic", "revision"] + }, + "autoCompactionRetention": { + "type": "string", + "title": "Auto Compaction Retention" + }, + "snapshotCount": { + "type": "integer", + "title": "Snapshot Count", + "minimum": 1 + }, + "quotaBackendBytes": { + "type": "integer", + "title": "Backend Quota in Bytes", + "minimum": 1 + }, + "maxRequestBytes": { + "type": "integer", + "title": "Max Request Bytes", + "minimum": 1 + }, + "logLevel": { + "type": "string", + "title": "Log Level", + "enum": ["debug", "info", "warn", "error", "panic", "fatal"] + }, + "initialClusterToken": { + "type": "string", + "title": "Initial Cluster Token" + }, + "heartbeatInterval": { + "type": "integer", + "title": "Heartbeat Interval (ms)", + "minimum": 1 + }, + "electionTimeout": { + "type": "integer", + "title": "Election Timeout (ms)", + "minimum": 1 + }, + "maxSnapshots": { + "type": "integer", + "title": "Max Snapshots to Retain", + "minimum": 1 + }, + "maxWals": { + "type": "integer", + "title": "Max WALs to Retain", + "minimum": 1 + }, + "listenPeerIp": { + "type": "string", + "title": "Listen Peer IP Address", + "pattern": "^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$|^0\\.0\\.0\\.0$" + }, + "listenClientIp": { + "type": "string", + "title": "Listen Client IP Address", + "pattern": "^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$|^0\\.0\\.0\\.0$" + } + } + }, + "persistence": { + "type": "object", + "title": "Persistence Configuration", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Persistence" + }, + "storageClass": { + "type": "string", + "title": "Storage Class" + }, + "size": { + "type": "string", + "title": "Volume Size" + }, + "mountPath": { + "type": "string", + "title": "Mount Path" + } + } + }, + "resources": { + "type": "object", + "title": "Resource Requirements" + }, + "updateStrategy": { + "type": "object", + "title": "Update Strategy", + "properties": { + "type": { + "type": "string", + "title": "Update Strategy Type", + "enum": ["RollingUpdate", "OnDelete"] + } + } + }, + "metrics": { + "type": "object", + "title": "Metrics Configuration", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Metrics" + }, + "serviceMonitor": { + "type": "object", + "title": "ServiceMonitor Configuration", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable ServiceMonitor" + }, + "namespace": { + "type": "string", + "title": "ServiceMonitor Namespace" + }, + "interval": { + "type": "string", + "title": "Scrape Interval" + }, + "scrapeTimeout": { + "type": "string", + "title": "Scrape Timeout" + }, + "honorLabels": { + "type": "boolean", + "title": "Honor Labels" + } + } + } + } + }, + "podDisruptionBudget": { + "type": "object", + "title": "Pod Disruption Budget", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable PDB" + }, + "minAvailable": { + "oneOf": [ + {"type": "integer", "minimum": 1}, + {"type": "string"} + ], + "title": "Minimum Available Pods" + }, + "maxUnavailable": { + "oneOf": [ + {"type": "integer", "minimum": 1}, + {"type": "string"} + ], + "title": "Maximum Unavailable Pods" + } + } + }, + "serviceAccount": { + "type": "object", + "title": "Service Account", + "properties": { + "create": { + "type": "boolean", + "title": "Create Service Account" + }, + "name": { + "type": "string", + "title": "Service Account Name" + }, + "annotations": { + "type": "object", + "title": "Service Account Annotations" + }, + "automountServiceAccountToken": { + "type": "boolean", + "title": "Automount Token" + } + } + }, + "networkPolicy": { + "type": "object", + "title": "Network Policy", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Network Policy" + }, + "allowExternal": { + "type": "boolean", + "title": "Allow External Traffic" + } + } + }, + "extraArgs": { + "type": "array", + "title": "Extra Arguments", + "items": { + "type": "string" + } + } + } +} diff --git a/charts/etcd/values.yaml b/charts/etcd/values.yaml new file mode 100644 index 00000000..853a99a5 --- /dev/null +++ b/charts/etcd/values.yaml @@ -0,0 +1,271 @@ +## @section Global parameters +global: + ## @param global.imageRegistry Global Docker Image registry + imageRegistry: "" + ## @param global.imagePullSecrets Global Docker registry secret names as an array + imagePullSecrets: [] + +## @section Common parameters +## @param nameOverride String to partially override etcd.fullname +nameOverride: "" +## @param fullnameOverride String to fully override etcd.fullname +fullnameOverride: "" +## @param commonLabels Labels to add to all deployed objects +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +commonAnnotations: {} + +## @section etcd image parameters +image: + ## @param image.registry etcd image registry + registry: quay.io + ## @param image.repository etcd image repository + repository: coreos/etcd + ## @param image.tag etcd image tag + tag: "v3.6.5@sha256:3397341272b9e0a6f44d7e3fc7c321c6efe6cbe82ce866b9b01d0c704bfc5bf3" + ## @param image.pullPolicy etcd image pull policy + pullPolicy: IfNotPresent + +## @param replicaCount Number of etcd replicas to deploy (must be odd number for quorum) +replicaCount: 3 + +## @param podLabels Additional labels for etcd pods +podLabels: {} + +## @param podAnnotations Additional annotations for etcd pods +podAnnotations: {} + +## @section Service configuration +service: + ## @param service.type Kubernetes service type + type: ClusterIP + ## @param service.annotations Service annotations + annotations: {} + ## @param service.clientPort etcd client service port + clientPort: 2379 + ## @param service.peerPort etcd peer service port + peerPort: 2380 + ## @param service.metricsPort etcd metrics service port + metricsPort: 2381 + +auth: + ## @param auth.enabled Enable client-to-server authentication + enabled: false + ## @param auth.existingSecret Name of existing secret containing client certificates + existingSecret: "" + peer: + ## @param auth.peer.enabled Enable peer-to-peer authentication + enabled: false + ## @param auth.peer.existingSecret Name of existing secret containing peer certificates + existingSecret: "" + +## @section etcd configuration +config: + ## @param config.initialClusterState Initial cluster state (new or existing) + initialClusterState: new + ## @param config.autoCompactionMode Auto compaction mode (periodic or revision) + autoCompactionMode: periodic + ## @param config.autoCompactionRetention Auto compaction retention (1 hour for periodic mode) + autoCompactionRetention: "1" + ## @param config.snapshotCount Number of committed transactions to trigger a snapshot + snapshotCount: 10000 + ## @param config.quotaBackendBytes Backend storage quota in bytes (default 2GB) + quotaBackendBytes: 2147483648 + ## @param config.maxRequestBytes Maximum client request size in bytes + maxRequestBytes: 1572864 + ## @param config.logLevel Log level (debug, info, warn, error, panic, fatal) + logLevel: info + ## @param config.initialClusterToken Initial cluster token for the etcd cluster + initialClusterToken: etcd-cluster + ## @param config.heartbeatInterval Time (in milliseconds) of a heartbeat interval + heartbeatInterval: 100 + ## @param config.electionTimeout Time (in milliseconds) for an election to timeout + electionTimeout: 1000 + ## @param config.maxSnapshots Maximum number of snapshot files to retain + maxSnapshots: 5 + ## @param config.maxWals Maximum number of wal files to retain + maxWals: 5 + ## @param config.listenPeerIp IP address to listen on for peer traffic (default 0.0.0.0) + listenPeerIp: 0.0.0.0 + ## @param config.listenClientIp IP address to listen on for client traffic (default 0.0.0.0) + listenClientIp: 0.0.0.0 + +## @section Persistence +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims + enabled: true + ## @param persistence.storageClass Persistent Volume storage class + storageClass: "" + ## @param persistence.annotations Persistent Volume Claim annotations + annotations: {} + ## @param persistence.size Persistent Volume size + size: 8Gi + ## @param persistence.accessModes Persistent Volume access modes + accessModes: + - ReadWriteOnce + ## @param persistence.mountPath The path where to mount the data volume + mountPath: /var/run/etcd + +## @param resources Resource limits and requests for etcd pod +resources: {} + # limits: + # memory: 512Mi + # requests: + # cpu: 250m + # memory: 256Mi + +## @section StatefulSet configuration +## @param updateStrategy.type StatefulSet update strategy type +updateStrategy: + type: RollingUpdate + +## @section Metrics configuration +metrics: + ## @param metrics.enabled Enable Prometheus metrics + enabled: true + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource for scraping metrics using PrometheusOperator + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped + interval: 30s + ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended + scrapeTimeout: "" + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + metricRelabelings: [] + ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus + labels: {} + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + honorLabels: false + +## @section High Availability +podDisruptionBudget: + ## @param podDisruptionBudget.enabled Enable Pod Disruption Budget + enabled: false + ## @param podDisruptionBudget.minAvailable Minimum number of available pods + minAvailable: "" + ## @param podDisruptionBudget.maxUnavailable Maximum number of unavailable pods + maxUnavailable: 1 + +## @section Service Account +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for etcd pod + create: true + ## @param serviceAccount.name Name of the created serviceAccount + name: "" + ## @param serviceAccount.annotations Annotations for service account + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod + automountServiceAccountToken: false + +## @section Network Policy +networkPolicy: + ## @param networkPolicy.enabled Enable NetworkPolicy + enabled: false + ## @param networkPolicy.allowExternal Allow external traffic + allowExternal: true + ## @param networkPolicy.extraIngress Additional ingress rules + extraIngress: [] + ## @param networkPolicy.extraEgress Additional egress rules + extraEgress: [] + +## @param extraArgs Additional etcd command line arguments as array +extraArgs: [] +# - --max-txn-ops=128 +# - --grpc-keepalive-min-time=5s + +## @param nodeSelector Node selector for pod assignment +nodeSelector: {} + +## @param priorityClassName for pod eviction +priorityClassName: "" + +## @param tolerations Tolerations for pod assignment +tolerations: [] + +## @param affinity Affinity rules for pod assignment +affinity: {} + +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment +topologySpreadConstraints: [] + +containerSecurityContext: + ## @param containerSecurityContext.runAsUser User ID to run the container + runAsUser: 1000 + ## @param containerSecurityContext.runAsGroup Group ID to run the container + runAsGroup: 1000 + ## @param containerSecurityContext.runAsNonRoot Run as non-root user + runAsNonRoot: true + ## @param containerSecurityContext.allowPrivilegeEscalation Set etcd container's privilege escalation + allowPrivilegeEscalation: false + ## @param containerSecurityContext.readOnlyRootFilesystem Mount container root filesystem as read-only + readOnlyRootFilesystem: true + ## @param containerSecurityContext.capabilities.drop Linux capabilities to drop + capabilities: + drop: + - ALL + +## @param podSecurityContext Security context for the pod +podSecurityContext: + ## @param podSecurityContext.fsGroup Set etcd pod's Security Context fsGroup + fsGroup: 1000 + +## @section Liveness and readiness probes +livenessProbe: + ## @param livenessProbe.enabled Enable livenessProbe on etcd containers + enabled: true + ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + initialDelaySeconds: 10 + ## @param livenessProbe.periodSeconds Period seconds for livenessProbe + periodSeconds: 10 + ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + timeoutSeconds: 5 + ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe + failureThreshold: 3 + ## @param livenessProbe.successThreshold Success threshold for livenessProbe + successThreshold: 1 + +readinessProbe: + ## @param readinessProbe.enabled Enable readinessProbe on etcd containers + enabled: true + ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + initialDelaySeconds: 5 + ## @param readinessProbe.periodSeconds Period seconds for readinessProbe + periodSeconds: 10 + ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + timeoutSeconds: 5 + ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe + failureThreshold: 3 + ## @param readinessProbe.successThreshold Success threshold for readinessProbe + successThreshold: 1 + +startupProbe: + ## @param startupProbe.enabled Enable startupProbe on etcd containers + enabled: true + ## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + initialDelaySeconds: 0 + ## @param startupProbe.periodSeconds Period seconds for startupProbe + periodSeconds: 10 + ## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe + timeoutSeconds: 5 + ## @param startupProbe.failureThreshold Failure threshold for startupProbe + failureThreshold: 30 + ## @param startupProbe.successThreshold Success threshold for startupProbe + successThreshold: 1 + +## @param extraEnv Additional environment variables to set +extraEnv: [] +# - name: EXTRA_VAR +# value: "extra_value" + +## @param extraVolumes Additional volumes to add to the pod +extraVolumes: [] + +## @param extraVolumeMounts Additional volume mounts to add to the etcd container +extraVolumeMounts: [] + +## @param extraObjects Array of extra objects to deploy with the release +extraObjects: [] diff --git a/charts/ghost/CHANGELOG.md b/charts/ghost/CHANGELOG.md index f9d6b2b0..66c38351 100644 --- a/charts/ghost/CHANGELOG.md +++ b/charts/ghost/CHANGELOG.md @@ -1,5 +1,47 @@ # Changelog -## 0.2.5 (2025-10-09) +## 0.2.6 (2025-10-10) -* [mongodb] feat: add metrics exporter ([#243](https://github.com/CloudPirates-io/helm-charts/pull/243)) +* [ghost] Update charts/ghost/values.yaml ghost to v6.3.0 (minor) ([#327](https://github.com/CloudPirates-io/helm-charts/pull/327)) + +## 0.2.5 (2025-10-09) + +* Update charts/ghost/values.yaml ghost to v6.2.0 (minor) (#268) ([c8d3f80](https://github.com/CloudPirates-io/helm-charts/commit/c8d3f80)), closes [#268](https://github.com/CloudPirates-io/helm-charts/issues/268) + +## 0.2.4 (2025-10-09) + +* Update charts/ghost/values.yaml ghost to v6.0.10 (patch) (#259) ([c9b9b8b](https://github.com/CloudPirates-io/helm-charts/commit/c9b9b8b)), closes [#259](https://github.com/CloudPirates-io/helm-charts/issues/259) + +## 0.2.3 (2025-10-06) + +* [mariadb] chore(deps): update mariadb:12.0.2 Docker digest to 03a03a6 (#208) ([01a6ad1](https://github.com/CloudPirates-io/helm-charts/commit/01a6ad1)), closes [#208](https://github.com/CloudPirates-io/helm-charts/issues/208) + +## 0.2.2 (2025-10-01) + +* use png as icon (#200) ([359e88f](https://github.com/CloudPirates-io/helm-charts/commit/359e88f)), closes [#200](https://github.com/CloudPirates-io/helm-charts/issues/200) + +## 0.2.1 (2025-10-01) + +* switch helm-chart icon to a new svg (#199) ([44e4d0d](https://github.com/CloudPirates-io/helm-charts/commit/44e4d0d)), closes [#199](https://github.com/CloudPirates-io/helm-charts/issues/199) + +## 0.2.0 (2025-10-01) + +* make ghost run on openshift (#195) ([93762d4](https://github.com/CloudPirates-io/helm-charts/commit/93762d4)), closes [#195](https://github.com/CloudPirates-io/helm-charts/issues/195) +* add artifacthub repo ID ([665bf26](https://github.com/CloudPirates-io/helm-charts/commit/665bf26)) +* add ghost ([83ef05d](https://github.com/CloudPirates-io/helm-charts/commit/83ef05d)) +* add ghost logo ([6a4df33](https://github.com/CloudPirates-io/helm-charts/commit/6a4df33)) +* add maintainer information ([7eec72b](https://github.com/CloudPirates-io/helm-charts/commit/7eec72b)) +* fix app version ([688338c](https://github.com/CloudPirates-io/helm-charts/commit/688338c)) +* fix Chart.lock for linting ([40c4159](https://github.com/CloudPirates-io/helm-charts/commit/40c4159)) +* fix configuration and installation ([40a2729](https://github.com/CloudPirates-io/helm-charts/commit/40a2729)) +* fix unittest typo ([cc31439](https://github.com/CloudPirates-io/helm-charts/commit/cc31439)) +* improve configuration settings for more clearity with 'externaldb' ([d539bf8](https://github.com/CloudPirates-io/helm-charts/commit/d539bf8)) +* improve startup, wait for mariadb to be ready ([8baec0a](https://github.com/CloudPirates-io/helm-charts/commit/8baec0a)) +* Update CHANGELOG.md ([dc9fbd8](https://github.com/CloudPirates-io/helm-charts/commit/dc9fbd8)) +* Update CHANGELOG.md ([1bee7fe](https://github.com/CloudPirates-io/helm-charts/commit/1bee7fe)) +* update docs ([333b4e3](https://github.com/CloudPirates-io/helm-charts/commit/333b4e3)) +* update docs ([d503408](https://github.com/CloudPirates-io/helm-charts/commit/d503408)) +* update docs for external database connection ([1fa8f61](https://github.com/CloudPirates-io/helm-charts/commit/1fa8f61)) +* update values schema with missing fields ([3f38991](https://github.com/CloudPirates-io/helm-charts/commit/3f38991)) +* chore: add Newline for the linter ([a667374](https://github.com/CloudPirates-io/helm-charts/commit/a667374)) +* chore: fix linting, remove trailing spaces ([0f2465d](https://github.com/CloudPirates-io/helm-charts/commit/0f2465d)) diff --git a/charts/ghost/Chart.yaml b/charts/ghost/Chart.yaml index 48b23658..950c2572 100644 --- a/charts/ghost/Chart.yaml +++ b/charts/ghost/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ghost description: A simple, powerful publishing platform that allows you to share your stories with the world. type: application -version: 0.2.5 +version: 0.2.6 appVersion: "6.0.9" keywords: - ghost diff --git a/charts/ghost/values.yaml b/charts/ghost/values.yaml index 2decfdf5..edec71cc 100644 --- a/charts/ghost/values.yaml +++ b/charts/ghost/values.yaml @@ -22,7 +22,7 @@ image: ## @param image.repository Nginx image repository repository: ghost ## @param image.tag Nginx image tag - tag: "6.2.0@sha256:ffc213a6f2db7210b69396dc4330b4a9c5e27c8b044ae453854d53bd3937a6ec" + tag: "6.3.0@sha256:4b58f8f889b9115199c18994f9d13ac5bc0b32d9c5b65f06f58fcaa7f739f6e8" ## @param image.pullPolicy Nginx image pull policy pullPolicy: Always diff --git a/charts/keycloak/CHANGELOG.md b/charts/keycloak/CHANGELOG.md index e3571349..10715f0b 100644 --- a/charts/keycloak/CHANGELOG.md +++ b/charts/keycloak/CHANGELOG.md @@ -1,5 +1,88 @@ # Changelog +## 0.4.0 (2025-10-10) + +* [keycloak] Allow to import a realm at startup from a json config ([#219](https://github.com/CloudPirates-io/helm-charts/pull/219)) + ## 0.3.2 (2025-10-09) -* [mongodb] feat: add metrics exporter ([#243](https://github.com/CloudPirates-io/helm-charts/pull/243)) +* [mongodb] fix: newline between mongo labels and additional labels ([#301](https://github.com/CloudPirates-io/helm-charts/pull/301)) + +## 0.3.1 (2025-10-09) + +* [keycloak/keycloak] Update charts/keycloak/values.yaml keycloak/keycloak to v26.3.5 (patch) ([#261](https://github.com/CloudPirates-io/helm-charts/pull/261)) + +## 0.3.0 (2025-10-08) + +* make keycloak run on openshift (#225) ([9b4f896](https://github.com/CloudPirates-io/helm-charts/commit/9b4f896)), closes [#225](https://github.com/CloudPirates-io/helm-charts/issues/225) + +## 0.2.1 (2025-10-07) + +* default http relative path to '/' to fix argocd deployment (#221) ([bdb1946](https://github.com/CloudPirates-io/helm-charts/commit/bdb1946)), closes [#221](https://github.com/CloudPirates-io/helm-charts/issues/221) + +## 0.2.0 (2025-10-06) + +* Add support for extra volumes, volumeMounts and initContainers (#215) ([16afcfe](https://github.com/CloudPirates-io/helm-charts/commit/16afcfe)), closes [#215](https://github.com/CloudPirates-io/helm-charts/issues/215) + +## 0.1.12 (2025-10-06) + +* [mariadb] chore(deps): update mariadb:12.0.2 Docker digest to 03a03a6 (#208) ([01a6ad1](https://github.com/CloudPirates-io/helm-charts/commit/01a6ad1)), closes [#208](https://github.com/CloudPirates-io/helm-charts/issues/208) +* [mariadb] use tpl to return existingConfigMap (#217) ([c7c2f4c](https://github.com/CloudPirates-io/helm-charts/commit/c7c2f4c)), closes [#217](https://github.com/CloudPirates-io/helm-charts/issues/217) + +## 0.1.11 (2025-10-06) + +* Allow keycloak to have a relative path (#216) ([0237457](https://github.com/CloudPirates-io/helm-charts/commit/0237457)), closes [#216](https://github.com/CloudPirates-io/helm-charts/issues/216) + +## 0.1.10 (2025-10-02) + +* [postgres] chore(deps): update postgres:17.6 Docker digest to e6a4209 (#173) ([beb0b40](https://github.com/CloudPirates-io/helm-charts/commit/beb0b40)), closes [#173](https://github.com/CloudPirates-io/helm-charts/issues/173) + +## 0.1.9 (2025-10-02) + +* add topologySpreadConstraints and trafficDistribution opti… (#209) ([c777fca](https://github.com/CloudPirates-io/helm-charts/commit/c777fca)), closes [#209](https://github.com/CloudPirates-io/helm-charts/issues/209) + +## 0.1.8 (2025-09-30) + +* Feature/command customize (#186) ([a458e15](https://github.com/CloudPirates-io/helm-charts/commit/a458e15)), closes [#186](https://github.com/CloudPirates-io/helm-charts/issues/186) + +## 0.1.7 (2025-09-29) + +* replace deprecated 'proxy' with new proxy parameters (#183) ([d850b7b](https://github.com/CloudPirates-io/helm-charts/commit/d850b7b)), closes [#183](https://github.com/CloudPirates-io/helm-charts/issues/183) + +## 0.1.6 (2025-09-26) + +* [postgres] chore(deps): update postgres:17.6 Docker digest to 0b6428e (#162) ([6293612](https://github.com/CloudPirates-io/helm-charts/commit/6293612)), closes [#162](https://github.com/CloudPirates-io/helm-charts/issues/162) + +## 0.1.5 (2025-09-25) + +* add namespaces to templates, change user/group-ids to 1001 ([31b203b](https://github.com/CloudPirates-io/helm-charts/commit/31b203b)) +* add readme documentation and values.schema.json ([369448b](https://github.com/CloudPirates-io/helm-charts/commit/369448b)) +* add support for extra env vars from an existing secret (#158) ([263604f](https://github.com/CloudPirates-io/helm-charts/commit/263604f)), closes [#158](https://github.com/CloudPirates-io/helm-charts/issues/158) +* Fix resolving template expressions in extraobjects ([12a1cb5](https://github.com/CloudPirates-io/helm-charts/commit/12a1cb5)) +* [postgres] chore(deps): update postgres:17.6 Docker digest to 0f4f200 ([b4a6a30](https://github.com/CloudPirates-io/helm-charts/commit/b4a6a30)) +* Add keycloak logo ([bf1e1c2](https://github.com/CloudPirates-io/helm-charts/commit/bf1e1c2)) +* Add TODO ([8162d60](https://github.com/CloudPirates-io/helm-charts/commit/8162d60)) +* Artifact hub id ([02540ae](https://github.com/CloudPirates-io/helm-charts/commit/02540ae)) +* Bump the correct thing ([35e7901](https://github.com/CloudPirates-io/helm-charts/commit/35e7901)) +* Fix chart version bump ([aae07b1](https://github.com/CloudPirates-io/helm-charts/commit/aae07b1)) +* Fix deprecated env vars warning ([50d9fa0](https://github.com/CloudPirates-io/helm-charts/commit/50d9fa0)) +* Fix lint ([4bf9e77](https://github.com/CloudPirates-io/helm-charts/commit/4bf9e77)) +* Fix lint 2 ([a38fc35](https://github.com/CloudPirates-io/helm-charts/commit/a38fc35)) +* Fix lint 3 ([0875bfa](https://github.com/CloudPirates-io/helm-charts/commit/0875bfa)) +* Fix lint 4 ([7fcbd78](https://github.com/CloudPirates-io/helm-charts/commit/7fcbd78)) +* Improvements ([cea8f2c](https://github.com/CloudPirates-io/helm-charts/commit/cea8f2c)) +* Initial implementation ([c5d41ec](https://github.com/CloudPirates-io/helm-charts/commit/c5d41ec)) +* Rework keycloak ([2afb0fd](https://github.com/CloudPirates-io/helm-charts/commit/2afb0fd)) +* Update CHANGELOG.md ([b7572a8](https://github.com/CloudPirates-io/helm-charts/commit/b7572a8)) +* Update CHANGELOG.md ([245f9b6](https://github.com/CloudPirates-io/helm-charts/commit/245f9b6)) +* Update CHANGELOG.md ([0bf9f75](https://github.com/CloudPirates-io/helm-charts/commit/0bf9f75)) +* Update CHANGELOG.md ([03d476e](https://github.com/CloudPirates-io/helm-charts/commit/03d476e)) +* Update CHANGELOG.md ([20c19bb](https://github.com/CloudPirates-io/helm-charts/commit/20c19bb)) +* Update CHANGELOG.md ([68435aa](https://github.com/CloudPirates-io/helm-charts/commit/68435aa)) +* Update CHANGELOG.md ([b8adca8](https://github.com/CloudPirates-io/helm-charts/commit/b8adca8)) +* Update CHANGELOG.md ([62e51b9](https://github.com/CloudPirates-io/helm-charts/commit/62e51b9)) +* Update CHANGELOG.md ([54f725e](https://github.com/CloudPirates-io/helm-charts/commit/54f725e)) +* Update CHANGELOG.md ([2ed9b3f](https://github.com/CloudPirates-io/helm-charts/commit/2ed9b3f)) +* Update CHANGELOG.md ([2178148](https://github.com/CloudPirates-io/helm-charts/commit/2178148)) +* Update CHANGELOG.md ([8d6710f](https://github.com/CloudPirates-io/helm-charts/commit/8d6710f)) +* chore: fix changelog ([bd9f1a8](https://github.com/CloudPirates-io/helm-charts/commit/bd9f1a8)) diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml index 2e61bbc7..dde2f8dc 100644 --- a/charts/keycloak/Chart.yaml +++ b/charts/keycloak/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: keycloak description: Open Source Identity and Access Management Solution type: application -version: 0.3.2 +version: 0.4.0 appVersion: "26.3.4" keywords: - keycloak diff --git a/charts/keycloak/README.md b/charts/keycloak/README.md index 10372ca3..7d1e5b77 100644 --- a/charts/keycloak/README.md +++ b/charts/keycloak/README.md @@ -167,6 +167,13 @@ The following table lists the configurable parameters of the Keycloak chart and | `cache.stack` | Cache stack (local, ispn, default) | `local` | | `cache.configFile` | Custom cache configuration file | `""` | +### Realm Configuration + +| Parameter | Description | Default | +| ------------------ | -------------------------------------------------------------------------------------- | ------- | +| `realm.import` | Enable import of realms from /opt/keycloak/data/import (production mode must be false) | `false` | +| `realm.configFile` | Json config for initial realm configuration, mounted in /opt/keycloak/data/import | `""` | + ### Features Configuration | Parameter | Description | Default | @@ -460,6 +467,19 @@ kubectl create secret generic keycloak-db-credentials \ --from-literal=db-username=keycloak ``` +### Realm import + +```yaml +realm: + import: true + configFile: | + { + "realm": "my-realm", + "enabled": true + } +``` + + ### High Availability Setup ```yaml diff --git a/charts/keycloak/templates/configmap.yaml b/charts/keycloak/templates/configmap.yaml index 34160321..0ac03236 100644 --- a/charts/keycloak/templates/configmap.yaml +++ b/charts/keycloak/templates/configmap.yaml @@ -13,4 +13,21 @@ metadata: data: cache-ispn.xml: | {{- .Values.cache.configFile | nindent 4 }} -{{- end }} \ No newline at end of file +{{- end }} +{{- if .Values.realm.import }} +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "keycloak.fullname" . }}-realm + namespace: {{ .Release.Namespace }} + labels: + {{- include "keycloak.labels" . | nindent 4 }} + {{- with (include "keycloak.annotations" .) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +data: + realm.json: | + {{ .Values.realm.configFile | nindent 4 }} +{{- end }} diff --git a/charts/keycloak/templates/deployment.yaml b/charts/keycloak/templates/deployment.yaml index 6c309346..f9698d8b 100644 --- a/charts/keycloak/templates/deployment.yaml +++ b/charts/keycloak/templates/deployment.yaml @@ -67,6 +67,9 @@ spec: - start {{- else }} - start-dev + {{- if .Values.realm.import }} + - --import-realm + {{- end }} {{- end }} {{- if .Values.keycloak.httpEnabled }} - --http-enabled=true @@ -220,10 +223,14 @@ spec: mountPath: /opt/keycloak/work - name: keycloak-lib-quarkus mountPath: /opt/keycloak/lib/quarkus + {{- if .Values.realm.import }} + - name: realm-config + mountPath: /opt/keycloak/data/import + readOnly: true + {{- end }} {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12}} {{- end }} - volumes: {{- if .Values.persistence.enabled }} - name: data @@ -244,9 +251,14 @@ spec: emptyDir: {} - name: keycloak-lib-quarkus emptyDir: {} - {{- if .Values.extraVolumes }} - {{- toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} + {{- if .Values.realm.import }} + - name: realm-config + configMap: + name: {{ include "keycloak.fullname" . }}-realm + {{- end }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/keycloak/values.schema.json b/charts/keycloak/values.schema.json index 19e86a41..c52fe5ec 100644 --- a/charts/keycloak/values.schema.json +++ b/charts/keycloak/values.schema.json @@ -284,6 +284,19 @@ } } }, + "realm": { + "type": "object", + "properties": { + "import": { + "type": "boolean", + "description": "Enable import of realms from /opt/keycloak/data/import (production mode must be false)" + }, + "configFile": { + "type": "string", + "description": "Json config for initial realm configuration, mounted in /opt/keycloak/data/import" + } + } + }, "features": { "type": "object", "properties": { diff --git a/charts/keycloak/values.yaml b/charts/keycloak/values.yaml index 6b2799d5..fff58e57 100644 --- a/charts/keycloak/values.yaml +++ b/charts/keycloak/values.yaml @@ -143,6 +143,13 @@ cache: ## @param cache.configFile Custom cache configuration file configFile: "" +## @section Realm Configuration +realm: + ## @param realm.import Enable import of realms from /opt/keycloak/data/import (production mode must be false) + import: false + ## @param realm.configFile Json config for initial realm configuration, mounted in /opt/keycloak/data/import + configFile: "" + ## @section Features Configuration features: ## @param features.enabled List of enabled features diff --git a/charts/mariadb/CHANGELOG.md b/charts/mariadb/CHANGELOG.md index 6893a4ce..616e0f67 100644 --- a/charts/mariadb/CHANGELOG.md +++ b/charts/mariadb/CHANGELOG.md @@ -1,5 +1,81 @@ # Changelog -## 0.3.3 (2025-10-09) +## 0.3.4 (2025-10-10) -* [mongodb] feat: add metrics exporter ([#243](https://github.com/CloudPirates-io/helm-charts/pull/243)) +* [mariadb] Update charts/mariadb/values.yaml mariadb ([#315](https://github.com/CloudPirates-io/helm-charts/pull/315)) + +## 0.3.3 (2025-10-08) + +* Add support for readOnlyRootFilesystem (#228) ([cdb58b2](https://github.com/CloudPirates-io/helm-charts/commit/cdb58b2)), closes [#228](https://github.com/CloudPirates-io/helm-charts/issues/228) + +## 0.3.2 (2025-10-06) + +* chore(deps): update docker.io/mariadb:12.0.2 Docker digest to 03a03a6 (#207) ([e51e995](https://github.com/CloudPirates-io/helm-charts/commit/e51e995)), closes [#207](https://github.com/CloudPirates-io/helm-charts/issues/207) + +## 0.3.1 (2025-10-06) + +* use tpl to return existingConfigMap (#217) ([c7c2f4c](https://github.com/CloudPirates-io/helm-charts/commit/c7c2f4c)), closes [#217](https://github.com/CloudPirates-io/helm-charts/issues/217) + +## 0.3.0 (2025-09-29) + +* bump version to 0.2.6 ([51bcd26](https://github.com/CloudPirates-io/helm-charts/commit/51bcd26)) +* change statefulset pvc-template labels to not use common.labels ([780386b](https://github.com/CloudPirates-io/helm-charts/commit/780386b)) +* chore(deps): update docker.io/mariadb:12.0.2 Docker digest to 8a061ef ([ba48f7a](https://github.com/CloudPirates-io/helm-charts/commit/ba48f7a)) +* fix pvc-labels ([aaf1b20](https://github.com/CloudPirates-io/helm-charts/commit/aaf1b20)) +* fix statefulset pvc template ([b600627](https://github.com/CloudPirates-io/helm-charts/commit/b600627)) +* make mariadb run on openshift (#176) ([e2c3afb](https://github.com/CloudPirates-io/helm-charts/commit/e2c3afb)), closes [#176](https://github.com/CloudPirates-io/helm-charts/issues/176) +* add empty linting rule ([8be9283](https://github.com/CloudPirates-io/helm-charts/commit/8be9283)) +* Bump chart version ([ea85028](https://github.com/CloudPirates-io/helm-charts/commit/ea85028)) +* Bump chart version ([d2863aa](https://github.com/CloudPirates-io/helm-charts/commit/d2863aa)) +* Bump MariaDB chart version to 0.2.3 ([10b1b7d](https://github.com/CloudPirates-io/helm-charts/commit/10b1b7d)) +* Fix helpers.tpl ([201ecc7](https://github.com/CloudPirates-io/helm-charts/commit/201ecc7)) +* Implement default password ([c858a6b](https://github.com/CloudPirates-io/helm-charts/commit/c858a6b)) +* Implement init script ([4b6ee98](https://github.com/CloudPirates-io/helm-charts/commit/4b6ee98)) +* mariadb now respects full custom container security context settings ([770ea69](https://github.com/CloudPirates-io/helm-charts/commit/770ea69)) +* Reverse version bump ([379dbfe](https://github.com/CloudPirates-io/helm-charts/commit/379dbfe)) +* Update CHANGELOG.md ([bb96d54](https://github.com/CloudPirates-io/helm-charts/commit/bb96d54)) +* Update CHANGELOG.md ([858838d](https://github.com/CloudPirates-io/helm-charts/commit/858838d)) +* Update CHANGELOG.md ([e5c8efd](https://github.com/CloudPirates-io/helm-charts/commit/e5c8efd)) +* Update CHANGELOG.md ([79570ff](https://github.com/CloudPirates-io/helm-charts/commit/79570ff)) +* Update CHANGELOG.md ([7517a21](https://github.com/CloudPirates-io/helm-charts/commit/7517a21)) +* Update CHANGELOG.md ([bcd1d8a](https://github.com/CloudPirates-io/helm-charts/commit/bcd1d8a)) +* Update CHANGELOG.md ([9af2905](https://github.com/CloudPirates-io/helm-charts/commit/9af2905)) +* Update docker.io/mariadb:12.0.2 Docker digest to a5af517 ([6322f06](https://github.com/CloudPirates-io/helm-charts/commit/6322f06)) +* updated chart version ([f7b6496](https://github.com/CloudPirates-io/helm-charts/commit/f7b6496)) + +## 0.2.0 (2025-09-02) + +* add extraObject array to all charts ([34772b7](https://github.com/CloudPirates-io/helm-charts/commit/34772b7)) +* bump all chart versions for new extraObjects feature ([aaa57f9](https://github.com/CloudPirates-io/helm-charts/commit/aaa57f9)) + +## 0.1.6 (2025-08-27) + +* [documentation] update readme files ([16944cd](https://github.com/CloudPirates-io/helm-charts/commit/16944cd)) +* bump version to 0.1.4 ([d4f2478](https://github.com/CloudPirates-io/helm-charts/commit/d4f2478)) +* fix annotations, imagePullsecret, update tests ([31a1a87](https://github.com/CloudPirates-io/helm-charts/commit/31a1a87)) +* update appversion to 12.0.2, release 0.1.5 ([cf67ba0](https://github.com/CloudPirates-io/helm-charts/commit/cf67ba0)) +* update container image definition-function, remove default value ([3ad9f82](https://github.com/CloudPirates-io/helm-charts/commit/3ad9f82)) +* update statefulset auth, fix image helper and imagePullSecret ([085f5bb](https://github.com/CloudPirates-io/helm-charts/commit/085f5bb)) +* Add ArtifactHub Badges to all Charts ([08b855b](https://github.com/CloudPirates-io/helm-charts/commit/08b855b)) +* Add ArtifactHub repo config ([15180a8](https://github.com/CloudPirates-io/helm-charts/commit/15180a8)) +* Add cosign signature READMEs ([5f82e7f](https://github.com/CloudPirates-io/helm-charts/commit/5f82e7f)) +* Add extensive chart testing ([a46efac](https://github.com/CloudPirates-io/helm-charts/commit/a46efac)) +* Add generated values.schema.json files from values.yaml ([aa79ac3](https://github.com/CloudPirates-io/helm-charts/commit/aa79ac3)) +* Add initial Changelogs to all Charts ([68f10ca](https://github.com/CloudPirates-io/helm-charts/commit/68f10ca)) +* Add LICENSE ([fdbf1ab](https://github.com/CloudPirates-io/helm-charts/commit/fdbf1ab)) +* add logos to helm-charts ([fc70cdc](https://github.com/CloudPirates-io/helm-charts/commit/fc70cdc)) +* Add release pipeline ([ebd7277](https://github.com/CloudPirates-io/helm-charts/commit/ebd7277)) +* Fix image tag/digest handling ([a5c982b](https://github.com/CloudPirates-io/helm-charts/commit/a5c982b)) +* Fix imagePullSecrets format and pull always ([ce0d301](https://github.com/CloudPirates-io/helm-charts/commit/ce0d301)) +* Fix linting for values.yaml ([504ac61](https://github.com/CloudPirates-io/helm-charts/commit/504ac61)) +* fix readme.md install text, update chart.yaml home-website ([3511582](https://github.com/CloudPirates-io/helm-charts/commit/3511582)) +* Fix values.yaml / Chart.yaml linting issues ([043c7e0](https://github.com/CloudPirates-io/helm-charts/commit/043c7e0)) +* Format README files ([04aacab](https://github.com/CloudPirates-io/helm-charts/commit/04aacab)) +* init, add mariadb, mongodb and redis chart ([8e44c83](https://github.com/CloudPirates-io/helm-charts/commit/8e44c83)) +* Relase withoud double chart name ([b0ec54d](https://github.com/CloudPirates-io/helm-charts/commit/b0ec54d)) +* Release new chart versions / update sources ([dbb0e45](https://github.com/CloudPirates-io/helm-charts/commit/dbb0e45)) +* Remove dot ([f7d300b](https://github.com/CloudPirates-io/helm-charts/commit/f7d300b)) +* remove serviceaccounts from all charts ([be8f43a](https://github.com/CloudPirates-io/helm-charts/commit/be8f43a)) +* Test release ([33db75e](https://github.com/CloudPirates-io/helm-charts/commit/33db75e)) +* Update mariadb ([37fb54f](https://github.com/CloudPirates-io/helm-charts/commit/37fb54f)) +* update readme, chart.yaml texts and descriptions ([0179046](https://github.com/CloudPirates-io/helm-charts/commit/0179046)) diff --git a/charts/mariadb/Chart.yaml b/charts/mariadb/Chart.yaml index c1344435..331a148d 100644 --- a/charts/mariadb/Chart.yaml +++ b/charts/mariadb/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mariadb description: MariaDB is a high-performance, open-source relational database server that is a drop-in replacement for MySQL type: application -version: 0.3.3 +version: 0.3.4 appVersion: "12.0.2" keywords: - mariadb diff --git a/charts/mariadb/values.yaml b/charts/mariadb/values.yaml index c2bcf586..8e80958f 100644 --- a/charts/mariadb/values.yaml +++ b/charts/mariadb/values.yaml @@ -22,7 +22,7 @@ image: ## @param image.repository MariaDB image repository repository: mariadb ## @param image.tag MariaDB image tag (immutable tags are recommended) - tag: "12.0.2@sha256:03a03a6817bb9eaa21e5aed1b734d432ec3f80021f5a2de1795475f158217545" + tag: "12.0.2@sha256:5b6a1eac15b85b981a61afb89aea2a22bf76b5f58809d05f0bcc13ab6ec44cb8" ## @param image.pullPolicy MariaDB image pull policy imagePullPolicy: Always diff --git a/charts/memcached/CHANGELOG.md b/charts/memcached/CHANGELOG.md index 54e971e4..a8cfb6db 100644 --- a/charts/memcached/CHANGELOG.md +++ b/charts/memcached/CHANGELOG.md @@ -1,5 +1,35 @@ # Changelog -## 0.2.1 (2025-10-09) +## 0.2.2 (2025-10-10) -* [mongodb] feat: add metrics exporter ([#243](https://github.com/CloudPirates-io/helm-charts/pull/243)) +* [memcached]: Implement PDB ([#295](https://github.com/CloudPirates-io/helm-charts/pull/295)) + +## 0.2.1 (2025-10-02) + +* chore(deps): update docker.io/memcached:1.6.39 Docker digest to 157c563 (#185) ([d55b428](https://github.com/CloudPirates-io/helm-charts/commit/d55b428)), closes [#185](https://github.com/CloudPirates-io/helm-charts/issues/185) + +## 0.2.0 (2025-10-01) + +* cast verbosity to int before passing to repeat ([518b602](https://github.com/CloudPirates-io/helm-charts/commit/518b602)) +* chore(deps): update docker.io/memcached:1.6.39 Docker digest to 68c1185 ([3c6ec49](https://github.com/CloudPirates-io/helm-charts/commit/3c6ec49)) +* make memcached run on openshift (#194) ([87ffbbf](https://github.com/CloudPirates-io/helm-charts/commit/87ffbbf)), closes [#194](https://github.com/CloudPirates-io/helm-charts/issues/194) +* Bump chart version ([1661d8d](https://github.com/CloudPirates-io/helm-charts/commit/1661d8d)) +* bump version ([884f4ab](https://github.com/CloudPirates-io/helm-charts/commit/884f4ab)) +* mariadb now respects full custom container security context settings ([770ea69](https://github.com/CloudPirates-io/helm-charts/commit/770ea69)) +* Update CHANGELOG.md ([7a828fa](https://github.com/CloudPirates-io/helm-charts/commit/7a828fa)) +* Update CHANGELOG.md ([f9df296](https://github.com/CloudPirates-io/helm-charts/commit/f9df296)) +* Update CHANGELOG.md ([0c85529](https://github.com/CloudPirates-io/helm-charts/commit/0c85529)) +* Update CHANGELOG.md ([0e5b657](https://github.com/CloudPirates-io/helm-charts/commit/0e5b657)) +* Update CHANGELOG.md ([dcabcee](https://github.com/CloudPirates-io/helm-charts/commit/dcabcee)) +* Update CHANGELOG.md ([812bd46](https://github.com/CloudPirates-io/helm-charts/commit/812bd46)) +* Update docker.io/memcached:1.6.39 Docker digest to 4404f32 ([454eea5](https://github.com/CloudPirates-io/helm-charts/commit/454eea5)) + +## 0.1.0 (2025-09-02) + +* add extraObject array to all charts ([34772b7](https://github.com/CloudPirates-io/helm-charts/commit/34772b7)) +* Add initial Changelogs to all Charts ([68f10ca](https://github.com/CloudPirates-io/helm-charts/commit/68f10ca)) +* bump all chart versions for new extraObjects feature ([aaa57f9](https://github.com/CloudPirates-io/helm-charts/commit/aaa57f9)) + +## 0.0.1 (2025-08-26) + +* [memcached]: Initial Memcached Implementation (#17) ([790bcbd](https://github.com/CloudPirates-io/helm-charts/commit/790bcbd)), closes [#17](https://github.com/CloudPirates-io/helm-charts/issues/17) diff --git a/charts/memcached/Chart.yaml b/charts/memcached/Chart.yaml index c56e7df5..5124ff4f 100644 --- a/charts/memcached/Chart.yaml +++ b/charts/memcached/Chart.yaml @@ -2,8 +2,7 @@ apiVersion: v2 name: memcached description: Memcached is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering. type: application - -version: 0.2.1 +version: 0.2.2 appVersion: "1.6.39" keywords: diff --git a/charts/memcached/README.md b/charts/memcached/README.md index 32cc5445..6338befa 100644 --- a/charts/memcached/README.md +++ b/charts/memcached/README.md @@ -158,6 +158,14 @@ The following table lists the configurable parameters of the Memcached chart and | `ingress.hosts` | An array with hosts and paths | `[{"host": "memcached.local", "paths": [{"path": "/", "pathType": "ImplementationSpecific"}]}]` | | `ingress.tls` | TLS configuration for the Ingress | `[]` | +### Pod Disruption Budget Parameters + +| Parameter | Description | Default | +| -------------------- | -------------------------------------------------------------- | ------- | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | + ### Extra Configuration Parameters | Parameter | Description | Default | @@ -258,6 +266,11 @@ resources: service: type: ClusterIP +# Enable Pod Disruption Budget for high availability +pdb: + create: true + minAvailable: 1 + # Use anti-affinity to spread pods across nodes affinity: podAntiAffinity: diff --git a/charts/memcached/templates/pdb.yaml b/charts/memcached/templates/pdb.yaml new file mode 100644 index 00000000..c12b91f0 --- /dev/null +++ b/charts/memcached/templates/pdb.yaml @@ -0,0 +1,22 @@ +{{- if .Values.pdb.create }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ template "memcached.fullname" . }}-pdb + namespace: {{ .Release.Namespace }} + labels: {{- include "memcached.labels" . | nindent 4 }} + {{- with (include "memcached.annotations" .) }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if or .Values.pdb.maxUnavailable (not .Values.pdb.minAvailable) }} + maxUnavailable: {{ .Values.pdb.maxUnavailable | default 1 }} + {{- end }} + selector: + matchLabels: + {{- include "memcached.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/memcached/values.schema.json b/charts/memcached/values.schema.json index 460acfe7..bece3b11 100644 --- a/charts/memcached/values.schema.json +++ b/charts/memcached/values.schema.json @@ -143,6 +143,46 @@ "type": "object", "description": "A Kubernetes manifest object. All fields are allowed." } + }, + "pdb": { + "type": "object", + "title": "Pod Disruption Budget configuration", + "description": "Pod Disruption Budget (PDB) configuration to ensure high availability", + "properties": { + "create": { + "type": "boolean", + "title": "Create PDB", + "description": "Enable/disable a Pod Disruption Budget creation" + }, + "minAvailable": { + "oneOf": [ + { + "type": "integer", + "minimum": 0 + }, + { + "type": "string", + "pattern": "^([0-9]+%|)$" + } + ], + "title": "Minimum Available", + "description": "Minimum number/percentage of pods that should remain scheduled" + }, + "maxUnavailable": { + "oneOf": [ + { + "type": "integer", + "minimum": 0 + }, + { + "type": "string", + "pattern": "^([0-9]+%|)$" + } + ], + "title": "Maximum Unavailable", + "description": "Maximum number/percentage of pods that may be made unavailable" + } + } } } } \ No newline at end of file diff --git a/charts/memcached/values.yaml b/charts/memcached/values.yaml index bf2429d1..ae6fb1d2 100644 --- a/charts/memcached/values.yaml +++ b/charts/memcached/values.yaml @@ -103,6 +103,15 @@ tolerations: [] ## @param affinity Affinity rules for pod assignment affinity: {} +## @section Pod Disruption Budget parameters +pdb: + ## @param pdb.create Enable/disable a Pod Disruption Budget creation + create: false + ## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled + minAvailable: "" + ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. + maxUnavailable: "" + containerSecurityContext: ## @param containerSecurityContext.runAsUser User ID to run the container runAsUser: 11211 diff --git a/charts/minio/CHANGELOG.md b/charts/minio/CHANGELOG.md index a4023161..5006b76c 100644 --- a/charts/minio/CHANGELOG.md +++ b/charts/minio/CHANGELOG.md @@ -1,63 +1,5 @@ # Changelog -## 0.5.0 (2025-10-08) +## 0.4.0 (2025-10-09) -* feat(minio): add serviceAccount to MinIO deployment ([#14](https://github.com/GitGuardian/gitguardian-helm-charts/pull/14)) - -## 0.2.4 (2025-09-30) - -* add more configuration options for the minio server (#189) ([8066d07](https://github.com/GitGuardian/gitguardian-helm-charts/commit/8066d07)), closes [#189](https://github.com/GitGuardian/gitguardian-helm-charts/issues/189) -* add option to use cpu-v1 image ([91bfd29](https://github.com/GitGuardian/gitguardian-helm-charts/commit/91bfd29)) -* bump verion to 0.2.3 ([af6beca](https://github.com/GitGuardian/gitguardian-helm-charts/commit/af6beca)) -* bump version to 0.2.2 ([afaf2d1](https://github.com/GitGuardian/gitguardian-helm-charts/commit/afaf2d1)) -* set strategy to recreate in deployment ([6e01f97](https://github.com/GitGuardian/gitguardian-helm-charts/commit/6e01f97)) -* update minio README.md ([cbca20c](https://github.com/GitGuardian/gitguardian-helm-charts/commit/cbca20c)) -* Update CHANGELOG.md ([55a987f](https://github.com/GitGuardian/gitguardian-helm-charts/commit/55a987f)) -* Update CHANGELOG.md ([f31d5a5](https://github.com/GitGuardian/gitguardian-helm-charts/commit/f31d5a5)) - -## 0.2.1 (2025-09-08) - -* Update appVersion ([5c23cb1](https://github.com/GitGuardian/gitguardian-helm-charts/commit/5c23cb1)) -* revert ([ba71354](https://github.com/GitGuardian/gitguardian-helm-charts/commit/ba71354)) -* revert 2 ([b64c81d](https://github.com/GitGuardian/gitguardian-helm-charts/commit/b64c81d)) -* revert 3 ([d8ced5c](https://github.com/GitGuardian/gitguardian-helm-charts/commit/d8ced5c)) -* Update CHANGELOG.md ([bb8e730](https://github.com/GitGuardian/gitguardian-helm-charts/commit/bb8e730)) -* Update CHANGELOG.md ([82fe11f](https://github.com/GitGuardian/gitguardian-helm-charts/commit/82fe11f)) -* Update CHANGELOG.md ([808cae0](https://github.com/GitGuardian/gitguardian-helm-charts/commit/808cae0)) -* Upgrade minio to latest stable ([94ab830](https://github.com/GitGuardian/gitguardian-helm-charts/commit/94ab830)) -* Upgrade minio to latest stable ([b199ea4](https://github.com/GitGuardian/gitguardian-helm-charts/commit/b199ea4)) - -## 0.2.0 (2025-09-02) - -* [documentation] update readme files ([16944cd](https://github.com/GitGuardian/gitguardian-helm-charts/commit/16944cd)) -* add persistence.mountPath, use dynamic mountPath for data-volume ([5c2b721](https://github.com/GitGuardian/gitguardian-helm-charts/commit/5c2b721)) -* change securitycontext ids to 1001 ([9dc576e](https://github.com/GitGuardian/gitguardian-helm-charts/commit/9dc576e)) -* Fix public CDN readme ([68416b1](https://github.com/GitGuardian/gitguardian-helm-charts/commit/68416b1)) -* fix: remove debug-values ([385683d](https://github.com/GitGuardian/gitguardian-helm-charts/commit/385683d)) -* Improve ingress configuration ([47b5ceb](https://github.com/GitGuardian/gitguardian-helm-charts/commit/47b5ceb)) -* increase version to 0.1.4 ([3e6a8f3](https://github.com/GitGuardian/gitguardian-helm-charts/commit/3e6a8f3)) -* pin image in test, fix podAnnotations, dynamic ports in server command ([c0fc3c4](https://github.com/GitGuardian/gitguardian-helm-charts/commit/c0fc3c4)) -* Release ([c46ef4c](https://github.com/GitGuardian/gitguardian-helm-charts/commit/c46ef4c)) -* update readme, remove default values, fix chart.yaml ([37bbb1e](https://github.com/GitGuardian/gitguardian-helm-charts/commit/37bbb1e)) -* update version to 0.1.5 ([eedc099](https://github.com/GitGuardian/gitguardian-helm-charts/commit/eedc099)) -* Add ArtifactHub Badges to all Charts ([08b855b](https://github.com/GitGuardian/gitguardian-helm-charts/commit/08b855b)) -* Add ArtifactHub repo config ([15180a8](https://github.com/GitGuardian/gitguardian-helm-charts/commit/15180a8)) -* Add cosign signature READMEs ([5f82e7f](https://github.com/GitGuardian/gitguardian-helm-charts/commit/5f82e7f)) -* Add extensive chart testing ([a46efac](https://github.com/GitGuardian/gitguardian-helm-charts/commit/a46efac)) -* add extraObject array to all charts ([34772b7](https://github.com/GitGuardian/gitguardian-helm-charts/commit/34772b7)) -* Add generated values.schema.json files from values.yaml ([aa79ac3](https://github.com/GitGuardian/gitguardian-helm-charts/commit/aa79ac3)) -* Add initial Changelogs to all Charts ([68f10ca](https://github.com/GitGuardian/gitguardian-helm-charts/commit/68f10ca)) -* Add LICENSE ([fdbf1ab](https://github.com/GitGuardian/gitguardian-helm-charts/commit/fdbf1ab)) -* add logos to helm-charts ([fc70cdc](https://github.com/GitGuardian/gitguardian-helm-charts/commit/fc70cdc)) -* Add Minio helm-chart ([6a68b08](https://github.com/GitGuardian/gitguardian-helm-charts/commit/6a68b08)) -* bump all chart versions for new extraObjects feature ([aaa57f9](https://github.com/GitGuardian/gitguardian-helm-charts/commit/aaa57f9)) -* Fix image tag/digest handling ([a5c982b](https://github.com/GitGuardian/gitguardian-helm-charts/commit/a5c982b)) -* Fix imagePullSecrets format and pull always ([ce0d301](https://github.com/GitGuardian/gitguardian-helm-charts/commit/ce0d301)) -* fix readme.md install text, update chart.yaml home-website ([3511582](https://github.com/GitGuardian/gitguardian-helm-charts/commit/3511582)) -* Fix values.yaml / Chart.yaml linting issues ([043c7e0](https://github.com/GitGuardian/gitguardian-helm-charts/commit/043c7e0)) -* Format README files ([04aacab](https://github.com/GitGuardian/gitguardian-helm-charts/commit/04aacab)) -* Release new chart versions / update sources ([dbb0e45](https://github.com/GitGuardian/gitguardian-helm-charts/commit/dbb0e45)) -* Remove leading $ from code blocks ([836b2e3](https://github.com/GitGuardian/gitguardian-helm-charts/commit/836b2e3)) -* remove serviceaccounts from all charts ([be8f43a](https://github.com/GitGuardian/gitguardian-helm-charts/commit/be8f43a)) -* update readme, chart.yaml texts and descriptions ([0179046](https://github.com/GitGuardian/gitguardian-helm-charts/commit/0179046)) -* Use lookup function for password where applicable ([dfb9a0e](https://github.com/GitGuardian/gitguardian-helm-charts/commit/dfb9a0e)) +* [mongodb] fix: newline between mongo labels and additional labels ([#301](https://github.com/CloudPirates-io/helm-charts/pull/301)) diff --git a/charts/mongodb/CHANGELOG.md b/charts/mongodb/CHANGELOG.md index 9dd7167d..e428b28f 100644 --- a/charts/mongodb/CHANGELOG.md +++ b/charts/mongodb/CHANGELOG.md @@ -1,5 +1,75 @@ # Changelog +## 0.4.2 (2025-10-10) + +* [mongo] Update charts/mongodb/values.yaml mongo ([#319](https://github.com/CloudPirates-io/helm-charts/pull/319)) + +## 0.4.1 (2025-10-09) + +* [all] add tests for openshift (#226) ([c80c98a](https://github.com/CloudPirates-io/helm-charts/commit/c80c98a)), closes [#226](https://github.com/CloudPirates-io/helm-charts/issues/226) +* fix: newline between mongo labels and additional labels (#301) ([ea7937f](https://github.com/CloudPirates-io/helm-charts/commit/ea7937f)), closes [#301](https://github.com/CloudPirates-io/helm-charts/issues/301) + ## 0.4.0 (2025-10-09) -* [mongodb] feat: add metrics exporter ([#243](https://github.com/CloudPirates-io/helm-charts/pull/243)) +* feat: add metrics exporter (#243) ([c931978](https://github.com/CloudPirates-io/helm-charts/commit/c931978)), closes [#243](https://github.com/CloudPirates-io/helm-charts/issues/243) + +## 0.3.3 (2025-10-09) + +* makes configmap name dynamic (#279) ([6dd10a9](https://github.com/CloudPirates-io/helm-charts/commit/6dd10a9)), closes [#279](https://github.com/CloudPirates-io/helm-charts/issues/279) + +## 0.3.2 (2025-10-09) + +* [mongo] Update charts/mongodb/values.yaml mongo to v8.0.15 (patch) (#262) ([2fc1f1a](https://github.com/CloudPirates-io/helm-charts/commit/2fc1f1a)), closes [#262](https://github.com/CloudPirates-io/helm-charts/issues/262) + +## 0.3.1 (2025-10-08) + +* [minio, mongodb, postgres, timescaledb] Update securityContext to containerSecurityContext in the v ([8a4003f](https://github.com/CloudPirates-io/helm-charts/commit/8a4003f)), closes [#213](https://github.com/CloudPirates-io/helm-charts/issues/213) +* [mariadb] use tpl to return existingConfigMap (#217) ([c7c2f4c](https://github.com/CloudPirates-io/helm-charts/commit/c7c2f4c)), closes [#217](https://github.com/CloudPirates-io/helm-charts/issues/217) +* update values.schema.json (#242) ([f973e47](https://github.com/CloudPirates-io/helm-charts/commit/f973e47)), closes [#242](https://github.com/CloudPirates-io/helm-charts/issues/242) + +## 0.3.0 (2025-10-02) + +* make mongodb run on openshift (#202) ([b654629](https://github.com/CloudPirates-io/helm-charts/commit/b654629)), closes [#202](https://github.com/CloudPirates-io/helm-charts/issues/202) +* [redis] return fqdn for sentinel master lookup (#156) ([00b9882](https://github.com/CloudPirates-io/helm-charts/commit/00b9882)), closes [#156](https://github.com/CloudPirates-io/helm-charts/issues/156) + +## 0.2.0 (2025-09-25) + +* [documentation] update readme files ([16944cd](https://github.com/CloudPirates-io/helm-charts/commit/16944cd)) +* [mongo] chore(deps): update docker.io/mongo:8.0.13 Docker digest to 7acbcf3 ([37cb0a1](https://github.com/CloudPirates-io/helm-charts/commit/37cb0a1)) +* [mongo] chore(deps): update docker.io/mongo:8.0.13 Docker digest to cf340b1 ([3fe0172](https://github.com/CloudPirates-io/helm-charts/commit/3fe0172)) +* add custom user creation at initialization (#153) ([772d18f](https://github.com/CloudPirates-io/helm-charts/commit/772d18f)), closes [#153](https://github.com/CloudPirates-io/helm-charts/issues/153) +* add imagepullsecret support ([2768b4e](https://github.com/CloudPirates-io/helm-charts/commit/2768b4e)) +* fix test ([cfac15f](https://github.com/CloudPirates-io/helm-charts/commit/cfac15f)) +* Realese appVersion 8.0.13 ([4710010](https://github.com/CloudPirates-io/helm-charts/commit/4710010)) +* replace deployment with statefulset, fix config, securityContext ([9ac37ad](https://github.com/CloudPirates-io/helm-charts/commit/9ac37ad)) +* update chart to 0.1.4 ([a6d86b7](https://github.com/CloudPirates-io/helm-charts/commit/a6d86b7)) +* Add ArtifactHub Badges to all Charts ([08b855b](https://github.com/CloudPirates-io/helm-charts/commit/08b855b)) +* Add ArtifactHub repo config ([15180a8](https://github.com/CloudPirates-io/helm-charts/commit/15180a8)) +* Add cosign signature READMEs ([5f82e7f](https://github.com/CloudPirates-io/helm-charts/commit/5f82e7f)) +* Add extensive chart testing ([a46efac](https://github.com/CloudPirates-io/helm-charts/commit/a46efac)) +* add extraObject array to all charts ([34772b7](https://github.com/CloudPirates-io/helm-charts/commit/34772b7)) +* Add generated values.schema.json files from values.yaml ([aa79ac3](https://github.com/CloudPirates-io/helm-charts/commit/aa79ac3)) +* Add initial Changelogs to all Charts ([68f10ca](https://github.com/CloudPirates-io/helm-charts/commit/68f10ca)) +* Add LICENSE ([fdbf1ab](https://github.com/CloudPirates-io/helm-charts/commit/fdbf1ab)) +* add logos to helm-charts ([fc70cdc](https://github.com/CloudPirates-io/helm-charts/commit/fc70cdc)) +* Bump chart version ([77f76af](https://github.com/CloudPirates-io/helm-charts/commit/77f76af)) +* Bump chart version ([159ba82](https://github.com/CloudPirates-io/helm-charts/commit/159ba82)) +* Bump chart version ([98d3ee6](https://github.com/CloudPirates-io/helm-charts/commit/98d3ee6)) +* Fix image tag/digest handling ([a5c982b](https://github.com/CloudPirates-io/helm-charts/commit/a5c982b)) +* Fix imagePullSecrets format and pull always ([ce0d301](https://github.com/CloudPirates-io/helm-charts/commit/ce0d301)) +* fix readme.md install text, update chart.yaml home-website ([3511582](https://github.com/CloudPirates-io/helm-charts/commit/3511582)) +* Fix values.yaml / Chart.yaml linting issues ([043c7e0](https://github.com/CloudPirates-io/helm-charts/commit/043c7e0)) +* Format README files ([04aacab](https://github.com/CloudPirates-io/helm-charts/commit/04aacab)) +* init, add mariadb, mongodb and redis chart ([8e44c83](https://github.com/CloudPirates-io/helm-charts/commit/8e44c83)) +* Release new chart versions / update sources ([dbb0e45](https://github.com/CloudPirates-io/helm-charts/commit/dbb0e45)) +* Remove leading $ from code blocks ([836b2e3](https://github.com/CloudPirates-io/helm-charts/commit/836b2e3)) +* remove serviceaccounts from all charts ([be8f43a](https://github.com/CloudPirates-io/helm-charts/commit/be8f43a)) +* Update CHANGELOG.md ([72601e5](https://github.com/CloudPirates-io/helm-charts/commit/72601e5)) +* Update CHANGELOG.md ([5c9f4d0](https://github.com/CloudPirates-io/helm-charts/commit/5c9f4d0)) +* Update CHANGELOG.md ([3174cb2](https://github.com/CloudPirates-io/helm-charts/commit/3174cb2)) +* Update docker.io/mongo Docker tag to v8.0.13 ([2a585ff](https://github.com/CloudPirates-io/helm-charts/commit/2a585ff)) +* Update docker.io/mongo:8.0.13 Docker digest to c750922 ([cbd41d9](https://github.com/CloudPirates-io/helm-charts/commit/cbd41d9)) +* Update mongodb readme ([52b9620](https://github.com/CloudPirates-io/helm-charts/commit/52b9620)) +* update readme, chart.yaml texts and descriptions ([0179046](https://github.com/CloudPirates-io/helm-charts/commit/0179046)) +* Use lookup function for password where applicable ([dfb9a0e](https://github.com/CloudPirates-io/helm-charts/commit/dfb9a0e)) +* fix: chart icon urls ([cc38c0d](https://github.com/CloudPirates-io/helm-charts/commit/cc38c0d)) diff --git a/charts/mongodb/Chart.yaml b/charts/mongodb/Chart.yaml index 2dfde7f7..583d8c49 100644 --- a/charts/mongodb/Chart.yaml +++ b/charts/mongodb/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mongodb description: MongoDB a flexible NoSQL database for scalable, real-time data management type: application -version: 0.4.0 +version: 0.4.2 appVersion: "8.0.13" keywords: - mongodb diff --git a/charts/mongodb/templates/_helpers.tpl b/charts/mongodb/templates/_helpers.tpl index 507631f5..3ff2ad37 100644 --- a/charts/mongodb/templates/_helpers.tpl +++ b/charts/mongodb/templates/_helpers.tpl @@ -127,6 +127,6 @@ Return ServiceMonitor labels {{- define "mongodb.metrics.serviceMonitor.labels" -}} {{- include "mongodb.labels" . }} {{- with .Values.metrics.serviceMonitor.additionalLabels }} -{{- toYaml . }} +{{ toYaml . }} {{- end }} {{- end -}} diff --git a/charts/mongodb/templates/metrics-servicemonitor.yaml b/charts/mongodb/templates/metrics-servicemonitor.yaml index 1f0592e9..4494cc13 100644 --- a/charts/mongodb/templates/metrics-servicemonitor.yaml +++ b/charts/mongodb/templates/metrics-servicemonitor.yaml @@ -10,7 +10,6 @@ metadata: {{- end }} labels: {{- include "mongodb.metrics.serviceMonitor.labels" . | nindent 4 }} - release: {{ .Release.Name }} {{- with .Values.metrics.serviceMonitor.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/mongodb/values.yaml b/charts/mongodb/values.yaml index 5078e5a2..108e1924 100644 --- a/charts/mongodb/values.yaml +++ b/charts/mongodb/values.yaml @@ -22,7 +22,7 @@ image: ## @param image.repository MongoDB image repository repository: mongo ## @param image.tag MongoDB image tag - tag: "8.0.15@sha256:41e48e703c413df7befc6aa9f3ac93583d17bc770fe8dd8ea848ef7136c3327f" + tag: "8.0.15@sha256:c23684919810f0341e58744987e4b1c510fb8becdae850217d2d04b6fa7605e7" ## @param image.pullPolicy MongoDB image pull policy pullPolicy: Always diff --git a/charts/nginx/CHANGELOG.md b/charts/nginx/CHANGELOG.md index 75d31268..36a0174a 100644 --- a/charts/nginx/CHANGELOG.md +++ b/charts/nginx/CHANGELOG.md @@ -2,4 +2,4 @@ ## 0.1.14 (2025-10-09) -* [mongodb] feat: add metrics exporter ([#243](https://github.com/CloudPirates-io/helm-charts/pull/243)) +* [mongodb] fix: newline between mongo labels and additional labels ([#301](https://github.com/CloudPirates-io/helm-charts/pull/301)) diff --git a/charts/postgres/CHANGELOG.md b/charts/postgres/CHANGELOG.md index 93a41753..649c5849 100644 --- a/charts/postgres/CHANGELOG.md +++ b/charts/postgres/CHANGELOG.md @@ -1,90 +1,5 @@ # Changelog -## 0.8.0 (2025-10-07) +## 0.8.0 (2025-10-09) -* feat(pgsql): merged initscript to avoid mount error, fixed quote from… ([#13](https://github.com/GitGuardian/gitguardian-helm-charts/pull/13)) - -## 0.7.0 (2025-09-30) - -* make postgres run on openshift (#184) ([0396895](https://github.com/GitGuardian/gitguardian-helm-charts/commit/0396895)), closes [#184](https://github.com/GitGuardian/gitguardian-helm-charts/issues/184) - -## 0.6.1 (2025-09-29) - -* update default postgres config files (#180) ([6385512](https://github.com/GitGuardian/gitguardian-helm-charts/commit/6385512)), closes [#180](https://github.com/GitGuardian/gitguardian-helm-charts/issues/180) - -## 0.5.5 (2025-09-29) - -* [postgres]: Default config (#163) ([fc0da25](https://github.com/GitGuardian/gitguardian-helm-charts/commit/fc0da25)), closes [#163](https://github.com/GitGuardian/gitguardian-helm-charts/issues/163) - -## 0.6.0 (2025-09-26) - -* [postgres]: Fix invalid data dir path on postgres 18 (#165) ([7592892](https://github.com/GitGuardian/gitguardian-helm-charts/commit/7592892)), closes [#165](https://github.com/GitGuardian/gitguardian-helm-charts/issues/165) - -## 0.5.4 (2025-09-26) - -* chore(deps): update docker.io/postgres:17.6 Docker digest to 0b6428e (#161) ([1946296](https://github.com/GitGuardian/gitguardian-helm-charts/commit/1946296)), closes [#161](https://github.com/GitGuardian/gitguardian-helm-charts/issues/161) - -## 0.5.3 (2025-09-25) - -* add support for custom user at initialisation with password and database ([62d9d0d](https://github.com/GitGuardian/gitguardian-helm-charts/commit/62d9d0d)) -* add support for extra env vars from secret ([f6bb0dc](https://github.com/GitGuardian/gitguardian-helm-charts/commit/f6bb0dc)) -* bump chart version to 0.5.2 ([8c80572](https://github.com/GitGuardian/gitguardian-helm-charts/commit/8c80572)) -* bump chart version to 0.5.3 ([337480c](https://github.com/GitGuardian/gitguardian-helm-charts/commit/337480c)) -* bump chartversion to 0.3.0 ([9e0454c](https://github.com/GitGuardian/gitguardian-helm-charts/commit/9e0454c)) -* chore: add support for db initialization scripts ([96c8215](https://github.com/GitGuardian/gitguardian-helm-charts/commit/96c8215)) -* chore: add support for passing extra environment variables ([0951fdc](https://github.com/GitGuardian/gitguardian-helm-charts/commit/0951fdc)) -* chore: add support for persistentVolumeClaimRetentionPolicy ([2f73cfb](https://github.com/GitGuardian/gitguardian-helm-charts/commit/2f73cfb)) -* chore: bump version ([33105e9](https://github.com/GitGuardian/gitguardian-helm-charts/commit/33105e9)) -* chore(deps): update docker.io/postgres:17.6 Docker digest to 0f4f200 ([6f0746a](https://github.com/GitGuardian/gitguardian-helm-charts/commit/6f0746a)) -* chore(deps): update docker.io/postgres:17.6 Docker digest to 8a56bef ([3546801](https://github.com/GitGuardian/gitguardian-helm-charts/commit/3546801)) -* chore(deps): update docker.io/postgres:17.6 Docker digest to feff5b2 ([8b89eda](https://github.com/GitGuardian/gitguardian-helm-charts/commit/8b89eda)) -* fix admin postgres-password env-variable ([7b89fa4](https://github.com/GitGuardian/gitguardian-helm-charts/commit/7b89fa4)) -* fix: Change default name for CUSTOM_PASSWORD ([f7e74dd](https://github.com/GitGuardian/gitguardian-helm-charts/commit/f7e74dd)) -* support custom pg_hba.conf (#157) ([9f3ceea](https://github.com/GitGuardian/gitguardian-helm-charts/commit/9f3ceea)), closes [#157](https://github.com/GitGuardian/gitguardian-helm-charts/issues/157) -* update env-vars, initialisation values, remove unused auth values ([11a6947](https://github.com/GitGuardian/gitguardian-helm-charts/commit/11a6947)) -* add extraObject array to all charts ([34772b7](https://github.com/GitGuardian/gitguardian-helm-charts/commit/34772b7)) -* Add initial Changelogs to all Charts ([68f10ca](https://github.com/GitGuardian/gitguardian-helm-charts/commit/68f10ca)) -* bump chart version ([fc9c564](https://github.com/GitGuardian/gitguardian-helm-charts/commit/fc9c564)) -* Bump chart version ([2907796](https://github.com/GitGuardian/gitguardian-helm-charts/commit/2907796)) -* Bump chart version ([9bd67d6](https://github.com/GitGuardian/gitguardian-helm-charts/commit/9bd67d6)) -* Bump chart version ([492acc9](https://github.com/GitGuardian/gitguardian-helm-charts/commit/492acc9)) -* bump postgres ([4cc47f2](https://github.com/GitGuardian/gitguardian-helm-charts/commit/4cc47f2)) -* Update CHANGELOG.md ([7749beb](https://github.com/GitGuardian/gitguardian-helm-charts/commit/7749beb)) -* Update CHANGELOG.md ([b1ce7c7](https://github.com/GitGuardian/gitguardian-helm-charts/commit/b1ce7c7)) -* Update CHANGELOG.md ([7df85ea](https://github.com/GitGuardian/gitguardian-helm-charts/commit/7df85ea)) -* Update CHANGELOG.md ([3ac9592](https://github.com/GitGuardian/gitguardian-helm-charts/commit/3ac9592)) -* Update CHANGELOG.md ([574c9dc](https://github.com/GitGuardian/gitguardian-helm-charts/commit/574c9dc)) -* Update CHANGELOG.md ([9c7f377](https://github.com/GitGuardian/gitguardian-helm-charts/commit/9c7f377)) -* Update CHANGELOG.md ([ee72020](https://github.com/GitGuardian/gitguardian-helm-charts/commit/ee72020)) -* Update CHANGELOG.md ([8baa18d](https://github.com/GitGuardian/gitguardian-helm-charts/commit/8baa18d)) -* Update CHANGELOG.md ([3e90557](https://github.com/GitGuardian/gitguardian-helm-charts/commit/3e90557)) -* Update CHANGELOG.md ([65522d2](https://github.com/GitGuardian/gitguardian-helm-charts/commit/65522d2)) -* Update CHANGELOG.md ([0a89918](https://github.com/GitGuardian/gitguardian-helm-charts/commit/0a89918)) -* Update CHANGELOG.md ([b82862d](https://github.com/GitGuardian/gitguardian-helm-charts/commit/b82862d)) -* Update docker.io/postgres:17.6 Docker digest to 29574e2 ([1226760](https://github.com/GitGuardian/gitguardian-helm-charts/commit/1226760)) - -## 0.2.1 (2025-08-26) - -* add first draft of postgres helm-chart ([ac297fa](https://github.com/GitGuardian/gitguardian-helm-charts/commit/ac297fa)) -* add postgres-secret lookup ([e628c3f](https://github.com/GitGuardian/gitguardian-helm-charts/commit/e628c3f)) -* added support for service account configuration (#15) ([541a9df](https://github.com/GitGuardian/gitguardian-helm-charts/commit/541a9df)), closes [#15](https://github.com/GitGuardian/gitguardian-helm-charts/issues/15) -* fix common-parameter-test image tag ([5773314](https://github.com/GitGuardian/gitguardian-helm-charts/commit/5773314)) -* fix statefulset annotations ([b6cd6b8](https://github.com/GitGuardian/gitguardian-helm-charts/commit/b6cd6b8)) -* update chart to statefulset ([5a5b6ea](https://github.com/GitGuardian/gitguardian-helm-charts/commit/5a5b6ea)) -* Add ArtifactHub Badges to all Charts ([08b855b](https://github.com/GitGuardian/gitguardian-helm-charts/commit/08b855b)) -* Add ArtifactHub repo config ([15180a8](https://github.com/GitGuardian/gitguardian-helm-charts/commit/15180a8)) -* Add cosign signature READMEs ([5f82e7f](https://github.com/GitGuardian/gitguardian-helm-charts/commit/5f82e7f)) -* Add extensive chart testing ([a46efac](https://github.com/GitGuardian/gitguardian-helm-charts/commit/a46efac)) -* Add generated values.schema.json files from values.yaml ([aa79ac3](https://github.com/GitGuardian/gitguardian-helm-charts/commit/aa79ac3)) -* add logos to helm-charts ([fc70cdc](https://github.com/GitGuardian/gitguardian-helm-charts/commit/fc70cdc)) -* Fix image tag/digest handling ([a5c982b](https://github.com/GitGuardian/gitguardian-helm-charts/commit/a5c982b)) -* Fix imagePullSecrets format and pull always ([ce0d301](https://github.com/GitGuardian/gitguardian-helm-charts/commit/ce0d301)) -* fix readme.md install text, update chart.yaml home-website ([3511582](https://github.com/GitGuardian/gitguardian-helm-charts/commit/3511582)) -* Format README files ([04aacab](https://github.com/GitGuardian/gitguardian-helm-charts/commit/04aacab)) -* Release new chart versions / update sources ([dbb0e45](https://github.com/GitGuardian/gitguardian-helm-charts/commit/dbb0e45)) -* Remove leading $ from code blocks ([836b2e3](https://github.com/GitGuardian/gitguardian-helm-charts/commit/836b2e3)) -* Update docker.io/postgres Docker tag to v17.6 ([68b8e32](https://github.com/GitGuardian/gitguardian-helm-charts/commit/68b8e32)) -* Update postgres to 17.6 ([52b6e17](https://github.com/GitGuardian/gitguardian-helm-charts/commit/52b6e17)) -* update readme, chart.yaml texts and descriptions ([0179046](https://github.com/GitGuardian/gitguardian-helm-charts/commit/0179046)) -* Use existing secret ([024bd0f](https://github.com/GitGuardian/gitguardian-helm-charts/commit/024bd0f)) -* fix: chart icon urls ([cc38c0d](https://github.com/GitGuardian/gitguardian-helm-charts/commit/cc38c0d)) +* [mongodb] fix: newline between mongo labels and additional labels ([#301](https://github.com/CloudPirates-io/helm-charts/pull/301)) diff --git a/charts/rabbitmq/CHANGELOG.md b/charts/rabbitmq/CHANGELOG.md index 3727b45d..1bcbaa66 100644 --- a/charts/rabbitmq/CHANGELOG.md +++ b/charts/rabbitmq/CHANGELOG.md @@ -1,8 +1,12 @@ # Changelog -## 0.3.4 (2025-10-09) +## 0.3.5 (2025-10-10) -* [redis , rabbitmq]: Add podAnnotations ([#294](https://github.com/CloudPirates-io/helm-charts/pull/294)) +* [rabbitmq] Update charts/rabbitmq/values.yaml rabbitmq ([#321](https://github.com/CloudPirates-io/helm-charts/pull/321)) + +## 0.3.4 (2025-10-09) + +* [redis , rabbitmq]: Add podAnnotations (#294) ([6d78869](https://github.com/CloudPirates-io/helm-charts/commit/6d78869)), closes [#294](https://github.com/CloudPirates-io/helm-charts/issues/294) ## 0.3.3 (2025-10-09) diff --git a/charts/rabbitmq/Chart.yaml b/charts/rabbitmq/Chart.yaml index 59f0c8b8..de7ea59b 100644 --- a/charts/rabbitmq/Chart.yaml +++ b/charts/rabbitmq/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rabbitmq description: A messaging broker that implements the Advanced Message Queuing Protocol (AMQP) type: application -version: 0.3.4 +version: 0.3.6 appVersion: "4.1.4" keywords: - rabbitmq diff --git a/charts/rabbitmq/README.md b/charts/rabbitmq/README.md index cac7c126..23f998d8 100644 --- a/charts/rabbitmq/README.md +++ b/charts/rabbitmq/README.md @@ -103,11 +103,15 @@ The following table lists the configurable parameters of the RabbitMQ chart and | `podAnnotations` | Annotations to attach to pods | `{}` | | `statefulsetAnnotations` | Annotations for StatefulSet | `{}` | +### RabbitMQ Definitions + | Parameter | Description | Default | | ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | `definitions.enabled` | Enable loading of RabbitMQ definitions on startup. When `true`, definitions will be loaded at container boot. | `false` | | `definitions.existingConfigMap` | Name of an existing ConfigMap containing RabbitMQ definitions (e.g., created via `kubectl create configmap rmq-defs --from-file=defs.json`). | `""` | | `definitions.existingConfigMapKey` | Key in the existing ConfigMap containing the RabbitMQ definitions JSON file. | `defs.json` | +| `defintions.existingSecret` | Name of an existing Secret containing RabbitMQ definitions. | `""` | +| `definitions.existingSecretKey` | Key in the existing Secret containing the RabbitMQ definitions JSON file. | `defs.json` | | `definitions.users` | Array of RabbitMQ users to create. | `[]` | | `definitions.vhosts` | Array of RabbitMQ virtual hosts to create. | `[]` | | `definitions.permissions` | Array of RabbitMQ permissions to set per vhost. | `[]` | @@ -121,15 +125,16 @@ The following table lists the configurable parameters of the RabbitMQ chart and ### Service configuration -| Parameter | Description | Default | -| ----------------------------- | -------------------------------------- | ----------- | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.amqpPort` | RabbitMQ AMQP service port | `5672` | -| `service.managementPort` | RabbitMQ management UI port | `15672` | -| `service.epmdPort` | RabbitMQ EPMD port | `4369` | -| `service.distPort` | RabbitMQ distribution port | `25672` | -| `service.annotations` | Kubernetes service annotations | `{}` | -| `service.annotationsHeadless` | Kubernetes service annotationsHeadless | `25672` | +| Parameter | Description | Default | +| ----------------------------- | ------------------------------------------- | ----------- | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.amqpPort` | RabbitMQ AMQP service port | `5672` | +| `service.managementPort` | RabbitMQ management UI port | `15672` | +| `service.epmdPort` | RabbitMQ EPMD port | `4369` | +| `service.distPort` | RabbitMQ distribution port | `25672` | +| `service.annotations` | Kubernetes service annotations | `{}` | +| `service.annotationsHeadless` | Kubernetes service annotationsHeadless | `25672` | +| `service.trafficDistribution` | Traffic distribution policy for the service | `""` | ### RabbitMQ Authentication diff --git a/charts/rabbitmq/templates/definitions-configmap.yaml b/charts/rabbitmq/templates/definitions-configmap.yaml index 6b5ba931..448df39a 100644 --- a/charts/rabbitmq/templates/definitions-configmap.yaml +++ b/charts/rabbitmq/templates/definitions-configmap.yaml @@ -2,7 +2,7 @@ This file is rendered only if definitions are enabled AND an existing ConfigMap is NOT specified. It constructs a dictionary from the values and then converts it to a valid JSON object. */}} -{{- if and .Values.definitions.enabled (not .Values.definitions.existingConfigMap) }} +{{- if and .Values.definitions.enabled (not .Values.definitions.existingConfigMap) (not .Values.definitions.existingSecret) }} {{- $def := dict }} {{- if .Values.definitions.users -}}{{- $_ := set $def "users" .Values.definitions.users }}{{- end }} {{- if .Values.definitions.vhosts -}}{{- $_ := set $def "vhosts" .Values.definitions.vhosts }}{{- end }} diff --git a/charts/rabbitmq/templates/service.yaml b/charts/rabbitmq/templates/service.yaml index e1076a13..79f5828c 100644 --- a/charts/rabbitmq/templates/service.yaml +++ b/charts/rabbitmq/templates/service.yaml @@ -11,6 +11,7 @@ metadata: {{- end }} spec: type: {{ .Values.service.type }} + trafficDistribution: {{ .Values.service.trafficDistribution }} ports: - port: {{ .Values.service.amqpPort }} targetPort: amqp @@ -31,4 +32,4 @@ spec: name: {{ .name }} {{- end }} selector: - {{- include "rabbitmq.selectorLabels" . | nindent 4 }} \ No newline at end of file + {{- include "rabbitmq.selectorLabels" . | nindent 4 }} diff --git a/charts/rabbitmq/templates/statefulset.yaml b/charts/rabbitmq/templates/statefulset.yaml index 25e993e9..6dd16bce 100644 --- a/charts/rabbitmq/templates/statefulset.yaml +++ b/charts/rabbitmq/templates/statefulset.yaml @@ -210,7 +210,13 @@ spec: {{- if .Values.definitions.enabled }} - name: definitions mountPath: "/etc/rabbitmq-definitions/defs.json" - subPath: {{ .Values.definitions.existingConfigMapKey | default "defs.json" }} + subPath: {{- if .Values.definitions.existingConfigMap }} + {{ .Values.definitions.existingConfigMapKey | default "defs.json" }} + {{- else if .Values.definitions.existingSecret }} + {{ .Values.definitions.existingSecretKey | default "defs.json" }} + {{- else }} + defs.json + {{- end }} {{- end }} {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} @@ -231,8 +237,16 @@ spec: name: {{ include "rabbitmq.fullname" . }}-config {{- if .Values.definitions.enabled }} - name: definitions + {{- if .Values.definitions.existingConfigMap }} configMap: - name: {{ .Values.definitions.existingConfigMap | default (printf "%s-definitions" (include "rabbitmq.fullname" .)) }} + name: {{ .Values.definitions.existingConfigMap }} + {{- else if .Values.definitions.existingSecret }} + secret: + secretName: {{ .Values.definitions.existingSecret }} + {{- else }} + configMap: + name: {{ printf "%s-definitions" (include "rabbitmq.fullname" .) }} + {{- end }} {{- end }} {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} diff --git a/charts/rabbitmq/values.schema.json b/charts/rabbitmq/values.schema.json index 019dd16d..6b9194a8 100644 --- a/charts/rabbitmq/values.schema.json +++ b/charts/rabbitmq/values.schema.json @@ -108,6 +108,12 @@ "description": "Kubernetes service type", "enum": ["ClusterIP", "NodePort", "LoadBalancer", "ExternalName"] }, + "trafficDistribution": { + "type": "string", + "description": "Traffic distribution policy", + "enum": ["", "PreferClose", "PreferSameZone", "PreferSameNode"], + "default": "" + }, "amqpPort": { "type": "integer", "title": "AMQP Port", @@ -913,18 +919,12 @@ "description": "Enable/disable a Pod Disruption Budget creation" }, "minAvailable": { - "oneOf": [ - {"type": "string"}, - {"type": "integer"} - ], + "oneOf": [{ "type": "string" }, { "type": "integer" }], "title": "Min Available", "description": "Minimum number/percentage of pods that should remain scheduled" }, "maxUnavailable": { - "oneOf": [ - {"type": "string"}, - {"type": "integer"} - ], + "oneOf": [{ "type": "string" }, { "type": "integer" }], "title": "Max Unavailable", "description": "Maximum number/percentage of pods that may be made unavailable" } @@ -951,6 +951,17 @@ "description": "Key in existing ConfigMap containing RabbitMQ definitions", "default": "defs.json" }, + "existingSecret": { + "type": "string", + "title": "Existing Secret", + "description": "Name of existing Secret containing RabbitMQ definitions" + }, + "existingSecretKey": { + "type": "string", + "title": "Existing Secret Key", + "description": "Key in existing Secret containing RabbitMQ definitions", + "default": "defs.json" + }, "bindings": { "type": "array", "title": "Bindings", diff --git a/charts/rabbitmq/values.yaml b/charts/rabbitmq/values.yaml index ca9bff9b..72da8869 100644 --- a/charts/rabbitmq/values.yaml +++ b/charts/rabbitmq/values.yaml @@ -23,7 +23,7 @@ image: ## @param image.repository RabbitMQ image repository repository: rabbitmq ## @param image.tag RabbitMQ image tag - tag: "4.1.4-management@sha256:8c31e22adfd876e183d81281b82fa489cd8032e6f9ef886e52261a1182a60951" + tag: "4.1.4-management@sha256:f66d1a21bd0b65fd91a4fd160de656dea92332e6037e58cb48e7174645a0586c" ## @param image.imagePullPolicy RabbitMQ image pull policy imagePullPolicy: Always @@ -38,6 +38,8 @@ replicaCount: 1 service: ## @param service.type Kubernetes service type type: ClusterIP + ## @param service.trafficDistribution Traffic distribution policy for the service + trafficDistribution: "" ## @param service.amqpPort RabbitMQ AMQP service port amqpPort: 5672 ## @param service.managementPort RabbitMQ management UI port @@ -374,6 +376,10 @@ definitions: existingConfigMap: "" ## @param definitions.existingConfigMapKey Key in existing ConfigMap containing RabbitMQ definitions existingConfigMapKey: defs.json + ## @param definitions.existingSecret Name of existing Secret containing RabbitMQ definitions + existingSecret: "" + ## @param definitions.existingSecretKey Key in existing Secret containing RabbitMQ definitions + existingSecretKey: defs.json ## @param definitions.bindings Array of RabbitMQ bindings to create bindings: [] ## @param definitions.global_parameters Array of RabbitMQ global parameters to create diff --git a/charts/redis/CHANGELOG.md b/charts/redis/CHANGELOG.md index a8792409..55c6e5d6 100644 --- a/charts/redis/CHANGELOG.md +++ b/charts/redis/CHANGELOG.md @@ -2,136 +2,4 @@ ## 0.6.1 (2025-10-09) -* [redis , rabbitmq]: Add podAnnotations ([#294](https://github.com/CloudPirates-io/helm-charts/pull/294)) - -## 0.6.0 (2025-10-09) - -* Include podLabels in redis statefulset (#274) ([024da55](https://github.com/CloudPirates-io/helm-charts/commit/024da55)), closes [#274](https://github.com/CloudPirates-io/helm-charts/issues/274) - -## 0.5.7 (2025-10-09) - -* Update charts/redis/values.yaml redis to v8.2.2 (patch) (#264) ([f699d00](https://github.com/CloudPirates-io/helm-charts/commit/f699d00)), closes [#264](https://github.com/CloudPirates-io/helm-charts/issues/264) - -## 0.5.6 (2025-10-08) - -* [oliver006/redis_exporter] Update oliver006/redis_exporter to v1.78.0 (#235) ([508fd61](https://github.com/CloudPirates-io/helm-charts/commit/508fd61)), closes [#235](https://github.com/CloudPirates-io/helm-charts/issues/235) - -## 0.5.5 (2025-10-08) - -* Update redis to v8.2.2 (#233) ([363468b](https://github.com/CloudPirates-io/helm-charts/commit/363468b)), closes [#233](https://github.com/CloudPirates-io/helm-charts/issues/233) - -## 0.5.4 (2025-10-08) - -* [redis]: fix dual stack networking issues (#227) ([381bd76](https://github.com/CloudPirates-io/helm-charts/commit/381bd76)), closes [#227](https://github.com/CloudPirates-io/helm-charts/issues/227) - -## 0.5.3 (2025-10-06) - -* Add automatically generated fields to volumeClaimTemplates (#218) ([5f4142b](https://github.com/CloudPirates-io/helm-charts/commit/5f4142b)), closes [#218](https://github.com/CloudPirates-io/helm-charts/issues/218) - -## 0.5.2 (2025-10-06) - -* chore(deps): update redis:8.2.1 Docker digest to 5fa2edb (#188) ([6a72e00](https://github.com/CloudPirates-io/helm-charts/commit/6a72e00)), closes [#188](https://github.com/CloudPirates-io/helm-charts/issues/188) - -## 0.5.1 (2025-10-06) - -* chore(deps): update docker.io/redis:8.2.1 Docker digest to 5fa2edb (#187) ([fe21dc2](https://github.com/CloudPirates-io/helm-charts/commit/fe21dc2)), closes [#187](https://github.com/CloudPirates-io/helm-charts/issues/187) - -## 0.5.0 (2025-10-01) - -* make redis run on openshift (#193) ([cc4d3c3](https://github.com/CloudPirates-io/helm-charts/commit/cc4d3c3)), closes [#193](https://github.com/CloudPirates-io/helm-charts/issues/193) - -## 0.4.6 (2025-09-25) - -* Add metrics section to the README ([14a37bc](https://github.com/CloudPirates-io/helm-charts/commit/14a37bc)) -* Add topologySpreadConstraints option to the chart ([9c9eeeb](https://github.com/CloudPirates-io/helm-charts/commit/9c9eeeb)) -* add volumeMounts option for sentinel container ([8499307](https://github.com/CloudPirates-io/helm-charts/commit/8499307)) -* bump up chart patch version ([c436c6d](https://github.com/CloudPirates-io/helm-charts/commit/c436c6d)) -* bump up chart patch version ([a5c9dfb](https://github.com/CloudPirates-io/helm-charts/commit/a5c9dfb)) -* fix sentinel conditions. set default to standalone ([bf935fa](https://github.com/CloudPirates-io/helm-charts/commit/bf935fa)) -* Implement redis service monitoring ([3aec93d](https://github.com/CloudPirates-io/helm-charts/commit/3aec93d)) -* requirepass for sentinel cli operations when password is set ([60d1b5c](https://github.com/CloudPirates-io/helm-charts/commit/60d1b5c)) -* return fqdn for sentinel master lookup (#156) ([00b9882](https://github.com/CloudPirates-io/helm-charts/commit/00b9882)), closes [#156](https://github.com/CloudPirates-io/helm-charts/issues/156) -* [redis]: Persistent volume claim retentionpolicy ([1f708a5](https://github.com/CloudPirates-io/helm-charts/commit/1f708a5)) -* Bitnami style fail over script ([9b9a395](https://github.com/CloudPirates-io/helm-charts/commit/9b9a395)) -* Bump chart version ([a892492](https://github.com/CloudPirates-io/helm-charts/commit/a892492)) -* Bump chart version ([a6ac908](https://github.com/CloudPirates-io/helm-charts/commit/a6ac908)) -* Bump version ([43dceb2](https://github.com/CloudPirates-io/helm-charts/commit/43dceb2)) -* Configurable recheck values ([cf31961](https://github.com/CloudPirates-io/helm-charts/commit/cf31961)) -* Decrease defaults ([572cba9](https://github.com/CloudPirates-io/helm-charts/commit/572cba9)) -* Fix invalid master detection ([f1545d9](https://github.com/CloudPirates-io/helm-charts/commit/f1545d9)) -* fix lint ([c9a0e4f](https://github.com/CloudPirates-io/helm-charts/commit/c9a0e4f)) -* Fix lint ([9943a66](https://github.com/CloudPirates-io/helm-charts/commit/9943a66)) -* Fix pod not restarting after configmap change ([8181649](https://github.com/CloudPirates-io/helm-charts/commit/8181649)) -* Fix reviews ([87c780c](https://github.com/CloudPirates-io/helm-charts/commit/87c780c)) -* Fix roles ([9f6cd01](https://github.com/CloudPirates-io/helm-charts/commit/9f6cd01)) -* Full rework ([a8f4e56](https://github.com/CloudPirates-io/helm-charts/commit/a8f4e56)) -* Implement redis sentinal functionality ([70d64d5](https://github.com/CloudPirates-io/helm-charts/commit/70d64d5)) -* Implement suggested improvements ([aeac191](https://github.com/CloudPirates-io/helm-charts/commit/aeac191)) -* Improve defaults ([b964825](https://github.com/CloudPirates-io/helm-charts/commit/b964825)) -* Minor improvements ([016dee2](https://github.com/CloudPirates-io/helm-charts/commit/016dee2)) -* Sync on restart if sentinel available ([628128e](https://github.com/CloudPirates-io/helm-charts/commit/628128e)) -* Unhardcode ips ([b6e0a4e](https://github.com/CloudPirates-io/helm-charts/commit/b6e0a4e)) -* Update CHANGELOG.md ([7691aa0](https://github.com/CloudPirates-io/helm-charts/commit/7691aa0)) -* Update CHANGELOG.md ([fcf698f](https://github.com/CloudPirates-io/helm-charts/commit/fcf698f)) -* Update CHANGELOG.md ([1afe498](https://github.com/CloudPirates-io/helm-charts/commit/1afe498)) -* Update CHANGELOG.md ([0da41aa](https://github.com/CloudPirates-io/helm-charts/commit/0da41aa)) -* Update CHANGELOG.md ([8425f12](https://github.com/CloudPirates-io/helm-charts/commit/8425f12)) -* Update CHANGELOG.md ([2753a1e](https://github.com/CloudPirates-io/helm-charts/commit/2753a1e)) -* Update CHANGELOG.md ([f6ea97b](https://github.com/CloudPirates-io/helm-charts/commit/f6ea97b)) -* Update CHANGELOG.md ([9bd42ad](https://github.com/CloudPirates-io/helm-charts/commit/9bd42ad)) -* Update CHANGELOG.md ([497514f](https://github.com/CloudPirates-io/helm-charts/commit/497514f)) -* Update CHANGELOG.md ([18008d2](https://github.com/CloudPirates-io/helm-charts/commit/18008d2)) -* Update CHANGELOG.md ([dfaff03](https://github.com/CloudPirates-io/helm-charts/commit/dfaff03)) -* Update CHANGELOG.md ([e60664c](https://github.com/CloudPirates-io/helm-charts/commit/e60664c)) -* Update CHANGELOG.md ([025e4b2](https://github.com/CloudPirates-io/helm-charts/commit/025e4b2)) -* Update CHANGELOG.md ([a4c0fd0](https://github.com/CloudPirates-io/helm-charts/commit/a4c0fd0)) -* Update CHANGELOG.md ([103dbd5](https://github.com/CloudPirates-io/helm-charts/commit/103dbd5)) -* Update CHANGELOG.md ([4657370](https://github.com/CloudPirates-io/helm-charts/commit/4657370)) -* Update CHANGELOG.md ([e572ff3](https://github.com/CloudPirates-io/helm-charts/commit/e572ff3)) -* Update CHANGELOG.md ([507c187](https://github.com/CloudPirates-io/helm-charts/commit/507c187)) -* Update docker.io/redis:8.2.1 Docker digest to acb90ce ([eb469b0](https://github.com/CloudPirates-io/helm-charts/commit/eb469b0)) -* chore: bump chart version ([b8bec46](https://github.com/CloudPirates-io/helm-charts/commit/b8bec46)) -* feat: add init container resources configurable values ([852ac34](https://github.com/CloudPirates-io/helm-charts/commit/852ac34)) -* feat: bind resource to init-container resources from values ([014db83](https://github.com/CloudPirates-io/helm-charts/commit/014db83)) - -## 0.2.0 (2025-09-02) - -* add extraObject array to all charts ([34772b7](https://github.com/CloudPirates-io/helm-charts/commit/34772b7)) -* bump all chart versions for new extraObjects feature ([aaa57f9](https://github.com/CloudPirates-io/helm-charts/commit/aaa57f9)) - -## 0.1.8 (2025-08-31) - -* Add support for statefulset priorityclassname ([b5847dd](https://github.com/CloudPirates-io/helm-charts/commit/b5847dd)) -* Update CHANGELOG.md ([d1c5ba2](https://github.com/CloudPirates-io/helm-charts/commit/d1c5ba2)) - -## 0.1.7 (2025-08-28) - -* add readme and values.schema.json ([873286c](https://github.com/CloudPirates-io/helm-charts/commit/873286c)) -* Fix typo in readme ([cce0ea8](https://github.com/CloudPirates-io/helm-charts/commit/cce0ea8)) -* fix version ([2701959](https://github.com/CloudPirates-io/helm-charts/commit/2701959)) -* Refactor chart ([33323aa](https://github.com/CloudPirates-io/helm-charts/commit/33323aa)) -* Update chart to 0.1.1 ([5fa15b9](https://github.com/CloudPirates-io/helm-charts/commit/5fa15b9)) -* Update version to 8.2.1 / Fix readme ([5266eaf](https://github.com/CloudPirates-io/helm-charts/commit/5266eaf)) -* Add ArtifactHub Badges to all Charts ([08b855b](https://github.com/CloudPirates-io/helm-charts/commit/08b855b)) -* Add ArtifactHub repo config ([15180a8](https://github.com/CloudPirates-io/helm-charts/commit/15180a8)) -* Add cosign signature READMEs ([5f82e7f](https://github.com/CloudPirates-io/helm-charts/commit/5f82e7f)) -* Add extensive chart testing ([a46efac](https://github.com/CloudPirates-io/helm-charts/commit/a46efac)) -* Add generated values.schema.json files from values.yaml ([aa79ac3](https://github.com/CloudPirates-io/helm-charts/commit/aa79ac3)) -* Add initial Changelogs to all Charts ([68f10ca](https://github.com/CloudPirates-io/helm-charts/commit/68f10ca)) -* Add LICENSE ([fdbf1ab](https://github.com/CloudPirates-io/helm-charts/commit/fdbf1ab)) -* add logos to helm-charts ([fc70cdc](https://github.com/CloudPirates-io/helm-charts/commit/fc70cdc)) -* Bump chart version ([395c7d5](https://github.com/CloudPirates-io/helm-charts/commit/395c7d5)) -* Fix image tag/digest handling ([a5c982b](https://github.com/CloudPirates-io/helm-charts/commit/a5c982b)) -* Fix imagePullSecrets format and pull always ([ce0d301](https://github.com/CloudPirates-io/helm-charts/commit/ce0d301)) -* fix readme.md install text, update chart.yaml home-website ([3511582](https://github.com/CloudPirates-io/helm-charts/commit/3511582)) -* Fix values.yaml / Chart.yaml linting issues ([043c7e0](https://github.com/CloudPirates-io/helm-charts/commit/043c7e0)) -* Format README files ([04aacab](https://github.com/CloudPirates-io/helm-charts/commit/04aacab)) -* init, add mariadb, mongodb and redis chart ([8e44c83](https://github.com/CloudPirates-io/helm-charts/commit/8e44c83)) -* Release new chart versions / update sources ([dbb0e45](https://github.com/CloudPirates-io/helm-charts/commit/dbb0e45)) -* Remove leading $ from code blocks ([836b2e3](https://github.com/CloudPirates-io/helm-charts/commit/836b2e3)) -* remove serviceaccounts from all charts ([be8f43a](https://github.com/CloudPirates-io/helm-charts/commit/be8f43a)) -* Update CHANGELOG.md ([26bf940](https://github.com/CloudPirates-io/helm-charts/commit/26bf940)) -* Update docker.io/redis Docker tag to v8.2.1 ([53db488](https://github.com/CloudPirates-io/helm-charts/commit/53db488)) -* update readme, chart.yaml texts and descriptions ([0179046](https://github.com/CloudPirates-io/helm-charts/commit/0179046)) -* Use lookup function for password where applicable ([dfb9a0e](https://github.com/CloudPirates-io/helm-charts/commit/dfb9a0e)) -* fix: chart icon urls ([cc38c0d](https://github.com/CloudPirates-io/helm-charts/commit/cc38c0d)) +* [mongodb] fix: newline between mongo labels and additional labels ([#301](https://github.com/CloudPirates-io/helm-charts/pull/301)) diff --git a/charts/redis/Chart.lock b/charts/redis/Chart.lock index a52dadf2..b4601d44 100644 --- a/charts/redis/Chart.lock +++ b/charts/redis/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/cloudpirates - version: 1.1.1 -digest: sha256:8da3c04e2c4a1ebfff4f21936399938e0f3fcf9fbd2f7135e7e907ce725b8f00 -generated: "2025-09-30T20:54:19.733262+02:00" + version: 1.1.2 +digest: sha256:5e34e3bab5f014ae1cf5d4c2976c84e03ccb4859105e60aefb3c264ad86b5718 +generated: "2025-10-10T09:32:07.534667076+02:00" diff --git a/charts/redis/Chart.yaml b/charts/redis/Chart.yaml index 5be29e05..cbc85a4d 100644 --- a/charts/redis/Chart.yaml +++ b/charts/redis/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: redis description: An open source, in-memory data structure store used as a database, cache, and message broker. type: application -version: 0.6.1 -appVersion: "8.2.1" +version: 0.6.3 +appVersion: "8.2.2" keywords: - redis - database diff --git a/charts/redis/README.md b/charts/redis/README.md index 87e91e67..e9da94cb 100644 --- a/charts/redis/README.md +++ b/charts/redis/README.md @@ -73,6 +73,7 @@ redis-cli -h my-redis -a $REDIS_PASSWORD |---------------------| ----------------------------------------------------------------------- | ------------ | | `nameOverride` | String to partially override redis.fullname | `""` | | `fullnameOverride` | String to fully override redis.fullname | `""` | +| `namespaceOverride` | String to override the namespace for all resources | `""` | | `commonLabels` | Labels to add to all deployed objects | `{}` | | `commonAnnotations` | Annotations to add to all deployed objects | `{}` | | `architecture` | Redis architecture. Allowed values: `standalone` or `replication` | `standalone` | diff --git a/charts/redis/templates/configmap.yaml b/charts/redis/templates/configmap.yaml index 41ac77ff..b89fc7fe 100644 --- a/charts/redis/templates/configmap.yaml +++ b/charts/redis/templates/configmap.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "redis.fullname" . }}-config - namespace: {{ .Release.Namespace }} + namespace: {{ include "common.namespace" . }} labels: {{- include "redis.labels" . | nindent 4 }} data: diff --git a/charts/redis/templates/headless-service.yaml b/charts/redis/templates/headless-service.yaml index 6e500f2c..af5f4f9f 100644 --- a/charts/redis/templates/headless-service.yaml +++ b/charts/redis/templates/headless-service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "redis.fullname" . }}-headless - namespace: {{ .Release.Namespace }} + namespace: {{ include "common.namespace" . }} labels: {{- include "redis.labels" . | nindent 4 }} spec: diff --git a/charts/redis/templates/metrics-service.yaml b/charts/redis/templates/metrics-service.yaml index 600445dd..2bf30103 100644 --- a/charts/redis/templates/metrics-service.yaml +++ b/charts/redis/templates/metrics-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "redis.fullname" . }}-metrics - namespace: {{ .Release.Namespace }} + namespace: {{ include "common.namespace" . }} labels: {{- include "redis.labels" . | nindent 4 }} app.kubernetes.io/component: metrics diff --git a/charts/redis/templates/prestop-configmap.yaml b/charts/redis/templates/prestop-configmap.yaml index b4e5b48f..e7931040 100644 --- a/charts/redis/templates/prestop-configmap.yaml +++ b/charts/redis/templates/prestop-configmap.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "redis.fullname" . }}-prestop-script - namespace: {{ .Release.Namespace }} + namespace: {{ include "common.namespace" . }} labels: {{- include "redis.labels" . | nindent 4 }} data: @@ -19,17 +19,24 @@ data: REDIS_PORT="{{ .Values.service.port }}" SENTINEL_PORT="{{ .Values.sentinel.port }}" MASTER_NAME="{{ .Values.sentinel.masterName }}" - HEADLESS_SERVICE="{{ include "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.cluster.local" - REDIS_SERVICE="{{ include "redis.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local" + HEADLESS_SERVICE="{{ include "redis.fullname" . }}-headless.{{ include "common.namespace" . }}.svc.cluster.local" + REDIS_SERVICE="{{ include "redis.fullname" . }}.{{ include "common.namespace" . }}.svc.cluster.local" # Set authentication if enabled {{- if .Values.auth.enabled }} export REDISCLI_AUTH="${REDIS_PASSWORD}" {{- end }} + # Set loopback address based on ipFamily configuration + {{- if eq .Values.ipFamily "ipv6" }} + REDIS_LOOPBACK="::1" + {{- else }} + REDIS_LOOPBACK="127.0.0.1" + {{- end }} + # Function to run Redis commands run_redis_command() { - local args=("-h" "127.0.0.1" "-p" "$REDIS_PORT") + local args=("-h" "$REDIS_LOOPBACK" "-p" "$REDIS_PORT") redis-cli "${args[@]}" "$@" } diff --git a/charts/redis/templates/secret.yaml b/charts/redis/templates/secret.yaml index b0e3cb9d..48d40146 100644 --- a/charts/redis/templates/secret.yaml +++ b/charts/redis/templates/secret.yaml @@ -3,12 +3,12 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "redis.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "common.namespace" . }} labels: {{- include "redis.labels" . | nindent 4 }} type: Opaque data: - {{- $existingSecret := (lookup "v1" "Secret" .Release.Namespace (include "redis.fullname" .)) }} + {{- $existingSecret := (lookup "v1" "Secret" (include "common.namespace" .) (include "redis.fullname" .)) }} {{- $existingPassword := "" }} {{- if and $existingSecret $existingSecret.data }} {{- $existingPassword = index $existingSecret.data "redis-password" }} diff --git a/charts/redis/templates/sentinel-service.yaml b/charts/redis/templates/sentinel-service.yaml index a5cab230..838382c2 100644 --- a/charts/redis/templates/sentinel-service.yaml +++ b/charts/redis/templates/sentinel-service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "redis.fullname" . }}-sentinel - namespace: {{ .Release.Namespace }} + namespace: {{ include "common.namespace" . }} labels: {{- include "redis.labels" . | nindent 4 }} app.kubernetes.io/component: sentinel diff --git a/charts/redis/templates/service.yaml b/charts/redis/templates/service.yaml index 55d4f050..68c4e93c 100644 --- a/charts/redis/templates/service.yaml +++ b/charts/redis/templates/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "redis.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "common.namespace" . }} labels: {{- include "redis.labels" . | nindent 4 }} {{- if and .Values.sentinel.enabled (eq .Values.architecture "replication") }} diff --git a/charts/redis/templates/servicemonitor.yaml b/charts/redis/templates/servicemonitor.yaml index 53965ba3..32cf34ea 100644 --- a/charts/redis/templates/servicemonitor.yaml +++ b/charts/redis/templates/servicemonitor.yaml @@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "redis.fullname" . }}-metrics - namespace: {{ .Release.Namespace }} + namespace: {{ include "common.namespace" . }} labels: {{- include "redis.labels" . | nindent 4 }} app.kubernetes.io/component: metrics diff --git a/charts/redis/templates/statefulset.yaml b/charts/redis/templates/statefulset.yaml index d29987a0..572d99ab 100644 --- a/charts/redis/templates/statefulset.yaml +++ b/charts/redis/templates/statefulset.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "redis.fullname" . }} - namespace: {{ .Release.Namespace }} + namespace: {{ include "common.namespace" . }} labels: {{- include "redis.labels" . | nindent 4 }} {{- with (include "redis.annotations" .) }} @@ -60,7 +60,7 @@ spec: else # Create minimal config if no config exists cat > /tmp/redis.conf << EOF - bind 0.0.0.0 + bind * -::* port 6379 EOF fi @@ -209,9 +209,17 @@ spec: - /bin/sh - -c {{- if .Values.auth.enabled }} - - redis-cli -a ${REDIS_PASSWORD} ping + {{- if eq .Values.ipFamily "ipv6" }} + - redis-cli -h "::1" -a ${REDIS_PASSWORD} ping {{- else }} - - redis-cli ping + - redis-cli -h "127.0.0.1" -a ${REDIS_PASSWORD} ping + {{- end }} + {{- else }} + {{- if eq .Values.ipFamily "ipv6" }} + - redis-cli -h "::1" ping + {{- else }} + - redis-cli -h "127.0.0.1" ping + {{- end }} {{- end }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} @@ -225,20 +233,35 @@ spec: command: - /bin/sh - -c - - | - {{- if and .Values.sentinel.enabled (eq .Values.architecture "replication") }} - {{- if .Values.auth.enabled }} - redis-cli -a ${REDIS_PASSWORD} ping | grep -q PONG - {{- else }} - redis-cli ping | grep -q PONG - {{- end }} - {{- else }} - {{- if .Values.auth.enabled }} - redis-cli -a ${REDIS_PASSWORD} ping - {{- else }} - redis-cli ping - {{- end }} - {{- end }} + {{- if and .Values.sentinel.enabled (eq .Values.architecture "replication") }} + {{- if .Values.auth.enabled }} + {{- if eq .Values.ipFamily "ipv6" }} + - redis-cli -h "::1" -a ${REDIS_PASSWORD} ping | grep -q PONG + {{- else }} + - redis-cli -h "127.0.0.1" -a ${REDIS_PASSWORD} ping | grep -q PONG + {{- end }} + {{- else }} + {{- if eq .Values.ipFamily "ipv6" }} + - redis-cli -h "::1" ping | grep -q PONG + {{- else }} + - redis-cli -h "127.0.0.1" ping | grep -q PONG + {{- end }} + {{- end }} + {{- else }} + {{- if .Values.auth.enabled }} + {{- if eq .Values.ipFamily "ipv6" }} + - redis-cli -h "::1" -a ${REDIS_PASSWORD} ping + {{- else }} + - redis-cli -h "127.0.0.1" -a ${REDIS_PASSWORD} ping + {{- end }} + {{- else }} + {{- if eq .Values.ipFamily "ipv6" }} + - redis-cli -h "::1" ping + {{- else }} + - redis-cli -h "127.0.0.1" ping + {{- end }} + {{- end }} + {{- end }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} @@ -288,7 +311,12 @@ spec: # Wait for Redis to be ready echo "Waiting for Redis to start..." - while ! redis-cli {{- if .Values.auth.enabled }} -a "${REDIS_PASSWORD}"{{- end }} -h 127.0.0.1 -p {{ .Values.service.port }} ping >/dev/null 2>&1; do + {{- if eq .Values.ipFamily "ipv6" }} + REDIS_HOST="::1" + {{- else }} + REDIS_HOST="127.0.0.1" + {{- end }} + while ! redis-cli {{- if .Values.auth.enabled }} -a "${REDIS_PASSWORD}"{{- end }} -h "${REDIS_HOST}" -p {{ .Values.service.port }} ping >/dev/null 2>&1; do sleep 1 done echo "Redis is ready" @@ -317,7 +345,7 @@ spec: if [ "$SENTINEL_FOUND_MASTER" = false ]; then echo "No Sentinels available, checking Redis instances directly..." for i in $(seq 0 $(({{ if eq .Values.architecture "standalone" }}1{{ else }}{{ .Values.replicaCount }}{{ end }} - 1))); do - REDIS_HOST="{{ include "redis.fullname" . }}-${i}.{{ include "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.cluster.local" + REDIS_HOST="{{ include "redis.fullname" . }}-${i}.{{ include "redis.fullname" . }}-headless.{{ include "common.namespace" . }}.svc.cluster.local" ROLE_INFO=$(redis-cli -h "${REDIS_HOST}" -p {{ .Values.service.port }} {{- if .Values.auth.enabled }} -a "${REDIS_PASSWORD}"{{- end }} info replication 2>/dev/null | grep "role:master" || echo "") if [ -n "$ROLE_INFO" ]; then MASTER_HOST="$REDIS_HOST" @@ -329,7 +357,7 @@ spec: # Final fallback: Use pod-0 hostname for initial bootstrap only if [ -z "$MASTER_HOST" ]; then - MASTER_HOST="{{ include "redis.fullname" . }}-0.{{ include "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.cluster.local" + MASTER_HOST="{{ include "redis.fullname" . }}-0.{{ include "redis.fullname" . }}-headless.{{ include "common.namespace" . }}.svc.cluster.local" echo "No existing master found, using pod-0 for initial bootstrap: $MASTER_HOST" fi @@ -355,7 +383,7 @@ spec: # Create Sentinel config cat > /tmp/sentinel.conf << EOF port {{ .Values.sentinel.port }} - bind 0.0.0.0 + bind * -::* # Enable hostname resolution for Redis Sentinel sentinel resolve-hostnames yes sentinel announce-hostnames yes @@ -407,9 +435,11 @@ spec: command: - /bin/sh - -c - - | - # Check if sentinel is responding - redis-cli -h 127.0.0.1 -p {{ .Values.sentinel.port }} {{- if .Values.auth.enabled }} -a "${REDIS_PASSWORD}"{{- end }} ping | grep -q PONG + {{- if eq .Values.ipFamily "ipv6" }} + - redis-cli -h "::1" -p {{ .Values.sentinel.port }} {{- if .Values.auth.enabled }} -a "${REDIS_PASSWORD}"{{- end }} ping | grep -q PONG + {{- else }} + - redis-cli -h "127.0.0.1" -p {{ .Values.sentinel.port }} {{- if .Values.auth.enabled }} -a "${REDIS_PASSWORD}"{{- end }} ping | grep -q PONG + {{- end }} initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 diff --git a/charts/redis/test-production-values.yaml b/charts/redis/test-production-values.yaml index 13af75ad..4f895734 100644 --- a/charts/redis/test-production-values.yaml +++ b/charts/redis/test-production-values.yaml @@ -97,7 +97,7 @@ readinessProbe: config: content: | # Redis production configuration - bind 0.0.0.0 + bind * -::* port 6379 # Memory management diff --git a/charts/redis/tests/common-parameters_test.yaml b/charts/redis/tests/common-parameters_test.yaml index 58450b9d..bd7eccca 100644 --- a/charts/redis/tests/common-parameters_test.yaml +++ b/charts/redis/tests/common-parameters_test.yaml @@ -7,7 +7,7 @@ set: config: content: | # Redis configuration - bind 0.0.0.0 + bind * -::* port 6379 tests: - it: should use default values when nothing is overridden diff --git a/charts/redis/values.schema.json b/charts/redis/values.schema.json index 4b8ccc3e..924c1517 100644 --- a/charts/redis/values.schema.json +++ b/charts/redis/values.schema.json @@ -42,6 +42,11 @@ "title": "Full Name Override", "description": "String to fully override redis.fullname" }, + "namespaceOverride": { + "type": "string", + "title": "Namespace Override", + "description": "String to override the namespace for all resources" + }, "commonLabels": { "type": "object", "title": "Common Labels", diff --git a/charts/redis/values.yaml b/charts/redis/values.yaml index de0dd37e..f0254a6b 100644 --- a/charts/redis/values.yaml +++ b/charts/redis/values.yaml @@ -10,6 +10,8 @@ global: nameOverride: "" ## @param fullnameOverride String to fully override redis.fullname fullnameOverride: "" +## @param namespaceOverride String to override the namespace for all resources +namespaceOverride: "" ## @param commonLabels Labels to add to all deployed objects commonLabels: {} ## @param commonAnnotations Annotations to add to all deployed objects @@ -70,7 +72,7 @@ config: ## @param config.content Include your custom Redis configurations here as string content: | # Redis configuration - bind 0.0.0.0 + bind * -::* port 6379 ## param config.existingConfigmap Name of an existing Configmap to use instead of creating one existingConfigmap: "" @@ -295,6 +297,6 @@ extraObjects: [] # kind: ConfigMap # metadata: # name: extra-config -# namespace: "{{ .Release.Namespace }}" +# namespace: "{{ include "common.namespace" . }}" # data: # key: value diff --git a/charts/timescaledb/CHANGELOG.md b/charts/timescaledb/CHANGELOG.md index c0e88257..49ed11ed 100644 --- a/charts/timescaledb/CHANGELOG.md +++ b/charts/timescaledb/CHANGELOG.md @@ -2,4 +2,4 @@ ## 0.3.1 (2025-10-09) -* [mongodb] feat: add metrics exporter ([#243](https://github.com/CloudPirates-io/helm-charts/pull/243)) +* [mongodb] fix: newline between mongo labels and additional labels ([#301](https://github.com/CloudPirates-io/helm-charts/pull/301)) diff --git a/charts/valkey/CHANGELOG.md b/charts/valkey/CHANGELOG.md index 93649a44..fe8c8abb 100644 --- a/charts/valkey/CHANGELOG.md +++ b/charts/valkey/CHANGELOG.md @@ -2,4 +2,4 @@ ## 0.4.1 (2025-10-09) -* [mongodb] feat: add metrics exporter ([#243](https://github.com/CloudPirates-io/helm-charts/pull/243)) +* [mongodb] fix: newline between mongo labels and additional labels ([#301](https://github.com/CloudPirates-io/helm-charts/pull/301)) diff --git a/charts/zookeeper/CHANGELOG.md b/charts/zookeeper/CHANGELOG.md index 2db31a16..6c433552 100644 --- a/charts/zookeeper/CHANGELOG.md +++ b/charts/zookeeper/CHANGELOG.md @@ -2,4 +2,4 @@ ## 0.1.6 (2025-10-09) -* [mongodb] feat: add metrics exporter ([#243](https://github.com/CloudPirates-io/helm-charts/pull/243)) +* [mongodb] fix: newline between mongo labels and additional labels ([#301](https://github.com/CloudPirates-io/helm-charts/pull/301)) diff --git a/renovate.json b/renovate.json index 4ca5aeb8..756189de 100644 --- a/renovate.json +++ b/renovate.json @@ -10,7 +10,7 @@ ], "separateMinorPatch": true, "prConcurrentLimit": 5, - "recreateWhen": "always", + "recreateWhen": "never", "customManagers": [ { "customType": "regex", @@ -62,7 +62,8 @@ "koperator-internal/services/clusterpirate" ], "enabled": false, - "pinDigests": false + "pinDigests": false, + "recreateWhen": "never" }, { "matchDatasources": [ @@ -72,7 +73,8 @@ "cloudpirates/common", "cloudpirates/valkey" ], - "enabled": false + "enabled": false, + "recreateWhen": "never" } ] }